[Clips] Sony to Help Remove its DRM Rootkit
R.A. Hettinga
rah at shipwright.com
Wed Nov 2 23:31:45 EST 2005
--- begin forwarded text
Delivered-To: clips at philodox.com
Date: Wed, 2 Nov 2005 23:18:30 -0500
To: Philodox Clips List <clips at philodox.com>
From: "R.A. Hettinga" <rah at shipwright.com>
Subject: [Clips] Sony to Help Remove its DRM Rootkit
Reply-To: rah at philodox.com
Sender: clips-bounces at philodox.com
<http://www.betanews.com/article/print/Sony_to_Help_Remove_its_DRM_Rootkit/1130965475>
BetaNews |
Sony to Help Remove its DRM Rootkit
By Nate Mook, BetaNews
November 2, 2005, 4:04 PM
When Mark Russinovich was testing his company's security software last
week, he came across a disturbing find: a Sony BMG CD he purchased from
Amazon had secretly installed DRM software on his PC and used "rootkit"
cloaking methods to hide it. With the story sweeping across the Net, Sony
is attempting to clean up its mess.
DRM, or digital rights management, is nothing new to CDs. Record companies
began employing software to prevent users from easily transferring tracks
to a PC after the explosion of file sharing activity that followed
Napster's debut in 1999. But for the most part, the DRM was quite
rudimentary and only required the pressing of the "shift" key to bypass.
Not so with Sony's latest batch of CDs from Switchfoot, Van Zant and
others. Using technology developed by British software company First 4
Internet, the CDs limit the number of copy-protected backups that can be
made. To enforce the restriction, software and drivers are installed
without a user's knowledge when the CD is accessed.
Russinovich first discovered a hidden directory and several hidden device
drivers -- none of which would show up in Windows Explorer. He soon found
the driver responsible for the cloaking, which was designed to hide every
file and location that begins with: $sys$.
After tracing the rouge software back to his recently purchased Van Zant
CD, Russinovich attempted to uninstall the DRM, but to no avail.
"I didn't find any reference to it in the Control Panel's Add or Remove
Programs list, nor did I find any uninstall utility or directions on the CD
or on First 4 Internet's site. I checked the EULA and saw no mention of the
fact that I was agreeing to have software put on my system that I couldn't
uninstall," he wrote on his company's blog. "Now I was mad."
When he forcibly removed the software and registry entries by hand,
Russinovich found his CD player was no longer functional. Further advanced
registry hacking fixed the problem, but he noted that the vast majority of
computer users would simply "cripple their computer" if they tried to
delete the First 4 Internet DRM.
Although cloaking files and not providing a method of removal is not
dangerous in and of itself, the case sparked a flurry of discussion online.
Most users agreed that the actions of Sony and First 4 Internet
questionable at best, and security experts warned of potential threats. For
example, a virus writer could simply hide files by naming them using the
$sys$ prefix.
For its part, First 4 Internet claimed the technology was only found on CDs
from earlier this year and said it had created new methods to hide the DRM.
Nonetheless, the company has decided to issue a patch to eliminate the
cloaking and "allay any unnecessary concerns."
The patch will be made available for download from Sony BMG's Web site,
with another offered directly to antivirus vendors. The DRM software will
not be removed, however, only uncovered; that means users will still be
unable to delete it without risk of rendering their CD drive inoperable.
Customers must contact Sony BMG support for removal instructions.
"While I believe in the media industry's right to use copy protection
mechanisms to prevent illegal copying, I don't think that we've found the
right balance of fair use and copy protection, yet," said Russinovich.
"This is a clear case of Sony taking DRM too far."
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
_______________________________________________
Clips mailing list
Clips at philodox.com
http://www.philodox.com/mailman/listinfo/clips
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list