November 1st, 2005
Sony, Rootkits and Digital Rights Management Gone Too Far
By Michael Santo
Contributing Writer, RealTechNews
There are a few things that I refuse to install on my computer, and that includes pervasive copy protection that is difficult … or impossible … to remove. If anyone recalls the debacle over TurboTax copy protection (C-Dilla) this was one example.
I had earlier experience with C-Dilla via a MechWarrior game I had purchased, installed, and patched. After patching I noticed my hard drive had a weird volume label. I found out later it was C-Dilla that did this, and until the day the drive died I could not change the volume label. Once I discovered that TurboTax had the same protection, I returned it (during the 30 day return period) and switched to TaxCut.
The DRM (Digital Rights Management) used by Sony on the album in the following blog entry uses a rootkit. Basically, a rootkit is used by hackers or malware writers to hide certain software files or that the computer is performing certain functions.
Mark Russinovich, one of the owners of the Sysinternals website and the developer of the RootkitRevealer noticed evidence of a rootkit on his PC when testing the latest version.
His findings are detailed on his blog here. It gets detailed and technical, but here is the synopsis:
At that point I knew conclusively that the rootkit and its associated files were related to the First 4 Internet DRM software Sony ships on its CDs. Not happy having underhanded and sloppily written software on my system I looked for a way to uninstall it. However, I didn’t find any reference to it in the Control Panel’s Add or Remove Programs list, nor did I find any uninstall utility or directions on the CD or on First 4 Internet’s site. I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn’t uninstall. Now I was mad. Source: Mark’s Sysinternals Blog
We Say: Is this a case of DRM gone wild? It looks like it, really. F-Secure even has an advisory in one of their blog entries; it’s that serious. When I buy a CD I certainly don’t expect a rootkit, something anti-virus and anti-malware software looks for, to be installed. Do you?
David Johnston says:
This is absolutely crazy. Sony and that company should be sued. The person who found the rootkit says that there was no mention of *any* kind of software being installed on his computer, much less something as sinister as a rootkit. This is why I hate DRM with a passion.
November 1st, 2005 at 8:08 pm
Inglix the Mad says:
Well I won’t say Sony should be sued. What I will say is that now, and I mean right NOW, Sony should recall all CD’s with that particular form of DRM and abase themselves before their customers.
It won’t happen, but it’s a nice idea.
November 2nd, 2005 at 8:02 am
Keith says:
I don’t think you’ll find anyone, except your Sony execs, defending this practice. Overall a bad idea, and I hope this gives them lots of negative publicity.
November 2nd, 2005 at 11:43 am
Don says:
Vote with your wallets, folks. Don’t buy a damn thing from Sony, and certainly not their contaminated CDs.
November 2nd, 2005 at 1:20 pm
Mikey says:
Where did Sony go wrong? If I remember correctly, Sony was the VCR manufacturer that was taken to task by Disney. The end result of that fiasco was that Sony got market share: The Betamax was the first inexpensive commercially available home VCR that we mere mortals could afford. They were steep in price for a while (about three years) then as more models became available, the price slid downward to the levels they are now (low-bucks model VHS-types are still available for under $75 USD)
So Sony intros the things, fights the battle against the corporation, wins after a lengthy SCOTUS debate, and then 20 years later tries to take all that away.
Does anyone else feel that fishook in the small of their back?
November 3rd, 2005 at 9:15 am
Nunya Bizniss says:
The best (pro-active?) response. Disseminate the information as widely as possible. I think SONY will quietly let this vulture die away…
November 3rd, 2005 at 10:02 am
Dario says:
It gets worse… New Sony Digital Camera Installs Rootkit to Stop Photo Sharing
Los Angeles, CA - Many consumers are complaining about Sony’s new Cybershot DSCP515 camera that installs digital rights management (DRM) software on the person’s computer so they are unable to share their digital pictures with anyone.
A Sony representative said it was part of its “increased vigilance in combating copyright and trademark infringement.”
The DRM is similar to the one which Sony recently came under fire for on its music CDs. That software installed rootkits on consumer’s computers making them vulnerable to cyberattacks.
“Picture sharing flies under the radar when it comes to piracy,” said Wilkerson. “People know about the dangers of music and movie piracy, but not about the dangers of sharing personal photos. What happens if a person takes a picture of Mariah Carey’s latest CD? Think of the children.”
The system which also makes it difficult to print out pictures has prompted complaints from consumers. “I tried to send a picture of my daughter to her Uncle Tim, but this window popped up saying it was blocked. I decided to print it out and mail it to him. There was a 14-page license agreement that printed out first that I had to fill out and fax to Sony so they could send me an authorization code to print out the picture.”
November 15th, 2005 at 12:19 am
Steve says:
Actually, the CyberShot DRM story is apparently a fake.
Read the original here - http://www.bbspot.com/News/2005/11/sony_photo_sharing.html - it’s a hoot.
Not that I would put much past Sony at this point, and not that I’ll be buying any Sony product in the foreseeable future, due to their evil and incompetent DRM policies…
December 5th, 2005 at 8:19 am
» Critical Fixes from Microsoft » Blog Archive Alice Hill’s Real Tech News - Independent Tech says:
[…] Just to make sure everyone knows and updates, Microsoft released some patches, including one that addresses part of the Sony rootkit problem Michael had been covering in previous weeks, making it impossible to run older versions of an ActiveX control that was released by the record label. The software maker released the patch in security bulletin MS05-054, as part of its monthly patching cycle. The update also plugs three other security holes in Internet Explorer, the Web browser component of Windows. One of the other flaws is also deemed critical, but Microsoft said it is not aware of any malicious code that takes advantage of it. […]
January 14th, 2007 at 1:16 am
» 67 Year Old Sued by MPAA for iMesh Downloads » Blog Archive Alice Hill’s Real Tech News - Independent Tech says:
[…] $5.4 billion dollars? Where does this figure come from, does anyone know how they figure this total? I’ve tried a couple movies that friends downloaded, cough, and the quality normally isn’t very good, even if you can get it too work properly to start with, and the sound is sometimes off, making it very annoying to watch. Heck, even the real good copies I’ve seen will occasionally have people get up and walk in front of the camera that they used to record it with. Most movies online, that I have seen, are a joke. That’s why I buy mine. I like the packaging and the extras you get with the DVD, and I’ll even sometimes buy the regular DVD and then buy the special edition later on when it comes out, like the true nerd I am. But, stories like this and the one Michael wrote about getting the rootkit from the CD from Sony is why I make sure no one else in my family buys it, I let them watch MY copy. Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages. […]
January 14th, 2007 at 5:52 pm
» Sony BMG Sues Over MediaMax Copy Protection » Blog Archive Alice Hill’s Real Tech News - Independent Tech says:
[…] In 2005 there were quite a few issues over Sony CD copy protection. Although the one that drew the most attention was the rootkit-like XCP copy protection, there was also the MediaMax copy protection, that installed even when declined, for example. Yesterday Sony sued the company that developed this software, saying it was defective and cost Sony millions. Sony BMG filed a summons in a New York state court against The Amergence Group Inc., formerly SunnComm International, which developed the MediaMax CD copy-protection technology. […]
July 12th, 2007 at 7:15 am
Freeware Download | Download Freeware says:
[…] You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your ownsite. […]
August 27th, 2007 at 6:24 pm
» Sony Goes “Back to the Rootkit” » Blog Archive Alice Hill’s Real Tech News - Independent Tech says:
[…] It’s been nearly two years since since Sony got into the rootkit business. Not intentionally, but the DRM installed by Sony BMG CDs when you tried to play them on your PC had rootkit qualities. Not only that, but in a real-life example of the vulnerability, hackers used it to hack World of Warcraft. […]
August 31st, 2007 at 11:05 am
Wal-Mart Launches DRM-free Music Downloads | Etixet Tag Cloud Archive 10.000 Web Site Feed says:
[…] Still, DRM-free music is much better than music with DRM that acts as a rootkit (ahem, Sony) or makes us jump through hoops to play it on our MP3 players or stereos. Much as I hate to applaud anything Wal-Mart does, I have to applaud this - but more as an industry move than a Wal-Mart move. Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages. […]
January 7th, 2008 at 1:44 pm