| Author |
Message |
    
monster
Supporter
Username: Monster
Post Number: 1487
Registered: 7-2002
| | Posted on Wednesday, November 2, 2005 - 3:01 pm: |     |
Sony's new DRM protection scheme will install a rootkit on your pc, besides being of questionable legality their methods may leave your computer open to being exploited by those that do not have your best interest in mind.
A root kit is a set of tools frequently used by an intruder after cracking a computer system. These tools are intended to conceal running processes and files or system data, which helps an intruder maintain access to a system for malicious purposes.
For more info try the following links,
a Register article, http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/
The Sysinternal blog, http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
Engadget, http://www.engadget.com/entry/1234000420066115/
The Big Picture, http://bigpicture.typepad.com/comments/2005/10/drm_crippled_cd.html
f-secure, http://www.f-secure.com/weblog/
Castlecops, http://castlecops.com/postp605449.html
Velcro City, http://www.velcrocitytouristboard.blogspot.com/
rootkit, http://www.rootkit.com/blog.php?newsid=358
Acts of Volition has a copy of the post made on Sony's forum by Tim Foreman of the band Switchfoot, that's the band on the CD, the post seems to have been removed from Sony's website.
http://www.actsofvolition.com/archives/2005/september/switchfoot
Google News, http://news.google.com/news?hl=en&ned=&q=Sony+Rootkit
Now I have to go, I'm late but just had to pass this along.
fscking Sony |
Tom Reingold
Supporter
Username: Noglider
Post Number: 10502
Registered: 1-2003
| | Posted on Wednesday, November 2, 2005 - 3:08 pm: | |
Wow!
I strongly suspect they will be sufficiently embarrassed to reverse this decision.
|
monster
Supporter
Username: Monster
Post Number: 1488
Registered: 7-2002
| | Posted on Wednesday, November 2, 2005 - 3:44 pm: | |
Did you read the part where they changed the EULA after the fact? |
Case
Citizen
Username: Case
Post Number: 520
Registered: 2-2005
| | Posted on Wednesday, November 2, 2005 - 3:49 pm: | |
Nice.
Here's a site that can help:
http://www.sysinternals.com/utilities/rootkitrevealer.html |
monster
Supporter
Username: Monster
Post Number: 1489
Registered: 7-2002
| | Posted on Wednesday, November 2, 2005 - 3:55 pm: | |
I seem to remember that several months ago I had to remove a nasty that was created by the same company that Sony got their DRM from, & it was a pain in the arse.
|
Case
Citizen
Username: Case
Post Number: 521
Registered: 2-2005
| | Posted on Wednesday, November 2, 2005 - 4:47 pm: | |
These can be truly insidious, but they're NOT impossible - if anyone turns up an issue, post it here... |
monster
Supporter
Username: Monster
Post Number: 1490
Registered: 7-2002
| | Posted on Wednesday, November 2, 2005 - 5:29 pm: | |
I'm tempted to install it on a computer here at work, just to take a look at it & uninstall it. |
Bailey
Citizen
Username: Baileymac
Post Number: 57
Registered: 3-2005
| | Posted on Wednesday, November 2, 2005 - 9:53 pm: | |
um.. another opportunity for Mac users to smile..
:-)
|
monster
Supporter
Username: Monster
Post Number: 1491
Registered: 7-2002
| | Posted on Wednesday, November 2, 2005 - 11:55 pm: | |
ya' notice that this Mac user didn't rub it in, I think that this is a pretty shˇtty thing for Sony to do.
If you peruse the links I posted you may notice that all of this has the appearance to be a pissing match between Sony and Apple, Sony even went as far as posting a link for a page at Apple where one can voice there concern over the fact that there music can't (or at least not easily) be used on the iPod or iTunes.
Quote:Part III
As odd as the story is so far, its about to get a whole lot weirder: It turns out that all Engadget (quoting Variety) notes that this DRM is not at all about making the CD immune to piracy. Instead, its part of a pissing contest between Sony and Apple: Variety writes that "the new copy protection scheme — which makes it difficult to rip CDs and listen to them with an iPod — is designed to put pressure on Apple to open the iPod to other music services, rather than making it dependent on the iTunes Music Store for downloads."
|
monster
Supporter
Username: Monster
Post Number: 1492
Registered: 7-2002
| | Posted on Thursday, November 3, 2005 - 1:22 am: | |
http://news.zdnet.com/2100-1009_22-5928608.html
Quote: The patch that First 4 Internet is providing to antivirus companies will eliminate the rootkit's ability to hide itself and the copy-protection software in a computer's recesses. The patch will be automatically distributed to people who use tools such as Norton Antivirus and other similar programs, Gilliat-Smith said.
The patch that will be distributed through Sony BMG's Web site will work the same way, Gilliat-Smith said. In both cases, the antipiracy software itself will not be removed, only exposed to view.
Consumers who want to remove the copy-protection software altogether from their machine can contact the company's customer support service for instructions, a Sony BMG representative said.
|
Gatica
Citizen
Username: Katracho
Post Number: 168
Registered: 11-2002
| | Posted on Saturday, November 12, 2005 - 4:27 pm: | |
Well, everyone knew it was just a matter of time before Sony got sued over this...
=====================================
Sony Faces Class Action Lawsuits For DRM
by Mike Baron
Nov 12, 2005
Last Month, Mark Russinovich, of SysInternals.com, uncovered a so-called "rootkit" which is installed by Sony's new digital rights management-protected music CDs.
A rootkit is the common name for a malicious piece of software that is used by hackers or criminals to gain access to a computer system and be able to stealthly run other malicious code. Rootkits often contain hidden and hard to remove files and are designed to be difficult for the user to uninstall.
California, Italy and New York are the first to bring litigation against Sony BMG's digital rights management (DRM) software found in at least 20 music discs released by Sony. The software automatically installs after the user agrees to a end user license agreement (EULA) before the music disc can be played, and includes a rootkit that can create vulnerabilities in the user's Windows computer.
One trojan horse exploiting the security hole has reportedly been discovered.
The California suit claims that the software violates the Consumer Legal Remedies Act, the Consumer Protection Against Computer Spyware Act, and the California Unfair Competition Law. The upcoming lawsuit in New York seeks restitution for consumers across the nation.
Mathew Gilliat-Smith, the CEO of First 4 Internet, the company that created the software, claims it is "benign content." Meanwhile, in an NPR interview, a spokesman for Sony said, "users don't know what a rootkit is, and therefore, don't care."
Russinovich classifies Sony malware as a rootkit because it is alleged to open several serious security holes, one of which can be exploited to hide files and prevent the user from removing them. In particular, all executable files that begin with '$sys$' are hidden when the software is installed. Russinovich points out that these security holes would likely be exploited by hackers, or other malware producers besides Sony.
He goes on to explain that naively removing the files will result in the users operating system becoming crippled. Russinovich provides an explanation of the difficult step required to remove Sony's malware.
Playing the same CDs on computers not running the Windows operating system, or on a non-computer based CD player remains free of harm. As removing Sony's malware may violate the DMCA, ripping the CDs on computers running a non-Windows operating system may be the best legal and technically safe option for those who wish to listen to them under Windows, according to published reports.
The rogue software is automatically installed when a Sony CD is played on a computer, and is not mentioned in their EULA.
Sony and First 4 Internet have released "patches" and uninstall kits, after programmer Mark Russinovich discovered the hidden files from the rootkit. However, these uninstall kits are only installable online through an ActiveX application, a technology many security experts advise users to deactivate due to its high execution privileges on host computers.
In addition to questions of legality, the DRM software has come under fire from media rights activists and even artists.
Thomas Hesse of Sony BMG is quoted by the San Francisco Chronicle as saying that 60 percent of Sony BMG CDs released in the United States currently have copy protection measures, and that they aim to hit 100 percent by early 2006.
Source:
http://www.postchronicle.com/news/technology/article_2121240.shtml
and, as Reingold foretold, they are reversing their decision...
=====================================
Sony BMG suspends copy-protection software
By Paul Taylor in New York
Published: November 11 2005 20:31 | Last updated: November 11 2005 20:31
Sony BMG, the joint venture record label, was on Friday forced into an embarrassing climbdown over its use of copy-protection technology on music CDs that exposed some PC users to hackers.
The company said it would “temporarily suspend” use of the controversial software and apologised to PC users for “possible inconvenience” it may have caused.
The turnaround came after several PC security firms identified a “Trojan“ e-mail virus designed to exploit software that some of Sony BMG's music CDs install on their owners' computers when played.
The copy protection software dubbed “XCP“ developed by UK-based First4Internet, limits the number of copies that can be made from the original CD. It is designed to deter “casual piracy“ - typically, friends copying each other's music CDs.
Sony BMG, whose recording stars include Celine Dion, Mariah Carey and Destiny's Child, is believed to have installed XCP on millions of CDs since it began using the software earlier this year.
On Friday, Sony BMG, which faces a number of lawsuits in the US related to the use of the software, acknowledged for the first time that it could render PC users vulnerable to attack.
“We are aware that a computer virus is circulating that may affect computers with XCP content protection software,” the company said, adding that the software has been included on a limited number of Sony BMG titles, but emphasising, “This potential problem has no effect on the use of these discs in conventional, non-computer-based, CD and DVD players.”
In response to the virus attacks, the company said it had provided a software “patch“ to all major anti-virus companies and to the general public. The patch protects PC users against the virus, identified by Kaspersky, the Russian PC security firm and by UK-based Sophos.
“We deeply regret any possible inconvenience this may cause,” Sony BMG said, adding that it stood by its content-protection technology as “an important tool to protect our intellectual property rights and those of our artists“. The company said: “Nonetheless, as a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology. We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use.”
Sony BMG has still not identified which of its music CDs contain the software. Earlier this week, however, the Electronic Frontier Foundation, a US-based consumer advocacy group, identified at least 19 Sony BMG music CDs that the group claims install the software when played on a PC.
Critics, including the EFF, claim the software also slows down PCs and makes them more susceptible to crashes and third-party attacks. “Since the program is designed to hide itself, users may have trouble diagnosing the problem,” the EFF said.
Find this article at:
http://news.ft.com/cms/s/018223e4-52f0-11da-8d05-0000779e2340,ft_acl=,s01=1.html
|
Case
Citizen
Username: Case
Post Number: 672
Registered: 2-2005
| | Posted on Wednesday, November 16, 2005 - 8:52 am: | |
This is a pretty good article too:
http://www.networkworld.com/columnists/2005/111405backspin.html?nl&code=nlgibbs1 11405 |
TomD
Citizen
Username: Tomd
Post Number: 330
Registered: 5-2005
| | Posted on Wednesday, November 16, 2005 - 9:58 am: | |
Microsoft is updating their their Anti Spyware app (which is very good) to remove the Sony DRM rootkit.
How dumb does Sony have to be to make Microsoft the security good guys? |
Gatica
Citizen
Username: Katracho
Post Number: 177
Registered: 11-2002
| | Posted on Wednesday, November 16, 2005 - 10:14 am: | |
Quote:
-----------------------------------------------
Most people, I think, don't even know what a rootkit is, so why should they care about it?"
- Thomas Hesse, president of Sony BMG's global digital business division, interviewed on National Public Radio's "Morning Edition" on Nov. 4.
-----------------------------------------------
He's got some gonads to say that.
Of course, it will be very unlikely that any Sony executive will be jailed for these actions (a la that teenage doofus who got arrested and convicted last year (?). He looked like he had not seen the sun in quite a while.)
Maybe the California lawsuits will knock some sense into their heads. |
Gatica
Citizen
Username: Katracho
Post Number: 178
Registered: 11-2002
| | Posted on Wednesday, November 16, 2005 - 10:17 am: | |
Microsoft the security good guys. Ha! That's laughable. They bought Claria, the people who used to be known as Gator (remember that piece of hard to remove spyware?). After they bought Claria, they stopped flagging Gator as spyware/adware.
Security good guys, my arse.
|
monster
Supporter
Username: Monster
Post Number: 1586
Registered: 7-2002
| | Posted on Wednesday, November 16, 2005 - 11:35 am: | |
That deal never went through with Claria
Quote:
http://news.com.com/Microsoft+said+to+be+mulling+purchase+of+Claria/2100-1030_3- 5769583.html
Claria's software is installed on an estimated 40 million desktops and is designed to monitor people's actions, behaviors, likes and dislikes in order to display targeted ads. The company also operates a research division that extrapolates consumer habits over the long term.
Seems like this would go hand in hand with M$'s move to offer free (ad-supported) apps online.
http://news.com.com/Microsoft+eyes+making+desktop+apps+free/2100-1014_3-5951569.html
Already, the company has announced plans for Office Live and Windows Live, two products that are ad-supported complements to its existing desktop software. But in the internal documents, Microsoft workers maintain that the software maker may be forced to go further if rivals launch ad-supported versions of popular programs such as PowerPoint.
"If our competitors release free, advertising-supported versions of these programs, we may need to do the same," the two researchers and John Skovron, who works in MSN's Money unit, wrote in the winter 2005 paper.
Microsoft has been mulling a shift to ad-supported software for some time. A paper prepared for a summer 2004 Thinkweek gathering noted the decline in consumer software and suggested Microsoft's MSN online business might benefit from moving from a subscription model to one paid for through advertising.
The company's exploration of ad-supported software extends even to Windows, its most important product. An ad-supported version of the operating system could make some sense, the Microsoft researchers argue in their Thinkweek piece, noting that the product reportedly earns $9 per year per user.
The key is creating a robust enough advertising business to pay for more expensive content than what has been traditionally offered for free on the Internet. At the center of Microsoft's efforts here is a product called AdCenter. Its initial role is to offer the same kinds of text-based keyword ads as Google serves up though its AdWords, but Microsoft's ambitions for AdCenter go much further.
Executives see AdCenter, which has been known internally by the code name Moonshot, as a way to offer all manner of ads, text, display and video for use both online and offline on a PC, and on other devices, such as the Xbox gaming console or mobile phones.
icrosoft faces other challenges as well. One problem with inserting ads served over an Internet connection into desktop software is that while broadband access has grown, many computers spend a significant amount of time offline. Also, to pay off, such advertising must be targeted and relevant enough to both generate higher revenue and avoid annoying users.
some users might feel comfortable, say, writing a letter about their trip to Costa Rica in a free, ad-sponsored word-processing program and seeing ads for Costa Rica travel, while others may find that crosses a line.
|
Gatica
Citizen
Username: Katracho
Post Number: 183
Registered: 11-2002
| | Posted on Wednesday, November 16, 2005 - 12:07 pm: | |
Monster: thanks for the clariafication!
Man, just what I need, more ads. I hate ads. Online, offline. |
monster
Supporter
Username: Monster
Post Number: 1587
Registered: 7-2002
| | Posted on Wednesday, November 16, 2005 - 1:17 pm: | |
ads suck, but in some cases are necessary.
This isn't really one of those cases, I guess they figure since there are so manyu people out there that steal the software, why not make it easier for them and offer it for free, with the catch of the ads.
the ads could generate more revenue for M$ over time, than the sales of the apps or the OS, and frees up consumers to use the newest of either, albeit with the ad catch.
I'm sure they would continue to offer it sans ads, for a price, now if they see they are making more money via the ads, they may actually go the route of selling crippled ad-free software.
You could have won a new X-Box!
or click below for a free years subscription to MOL!
 |
Gatica
Citizen
Username: Katracho
Post Number: 184
Registered: 11-2002
| | Posted on Wednesday, November 16, 2005 - 2:21 pm: | |
Sony BMG recalls copy-protected music CDs
Wed Nov 16, 2005 10:05 AM GMT
AMSTERDAM (Reuters) - Music publisher Sony BMG, yielding to consumer concern, said on Wednesday it was recalling music CDs containing copy-protection software that acts like virus software and hides deep inside a computer.
"We share the concerns of consumers regarding discs with XCP content-protected software, and, for this reason, we are instituting a consumer exchange programme and removing all unsold CDs with this software from retail outlets," Sony BMG said in an statement.
The XCP software used by Sony BMG, which was developed by British software developers First4Internet, leaves the back door open for malicious online hackers.
Sony BMG, in a separate statement, also announced it would distribute a program to remove the software from a PC where it jeopardises security.
"We deeply regret any inconvenience this may cause our customers. Details of this (recall) program will be announced shortly," Sony BMG said.
The withdrawal is set to affect millions of compact discs from artists such as Celine Dion and Sarah McLachlan but Sony did not give exact figures or the names of the artists affected.
Sony reiterated that the copy-protection software only installs itself on personal computers and not on ordinary CD and DVD players.
Microsoft Corp.'s anti-virus team said on Tuesday it would add a detection and removal mechanism to rid a personal computer of the Sony's DRM copy-protection software. The software installs itself only on PCs running Microsoft's Windows operating system.
VIRUSES EMERGE
The flaws of the copy-protection software became acute last week, when the first computer viruses emerged that took advantage of the security holes left by the program.
Responding to public outcry over the software, the music publishing venture of Japanese electronics conglomerate Sony Corp. and Germany's Bertelsmann AG had said on Friday it would temporarily suspend the manufacture of music CDs containing XCP technology.
It then provided a patch to make the hidden program more visible. At the time it did not recall the CDs or offer a program to remove it from computers. The initial measures still left PCs vulnerable, according to software engineers.
The program will have installed itself on a Windows-operated personal computer when consumers wanted to play certain Sony BMG music CDs. The program forces consumers to use a music player that comes with the program.
Sony BMG has positioned itself as a defender of artists' rights. It re-emphasised on Friday that copy-protection software is "an important tool to protect our intellectual property rights and those of our artists".
Sony BMG last week was targeted in a class action lawsuit complaining that it had not disclosed the true nature of its copy-protection software.
© Reuters 2005. All Rights Reserved.
|
|
Closed: New threads not accepted on this page