Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: Sony BMG's copy protection shows rootkit-behavior (Read 67909 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Sony BMG's copy protection shows rootkit-behavior

Security expert Mark Russinovich of SysInternals found out that a current copy-protection method used by Sony BMG for their audio CDs exhibits rootkit-like functions. "Rootkits" are the most powerful and dangerous type of potentially harmful software, because they can integrate directly into the OS and are hard to detect and to remove.

Quote
The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall.


Read about the discovery here: Sony, Rootkits and Digital Rights Management Gone Too Far

Sony BMG's copy protection shows rootkit-behavior

Reply #1
Pretty damned interesting that DRM is now that evil. Thank goodness Mark Russinovich knows what the hell he's doing otherwise such information would be unknown.

Sony BMG's copy protection shows rootkit-behavior

Reply #2
Quote
Pretty damned interesting that DRM is now that evil. Thank goodness Mark Russinovich knows what the hell he's doing otherwise such information would be unknown.
[{POST_SNAPBACK}][/a]



According to this [a href="http://tinyurl.com/daea2]http://tinyurl.com/daea2[/url] its also  intended to stop you from using your iPod.

As it appears to have been badly programmed too I expect it wont be long before others use it to foist their own horrors


Sony BMG's copy protection shows rootkit-behavior

Reply #4
More information: http://www.f-secure.com/weblog/#00000691
"To understand me, you'll have to swallow a world." Or maybe your words.

Sony BMG's copy protection shows rootkit-behavior

Reply #5
This is a bit scary.  Is there any website that keeps track of which CD's have this (and other forms of) DRM?

Sony BMG's copy protection shows rootkit-behavior

Reply #6
just disable your autorun on your drives...simple really...EAC will rip this stuff anyway will it not....if not clone cd will


autorun is your enemy

Sony BMG's copy protection shows rootkit-behavior

Reply #7
Let's wait for the first virus coders that use Sony/BMG rootkit software to really harm a given system ...

I cannot imagine that Sony won't be sued over this ... especially in the U.S.
The name was Plex The Ripper, not Jack The Ripper

Sony BMG's copy protection shows rootkit-behavior

Reply #8
Quote
Let's wait for the first virus coders that use Sony/BMG rootkit software to really harm a given system ...

I cannot imagine that Sony won't be sued over this ... especially in the U.S.
[a href="index.php?act=findpost&pid=338817"][{POST_SNAPBACK}][/a]


I'm sure that there's an EULA that says "By using this software if your computer malfunctions blah blah blah it's not our fault..".

This doesn't protect them?

Sony BMG's copy protection shows rootkit-behavior

Reply #9
Quote
Quote
Let's wait for the first virus coders that use Sony/BMG rootkit software to really harm a given system ...

I cannot imagine that Sony won't be sued over this ... especially in the U.S.
[a href="index.php?act=findpost&pid=338817"][{POST_SNAPBACK}][/a]


I'm sure that there's an EULA that says "By using this software if your computer malfunctions blah blah blah it's not our fault..".

This doesn't protect them?
[a href="index.php?act=findpost&pid=338906"][{POST_SNAPBACK}][/a]


Quite likely: no.

 

Sony BMG's copy protection shows rootkit-behavior

Reply #10
I hope they will be sued by several unhappy customers.
It should help the majors to think a little bit about all this drm insanity… but I’m probably dreaming...

Sony BMG's copy protection shows rootkit-behavior

Reply #11
Quote
More information: http://www.f-secure.com/weblog/#00000691
[{POST_SNAPBACK}][/a]

quote
Quote
we recommend you contact Sony BMG directly via [a href="http://cp.sonybmg.com/xcp/english/form8.html]this web form[/url] and ask for directions on how to remove the software from your system. We've test driven this and they will provide you with tools to do this. However, they will install additional ActiveX components to your system while they are doing this so be adviced.

Edit: Don't do this, meanwhile it has become clear that this ActiveX plugin from first4Internet is worse than than the so-called root kit.
Sony will now provide a safer way (normal excecutable). check this

Hey, who has AutoRun still enabled 
O and don't forget to buy an Sony "Approved Portable Device" that is compatible with this crap 

I cannot understand Sony is doing this to their paying customers. They don't understand what they do to the music business... thwarting DVD-A, hardly issuing Multi Channel SACD and making it actually dangerous to put a legal version of their CD's in your computer.

P.S. Sony is most mentioned, but first4Internet made this software. I found this entry in the blog particularly interesting.
In theory, there is no difference between theory and practice. In practice there is.

Sony BMG's copy protection shows rootkit-behavior

Reply #12
Quote
Hey, who has AutoRun still enabled  
[a href="index.php?act=findpost&pid=338971"][{POST_SNAPBACK}][/a]

Most likely, over 90% of XP users. Those who want to just use a PC without having to tweak this that and the other. 
daefeatures.co.uk

Sony BMG's copy protection shows rootkit-behavior

Reply #13
In case somebody hast still autorun/autoplay enabled (or doesn't know):
regedit -> regedit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom
"Autorun" "1" enabled
"Autorun" "0" disabled

Sony BMG's copy protection shows rootkit-behavior

Reply #14
Quote
This is a bit scary.  Is there any website that keeps track of which CD's have this (and other forms of) DRM?
[a href="index.php?act=findpost&pid=338809"][{POST_SNAPBACK}][/a]

There's something better - plain simply dont buy any CDs which were released by major labels, and you will be fine.
I am arrogant and I can afford it because I deliver.

Sony BMG's copy protection shows rootkit-behavior

Reply #15
Quote
There's something better - plain simply dont buy any CDs which were released by major labels, and you will be fine.
[a href="index.php?act=findpost&pid=338990"][{POST_SNAPBACK}][/a]

Indeed. We must have forgotten somehow that we are the customers and the market is still dependant on us.

Sony BMG's copy protection shows rootkit-behavior

Reply #16
The fact that this uses filter technique to hide its self from someone looking for it (they even have filters-filtering the registry) very distasteful, pure scum.

Sony BMG's copy protection shows rootkit-behavior

Reply #17
Quote
Quote
There's something better - plain simply dont buy any CDs which were released by major labels, and you will be fine.
[a href="index.php?act=findpost&pid=338990"][{POST_SNAPBACK}][/a]

Indeed. We must have forgotten somehow that we are the customers and the market is still dependant on us.
[a href="index.php?act=findpost&pid=338992"][{POST_SNAPBACK}][/a]

Right, but what most people misunderstand in that regard is that "listening" is also consuming. Thus, if people continue to listen to the same music but just "steal"(note: the term is not really correct) then they still support just those corporations - partially by "still being dependent on them" and partially by promoting them(yes, illegal filesharing is promotion).

So, what i meant with my ealier quote was not just "dont buy it", but "dont consume it". It's true that the alternative does require oneself to spent more time finding interesting music - however, what you will get for the added effort is higher quality music at lower prices without any of this DRM-crap.

Self-determination or i'll-take-whatever-you-put-down-my-throat. So, the real choice here is, do you want to choose yourself(requires more effort) or let others choose for you(results in mediocre quality and them abusing you).
I am arrogant and I can afford it because I deliver.

Sony BMG's copy protection shows rootkit-behavior

Reply #18
Matti Nikki at lame-dev mailing list bought the Van Zant CD, and noticed one of the files (\Contents\GO.EXE) Contains the following string:

"http://www.mp3dev.org  0.90    LAME3.95"

So, besides breaking several costumer rights with that CD, they are also probably breaking the LGPL.

Sony BMG's copy protection shows rootkit-behavior

Reply #19
Quote
Quote
This is a bit scary.  Is there any website that keeps track of which CD's have this (and other forms of) DRM?
[a href="index.php?act=findpost&pid=338809"][{POST_SNAPBACK}][/a]

There's something better - plain simply dont buy any CDs which were released by major labels, and you will be fine.
[a href="index.php?act=findpost&pid=338990"][{POST_SNAPBACK}][/a]

If we want to be cynical everybody should buy this CD and sue Sony. We should easily get back several times the money we spent on this crap and it will probably make them think about their mistakes...

Sony BMG's copy protection shows rootkit-behavior

Reply #20
Quote
If we want to be cynical everybody should buy this CD and sue Sony. We should easily get back several times the money we spent on this crap and it will probably make them think about their mistakes...
[a href="index.php?act=findpost&pid=339015"][{POST_SNAPBACK}][/a]

Well that could backfire, at least in my thinking because we have already been informed about it, it's already common knowlegde to us. Now if we'd bought that CD without paying attention to the copy-protection and thinking it was a standard audio CD, etc., and the DRM'd shit was blindly installed like malware then we may have some preceived system damage that could be dealt with legally.

If Sony BMG gets a lawsuit out of it they probably won't really care that much if Joe Customer #1 through #100000 sues them, since they can after all afford it. They should create a real uninstaller that removes 100% of it without installing some extra bullshit like more ActiveX controls which is basicially a stating: "yes we'll remove our original shit, but we're going to put some different shit on your system just to make sure you can't rip one extra copy of the disc."

Sony BMG's copy protection shows rootkit-behavior

Reply #21
Quote
Quote
If we want to be cynical everybody should buy this CD and sue Sony. We should easily get back several times the money we spent on this crap and it will probably make them think about their mistakes...
[a href="index.php?act=findpost&pid=339015"][{POST_SNAPBACK}][/a]

Well that could backfire, at least in my thinking because we have already been informed about it, it's already common knowlegde to us. Now if we'd bought that CD without paying attention to the copy-protection and thinking it was a standard audio CD, etc., and the DRM'd shit was blindly installed like malware then we may have some preceived system damage that could be dealt with legally.

If Sony BMG gets a lawsuit out of it they probably won't really care that much if Joe Customer #1 through #100000 sues them, since they can after all afford it. They should create a real uninstaller that removes 100% of it without installing some extra bullshit like more ActiveX controls which is basicially a stating: "yes we'll remove our original shit, but we're going to put some different shit on your system just to make sure you can't rip one extra copy of the disc."
[a href="index.php?act=findpost&pid=339031"][{POST_SNAPBACK}][/a]

First they have to prove we were aware of this. Second they can afford the lawsuit but they really don't like the bad publicity around it (in the other hand this is not the first one nowadays  ).

Sony BMG's copy protection shows rootkit-behavior

Reply #22
Hmm...2 months ago I ripped CD from Sony (and it turned out to be possible only in my Liteon 52x CDRW burner, not in Teac x40 CD-ROM), but since it was fresh install of new OS, it still had autorun and some window popped up saying basically "in order to listen to this CD, you have to install something in your system. OK to continue?". I used EAC instead...but I guess I have to check now if I'm clean   

Sony BMG's copy protection shows rootkit-behavior

Reply #23
I just canceled my membership in bmgmusic.com, and I made it clear that it was because they have this album for sale, and don't even indicate that it has any form of copy protection. Perhaps if a few more people did this then it would catch someone's attention?

Sony BMG's copy protection shows rootkit-behavior

Reply #24
Quote
regedit -> regedit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom
[a href="index.php?act=findpost&pid=338978"][{POST_SNAPBACK}][/a]


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom is the right one i think. ControlSet00x could be wrong hardware profile.