Removing Sony's CD 'rootkit' kills Windows (2 Viewers)

  • Thread starter pete
  • Start date
  • Replies 27
  • Views 3K
  • Watchers 1
pete

pete

chronic procrastinator
Staff member
Since 1999
Joined
Nov 14, 1999
Messages
63,383
Solutions
3
Location
iPanopticon
Website
thumped.com
Sysinternals' Mark Russinovich has performed an analysis of the copy restriction measures deployed by Sony Music on its latest CDs: which he bluntly calls it a 'root kit'. Using conventional tools to remove Sony's digital media malware will leave ordinary users with a dead Windows systems.
While the Sony CDs play fine on Red Book audio devices such as standard consumer electronics CD players, when they're played on a Windows PC the software forces playback through a bundled media player, and restricts how many digital copies can be made from Windows.

A 'root kit' generally refers to the nefarious malware used by hackers to gain control of a system. Root kits have several characteristics: they finds their way onto systems uninvited; endeavor to remain undetected; and then may either intercept system library routines and reroute them to its own routines, or replace system executables with its own, or both - all with the intention of gaining system level ownership of the computer.

What makes Sony's CD digital media software particularly nasty is that using expert tools for removing the parasite risks leaving you with a Windows PC that's useless, and that requires a full reformat and reinstall.

So is Sony bundling a root kit, or is it the latest in a long line of clumsy, and sometimes laughably inept attempts to thwart the playback of digital media on PCs?

We were inclined to the latter - but in practical terms, for ordinary users, the consequences are so serious that semantic distinctions are secondary.
In actuality both, reckons Russinovich. It's a 'root kit' that arrived uninvited, but it's also "underhanded and sloppy software" , that once removed, prevented Windows from playing his CD again (Van Zant's 'Get With The Man') he notes in his analysis.

The Sony CD creates a hidden directory and installs several of its own device drivers, and then reroutes Windows systems calls to its own routines. It intercepts kernel-level APIs, but then attempts to disguise its presence, using a crude cloaking technique.

Disingenuously, the copy restriction binaries were labelled "Essential System Tools".

But the most disturbing part of the tale came when Russinovich ran his standard rootkit-removal tool on the post-Sony PC.
"Users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files," he writes.

Which puts it in an entirely different class of software to the copy restriction measures we've seen so far, which can be disabled by a Post-It note. Until specialist tools arrive to disinfect PCs of this particular measure.®
Click to expand...

http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/
 
this was on slashdot aswell. for sony this could be turn out to be an evil and underhanded way of causing a lot of trouble for themselves.

re the legality of removing the rootkit i think this post sums it up pretty nicely.

".....They didn't have permission to put it there, and I think it would be a tough case to prosecute me for repairing my own computer. My computer is not Sony's medium to do with as they please - it's MINE - I paid for it, and I licensed the software. Now, removing the protection from their media - or extracing the content and freeing it from the DRM, yes, that's circumvention, and probably prosecutable under the DMCA. But my computer is MINE and they don't have the right to secretly fuck with it."
 
Fuckers will just put a clause in the CD's small print where by purchasing the CD you're agreeing to the use and installation of their propriety malware not to mention tying and legal case against up in litigation for years, WMD anyone?
 
Missed%20target.gif
 
i know this is probably obvious, but the software on the Sony CD's doesn't automatically install itself, correct? it takes an OK by the operator to allow it to install from my experience (trying to rip the latest My Morning jacket cd)...

...just fucking boycott SonyBMG - s'what i'm doing. feels excellent.
 
Lord Damian said:
i know this is probably obvious, but the software on the Sony CD's doesn't automatically install itself, correct? it takes an OK by the operator to allow it to install from my experience (trying to rip the latest My Morning jacket cd)...

...just fucking boycott SonyBMG - s'what i'm doing. feels excellent.
Click to expand...

The current coldplay album, on EMI, has copy control protection. It doesn't seem to install anything though, just autoloads a propriety media player when you put in the CD. Does a good job of hiding all the data on the cd though.
 
Only Stupid Bastards Support Sony

Lord Damian said:
it takes an OK by the operator to allow it to install
Click to expand...
And for the typical Windows operator, seeing a warning box pop-up is such a regular
thing, that the OK button gets clicked before the warning even gets read.

Having said that, even if you do read the warning, it doesn't tell you the gory details
of what you are agreeing to. According to one comment on the Russinovich blog, the
person who wrote the replacement CDROM driver didn't have any experience writing
drivers, and was asking some very basic "look, I really don't have a clue here" questions
on a public helpdesk forum.

And the little UK company that wrote this software for Sony? Most of the company
directors are former directors in Sony/BMG. Which is pure coincidence, of course.

What's really bad about this one is that you have to ASK PERMISSION from Sony to
remove their "rootkit"... but they got to damage the reliability of your computer WITHOUT
your permission. The lawsuits are going ahead, but what made Sony back down was the
fact that at least one virus is using the rootkit's "cloaking" technique to hide itself...
so if you did install Sony's DRM software, you can't remove the virus.
 
Re: Only Stupid Bastards Support Sony

McGonagles said:
And for the typical Windows operator, seeing a warning box pop-up is such a regular
thing, that the OK button gets clicked before the warning even gets read.

Having said that, even if you do read the warning, it doesn't tell you the gory details
of what you are agreeing to. According to one comment on the Russinovich blog, the
person who wrote the replacement CDROM driver didn't have any experience writing
drivers, and was asking some very basic "look, I really don't have a clue here" questions
on a public helpdesk forum.

And the little UK company that wrote this software for Sony? Most of the company
directors are former directors in Sony/BMG. Which is pure coincidence, of course.

What's really bad about this one is that you have to ASK PERMISSION from Sony to
remove their "rootkit"... but they got to damage the reliability of your computer WITHOUT
your permission. The lawsuits are going ahead, but what made Sony back down was the
fact that at least one virus is using the rootkit's "cloaking" technique to hide itself...
so if you did install Sony's DRM software, you can't remove the virus.
Click to expand...
well, i wasn't in any way trying to justify their actions, i was just unfamiliar with the whole process...as soon as i saw the shit pop up on my machine when i went to rip the MMJ cd, i cancelled it, and began my SonyBMG boycott.
there's something on Pitchfork today about Sony backing down, but i have it from a very reliable source saying that it's only one copyright control program they will be discontinuing...apparently there's another program that they will be continuing to use (in Canada, at least)...usual bullshit.

the boycott continues.
 
Lord Damian said:
i know this is probably obvious, but the software on the Sony CD's doesn't automatically install itself, correct? it takes an OK by the operator to allow it to install from my experience (trying to rip the latest My Morning jacket cd)...
Click to expand...

True - in the case of the XCP rootkit anyway...but Sony has also used another DRM program called MediaMax, which behaves in a not-so-ladylike way (see here) :

"Like XCP, recent versions of MediaMax engage in spyware-style behavior. They install software without meaningful consent or notification, they include either no means of uninstalling the software or an uninstaller that claims to remove the entire program but doesn’t, and they transmit information about user activities to SunnComm despite statements to the contrary in the end user license agreement and on SunnComm’s web site."

BoingBoing has been following the Sony story since it broke, and it's just posted a useful synopsis of what's been happening.
 
quasiquasi said:
True - in the case of the XCP rootkit anyway...but Sony has also used another DRM program called MediaMax, which behaves in a not-so-ladylike way (see here) :

"Like XCP, recent versions of MediaMax engage in spyware-style behavior. They install software without meaningful consent or notification, they include either no means of uninstalling the software or an uninstaller that claims to remove the entire program but doesn’t, and they transmit information about user activities to SunnComm despite statements to the contrary in the end user license agreement and on SunnComm’s web site."

BoingBoing has been following the Sony story since it broke, and it's just posted a useful synopsis of what's been happening.
Click to expand...
yup, this Suncommm shit is the one they will be continuing to use in CDA....
 
Re: Only Stupid Bastards Support Sony

Lord Damian said:
the boycott continues.
Click to expand...
I never have and never will buy any copy-protected music CD.
And I'll be thinking twice about buying any Sony/BMG release from now on.

They're not going to stop copy-protecting their releases (they're not even
recalling the "rootkit" ones, just discontinuing them), and they're going to keep
doing stupid things that drive legitimate customers away.

And guess what? Those protected tracks are still going to show up on P2P networks,
usually before the protected CDs are in the shops. So for people who used to buy CDs
(which is legal in Ireland and everywhere else) and rip a copy for the ipod (which is legal
in most places, but illegal in Ireland), it's now going to be easier to download it illegaly.

Putting music that you didn't buy from itunes onto your ipod is illegal anyway, even if you
did buy the same music on CD, so why waste your money if you're already breaking the law?

There is never going to be an un-crackable copy protection scheme. Software companies
found this out in the early-to-mid 1980s. We have been through all of this before, just on
a smaller scale.
 
a list of CDs containing Sony's XCP rootkit

Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia) (labeled as XCP, but, oddly, our disc had no protection)

Several other Sony-BMG CDs are protected with a different copy-protection technology, sourced from SunnComm, including:

My Morning Jacket, Z
Santana, All That I Am
Sarah McLachlan, Bloom Remix Album


Luckily, most of these CDs are shit anyway.



Also, here's a how-to on recognising CDs containing Sony's rootkit

http://www.eff.org/IP/DRM/Sony-BMG/





If you have no idea what I'm on about, here you go:

http://www.wired.com/news/technology/0,1282,69467,00.html
 
Re: a list of CDs containing Sony's XCP rootkit

inspector horse said:
supposedly microsoft are releasing something that will delete the rootkit, but i'd say thats more of a fuck sony thing rather than microsoft customer care
Click to expand...
Sony's controversial anti-piracy CD software has been labelled as spyware by Microsoft.
The software giant said a key part of the XCP copy protection system counted as malicious software under the rules it uses to define what Windows should be protected against.

It plans to include detection and removal tools for parts of XCP in its weekly anti-spyware software update.

The news came as Sony BMG suspended production of CDs that use XCP.
Click to expand...
http://news.bbc.co.uk/1/hi/technology/4434852.stm
 
New posts

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Activity
So far there's no one here
Old Thread: Hello . There have been no replies in this thread for 365 days.
Content in this thread may no longer be relevant.
Perhaps it would be better to start a new thread instead.

21 Day Calendar

Vinnie
Darsombra (Kosmische Drone Prog)(US)
Anseo
18 Camden Street Lower, Saint Kevin's, Dublin, Ireland
Vinnie
Gig For Gaza w/ ØXN, Junior Brother, Pretty Happy & Mohammad Syfkhan
Vicar Street
58-59 Thomas St, The Liberties, Dublin 8, Ireland

Similar threads

pete
badBIOS
Replies
13
Views
3K
pete
pete
Scientician 0.8
Vista Home Premium, blue screen with cursor.
Replies
6
Views
1K
Scientician 0.8
Scientician 0.8
7 - No tomorrow
iTunes 11 - And how it sucks
2 3
Replies
50
Views
16K
pete
pete
iMADEtheBBC
ProTools Digidesign TDM System + Extras (turnkey multitrack solution)
Replies
7
Views
4K
hansmarrs
H
Anthem
C Drive Space Keeps Filling Up
2
Replies
20
Views
3K
jonah
jonah

Support thumped.com

Support thumped.com and upgrade your account

Upgrade your account now to disable all ads...

Upgrade now

Latest threads

Latest Activity

Loading…
Back
Top