Security expert Mark Russinovich of SysInternals found out that a current copy-protection method used by Sony BMG for their audio CDs exhibits rootkit-like functions. "Rootkits" are the most powerful and dangerous type of potentially harmful software, because they can integrate directly into the OS and are hard to detect and to remove.



Read about the discovery here: Sony, Rootkits and Digital Rights Management Gone Too Far

Pretty damned interesting that DRM is now that evil. Thank goodness Mark Russinovich knows what the hell he's doing otherwise such information would be unknown.

According to this http://tinyurl.com/daea2 its also intended to stop you from using your iPod.

As it appears to have been badly programmed too I expect it wont be long before others use it to foist their own horrors

http://www.europe.f-secure.com/v-descs/xcp_drm.shtml

More information: http://www.f-secure.com/weblog/#00000691

This is a bit scary. Is there any website that keeps track of which CD's have this (and other forms of) DRM?

just disable your autorun on your drives...simple really...EAC will rip this stuff anyway will it not....if not clone cd will


autorun is your enemy

Let's wait for the first virus coders that use Sony/BMG rootkit software to really harm a given system ...

I cannot imagine that Sony won't be sued over this ... especially in the U.S.

I'm sure that there's an EULA that says "By using this software if your computer malfunctions blah blah blah it's not our fault..".

This doesn't protect them?

Quite likely: no.

I hope they will be sued by several unhappy customers.
It should help the majors to think a little bit about all this drm insanity… but I’m probably dreaming...

quote
Edit: Don't do this, meanwhile it has become clear that this ActiveX plugin from first4Internet is worse than than the so-called root kit.
Sony will now provide a safer way (normal excecutable). check this

Hey, who has AutoRun still enabled
O and don't forget to buy an Sony "Approved Portable Device" that is compatible with this crap

I cannot understand Sony is doing this to their paying customers. They don't understand what they do to the music business... thwarting DVD-A, hardly issuing Multi Channel SACD and making it actually dangerous to put a legal version of their CD's in your computer.

P.S. Sony is most mentioned, but first4Internet made this software. I found this entry in the blog particularly interesting.

Most likely, over 90% of XP users. Those who want to just use a PC without having to tweak this that and the other.

In case somebody hast still autorun/autoplay enabled (or doesn't know):
regedit -> regedit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom
"Autorun" "1" enabled
"Autorun" "0" disabled

There's something better - plain simply dont buy any CDs which were released by major labels, and you will be fine.

Indeed. We must have forgotten somehow that we are the customers and the market is still dependant on us.

The fact that this uses filter technique to hide its self from someone looking for it (they even have filters-filtering the registry) very distasteful, pure scum.

Right, but what most people misunderstand in that regard is that "listening" is also consuming. Thus, if people continue to listen to the same music but just "steal"(note: the term is not really correct) then they still support just those corporations - partially by "still being dependent on them" and partially by promoting them(yes, illegal filesharing is promotion).

So, what i meant with my ealier quote was not just "dont buy it", but "dont consume it". It's true that the alternative does require oneself to spent more time finding interesting music - however, what you will get for the added effort is higher quality music at lower prices without any of this DRM-crap.

Self-determination or i'll-take-whatever-you-put-down-my-throat. So, the real choice here is, do you want to choose yourself(requires more effort) or let others choose for you(results in mediocre quality and them abusing you).

Matti Nikki at lame-dev mailing list bought the Van Zant CD, and noticed one of the files (\Contents\GO.EXE) Contains the following string:

"http://www.mp3dev.org 0.90 LAME3.95"

So, besides breaking several costumer rights with that CD, they are also probably breaking the LGPL.

If we want to be cynical everybody should buy this CD and sue Sony. We should easily get back several times the money we spent on this crap and it will probably make them think about their mistakes...

Well that could backfire, at least in my thinking because we have already been informed about it, it's already common knowlegde to us. Now if we'd bought that CD without paying attention to the copy-protection and thinking it was a standard audio CD, etc., and the DRM'd shit was blindly installed like malware then we may have some preceived system damage that could be dealt with legally.

If Sony BMG gets a lawsuit out of it they probably won't really care that much if Joe Customer #1 through #100000 sues them, since they can after all afford it. They should create a real uninstaller that removes 100% of it without installing some extra bullshit like more ActiveX controls which is basicially a stating: "yes we'll remove our original shit, but we're going to put some different shit on your system just to make sure you can't rip one extra copy of the disc."

First they have to prove we were aware of this. Second they can afford the lawsuit but they really don't like the bad publicity around it (in the other hand this is not the first one nowadays ).

Hmm...2 months ago I ripped CD from Sony (and it turned out to be possible only in my Liteon 52x CDRW burner, not in Teac x40 CD-ROM), but since it was fresh install of new OS, it still had autorun and some window popped up saying basically "in order to listen to this CD, you have to install something in your system. OK to continue?". I used EAC instead...but I guess I have to check now if I'm clean

I just canceled my membership in bmgmusic.com, and I made it clear that it was because they have this album for sale, and don't even indicate that it has any form of copy protection. Perhaps if a few more people did this then it would catch someone's attention?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom is the right one i think. ControlSet00x could be wrong hardware profile.

Update:

Sony to let antivirus companies in on DRM code

tsk tsk tsk...

I think that we as listeners to bands we really like (or care for) should also talk about all these issues to them.

This has made the BBC News http://news.bbc.co.uk/1/hi/technology/4400148.stm

Very badly written, IMHO, too. Although all the main points are covered its so 'balanced' any 'uninformed' casual reader would really have to think hard to realise what all the 'fuss' is about.

This 'balanced journalism', of course, doesn't rear its head unless theirs a strong corporate or governmental interest involved.

I would have to disagree here. I have for the most part been impressed with BBC News. It strives to be unbiased and balanced. I don't think this is a case of outside interests. Moreover just good journalism. It leaves the reader a chance to form their own opinions.

Fair enough if you think so. However, read this peice of journalism -

http://www.theinquirer.net/?article=27426

Which is obviously 'biased' against Sony but I think its far easer to understand Sony's response for what it is and what the issue means for consumers. One could always agree with Sony, after all, and reject all these arguments. But, without a critical perspective, from what ever point of view, journalism descends into this so called 'balanced' reporting.

Here's more quality journalism from the Enquirer http://www.theinquirer.net/?article=27315

To be honest, i thought it was only 13yr olds that used them for "news".

anyway, journalists are supposed to be "balanced" i bet you would be bitching if they were unbalanced in sonys favor........ the words "short plank" and "thick as" spring to mind.

Video game hackers are using the Sony rootkit to help them cheat -

http://www.securityfocus.com/brief/34

Lovely, now all we have to do is just wait for someone to make it malicious.

Hopefully a future Windows Update or Service Pack will make the installation of rootkit's impossible, or at the least offer a warning -- perhaps that's just wishful thinking.

I don't know about other laws in the world but here in Belgium any attempt at invading a persons privacy through such well-hidden things is a serious violation of the "with reasonable and appropriate measures" principle.

Perhaps some US consumer's organisation could file a complaint against them if that applies in the USA as well? It will hit Sony where it hurts, in the wallet. Since ethical arguments do not impress these people at all it seems.

Sony has released a tool to allow removal of this stuff: http://cp.sonybmg.com/xcp/english/updates.html

Did you read all the posts in this thread? If not read the quote in GeSomeone's post:
http://www.hydrogenaudio.org/forums/index....ndpost&p=338971

im not sad about my pc to be infected , but the way that music industry turn into

now we don't care about the quality of music but we will if the cd is DRMed or not

Saw In Yahoo this morning that SONY has admitted error and posted a fix. Go Mark!

Who is "we"? Surely not all the peope who posted in threads like Whats is the worst mastered CD [your opinions] ?, How much stereo crosstalk to degrade imaging?, Resampling and Dither and countless others.

Either you started reading with the latest post or English is not your mother tongue; this thread went totally over your head.

about my english is not native language and i speak it bad but you didn't get my point at all




i mean by we is people in general not we on this forum as you specify

yes there is countless thread about quality here but what the rate you give compare to zillion of people who listen to the music with lovely source like p2p and careless about the retail albums




i mean now the protection scheme take the attention of people much more and its bad for music to go that way


now that common fot people to say go to p2p instead of buying cd's and you know the difference between them

so it better for the music industry to talk about the quality rather than "protected or not" i call it (DRMed but obviously you didn't like it )

just i hope greedy companies to not make us acquire license for every single "listen" or infect our pc to protect their sale (actually its done)


i hope you understand what i mean with that terrible grammar

Good news...Sony is being sued

Sony sued over DRM "rootkit"


Also...Sony still does not want to make an unistaller readily available

Mark's Sysinternals Blog

Well, about the uninstaller and marketing lists problems, we can just say that they never learn.

Gotta see these Amazon reviews...

If you avoid installing the rootkit, has anyone tried ripping from one of these CDs? Does it work?

They are beautiful. Nothing related to the music, but just to the DRM issue.

http://www.amazon.com/exec/obidos/tg/detai...=music&n=507846
http://www.amazon.com/exec/obidos/tg/detai...=music&n=507846

The first malware taking advantage of this has been released: http://news.yahoo.com/s/nm/20051110/wr_nm/sony_hack_dc

I didn't think it would take long for malware writers to take advantage of it, and I was spot-on.

There are now 3 concurrent lawsuits against Sony, the one in Italy (already mentioned) and two in the US.

- Panda Software's weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, November 11 2005 - This week's report looks at a backdoor Trojan
-Ryknos.A-, three vulnerabilities in the Windows graphics rendering
engine, a worm -Lupper.A-, and a Trojan -Zagaban.H-.

Ryknos.A is a backdoor Trojan that opens port 8080 and connects to
several IP addresses to receive remote control commands -such as
downloading or running files- to take on the affected computer.

Ryknos.A installs itself on the Windows system directory under the name
"$SYS$DRV.EXE". In this way, in systems with Sony Digital Rights
Management software installed, it uses the rootkit included with this
software to hide any file whose name starts with "$SYS$" from Windows
Explorer.

No Comments!