IPB

Welcome Guest ( Log In | Register )

4 Pages V   1 2 3 > »   
Reply to this topicStart new topic
Sony BMG's copy protection shows rootkit-behavior, Digital Rights Management Gone Too Far
CiTay
post Nov 1 2005, 17:23
Post #1


Administrator


Group: Admin
Posts: 2378
Joined: 22-September 01
Member No.: 3



Security expert Mark Russinovich of SysInternals found out that a current copy-protection method used by Sony BMG for their audio CDs exhibits rootkit-like functions. "Rootkits" are the most powerful and dangerous type of potentially harmful software, because they can integrate directly into the OS and are hard to detect and to remove.

QUOTE
The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall.


Read about the discovery here: Sony, Rootkits and Digital Rights Management Gone Too Far
Go to the top of the page
+Quote Post
Andavari
post Nov 1 2005, 17:39
Post #2





Group: Members
Posts: 935
Joined: 3-June 02
From: USA
Member No.: 2204



Pretty damned interesting that DRM is now that evil. Thank goodness Mark Russinovich knows what the hell he's doing otherwise such information would be unknown.


--------------------
Complexity of incoherent design.
Go to the top of the page
+Quote Post
quackalist
post Nov 1 2005, 20:40
Post #3





Group: Members
Posts: 42
Joined: 18-July 03
Member No.: 7846



QUOTE (Andavari @ Nov 1 2005, 08:39 AM)
Pretty damned interesting that DRM is now that evil. Thank goodness Mark Russinovich knows what the hell he's doing otherwise such information would be unknown.
*



According to this http://tinyurl.com/daea2 its also intended to stop you from using your iPod.

As it appears to have been badly programmed too I expect it wont be long before others use it to foist their own horrors
Go to the top of the page
+Quote Post
Latexxx
post Nov 1 2005, 20:59
Post #4


A/V Moderator


Group: Members
Posts: 858
Joined: 12-May 03
From: Finland
Member No.: 6557



http://www.europe.f-secure.com/v-descs/xcp_drm.shtml
Go to the top of the page
+Quote Post
dev0
post Nov 1 2005, 21:14
Post #5





Group: Developer
Posts: 1679
Joined: 23-December 01
From: Germany
Member No.: 731



More information: http://www.f-secure.com/weblog/#00000691


--------------------
"To understand me, you'll have to swallow a world." Or maybe your words.
Go to the top of the page
+Quote Post
MuncherOfSpleens
post Nov 1 2005, 21:16
Post #6





Group: Members
Posts: 109
Joined: 25-October 05
From: Florida
Member No.: 25360



This is a bit scary. Is there any website that keeps track of which CD's have this (and other forms of) DRM?
Go to the top of the page
+Quote Post
ron spencer
post Nov 1 2005, 22:05
Post #7





Group: Members
Posts: 37
Joined: 2-February 05
Member No.: 19539



just disable your autorun on your drives...simple really...EAC will rip this stuff anyway will it not....if not clone cd will


autorun is your enemy
Go to the top of the page
+Quote Post
JeanLuc
post Nov 1 2005, 22:12
Post #8





Group: Members
Posts: 1311
Joined: 4-June 02
From: Cologne, Germany
Member No.: 2213



Let's wait for the first virus coders that use Sony/BMG rootkit software to really harm a given system ...

I cannot imagine that Sony won't be sued over this ... especially in the U.S.


--------------------
The name was Plex The Ripper, not Jack The Ripper
Go to the top of the page
+Quote Post
Zeb_Smith
post Nov 2 2005, 07:23
Post #9





Group: Members (Donating)
Posts: 39
Joined: 27-August 03
From: Dallas, Tx
Member No.: 8572



QUOTE (JeanLuc @ Nov 1 2005, 01:12 PM)
Let's wait for the first virus coders that use Sony/BMG rootkit software to really harm a given system ...

I cannot imagine that Sony won't be sued over this ... especially in the U.S.
*


I'm sure that there's an EULA that says "By using this software if your computer malfunctions blah blah blah it's not our fault..".

This doesn't protect them?
Go to the top of the page
+Quote Post
Garf
post Nov 2 2005, 08:32
Post #10


Server Admin


Group: Admin
Posts: 4886
Joined: 24-September 01
Member No.: 13



QUOTE (Zeb_Smith @ Nov 2 2005, 08:23 AM)
QUOTE (JeanLuc @ Nov 1 2005, 01:12 PM)
Let's wait for the first virus coders that use Sony/BMG rootkit software to really harm a given system ...

I cannot imagine that Sony won't be sued over this ... especially in the U.S.
*


I'm sure that there's an EULA that says "By using this software if your computer malfunctions blah blah blah it's not our fault..".

This doesn't protect them?
*



Quite likely: no.
Go to the top of the page
+Quote Post
marcan
post Nov 2 2005, 10:31
Post #11





Group: Members (Donating)
Posts: 478
Joined: 17-October 02
Member No.: 3565



I hope they will be sued by several unhappy customers.
It should help the majors to think a little bit about all this drm insanity… but I’m probably dreaming...
Go to the top of the page
+Quote Post
GeSomeone
post Nov 2 2005, 12:53
Post #12





Group: Members
Posts: 922
Joined: 22-October 01
From: the Netherlands
Member No.: 335



QUOTE (dev0 @ Nov 1 2005, 10:14 PM)

quote
QUOTE
we recommend you contact Sony BMG directly via this web form and ask for directions on how to remove the software from your system. We've test driven this and they will provide you with tools to do this. However, they will install additional ActiveX components to your system while they are doing this so be adviced.

Edit: Don't do this, meanwhile it has become clear that this ActiveX plugin from first4Internet is worse than than the so-called root kit.
Sony will now provide a safer way (normal excecutable). check this

Hey, who has AutoRun still enabled ohmy.gif
O and don't forget to buy an Sony "Approved Portable Device" that is compatible with this crap dry.gif

I cannot understand Sony is doing this to their paying customers. They don't understand what they do to the music business... thwarting DVD-A, hardly issuing Multi Channel SACD and making it actually dangerous to put a legal version of their CD's in your computer.

P.S. Sony is most mentioned, but first4Internet made this software. I found this entry in the blog particularly interesting.

This post has been edited by GeSomeone: Nov 16 2005, 15:23


--------------------
In theory, there is no difference between theory and practice.
Go to the top of the page
+Quote Post
evereux
post Nov 2 2005, 12:58
Post #13





Group: Members
Posts: 907
Joined: 9-February 02
From: Cheshire, UK
Member No.: 1296



QUOTE (GeSomeone @ Nov 2 2005, 11:53 AM)
Hey, who has AutoRun still enabled  ohmy.gif
*

Most likely, over 90% of XP users. Those who want to just use a PC without having to tweak this that and the other. smile.gif


--------------------
daefeatures.co.uk
Go to the top of the page
+Quote Post
henkersmahlzeit
post Nov 2 2005, 13:13
Post #14





Group: Members
Posts: 110
Joined: 31-December 03
Member No.: 10840



In case somebody hast still autorun/autoplay enabled (or doesn't know):
regedit -> regedit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom
"Autorun" "1" enabled
"Autorun" "0" disabled
Go to the top of the page
+Quote Post
Lyx
post Nov 2 2005, 13:49
Post #15





Group: Members
Posts: 3353
Joined: 6-July 03
From: Sachsen (DE)
Member No.: 7609



QUOTE (MuncherOfSpleens @ Nov 1 2005, 10:16 PM)
This is a bit scary.  Is there any website that keeps track of which CD's have this (and other forms of) DRM?
*

There's something better - plain simply dont buy any CDs which were released by major labels, and you will be fine.


--------------------
I am arrogant and I can afford it because I deliver.
Go to the top of the page
+Quote Post
Benjamin Lebsanf...
post Nov 2 2005, 13:54
Post #16





Group: Members
Posts: 761
Joined: 29-September 01
Member No.: 40



QUOTE (Lyx @ Nov 2 2005, 01:49 PM)
There's something better - plain simply dont buy any CDs which were released by major labels, and you will be fine.
*

Indeed. We must have forgotten somehow that we are the customers and the market is still dependant on us.
Go to the top of the page
+Quote Post
spoon
post Nov 2 2005, 14:07
Post #17


dBpowerAMP developer


Group: Developer (Donating)
Posts: 2752
Joined: 24-March 02
Member No.: 1615



The fact that this uses filter technique to hide its self from someone looking for it (they even have filters-filtering the registry) very distasteful, pure scum.


--------------------
Spoon http://www.dbpoweramp.com
Go to the top of the page
+Quote Post
Lyx
post Nov 2 2005, 14:08
Post #18





Group: Members
Posts: 3353
Joined: 6-July 03
From: Sachsen (DE)
Member No.: 7609



QUOTE (Benjamin Lebsanft @ Nov 2 2005, 02:54 PM)
QUOTE (Lyx @ Nov 2 2005, 01:49 PM)
There's something better - plain simply dont buy any CDs which were released by major labels, and you will be fine.
*

Indeed. We must have forgotten somehow that we are the customers and the market is still dependant on us.
*


Right, but what most people misunderstand in that regard is that "listening" is also consuming. Thus, if people continue to listen to the same music but just "steal"(note: the term is not really correct) then they still support just those corporations - partially by "still being dependent on them" and partially by promoting them(yes, illegal filesharing is promotion).

So, what i meant with my ealier quote was not just "dont buy it", but "dont consume it". It's true that the alternative does require oneself to spent more time finding interesting music - however, what you will get for the added effort is higher quality music at lower prices without any of this DRM-crap.

Self-determination or i'll-take-whatever-you-put-down-my-throat. So, the real choice here is, do you want to choose yourself(requires more effort) or let others choose for you(results in mediocre quality and them abusing you).

This post has been edited by Lyx: Nov 2 2005, 14:09


--------------------
I am arrogant and I can afford it because I deliver.
Go to the top of the page
+Quote Post
rjamorim
post Nov 2 2005, 14:30
Post #19


Rarewares admin


Group: Members
Posts: 7515
Joined: 30-September 01
From: Brazil
Member No.: 81



Matti Nikki at lame-dev mailing list bought the Van Zant CD, and noticed one of the files (\Contents\GO.EXE) Contains the following string:

"http://www.mp3dev.org 0.90 LAME3.95"

So, besides breaking several costumer rights with that CD, they are also probably breaking the LGPL.

This post has been edited by rjamorim: Nov 2 2005, 14:31


--------------------
Get up-to-date binaries of Lame, AAC, Vorbis and much more at RareWares:
http://www.rarewares.org
Go to the top of the page
+Quote Post
marcan
post Nov 2 2005, 15:20
Post #20





Group: Members (Donating)
Posts: 478
Joined: 17-October 02
Member No.: 3565



QUOTE (Lyx @ Nov 2 2005, 04:49 AM)
QUOTE (MuncherOfSpleens @ Nov 1 2005, 10:16 PM)
This is a bit scary.  Is there any website that keeps track of which CD's have this (and other forms of) DRM?
*

There's something better - plain simply dont buy any CDs which were released by major labels, and you will be fine.
*


If we want to be cynical everybody should buy this CD and sue Sony. We should easily get back several times the money we spent on this crap and it will probably make them think about their mistakes...
Go to the top of the page
+Quote Post
Andavari
post Nov 2 2005, 17:02
Post #21





Group: Members
Posts: 935
Joined: 3-June 02
From: USA
Member No.: 2204



QUOTE (marcan @ Nov 2 2005, 08:20 AM)
If we want to be cynical everybody should buy this CD and sue Sony. We should easily get back several times the money we spent on this crap and it will probably make them think about their mistakes...
*

Well that could backfire, at least in my thinking because we have already been informed about it, it's already common knowlegde to us. Now if we'd bought that CD without paying attention to the copy-protection and thinking it was a standard audio CD, etc., and the DRM'd shit was blindly installed like malware then we may have some preceived system damage that could be dealt with legally.

If Sony BMG gets a lawsuit out of it they probably won't really care that much if Joe Customer #1 through #100000 sues them, since they can after all afford it. They should create a real uninstaller that removes 100% of it without installing some extra bullshit like more ActiveX controls which is basicially a stating: "yes we'll remove our original shit, but we're going to put some different shit on your system just to make sure you can't rip one extra copy of the disc."


--------------------
Complexity of incoherent design.
Go to the top of the page
+Quote Post
marcan
post Nov 2 2005, 17:56
Post #22





Group: Members (Donating)
Posts: 478
Joined: 17-October 02
Member No.: 3565



QUOTE (Andavari @ Nov 2 2005, 08:02 AM)
QUOTE (marcan @ Nov 2 2005, 08:20 AM)
If we want to be cynical everybody should buy this CD and sue Sony. We should easily get back several times the money we spent on this crap and it will probably make them think about their mistakes...
*

Well that could backfire, at least in my thinking because we have already been informed about it, it's already common knowlegde to us. Now if we'd bought that CD without paying attention to the copy-protection and thinking it was a standard audio CD, etc., and the DRM'd shit was blindly installed like malware then we may have some preceived system damage that could be dealt with legally.

If Sony BMG gets a lawsuit out of it they probably won't really care that much if Joe Customer #1 through #100000 sues them, since they can after all afford it. They should create a real uninstaller that removes 100% of it without installing some extra bullshit like more ActiveX controls which is basicially a stating: "yes we'll remove our original shit, but we're going to put some different shit on your system just to make sure you can't rip one extra copy of the disc."
*


First they have to prove we were aware of this. Second they can afford the lawsuit but they really don't like the bad publicity around it (in the other hand this is not the first one nowadays tongue.gif ).
Go to the top of the page
+Quote Post
zima
post Nov 2 2005, 18:46
Post #23





Group: Members
Posts: 136
Joined: 3-July 03
From: Pomerania
Member No.: 7541



Hmm...2 months ago I ripped CD from Sony (and it turned out to be possible only in my Liteon 52x CDRW burner, not in Teac x40 CD-ROM), but since it was fresh install of new OS, it still had autorun and some window popped up saying basically "in order to listen to this CD, you have to install something in your system. OK to continue?". I used EAC instead...but I guess I have to check now if I'm clean dry.gif mad.gif


--------------------
http://last.fm/user/zima
Go to the top of the page
+Quote Post
pdq
post Nov 2 2005, 19:36
Post #24





Group: Members
Posts: 3426
Joined: 1-September 05
From: SE Pennsylvania
Member No.: 24233



I just canceled my membership in bmgmusic.com, and I made it clear that it was because they have this album for sale, and don't even indicate that it has any form of copy protection. Perhaps if a few more people did this then it would catch someone's attention?
Go to the top of the page
+Quote Post
Pusherman
post Nov 2 2005, 19:42
Post #25





Group: Members
Posts: 40
Joined: 13-August 04
Member No.: 16251



QUOTE (henkersmahlzeit @ Nov 2 2005, 02:13 PM)
regedit -> regedit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom
*


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom is the right one i think. ControlSet00x could be wrong hardware profile.
Go to the top of the page
+Quote Post

4 Pages V   1 2 3 > » 
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 1st November 2014 - 10:09