[Clips] Sony to Help Remove its DRM Rootkit

R.A. Hettinga rah at shipwright.com
Wed Nov 2 23:31:45 EST 2005 

--- begin forwarded text


 Delivered-To: clips at philodox.com
 Date: Wed, 2 Nov 2005 23:18:30 -0500
 To: Philodox Clips List <clips at philodox.com>
 From: "R.A. Hettinga" <rah at shipwright.com>
 Subject: [Clips] Sony to Help Remove its DRM Rootkit
 Reply-To: rah at philodox.com
 Sender: clips-bounces at philodox.com

 <http://www.betanews.com/article/print/Sony_to_Help_Remove_its_DRM_Rootkit/1130965475>

 BetaNews |

 Sony to Help Remove its DRM Rootkit
  By Nate Mook, BetaNews
 November 2, 2005, 4:04 PM
 When Mark Russinovich was testing his company's security software last
 week, he came across a disturbing find: a Sony BMG CD he purchased from
 Amazon had secretly installed DRM software on his PC and used "rootkit"
 cloaking methods to hide it. With the story sweeping across the Net, Sony
 is attempting to clean up its mess.
 DRM, or digital rights management, is nothing new to CDs. Record companies
 began employing software to prevent users from easily transferring tracks
 to a PC after the explosion of file sharing activity that followed
 Napster's debut in 1999. But for the most part, the DRM was quite
 rudimentary and only required the pressing of the "shift" key to bypass.

  Not so with Sony's latest batch of CDs from Switchfoot, Van Zant and
 others. Using technology developed by British software company First 4
 Internet, the CDs limit the number of copy-protected backups that can be
 made. To enforce the restriction, software and drivers are installed
 without a user's knowledge when the CD is accessed.
 Russinovich first discovered a hidden directory and several hidden device
 drivers -- none of which would show up in Windows Explorer. He soon found
 the driver responsible for the cloaking, which was designed to hide every
 file and location that begins with: $sys$.
 After tracing the rouge software back to his recently purchased Van Zant
 CD, Russinovich attempted to uninstall the DRM, but to no avail.
 "I didn't find any reference to it in the Control Panel's Add or Remove
 Programs list, nor did I find any uninstall utility or directions on the CD
 or on First 4 Internet's site. I checked the EULA and saw no mention of the
 fact that I was agreeing to have software put on my system that I couldn't
 uninstall," he wrote on his company's blog. "Now I was mad."
 When he forcibly removed the software and registry entries by hand,
 Russinovich found his CD player was no longer functional. Further advanced
 registry hacking fixed the problem, but he noted that the vast majority of
 computer users would simply "cripple their computer" if they tried to
 delete the First 4 Internet DRM.
 Although cloaking files and not providing a method of removal is not
 dangerous in and of itself, the case sparked a flurry of discussion online.
 Most users agreed that the actions of Sony and First 4 Internet
 questionable at best, and security experts warned of potential threats. For
 example, a virus writer could simply hide files by naming them using the
 $sys$ prefix.
 For its part, First 4 Internet claimed the technology was only found on CDs
 from earlier this year and said it had created new methods to hide the DRM.
 Nonetheless, the company has decided to issue a patch to eliminate the
 cloaking and "allay any unnecessary concerns."
 The patch will be made available for download from Sony BMG's Web site,
 with another offered directly to antivirus vendors. The DRM software will
 not be removed, however, only uncovered; that means users will still be
 unable to delete it without risk of rendering their CD drive inoperable.
 Customers must contact Sony BMG support for removal instructions.
 "While I believe in the media industry's right to use copy protection
 mechanisms to prevent illegal copying, I don't think that we've found the
 right balance of fair use and copy protection, yet," said Russinovich.
 "This is a clear case of Sony taking DRM too far."

 --
 -----------------
 R. A. Hettinga <mailto: rah at ibuc.com>
 The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 _______________________________________________
 Clips mailing list
 Clips at philodox.com
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list