<div class='os_post_top_link'><a href='http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/' target='_blank'>http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/</a><br /><br /></div><i>"Sysinternals' Mark Russinovich has performed an analysis of the copy restriction measures deployed by Sony Music on its latest CDs: which he bluntly calls a 'root kit'. Using conventional tools to remove Sony's digital media malware will leave ordinary users with Windows systems unable to play CDs. While the Sony CDs play fine on Red Book audio devices such as standard consumer electronics CD players, when they're played on a Windows PC the software forces playback through a bundled media player, and restricts how many digital copies can be made from Windows."</i><br /><br />Just when I think DRM can't get any more ugly, Sony pulls out all the stops and really mucks with Windows-based machines. You have to read the article to believe it. 8O

So will MS put out a security fix to protect the OS from Sony? :twisted:

So will MS put out a security fix to protect the OS from Sony? :twisted:

That's a very interesting point! Since so many anti-Spyware packages are protecting users from benign cookies, I wonder when they'll protect users from invasive DRM schemes as well?

Forgive my ignorance, but as long as this DRM is targeted at Microsoft operating systems, can one not simply do a system restore to rid the machine of this software?

Forgive my ignorance, but as long as this DRM is targeted at Microsoft operating systems, can one not simply do a system restore to rid the machine of this software?

Yes, that is an option that should work - but System Restores can sometimes go funky, and in the case of laptops that are off more often than they're on, it's often very hard to have recent system restore point. On many of my laptops the system restore points are 30+ days old.

MS Anti-spyware has a communal reporting system in place whereby users can report on malware.
It shouldn't take too many reports to provide MS with all the legal defense they would need to eject the rootkit.
Absent those requests, however, Sony might whine to the clueless trustbusters that MS (which has its own DRM tech it licenses) is "competing unfairly" by removing its package. Theoretically, they might even argue that removing the malware violates the DMCA...

Ultimately it is up to consumers to put an end to this by boycotting Sony.
Period.

Not buying the CDs that do this is not enough; Sony as a whole needs to be made an example of so no other company thinks it can get away with this kind of anti-consumer behavior.

PCWorld has more details, including one possible avenue of recourse, courtesy of the EFF...

http://www.pcworld.com/news/article/0,aid,123362,00.asp

Geez, this is lame. :x Whatever happened to complete user control over one's own computer?

This just goes to show how anal-retentive Sony BMG have become. They screwed the music download market in Australia and Japan by choosing not to participate in iTMS (a sign of things to come for other iTMSes?), and now they're screwing users worldwide through their own CDs. It's this sort of thing that will make me think twice before purchasing a Sony BMG CD, and at the end of the day, it's Sony who suffers (though probably not to the extent that I'd hope for).

My friend just scored a massive recording deal with Sony BMG, and I'd be interested to hear what he thinks of the label in a year's time.

F-Secure's weblog (http://www.f-secure.com/weblog/archives/archive-112005.html#00000691) is also reporting on this, and they've added detection for the "Rootkit by Sony (tm)":
When you insert such a CD to a Windows-based PC, the record will display a license agreement and then it will seem install a song player software - while it really installs a rootkit to the system. Once the rootkit is there, there's no direct way to uninstall it. The system is implemented in a way that makes it possible for viruses (or any other malicious program) to use the rootkit to hide themselves too. This may lead to a situation where the virus remains undetected even if the user has got updated antivirus software installed.

...

So: if you've recently used CD releases from Sony BMG that state that they are content protected on your Windows computer, the "Scan for Rootkits" function in our product will detect this program on your system. Same happens with our free BlackLight beta that you can download from our web site.

...

As this DRM system is implemented as a filter driver for the CD drive, just blindly removing it might result in an inaccessible CD drive letter. Instead, we recommend you contact Sony BMG directly via this web form and ask for directions on how to remove the software from your system

Oh, so you don't think that you are punishing the consumer enough by DRM'ing the whole CD? Nope, if you remove the un-removable "un-detectable" software then you're screwed! :roll: Thanks Sony for another great product! :evil:

The technical details (http://www.europe.f-secure.com/v-descs/xcp_drm.shtml) on this rootkit is also a joy to read ;)
Although the software isn't itself malicious, the hiding techniques used are exactly the same that malicious software known as rootkits use to hide themselves. The DRM software will cause many similar false alarms with all AV software that detect rootkits.

The hiding techniques used by the DRM software can be abused by less technical malware authors to hide their backdoors and other tools. If a malware names its files beginning with the prefix '$sys$', the files will also be hidden by the DRM software. Thus it is very inappropriate for commercial software to use these techniques. (My emphasis added to the quote.)

All the information I see about this insidious "protection" scheme relates to Windows PCs.

Does anybody know what happens when I try to play or rip one of these CDs to my Mac OS X computer? :?:

Perhaps we should all go to our local CD store, buy a few Sony BMG protected CDs, then return them as defective. Maybe Sony will get the idea when they see truckloads of CCDs returned.

At least this kind of DRM is Windows-only - certainly would pay to keep a LinuxLive CD about so you could then access the Sony CD and rip the tracks to MP3s for future use.

Does anybody know what happens when I try to play or rip one of these CDs to my Mac OS X computer? :?:

Currently there is no effect on OS X. In addition OS X would prompt you for the admin password before giving root access to any and all installers.

Further reading in the how to remove department just makes this one even better.

*Link to FAQ and a link to remove instructions (http://cp.sonybmg.com/xcp/english/faq.html#uninstall)

You just can't ask for the uninstall instructions you have to provide the name of the artist, albumn title, the store where you bought it, and provide your email address. (Why would I ever believe a company who would install something like this without asking would keep the use of my e-mail in high regard?)

Then...

Quote: "You must log on to your computer with Administrator rights or Power User rights to fully use the disc. Normally, you should have Administrator rights, unless you are working in a corporate environment in which case, you'll need to contact your IT department to have them install the software for you."

Translation: We can't hack your computer, and therefore you can't enjoy this music, unless you run as Administrator. They also go to claim the reason why you can't rip the software using iTunes is Apple's fault:

"Apple's proprietary technology doesn't support secure music formats other than their own and therefore the music on this disc can't be directly imported into iTunes or iPods.

Sony BMG wants music to be easily transferable to any device that supports secure music. Currently, music from our protected CDs may be transferred to hundreds of such devices, as both Microsoft and Sony have assisted to make the user experience on our discs as seamless as possible with their secure formats.

Unfortunately, in order to directly and smoothly rip content into iTunes it requires the assistance of Apple. To date, Apple has not been willing to cooperate with our protection vendors to make ripping to iTunes and to the iPod a simple experience. "

Translation: See, it's not Sony's fault, Sony is working with Microsoft. It's Apple's fault we installed a rootkit onto your computer so you can't easily take the Red Book Audio tracks off this CD. Apple also did not work with our vendors to find away to hack our files into your OS.

On slower machines, especially ones running Windows 98 and Windows ME, the player may consume a high amount of CPU cycles even if it is not playing back audio. If you experience audio playback problems try quitting out of other open applications.

Bolding added for effect, no translation needed. :D

Yes, I am stirring the pot here, but honestly this one almost stirs itself.

Look at what was just released: http://cp.sonybmg.com/xcp/english/updates.html

Although if you ask me, Sony should just offer a step-by-step guide on bypassing the bloatware altogether. :roll:

If you have AnyDVD installed on your system, it prevents the rootkit malware (and other CD protection schemes) from installing. You can still play the CD/DVD

See: http://www.slysoft.com/en/anydvd.html