Sony BMG rootkit DRM saga
p2p news / p2pnet: At least two new ventures appear to have developed around Sony BMG’s thwarted attempt to sneak spyware into consumer’s systems.
Sony BMG rootkit-based DRM (Digital Restriction Management) was independently identified by Mark Russinovich at Sysinternals, and by F-Secure.
The company came out with a patch but it, “can lead to a crashed system and data loss” and “Sony is still making users jump through hoops to get an uninstaller,” states Russinovich, who also says he’s now heard from First 4 Internet, “the company that implements Sony`s Digital Rights Management (DRM) software that includes a rootkit”.
First 4 Internet, “rebuts four of the points I raise in the post,” he says.
But as p2pnet’s Alex H points out, the SB rootkit isn’t without its benefits, which is to say it can be modified to hide you from another spyware app, Blizzard’s The Warden. He says:
A brave band of WoW hackers (well, one guy called Outlaw) has found a quick-n-dirty method (reminiscent of the get-around-CSS-by-holding-the-Shift-key) to block The Warden’s sniffing. How’s it done?
1. Buy the (ironically titled) CD “Get Right With The Man” by Van Zant
2. Run the CD
3. rename myhack.exe to $sys$myhack.exe
So for $14.95 you can score a perfect hack to hide your WoW “pharming” or other activities banned by Blizzard.
Then, over in New York, on its web page, Green Welling says it’s, “investigating Sony BMG over its latest copy-protection scheme. It is alleged that copy-protected Sony BMG audio CDs released after January 1, 2005 contain unlawful, unauthorized and potentially damaging software that is not disclosed to the consumer when the disc is inserted in a Microsoft Windows-based personal computer. Furthermore, the software can not be un-installed or removed by the end user without considerable time, expense and expertise. Customers who purchased a copy-protected Sony BMG audio CD and used it on their Windows PC before October 31, 2005 are encouraged to contact us.”
Nor is Sony BGM alone. Green Welling also has class actions going against a whole raft of other companies ranging from Palm Treo to Del Monte.
Meanwhile, “It has been rumored that other recording giants including EMI and the Universal Music Group use technology similar to that used by Sony, says CNET News. An EMI spokesman said DRM on EMI CDs can be completely removed if the user doesn’t want to play the CD any more, says the story, going on to quote ann EMI spokesman as saying:
“The content-protection software that we’re using can be easily uninstalled with a standard uninstaller that comes on the disc. EMI is not using any software that hides traces of the program. There is no ‘rootkit’ behavior, and there are no processes left running in the background.”
EMI also said it wasn’t working with First 4 Internet, “although it is trialing other content-protection software” and, “We recently completed a trial of three content-protection technologies (Macrovision’s CDS300, SunnComm’s MediaMax and SonyDADC’s key2audioXS), and First 4 Internet’s technology was not one of those tested.”
First 4 Internet says its XCP DRM uses, “a range of methodologies, including the construction of multiple protection layers, limiting the ROM player accessibility to the provided player software and encapsulating the Red Book audio content”.
Zomething you think we should know? tips[at]p2pnet.net
See:-
crashed system – Sony DRM ‘fix’ still dangerous, November 5, 2005
First 4 Internet – ‘New’ kind of DRM, December 18, 2004
rebuts four of the points – Sony`s Rootkit: First 4 Internet Responds, November 6, 2005
points out – WoW! Sony DRM v The Warden, November 6, 2005
The Warden – Blizzard spyware app revealed, October 31, 2005
CNET News – Why they say spyware is good for you, November 7, 2005
November 7th, 2005 at 11:46 pm
Never ever let a DVD or CD install anything on your computer to watch or listen to content.
November 8th, 2005 at 12:33 am
I have read about the growing trend of computer blackmail in the press, where someone compromises your computer and won’t tell you how to uncompromise it until you accede to their demands. Since Sony insists on you giving them personal info (email address) in order to gain the ability to undo their installation, could that be considered as similar enough to the blackmailers’ tactics to make their DRM software and susequent tactics equally illegal?
November 8th, 2005 at 12:49 am
Said Declan McCullagh on c-net news.com http://news.com.com/Why%20they%20say%20spyware%20is%20good%20for%20you/2010-1071_3-5934150.html?part=rss&tag=5934150&subj=news
:
In a bizarre twist, though, it’s not only Sony that could be facing a legal migraine. So could anyone who tries to rid their computer of Sony’s hidden anticopying program.
That’s because of Section 1201 of the Digital Millennium Copyright Act, which bans the “circumvention” of anticopying technology.
Wouldnt that be funny. If you remove files that you do not want from your computer you could be breaking the law? Surely if you seek legal advise first the lawyer will say… huh?. Better yet, throw away the computer and get a new one. I may be cheaper than getting DRM legal advise.
Rafael Venegas
http://www.gvenegas.com
November 8th, 2005 at 1:22 am
Do they insist on an email address for the patch ? …
November 8th, 2005 at 5:37 am
Yes, they do, twice. The last one has a built in agreement that you will agree to be on Sony’s mail list, you can not disagree and send the 2nd email. It also has phone home discovered in it, but that really hasn’t hit the news like the rest of it. On the forum of Mark’s (who discovered this mess) there is some interesting reading where the I4 guy tries to defend this rootkit. It is pretty quickly torn to shreds by the readers there.
November 8th, 2005 at 4:50 pm
This DRM crap is just another one of millions of reasons to use Linux.
I like to use my computer for MY interest rather than allow any Joe Smoe who has a couple of billion dollars take it over and use it for theirs. It is a sad state to have to worry about your computer being crippled or having malware installed on it because you decided to listen to a CD that YOU BOUGHT. With Linux, this problem does not exist.
Yes, there is a big deal being made out of some new Linux worm called, “Lupper.” This worm only has the ability to infect a only a very small percentage of Linux computers. This makes the fourteenth known worm or virus to be unleashed on Linux machines. Contrast this with Winblows computers which have been affected by over a million different worms or viruses. Many high profile site running Linux contain lots of personal information as well a high bandwidth Internet connection. Having some of these computers under control of malware would make a very powerful tool in the hands of criminals.
There is a big profit motive to write Linux malware. The problem with writing malware for Linux, though, is the fact that the inheritant security of Linux (or any Unix) makes it very difficult for this type of program to spread (as long as there are decent security settings inplemented). I have been running over 30 Linux based computers for many, many years and have had no malware infection whatsoever. I have bbeen attacked many times by worms, but none of the attacks succeeded.
I can burn, listen to, or rip as many copies as I wantof any of these Sony DRM infected CD’s and have absolutely no negative impact on any of my computers. I will not, however buy another Sony CD since they violate the hacker ethic of ‘Do no harm.’ I will also do what I can to drive punters away from buying Sony (and Microsoft) products as well. Since many people are voting with their computers against the policies of the cartels, the cartels want to cripple people’s computers so that they can no longer excercise their vote. If people want to continue to excercise their vote via computer, then I highly recommmend that they vote with their wallets and switch to Linux.
I would like to see the day when very few people walk into the thousands of movie theators, record stores, or video rental outfits. Only when this happens will changes be forced on the cartel. The cartels need to realize that we are the boss, not them.
November 8th, 2005 at 5:39 pm
Here’s an except from a publication concerning the DCMA from the US Copyright Office. It begins at the bottom of page 3 and continues on the top of page 4. The entire doucment may be found at:
http://www.copyright.gov/legislation/dmca.pdf
————–start quotation————–
Section 103 of the DMCA adds a new chapter 12 to Title 17 of the U.S. Code. New section 1201 implements the obligation to provide adequate and effective protection against circumvention of technological measures used by copyright owners to protect their works.
Section 1201 divides technological measures into two categories: measures that prevent unauthorized access to a copyrighted work and measures that prevent unauthorized copying*of a copyrighted work.
Making or selling devices or services that are used to circumvent either category of technological measure is prohibited in certain circumstances, described below.
As to the act of circumvention in itself, the provision prohibits circumventing the first category of technological measures, but not the second.
This distinction was employed to assure that the public will have the continued ability to make fair use of copyrighted works.
Since copying of a work may be a fair use under appropriate circumstances, section 1201 does not prohibit the act of circumventing a technological measure that prevents copying.
By contrast, since the fair use doctrine is not a defense to the act of gaining unauthorized access to a work, the act of circumventing a technological measure in order to gain access is prohibited.
__________________
*âCopyingâ is used in this context as a short-hand for the exercise of any of the exclusive rights of an author under section 106 of the Copyright Act. Consequently, a technological measure that prevents unauthorized distribution or public performance of a work would fall in this second category.
—————end quotation—————–
The operative sentence here is:
“Since copying of a work may be a fair use under appropriate circumstances, section 1201 does not prohibit the act of circumventing a technological measure that prevents copying.”
Therefore, one is in no danger of violating the law by removing DRM-related files from one’s computer. There is nothing in this particular variety of DRM that constitutes an access control. One is granted access by purchasing the CD and attempting to play it on whatever device one selects.
The measures referred to as access control circumvention and circumvention devices are things like cracks, patches, keygens, and bongles (bogus dongles.) Region Coding falls into this category. CSS could have been thought of in this category as well, but not once it came to light how simple it was to circumvent. Perhaps not as simple as the infamous ’shift key’ circumvention (and attendant threats of lawsuits), but it you can silkscreen the code to do it on a T-shirt, it ain’t what crypto-wonks call ‘robust’.
So, don’t throw your computer away. There’s no need to consult a lawyer. Just use caution in removing the pesky little varmint from your machine lest you turn your optical drive into a myopic doorstop.
–TurboGeek
PS: Given that these DRM schemes are meant to primarily frustrate making copies of a DRM protected work, could it be that those imposing DRM are trying to hinder the assertion of our fair use rights?
November 8th, 2005 at 8:39 pm
I couldn’t agree more. Malware was my reason to abandon Win for Linux. While I have a rootkit remover for linux, free of charge, it never, ever finds anything. Nor does that free virus checker. About the worse I see in the line of what could be considered malware is cookies. Those cookies are not malware. Ain’t that terrible?
November 9th, 2005 at 9:45 am
If everyone was using Linux instead of Windows, all the viruses, spyware, and adware out there would be attacking it and Windows would be the safe one. It simply doesn’t matter which OS you use. If it’s the most popular and the most used, naturally it will be the most attacked. At least with Windows the way it is now, we know where we stand and what it takes to stay safe. Do you really know where you stand with running Linux with no antivirus, no firewall, etc, which I think a lot of people feel they can do? I mean, there is a worm in the news right now that attacks Linux. This is only the beginning. Security through obscurity only works if Linux stays obscure, which it’s not anymore. I think as more people start using Linux, the more attacks we’ll see against that platform. Especially when there is money at stake. After all, people who write code for one OS are no more special than coders of another OS. They’re only human and they all make mistakes that lead to security holes. For what it’s worth, I’ve never had a single virus, root kit, or other invasive piece of software ever make it’s way onto my Windows based systems, and I’ve been using Windows since 3.11 lol. I don’t know why everyone else has so much trouble. Maybe it’s a lack of education in regards to PC security? Who knows, but then it’s not really my problem so I don’t really care. I do know that I don’t really like Linux. It’s too damn hard to use half the time. For example just getting Nvidia’s drivers installed is a nightmare. On the PC it only takes a few seconds. Linux is too hard to use unless you’re a hard core nerd or software developer, and while I agree with others whom have said we’ll probably see a mass migration to it when Windows Vista comes out, I bet we’ll see a mass migration back again once everyone realizes what a pain in the ass Linux is despite being free. Don’t get me wrong, I’m hoping Linux will be a viable alternative to Windows Vista too, but it needs to be a lot better than it is now in order for me to do it. Don’t even get me started on games.
November 10th, 2005 at 8:42 am
quote:
I do know that I don’t really like Linux. It’s too damn hard to use half the time. For example just getting Nvidia’s drivers installed is a nightmare.
It has been sometime since you have tried linux then. Nvidia’s drivers are now setup to download straight from binary form into the OS. No muss, no fuss, no hassel.
I agree that Windoze can be safe to use, provided you do use common sense. Something that many users don’t want to do. They don’t want to run in a limited mode that doesn’t allow them to install software in order to secure it. That is one of the advantages of linux. You must run in this limited mode, therefore offering security by default, not by plan. Most users of Win products don’t or won’t consider this concept as valid. Hence the spyware and malware epidemic that the average user suffers when using Microsucks products. The other problem with Windows is that it is open to outside configurations and installations by default. Apparently a problem most users can’t figure out how to secure.