Mac anti-rip code surfaces on Sony BMG CD

The Register ^ | 11 November 2005 | Tony Smith

[ShadowAce]

Sony BMG's controversial DRM code controversy may have now spread to Macs.

According to long-running Mac user website MacInTouch, at least one CD distributed by the major label includes a Mac OS X application that purportedly installs a pair of extensions to the operating system's microkernel.

MacInTouch correspondent Darren Dittrich claims a recently purchased copy of Imogen Heap's Speak for Yourself CD contains an extra disc partition for "enhanced content". Within it sits Start.app, a Mac application that sits alongside the usual Windows files. The CD ships on the RCA label, part of of Sony BMG.

Darren reports that running Start.app presents the user with a licence agreement. Pressing the Continue button pops up a dialogue asking for an administrator's username and password - a warning that something is about to be installed somewhere - to allow the program to copy over two kernel extensions: PhoenixNub1.kext and PhoenixNub12.kext.

The licence agreement states that proceeding will install software on the host machine.

It is not believed that the two extensions incorporate the rootkit that is causing such controversy becuase of its effect on Windows machines. It's a Mac version of SunnComm's DRM software, MediaMax, which Sony BMG uses to copy-protect a range of CDs. ®

[pageonetoo]

Did your cell phone company tell you that you can be tracked by LEO's? Did GM tell you that your car has a black box that can be used against you in court?

Sony just wants to protect it's revenue stream. CD's are designed to be listened to, not copied. I agree they should have a warning, but "buyer beware"...

[B Knotts]

That may be what they want. But they used illegal methods to do so. They should be criminally prosecuted, just like the punks who write viruses and worms.

[saganite]

Sony BMG suspends copy-protection software
By Paul Taylor in New York
Published: November 11 2005 20:31 | Last updated: November 11 2005 20:31

Sony BMG, the joint venture record label, was on Friday forced into an embarrassing climbdown over its use of copy-protection technology on music CDs that exposed some PC users to hackers.


The company said it would “temporarily suspend” use of the controversial software and apologised to PC users for “possible inconvenience” it may have caused.

The turnaround came after several PC security firms identified a “Trojan“ e-mail virus designed to exploit software that some of Sony BMG's music CDs install on their owners' computers when played


http://news.ft.com/cms/s/018223e4-52f0-11da-8d05-0000779e2340.html

[pageonetoo]

That may be what they want. But they used illegal methods to do so.

Illegal? Unethical maybe, but I doubt it is illegal. Of course, software pirating is legal, right?

[ShadowAce]

Did GM tell you that your car has a black box that can be used against you in court?

Did Sony build my computer? Did I purchase my computer/OS fro Sony? Your analogy is flawed.

[HangnJudge]

ony just wants to protect it's revenue stream. CD's are designed to be listened to, not copied. I agree they should have a warning, but "buyer beware"...

Then, dagnabbit, make the CD so that the music can only be played, not copied. But even here, case law clearly states that an individual can make a reasonable number of copies for their own personal use. The use of this type of software is another thing entirely, easily compromising systems. Bad programmers, Bad Corporation, Bad Idea

[Revolting cat!]

Nonsense (straight from the RIAAs talking points memo.) Nothing will prevent the "thieves" and China and the Ukraine from using a CD duplicator to duplicate the entire CD as they have been doing successfully for more than a decade. The viruses are attacks against the users who have legally purchased the CDs, paid through their noses for them, and want to copy to the computer the units of value on those CDs (that is to say single tracks) off them, since the record industry will no longer sell them singles.

Memo to the RIAA and their parrots: People who hear your car radio without paying for the privilege of listening are not "thieves!

[Turbopilot]

The problem isn't only that Sony CDs install this software without the user's knowledge or consent. It's also the numerous problems with the software itself. Once the rootkit has auto-installed, it creates a hidden process that runs all the time in the background (whether the CD is being listened to or is not even in the drive). This takes system resources, can interfere with other programs, and prevents some systems from going into standby or low-power modes. The way in which it hides itself also creates a vulnerability that allows other software, like viruses and spyware, to be hidden in the same way, making them undetectable and unremovable. This vulnerability only exists if the Sony software has installed, and has already been exploited by a new trojan virus that infects systems with the Sony software. Even if you choose not to listen to the CD, there is no uninstallation function provided. A proper uninstallation is very difficult and beyond the abilities of 99.9% of users; additionally, users can damage their systems if they try to remove it normally, and even once it appears to be removed parts can still remain that, for example, render your CD drive inoperable. Lastly, the code is written in such a way that even trying to stop it in order to begin removal can render your system unstable and cause damage.

If this software were distributed via email instead of on CD, it would be considered a very dangerous and malicious virus. Between this and suing 12-year-olds, the music industry is doing itself no favors in trying to get people to actually buy its products.

[B Knotts]

But you can't break the law with the excuse that someone else may be breaking the law.

And, yes, at least from the articles I've read, it sounds like they did break the law, by installing hidden software on people's computers without their permission.

[MizSterious]

Software pirating? What does software pirating have to do with buying a CD, playing it on your computer's CD drive, and having software installed that is harmful to your computer? Without my permission? I take it you work for Sony?

[The_Victor]

I think they are officially calling it a trojan. Technically not a virus, but it fits in the genre.

[pageonetoo]

My confusion is astounding. I own a Mac. I have to give my computer permission to install anything, even a Mac update. Have they overridden this?

I drive a 1990 Lincoln, most days. No black box, great ride... I use a Mac for the same reason.

I am not a ripper, so I have no idea how to do it, anyways. My daughter (16) does a lot of CD copies, and has not had any problems, that I know of...

[js1138]

I have been saying for some time that many modern viruses and spywares trivk you into installing them. If you give permission, Macs are no more virus-proof than PSs.

And PCs won't install software without permission. It's just that most people run their PCs in administrator mode. The computer still requires permission.

[B Knotts]

I have to give my computer permission to install anything, even a Mac update. Have they overridden this?

Apparently not on the Mac, but they seem to have installed their software surreptitiously on Windows machines.

Me...I use Linux, and I don't listen to popular music, so it's not really any concern of mine, except that I don't like the idea of not enforcing the law against favored people/organizations.

[pageonetoo]

...I don't like the idea of not enforcing the law against favored people/organizations.

Me either. But, I have been pounded for suggesting (on another thread) that Rush seems to disagree. Apparently there are plenty of folk willing to defend the indefensible... as long as it fits their agenda.

As far as the Windoze complaint goes, I have used Macs since 1984, so I could care less...

[Zetman]

For its part, First 4 Internet claimed the technology was only found on CDs from earlier this year and said it had created new methods to hide the DRM.

Even scarier. This "First 4 Internet" company that provided the software to Sony in the first place appears to be the one who needs to be investigated. They are admitting that they have come up with an even more sophisticated method for illegally installing software on your computer, and that the method which has gotten Sony into hot water is now outdated. If true, who knows how much illegal software is already on our PC's, and we will never know??

[HangnJudge]

I think they are officially calling it a trojan. Technically not a virus, but it fits in the genre.

Yeah, I guess, still pisses me off
I will not be buying any CD's from Sony in the forseeable future
Besides, if you have iTunes, what's the point?

Cheaper to buy music from the online store
Who uses CD's anymore?

[dickmc]

It's pretty clear that Sony has serious legal problems in at least California, England, and Italy due to the following:

1. Some portions of DRM installed before EULA even appears and is accepted.

2. No indication in EULA of type of software installed

3. Cloaking

4. Removal tool that does not remove it

5. Makes computer susceptible to viruses or Trojans

6. Apparently propagates within networks

7. Phone home function

Much as I dislike lawyers and class action suits, I hope they loose their a** big time. It is one thing to copy protect, it is something else to screw up customer's computer.

I can't see given the legal problems how they can avoid not recalling the CDs!!!!!!!

[MilleniumBug]

Hopefully the Electronic Frontier Foundation

will own Sony when the lawsuit is over.

[TheBattman]

Hmmm... buy crap, and are surprised when you get crap? The music industry marches on, trying their best to alienate the consumer.

And no, I have no problem with protecting content from illegitimate and illegal use. But this scheme goes beyond that. Installing a security breach on consumer's computers is NOT the way to fix their perceived problem.

I have a better idea (or two):

Sign quality musicians

Produce CD's people are willing to pay for

Explore more convenient methods of legal distribution - there are models out there that are much more consumer-friendly.