Mac anti-rip code surfaces on Sony BMG CD

The Register ^ | 11 November 2005 | Tony Smith

[ShadowAce]

Sony BMG's controversial DRM code controversy may have now spread to Macs.

According to long-running Mac user website MacInTouch, at least one CD distributed by the major label includes a Mac OS X application that purportedly installs a pair of extensions to the operating system's microkernel.

MacInTouch correspondent Darren Dittrich claims a recently purchased copy of Imogen Heap's Speak for Yourself CD contains an extra disc partition for "enhanced content". Within it sits Start.app, a Mac application that sits alongside the usual Windows files. The CD ships on the RCA label, part of of Sony BMG.

Darren reports that running Start.app presents the user with a licence agreement. Pressing the Continue button pops up a dialogue asking for an administrator's username and password - a warning that something is about to be installed somewhere - to allow the program to copy over two kernel extensions: PhoenixNub1.kext and PhoenixNub12.kext.

The licence agreement states that proceeding will install software on the host machine.

It is not believed that the two extensions incorporate the rootkit that is causing such controversy becuase of its effect on Windows machines. It's a Mac version of SunnComm's DRM software, MediaMax, which Sony BMG uses to copy-protect a range of CDs. ®

[ShadowAce]

[pageonetoo]

Ain't it a bitch when someone fights against thieves?

[dangus]

Please explain the DRM code controversy?

[catbertz]

I'm really getting sick of this DRM nonsense. Only honest users get punished/inconvenienced by this ip bullying. Sony has been a pain for many years with their proprietary formats, and now this possibly illegal infestation.

No more Sony products for me until I see a change in posture..yea right.

[Izzy Dunne]

The good news is that OS X makes you authorize the installation of this crap, unlike Windows, where it happens without you knowing it (until later).
The dialog should warn you that something's weird (why do I have to give my password just to play music?).

The bad news is that Sony is a trusted name (for how long???) and that people might do it anyway...

[Izzy Dunne]

Ain't it a bitch when someone fights against thieves?

I'm sure you won't mind if we take away your guns, because you might commit a robbery someday.

[VeniVidiVici]

It is not believed that the two extensions incorporate the rootkit that is causing such controversy becuase of its effect on Windows machines. It's a Mac version of SunnComm's DRM software, MediaMax, which Sony BMG uses to copy-protect a range of CDs. ®

Oh, then it's ok. Why bother with the article?

[catbertz]

Sophos, a big corporate anti-virus company, has released a sony rootkit detector/remover.

It's fast and doesn't install to your registry..just run it from your desktop.

Here's a link: http://www.sophos.com/support/disinfection/rkprf.html

[Tribune7]

According to long-running Mac user website MacInTouch, at least one CD distributed by the major label includes a Mac OS X application that purportedly installs a pair of extensions to the operating system's microkernel.

How can it do it without prompting for the password?

[Senator Bedfellow]

The good news is that OS X makes you authorize the installation of this crap, unlike Windows, where it happens without you knowing it...

Actually, without administrative permissions, it doesn't install at all.

[TWohlford]

"Please explain the DRM code controversy?"

Sony / BMG's newer CDs install a program that prevents you from making more than 3 copies of a music CD.

The problem is that 1) the user doesn't know it, 2) the end user license agreement (ELUA) when found it horrible, and 3) Sony uses "cloaking" software that is easily hacked.

Cloaking - that's a practice by where a program can be run on your PC w/o you ever finding out unless you use special tools (rootkit).

The cloaking software that Sony is using can be used to hide ANY program, including viruses and spyware. Soooo... the latest viruses are now looking for this utility so that they can hide from you and your antivirus programs!

[plain talk]

Here's a link to one story about it that explains what the record companies are up to now. They will get as little of my money as possible.

http://www.betanews.com/article/Sony_to_Help_Remove_its_DRM_Rootkit/1130965475

[The_Victor]

I thought Macs were virus proof?

[Turbopilot]

Can't be; I have it on good authority that no Mac anywhere can execute malicious code :-p

Seriously, though, it's good that Sony's being caught out on something this outrageous. I think the lawsuit against them for the WinXP rootkit will probably be successful, and hopefully in addition to damages they'll have to replace and recall any CDs that have this "DRM" garbage on them.

[dangus]

Had SONY labelled the disk, "Warning: Playing this disk on your computer will result in software being installed which is designed to prevent replication of this disk," SONY would be reasonable. The person who purchased the disk could decide whether he wanted to play the disk or not, knowing its effects on his computer.

Instead, SONY left ther customers wondering how they got what appeared to be a virus installed on their computers, and which could cripple their computer if they attempted to remove it.

[postaldave]

please add 4) may cause some computer to crash causing a system32 error.

i've not had this happen to me but i did have to repair one computer so far that crashed after loading velvet revolver cd into her computer.

http://brandon.fuller.name/archives/2004/06/10/09.46.44/

it was an easy fix for me but it costed her $50 for me to restore her system32 files. i'm not sure if this is the same stuff but it can cause problems.

WINDOWS HINT: hold down the shift button when placing a music CD into your computer. leave the button held down for about 60 seconds until your computer stop trying to load it. this disables the auto run. after that you should be able to run your regular buring/backup software.

[BikerNYC]

Had SONY labelled the disk, "Warning: Playing this disk on your computer will result in software being installed which is designed to prevent replication of this disk," SONY would be reasonable.

That wouldn't have been good enough. They would have had to add: "This software will allow viruses and other malware to hide in your computer and it will not be easy to remove. Playing this disk on your computer completely compromises the security of your computer and there is a significant risk that your entire computer hard drive will be wiped clean as a result of listening to this disk on your computer."

[HangnJudge]

I thought Macs were virus proof?

Not a virus, more like spyware, requires an active effort of an
administrator user to get the software installed

NTL - pisses me off

[shadowman99]

I'm sure you'll be OK with it when a private enterprise secretly makes keys to your house "just in case", and if you later change the locks, your house burns down.

Fair?