http://securityresponse.symantec.com/avcenter/venc/data/securityrisk.aries.html

hmm..good to know..thanks..

Thanks for the heads up!

That'll start some stink. Sony CDs are officially a virus. Now IT types that had to weed it out of corporate systems can sue Sony for damage.

CL learned how folks feel about being called thievs. The security scheme form P5 was rapidly removed. P6 just uses the old fashioned serial number. That's enough to keep the honest folks honest. Sony should know that those who are intent to copy the CD will copy it no matter what virus the infuse the disk with. If they want to keep people from doing a disk copy just put a bad track in there. That will keep the honest honest and won't cause havock in peoples computers.

Nerd3D

Message edited on: 11/11/2005 19:32

Kewl... ;) Yes, I had mentioned the P5 fiasco. Well, think about this. This wasn't a quick 1-2 decision and away we go. They had to consider how to enforce CMP, how to add it, in what form, where, what kind, who would provide it, and so on. There were meetings about this, meetings with First 4 Internet, probably meetings with other prospective CMP providers. There was lengthy discussion about how to employ the CMP, how to secure it. It needed to be part of the development and design for the Audio CDs. It needed to added to the commercial products, tested, validated. Succinctly, this was something in planning and execution stages for at least six months, a year, or more. This was a deliberate action (albeit not very well thought out). A very deliberate action. And who did it protect? Since this thing only works on Windows, any cracker (or wannabee) could easily circumvent the CMP just by using a different OS. Wow, a cracker using a Unix-based OS, who woulda thunk it? ....

http://www.eweek.com/article2/0,1895,1885334,00.asp?kc=ewnws111105dtx1k0000599 http://www.eweek.com/category2/0,1874,1258734,00.asp?kc=ewnws111105dtx1k0000599 This may help some regarding this issue as well. If this is not allowable here on this board, please feel free to delete it. Thanks

Thanks for the article link, Silly_Sue_1. I should mention that I'm using CMP (Content Media Protection) instead of DRM (Digital Rights Management). These are basically synonymous. If you have recently purchased any Sony BMG Audio CDs, I'd recommend returning them - for your safety if nothing else!

Before returning it, send me a copy of aries.sys. I want to know what it does!

'This was a deliberate action (albeit not very well thought out). A very deliberate action' It could also be considered a desperate action. This year, Sony will be posting their first yearly loss in 11 years. Last quarter's sales were down 46.5%. They've lost a ton of money making crap movies that bomb at the box-office. That, plus a general slowdown in plasma screens, digital cameras, etc, means they're losing money hand over fist. Am I glad? After this idiotic rootkit stunt, you bet I'm glad! mac

By the way - anybody seen the latest item in freestuff?

who by?

Attached Link: http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html

Actually CA did same as Symantec - classing it as a virus - much earlier this week. And CA's tool removes it *and* prevents re-infection. BTW, there is no way to remove Sony BMG/F4I's rootkit manually. Even their own uninstall routine, if you manage to get hold of it (and accept their confidentiality requirement), runs the risk of permanently trashing your Windows OS. Symantec's action is probably in light of media pressure - to save face - seems that Symantec was the primary technical consultant behind F4I's development of this rootkit in the first place. But then Symantec have a reputation of backing both sides in the virus arms race. (Historically the bulk of the early virus development was down to Symantec with their asinine $100 bounty for all viruses submitted regardless of source, i.e. whether it had ever been released to the wild. For a few thousand handouts Symantec created the virus market it needed to compete with McAfee. Ever wondered why to this day the percentage of unreleased viruses that Symantec claims to protect against is a huge percentage of the total population count?) And the primary reason this rootkit is so bad is limited programming expertise on the part of F4I - the programmer developing it asked for help from the FOSS community during it's development. Frighteningly basic questions apparently for someone attempting something as mindblowingly complex as a kernel-level hook into Windows that needed to be FORWARD-compatible with Windows future releases. I've attached to link to Mark Russinovich's - the person who discovered it - blog.

"BTW, there is no way to remove Sony BMG/F4I's rootkit manually. Even their own uninstall routine, if you manage to get hold of it (and accept their confidentiality requirement), runs the risk of permanently trashing your Windows OS."
You can easily remove it manually, just delete aries.sys and anything in the folder $sys$....
You can't do it from Windows because Windows will don't allow you to do it, so boot with DOS or Linux and delete the files.
Next time that Windows will start will complain for missing files, so run regedit, search for the deleted files and delete all the keys that makes refernce to those files.
Sony uninstall doesn't work because it doesn't remove the DRM, only install it in another way and who knows what else does.

Message edited on: 11/12/2005 13:45

Agreed, I should have said "... from within Windows". But not all Windows users know how to make/acquire a DOS boot disk, or run Knoppix... The problem with the Sony install or manually deleting from within Windows is that the F4I hook is done poorly, so removing while Windows is running - as the Sony Uninstall does - can have disastrous consequences if something else has hooked in since the Sony F4I installation. Details in the link I provided above.

The answer? Consider Sony the criminal they really are and boycott all products they produce! It's the only way to let these jerks realize they can't play these kind of games.... eric

From originalkitten: "who by?" JimFarris - at the time I wrote post #10, his Sony radio was the newest freestuff item.

lmao.....thanks