Skip to comments.Sony DRM infection removal vulnerability uncovered
Posted on 11/16/2005 9:27:30 AM PST by dickmc
"Tool is worse than original infection"
"SONY PULLS OFF ANOTHER blatant stupidity in the 'cure is worse than the disease' category. No, not the DRM infection itself, not the security compromising removal agreement, but the removal tool itself. Yes, this one appears to put you in MORE danger than the original rootkit.....
According to Freedon To Tinker, the web based installer is a worse vulnerability than the original rootkit. .............
the 'cure' from Sony involves downloading an ActiveX control ........
that lets just about anyone download, install and execute arbitrary code on your machine.
To make matters even funnier, the uninstaller, supposedly anyway, leaves this control on your machine. So, the Sony uninstaller is not a total uninstaller, it leaves a hole you can drive a truck through on your system, silently of course.
The more disturbing part is that it appears the control is signed. I wonder who at MS approved this, and how this blatant security hole got through the barest minimum of QC?
.....if you bought Sony products, you are screwed. If it causes you problems, you are screwed more. If you uninstall, you are screwed yet harder......
That's what you get for buying music."
(Excerpt) Read more at theinquirer.net ...
Also, here is the top part of the country list:
130519 'UNITED STATES'
44421 'UNITED KINGDOM'
2335 'CZECH REPUBLIC'
1427 'HONG KONG'
1335 'NEW ZEALAND'
821 'RUSSIAN FEDERATION'
Dan's detailed U.S. and Europe photos showing the infestation were posted yesterday in FR here in case you missed them or want to look again.
In addition to the U.S., Italy is highlighted above in red . This is because Italy has some very tough laws that have criminal penalties.
Unlike in the U.S. when you weld on a pressure vessel in Italy, you sign your name on it as the welder. If the vessel blows up and injures someone due to something you did wrong, you go to jail! As another example of legal differences: when Ayrton Senna was killed at a Formula One race in Italy due to a potential steering column design problem, the Williams team owners would not go to Italy for fear they might be hauled off to jail.
While this Sony incident is obviously different, Italy has some pretty serious criminal law. Things that might be a civil penalty or wrist slap in the U.S. or U.K. can have real criminal penalties in Italy.
Apparently there is now a Sony investigation underway in Italy!
One of the reasons I've quit buying anything Sony.
Interesting...but Breaking News??
You might want to ask that of the poster of this thread.
Sorry. Wrong check.
Not true. In the case of pressure vessel welding (ASME) here in the US, the welder 'stamps' the weld at specified and/or pre-determined intervals along the entire weld. A welder must have appropriate training and qualifications and is assigned his/her own 'stamp'; extensive recordkeeping is required. There are so many more requirements related to pressure vessel welding that your eyes would gloss over. For a time, my Company did pressure vessel work (U & R); I shuttered the entire metal fabrication operations in April 2003. I can tell you that if anything goes wrong with any of the vessels manufactured by my Company, the sh*t will hit the fan. While jail may not be explicitely stipluated, one should not discount the potential ruthlessness of litigants in asserting negligence, even though all standards were followed.
I read yesterday that in Italy foreigners have to show a passport to use a computer in an Internet cafe.
The Sophos rootkit detection and removal tool is at:
Use at your own risk, but it is recommended by several reliable sources. I certainly wouldn't use any Sony removal tools, given their record so far.
What kind of question is that? Every single solitary Freeper is a computer user.
Per Mark Russinovich's Sysinternals site who discovered all this:
Unfortunately, there has been some confusion with regard to the level of cleaning that antivirus (AV) companies are providing for the rootkit.
Some articles imply that AV companies remove all of the Sony DRM software in the cleaning process, but they are in fact only disabling and removing the Aries.sys driver that implements the rootkit cloaking functionality.
Unfortunately, all of the AV cleaners Ive looked at disable it improperly by unloading it from memory - the same way Sonys patch behaves - which as I noted previously, introduces the risk of a system crash.
While they post disclaimers on their web sites to that effect, they should use the safe alternative that I described a couple of posts ago, which is to delete the rootkits registration from Windows so that it wont activate when Windows boots:
1. Open the Run dialog from the Start menu
2. Enter cmd /k sc delete $sys$aries
Much more detail at his site here.
let's see what kind of internet rumor we can get started here..
OK. He doesn't mention Sophos specifically, but presumably their tool was one that he looked at. Hmm.
Well, in that case, maybe the thing to do is to use Sophos to detect whether you have the Sony Rootkit, but then don't try to remove it until this issue is completely resolved.
Microsoft is now making noises about adding Sony Rootkit to the things their antispyware will detect. But there, again, I don't know if they will safely remove it or only detect it.
Yes, I certainly wouldn't use the Sony tool at the moment. And if 12 is correct, maybe it's safest just to leave the damned thing on your computer until a safe way is found to remove it entirely.
Yeah, and every one with an audience uses two.
Apparently according to Muzzy's site here the Sony DRM appears to have a large potential 'black' list that it scans for every two seconds as long as your computer is running.
Moreover, Sony's official uninstaller also leaves a plethora of stuff behind, some of which may be exploitable!
The claim that ALCEI formally filed on November 4th 2005 to the Commander in Chief of the Fraud Contrast Group of the Financial Police in Italy (Guarda di Finanza) points out that the behavior of whoever decided, inside Sony BMG Entertainment, to use such a dangerous DRM system (and of anybody else who behaves similarly) is criminally liable, besides being unethical and fraudulent. The possible charges range from arbitrarily self-made justice, intentional damage to computer systems, and diffusion of software that damages information and communication systems - all of which are criminal offenses under Italian law.
The irony of this case is that the promoters of criminal indictment could be subjected (much more correctly) to the same rigor that they have been unfairly and brutally inflicting on their customers. While absurd laws in Italy, inspired by the lobbying power of very large economic interests, are condemning the holding of copied material as a ferocious crime, a correct and considerate law states that willfully damaging computer systems, as well as making justice on his own without taking the issue into court , are criminal offenses that the public prosecutor must investigate.
Further more, criminal liability, in Italy, cannot be waived by offering a remedy after the fact, which may perhaps allow a lighter penalty at the end of the process, but in the meantime it is an explicit admission of guilt.
On November 4 2005 ALCEI formally requested that the Financial Police identify the authors of the software, and those who made the willful decision of distributing it in a hidden form, and also detect if other organizations committed similar abuses. Now the law enforcement bodies must mandatorily start the investigations. This is the necessary preliminary phase of an action that intends to bring to criminal court anybody who, in Sony BMG Entertainment , has committed such illegal acts in Italy, as well as anyone else who helped in committing such crimes - or, in any other prduccircumstances, performed similar actions.
Underlines are mine. Entire release is here. Looks like the Italian justice system has no choice but to at least investigate.
I doubt that any Sony executives will be planning on vacationing or going to conferences in Italy any time in the near future.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.