destro75 opened this issue on Nov 04, 2005 ยท 65 posts
destro75 posted Fri, 04 November 2005 at 12:38 PM
Attached Link: http://www.cnet.com/4520-6033_1-6376177.html?tag=nl.e501
Hey all,I just got done reading this article, and I am fuming. I had wanted to get a nice new PSP before this, but suddenly, I will never buy another Sony product again, including the new Playstation.
I am asking you to take a few minutes to read this article, then pass it on to others. Sony is literally using the same tools that criminals use to hijack your computer. And you get to keep what amounts to a virus on your system, for only the price of a new CD!
Sorry, but this is totally unacceptable. The only way to fight it is to get the word out, so that others will stop buying Sony as well. Maybe then they will wake up and treat the consumer as a valued customer, rather than a petty thief.
Here is the article: http://www.cnet.com/4520-6033_1-6376177.html?tag=nl.e501
Thanks for helping out.
kawecki posted Fri, 04 November 2005 at 12:49 PM
"You don't have to be ripping the CD, either--just playing it from your CD-ROM drive triggers the installation. "
Very easy, just disable the autorun feature of your CD unit.
I never have the autorun enabled, I hate each time that load a CD it wants to install something that I have or have no interest to install. Also you can use Spybot that prevents installation of unwanted software.
Message edited on: 11/04/2005 12:50
Stupidity also evolves!
thefixer posted Fri, 04 November 2005 at 1:11 PM
Well that is just disgraceful, We shouldn't be surprised though, all big corporations use underhand tactics and black ops to stiff the consumers. They forget it's us that put them where they are in the first place!
Injustice will be avenged.
Cofiwch Dryweryn.
Khai posted Fri, 04 November 2005 at 1:33 PM
" "You don't have to be ripping the CD, either--just playing it from your CD-ROM drive triggers the installation. " Very easy, just disable the autorun feature of your CD unit. I never have the autorun enabled, I hate each time that load a CD it wants to install something that I have or have no interest to install." and the music / disk won't work. requires the software on the disk to play. (details in the article.)
mrsparky posted Fri, 04 November 2005 at 1:37 PM
I read about this eariler, the system uses something called a rootkit to hide itself. So some anti-virus/antispyware won't remove it or even see it. Sony have released a tool to remove it, but I agree it's well out of order. In the UK it might even be an offence under the misuse of computers act. Unauthorised modification of computer material and the deliberate intent to impair the operation of a computer are all offences in this act. But it's a big record company thats deemed as OK. Doing stuff like this, sueing kids and even recently threatening a grandfather for allowing a kid to d/load films just shows much copyright law needs to change. I agree with the fixer and destro75, but a boycott doesn't work. So I reserve the right to, and do, remove the CRM from any products I've bought.
steerpike posted Fri, 04 November 2005 at 1:44 PM
Attached Link: http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
From Shell Extension City..."Sony's controversial hidden rootkit automatically loads into your machine when you put a newer Sony music CD in your computer. The software will break your computer if you try to delete it, uses 2%-3% of your CPU overhead at all times (whether you're playing the disk or not), and creates a vulnerability allowing others to install permanently cloaked (hidden) files and programs on your machine."
This is nasty stuff. The only complete solution seems to be submitting a request to Sony for an uninstall package.
originalkitten posted Fri, 04 November 2005 at 1:51 PM
wow thats disgusting... i have a sony mp3 player too...in fact all my portable music hardware is sony. Im furious. Going to check which artists are sony lol.
"I didn't lose my mind, it was mine to give away"
mateo_sancarlos posted Fri, 04 November 2005 at 1:54 PM
The only serious threat to OS X so far has been the "opener script", which is a rootkit apparently related in function to this Sony trojan. Since the advent of the "autostart virus" back in '96 or '97, Mac users habitually turn off autoplay in their CD/DVD prefs, but this is no protection against a downloaded rootkit. My guess is that the black hats will quickly copy this Sony trojan and modify it, then add it into illegal copies of useful apps, which will then be placed on warez sites, warez newsgroups and P2P services like BitTorrent. One of the Jaguar security updates supposedly took care of the rootkit problem, but I am unaware of any similar security update on the Windows side.
dlk30341 posted Fri, 04 November 2005 at 1:56 PM
And they wonder why people resort to P2P ~eye roll~ Truly disgusting.
Likos posted Fri, 04 November 2005 at 2:11 PM
mateo_sancarlos, Funny you should mention the "opener script" I have habitually turned off the autostart feature in every mac and pc since then. Wow how time flies, I didn't realize it's been 8 years! The autorun feature always seemed like a bad idea from the get go. Someone can make a cd image of a cd and then add in malicious code to execute when the cd is run. I don't think any amount of "patches" can fix that. Unless the cd does a checksum of itself every time its inserted. And even then that can be hacked. The best part of the Sony debacle is, and you can quote me: "Virus they're not just for hackers anymore!"
kawecki posted Fri, 04 November 2005 at 2:27 PM
Is very funny to see how the idiots invent more idiotic copy protections that will not work.
I still remember from the old days of 5 1/2" floppy disks as soon that appeared the first floppy that cannot be copied appeared a software "copywrit" that allowed to copy them.
The same will happen with CRM, if it become common you can be sure that will be a lot of programs for download that will kill the CRM.
Message edited on: 11/04/2005 14:28
Stupidity also evolves!
destro75 posted Fri, 04 November 2005 at 2:54 PM
Well, I didn't post this to find ways around it. I posted it because people should know about it. People should also take action, and make a stand on this. We shouldn't need to "work around" it. It shouldn't be there, period. I don't agree with pirating music, I never have, but this isn't even about that. The action that this software takes is the same thing the FBI imprisons people for. If this were a website that you received the software from, they would already have been shut down, and the webmaster probably arrested. I wanted to get the word out, since the majority of people who will be affected by this will have no idea what it is doing. I figured, the more people that this article got out to, the more people would be educated, and hopefully, angered at this. Anyway, thanks to all who have read it, and I hope you encourage others to as well! Take care all!
Robo2010 posted Fri, 04 November 2005 at 4:09 PM
I have a sony DVD RW. And it comes with nero (Crappy software). I made a family video and like to burn onto a dvd. 9 months after I owned it, I am now burning a file (Family video). The thing doesn't even write only reads. I get error messages. I write to sony about it many times, and they never respond or help. So, I am into a new DVD RW. And not again Sony. The service is bad, and now this (hijacks)
originalkitten posted Fri, 04 November 2005 at 4:16 PM
i just thought....in my device manager my dvd is supposed to be sony and ive put a few dvd-rs in my machine to read and my machine just totally will not read them.... its not pirated stuff either..im wondering if this is why.....
"I didn't lose my mind, it was mine to give away"
Gongyla posted Fri, 04 November 2005 at 4:24 PM
Thanks. I will spread the word, and boycot Sony completely from now on. Even though we play music on the traditonal cdplayer and not on the puter, this is indeed scandalous and calls for action.
kawecki posted Fri, 04 November 2005 at 4:48 PM
When I first read about this new fabulous copy protection scheme could work, is something impossible to be done.
This article gave me the clues how it works.
What makes any copy protection almost impossible is:
For limiting the number of copies there must be a place where to store the previous history of use.
Where store this information?
So, what can prevent you for reading the content of the CD and doing anything you want with it?
The only possible solution is to alter the normal working of your computer, to hijack your computer in that way that it will not obey your orders!
The only way to be done requires:
Message edited on: 11/04/2005 16:51
Stupidity also evolves!
xantor posted Fri, 04 November 2005 at 4:55 PM
The pirates will probably "remove" the protection in about a week, if they havent done it already.
kawecki posted Fri, 04 November 2005 at 5:16 PM
I always refuse to do any protection scheme in software. 1) It is a waste of time from my part, I can spend days making a scheme that will be cracked in only 15 minutes. 2) After the software was cracked I shall receive a complain from my client that I have not done a good work.
Stupidity also evolves!
unzipped posted Fri, 04 November 2005 at 5:21 PM
Thanks for pointing this out Destro. This has been in the news for a couple of weeks and it is interesting that this time its getting quite a bit of publicity compared to some of the other nasty stuff some corporations have tried to pull in this venue. If you want to be continually outraged at the exploits of these types, check in with www.slashdot.org often. These things find their way onto the front page there pretty quick - with accompanying discussions which range from enlightening and helpful to mundane flame wars (just like here). I'm off of Sony. They're just the tip of the iceburg unfortunately - in music they're part of a cartel called the RIAA who want to control all aspects of music - distribution, promotion, creation - to the extent that if they had it their way the only way anyone could make, distribute or listen to music is through their certified channels. It's bad news. I have not purchased any music by any artists affiliated with the companies under the RIAA umbrella (and I DO NOT copy/dowload/etc. when it infringes on copyright) for about 5 years now - they don't get my money to further their greed mongering. There's plenty of non-RIAA music out there, and I do pay for that. I listen to KCRW as often as I can - you can get podcasts of their shows at www.kcrw.com. My favorite show is Metropolis. Anyway they do play some artists that aren't slaves to the RIAA. If you're concerned on whether an album/recording is affiliated with an RIAA company, go to www.riaaradar.com and do a search, it'll give you that information. And hopefully don't buy it if it is owned by an RIAA company. Add Sony to the list of companies I won't give money to. Keep spreading the word folks, hopefully they'll get the message soon. Unzipped
Netherworks posted Fri, 04 November 2005 at 5:24 PM
Attached Link: http://www.invisiblethings.org/tools.html
Interesting page... System Virginity Verifier is a command-line tool..
shedofjoy posted Fri, 04 November 2005 at 6:15 PM
What penalties should Sony get for creating things that people have gone to prison for,for less offenses?
Getting old and still making "art" without soiling myself, now that's success.
stonemason posted Fri, 04 November 2005 at 6:58 PM
thanks for the headsup, I haven't used my stereo in months & all new cd's go straight to the hard drive is there anyway to avoid this being installed?..(other than not using sony cd's) I dont have autorun enabled
Ben_Dover posted Fri, 04 November 2005 at 6:58 PM
Attached Link: http://www.snapfiles.com/get/RootkitRevealer.html
Such an uproar has been made they're (Sony) scrambling to undo this somehow. You can't blame a company for trying to prevent their goods from being swiped, this just wasn't the right way. I'm sure they'll catch more than a small ration of sh1t for it and might see some fines too. In the meantime, you should be watching your own machines for stuff like this anyway, as well as any other malware or spy apps. Here's a rootkit sniffer, it will look at your machine and find any others installed. While you're there back out of this link, via the links near the top of the page, and look through the other security/privacy tools you might also need. This is a freeware section, read the reviews and get what you need. The entire freeware archive is at: http://www.snapfiles.com/freeware/freeware.html
kuroyume0161 posted Fri, 04 November 2005 at 7:13 PM
What are CD's? ;) Ever since the Napster debacle (*), I basically stopped buying Audio CDs. If I purchased any, it was from a used-CD store. Since iTunes, what are CD's again? I now only purchase songs through iTunes and play them on my shiny new 30GB video iPod. Hey, if there is anything unavailable there, oh well. * Wherein I was banned from Napster because I had Metallica songs - read carefully - ripped from my legally purchased Audio CDs to my computer for my own personal use (such as running in WinAmp with PaceMaker to adjust the pitch while practicing guitar) and not available for sharing - this was a legal copy of the music. I was banned just because the files 'existed' on my computer, albeit legally. They were not included in my Napster interface which I rarely used. As a matter of fact, the banning occurred several months after discontinuing any use of Napster. Could of just as easily uninstalled it at that time. It wasn't the banning that peeved me as much as the blind way in which it was done. Had I 'downloaded' the songs, justifiable. But was there any check of whether they were legal or not ... No. This is what DRM means for your future. Now they can frag with your computer at the kernel level and open the door to all sorts of malicious destruction whether direct or indirect (like formatting all of your harddrives and locking you out of Windows and sending all of your passwords to a hacker so that he can empty your bank account, fill your credit cards, and send you into bankruptcy - just in time for the new Chapter 11 laws). Welcome to the Brave New World!
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
MeInOhio posted Fri, 04 November 2005 at 7:48 PM
Turbo Tax also installed a Macrovision file on to your computer without telling you. They claimed that it didn't interfer with any other program running on your pc. It just protected their intellectual property. Maybe that was true. I don't know. But I didn't like it that they didn't tell you ahead of time that if you bought their program it would do this. Or at least before you installed it. I didn't buy their program the following year. Besides I found an accountant through a friend who did my taxes for less than what it cost me to buy the state and the federal programs. If I wouldn have gotten the rebates like I was suppose to but they returned the one to me because they said I didn't include something. I forget what, but that frosted me a little too.
mrsparky posted Fri, 04 November 2005 at 8:12 PM
"Turbo Tax Macrovision file on to your computer without telling you". Discreet installed spyware as a DRM along with their demo of Max from the computer arts discs. Even if you bought Max the spyware remained, and if you removed the nasty then reinstalled the demo wouldn't work! "Wherein I was banned from Napster" Thats bang out of order, Napster has no right to see what music or files you have on your pc ? Thats a total invasion of privacy. And they wonder why folks use P2P! "What penalties should Sony get..." Thats easy. The same ones they use to persecute children.
DominiqueB posted Fri, 04 November 2005 at 9:49 PM
Sony is not the only using this I think, EMI also has their own player with the 3 copy only protection scheme. It never ceases to amaze me how they go out of their way to irritate honest people who purchase their cd, while hackers have those same tunes on the web in no time. After I found out I could not download the EMI Rolling Stones album I legitimately bought to my iPod, I e-mailed them telling them I would no longer buy anything from them, or any company that prevented me from loading to the iPod. That's it for me I will only buy from iTunes from now on, and certainly no Sony artist will get my money for a good long time.
Dominique Digital Cats Media
Butch posted Fri, 04 November 2005 at 10:41 PM
I found about this today and wasn't happy. I don't have any sony gear and haven't ever used my cd burner to play music with. I have a very nice stereo for playing music so I don't need to use my computer. But this reminds of years ago when VHS Movies first started to appear. There was a copyguard system called marcovision, it's still around, but I bought a movie and back then movies cost a bunch, this movie if I remember correctly cost around 80 bucks, and I couldn't play it on my VCR because of the stupid copy guard. The picture was so screwed up that no matter how I adjusted the tracking it would not play, and because I had opened the package, the store would not exchange or take back the movie, for years it sat on a shelf and I would try in various VCR's trying to find one that it would play in and I just remembered the movie it was Flash Gordon.... I don't want to rip anyone off but the whole system of copyguards it stupid. So body with the right know how and equip can defeat copyguard every time. The only people it stops is the everyday consumer....
Hawkfyr posted Fri, 04 November 2005 at 11:36 PM
Little_Dragon posted Sat, 05 November 2005 at 12:08 AM
While this doesn't specifically address the latest DRM scandal, I think it does nicely sum up Sony's attitude toward its customer base in general:
CTRL+ALT+DEL (November 4th, 2005)
kuroyume0161 posted Sat, 05 November 2005 at 12:15 AM
The point of copy protection (etc.) is to prevent honest people from abusing the media. It has no effect on dishonest people.
Let me put it this way, as someone who does computer programming and development, has followed piracy for twenty years (and, boy, what I have seen), and has read up on the issue:
If Microsoft, who can expend hundreds of millions of dollars and thousands of expert personnel, cannot protect Windows and Office from appearing on a street corner in some foreign country at $2/CD (fully cracked and ready to be used), what makes you think there is any way to stop crackers and hackers. Heck, they've been able to defeat the most stringent mathematical encryptions ever invented. 128-bit, bah. 12098123740912874-bit wouldn't work either (yes, that's a randomly typed number).
In other words, DMC is B.S. It only hurts the consumer by causing grief and increasing profits (someone has to pay for all of that expenditure). Now, I don't mind weak DMC (such as used by iTunes). But anything that requires a retinal scan, reformats your harddisk to their specifications, and holds your sister for ransom is going too far.
They're nearly there - this "First 4 Internet" RootKit is reconfiguring the kernel of the OS (Windows). This has ramifications in that there is no simple removal method, it interfers with normal computer operations, causes a constant CPU usage - estimated at 2% to 5% (this alone could result in shortening the lifespan of your CPU), hides itself from detection, may break your OS access after an OS update, and could allow malicious code to be installed and executed without your knowledge or any way to intervene.
Macrovision may be nasty, but it isn't malicious. This move by Sony (and possibly EMI) is!
Sorrily, I have a nice Sony monitor and DVD-R drive. If finances weren't an issue, they'd be replaced just because of this entire affair. ETA: Forgot the moral of the tirade. If huge corporations think this lowly of purchasing customers, why bother? They envision the slippery slope similar to the fallacy that allowing 'gay marriage' would end in Joe-Bob having nuptials with his goat. Customers may abuse the system a little, but it is those who intentionally abuse it to make profit that should be the target. Instead, the customer is the victim and the crackers/hackers sing merrily along to their tune of 'Ka-ching!'
Message edited on: 11/05/2005 00:26
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
kawecki posted Sat, 05 November 2005 at 1:24 AM
I don't care of all this, first the crap will not work with Win95/98, I don't use and never shall use XP, and second in case that something is installed I shall kill it within some hours.
Stupidity also evolves!
kuroyume0161 posted Sat, 05 November 2005 at 1:37 AM
That is the problem. You can't 'kill' it. It is not visible from the OS at all. It modifies the OS kernel. Do you understand what that means!? It patches the functions of the base functionality of the operating system (without your consent and without forewarning). The only way to remove such nastiness is with something like RootkitRevealer (spyware and antivirus software cannot detect this). There is one preventative measure if you have Sony Audio CDs with this infectious nonsense - turn off AutoPlay for CDs (which is how it gets installed). This is a good idea in every case, anyway. Never use AutoPlay EVER!
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
BonBonish posted Sat, 05 November 2005 at 1:49 AM
Hi destro75... thank you for posting this.
kawecki posted Sat, 05 November 2005 at 1:52 AM
"It is not visible from the OS at all." Do you know there are many tasks invisible in Windows?, you need to use some tool to see them. "It modifies the OS kernel." What does this mean? it changes the dll's? Windows has less than ten basic dlls, the rest of the dlls are variable and always change to a newer version or older! The only way to hijack the computer is to install an active task and of course hide it from normal users.
Stupidity also evolves!
kuroyume0161 posted Sat, 05 November 2005 at 2:03 AM
Yes, there are services run all over the place. But Rootkits hide themselves from detection, purposely!
Have you read the links provided (especially the sysinternals one)? Yes, it literally modifies the OS kernel.
Rootkits that hide files, directories and Registry keys can either execute in user mode by patching Windows APIs in each process that applications use to access those objects, or in kernel mode by intercepting the associated kernel-mode APIs. A common way to intercept kernel-mode application APIs is to patch the kernels system service table, a technique that I pioneered with Bryce for Windows back in 1996 when we wrote the first version of Regmon. Every kernel service thats exported for use by Windows applications has a pointer in a table thats indexed with the internal service number Windows assigns to the API. If a driver replaces an entry in the table with a pointer to its own function then the kernel invokes the driver function any time an application executes the API and the driver can control the behavior of the API.
The "First 4 Internet" Rootkit used by Sony is a kernel-mode executable. And yes, it installs an executable and hides it from users (all users - except those who having expertise to detect such things). I believe it is also possible to intercept the installation if you run in a non-Administrator mode, but then who is that stupid. How can you run Windows in anything but Administrator mode (id est: with Adminstrator privileges)? Unlike MacOS, there is no 'super-user' command to temporarily elevate a user's privileges to administrator.
Message edited on: 11/05/2005 02:05
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
kawecki posted Sat, 05 November 2005 at 2:11 AM
Stupidity also evolves!
kuroyume0161 posted Sat, 05 November 2005 at 2:15 AM
I'd also like to add (as if not enough already) that this DRM is completely useless. Do the guys at Sony who dreamed up this Draconian piece of work realize that it only works on Windows (and not x64 from the article)? So, that means that anyone with 1/5th a brain can just use another operating system to circumvent the DRM (Windows x64 (yay, I have this!), MacOS, BeOS, Unix, Linux, AmigaOS, etc. and so on). Schmucks comes to mind...
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
kawecki posted Sat, 05 November 2005 at 2:16 AM
Stupidity also evolves!
Starkdog posted Sat, 05 November 2005 at 2:17 AM
In regards to this RootKit tweaking the OS kernel, wouldn't this be against Microsoft's EULA, since this kit is in essence, re-compiling and modifying the OS? I think this could be something to look into. If it does violate Microsoft's EULA, Uncle Bill might just own Sony!!! I can't believe this, but I'm actually supporting Microsoft! -Starkdog
kuroyume0161 posted Sat, 05 November 2005 at 2:19 AM
Yes, if you use Task Manager, you can see all of the running applications and tasks. You can also see all of the running services if you have Pro through the Administrative Tools. I'm not naive. This will not show in any of them. It purposely hides itself by modifying the OS to 'not see itself'. Rootkits are not just something that runs that is hidden but can be revealed using OS features. It is a stealth service actively hiding - again - not even spyware and antivirus software can detect these. Finding it requires delving into the OS kernel tables (that is beyond me).
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
kawecki posted Sat, 05 November 2005 at 2:23 AM
"that it only works on Windows" And with Media Player! Also will depend of the software that you use for burning CDs, if you use some software that send directly commands to the burner Windows will be not able to stop your copy or ripping.
Stupidity also evolves!
Lucifer_The_Dark posted Sat, 05 November 2005 at 2:23 AM
"The only way to hijack the computer is to install an active task and of course hide it from normal users." Which isn't as easy as it sounds if the normal user has the right tools http://www.sysinternals.com/utilities/rootkitrevealer.html to find the nasty little virus they've (Sony) installed. Windows XP does have some protection against this type of attack in that you can go back to a previous version of the system, "system file checker" can scan all those lovely files that Sony thinks are theirs to play with & change them back to unf**ked versions. Does anyone know how long Sony have been using this & is there a list of the cd's they've got it on?
Windows 7 64Bit
Poser Pro 2010 SR1
kawecki posted Sat, 05 November 2005 at 2:26 AM
" In regards to this RootKit tweaking the OS kernel, wouldn't this be against Microsoft's EULA," For this scheme to work you will need Microsoft as accomplice, and of course that it is!. Why do you think all the problems with EU forcing the removal of Media Player as a basic part of the OS?
Stupidity also evolves!
kuroyume0161 posted Sat, 05 November 2005 at 2:28 AM
Starkdog - Possibly. It is not 'recompiling' the OS. It is just patching the kernel's system service table. What this means is that there is a table of functions in the kernel (low-level OS system calls) and they are being rerouted to functions in the Rootkit service. kawecki - You must read the article that steerpike provided: http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html I don't think this service will show up under a normal check. Maybe the Memory Dump would show it, but there are more ramifications than the service itself. It installs the service, modifies the OS kernel, and adds Registry keys. Even if you find the service, stopping it is not enough.
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
kawecki posted Sat, 05 November 2005 at 2:31 AM
You can hide a task making a call to an undocumented kernel32 function.
Stupidity also evolves!
destro75 posted Sat, 05 November 2005 at 2:37 AM
Starkdog, you make a very good point. I wonder how long until Uncle Bill decides this is the way for the XBox to finally bury the Playstation. If he owns the company, he can just scrap the whole thing. LOL. Seriously though, I would be curious to hear what MS has to say about this. If nothing else, it is a great chance to make some PR. The only downside is it once again shows how an MS system is vulnerable to things like this. Anyway, I posted this originally not for those who understand the topic, but for those who don't. For those who do understand, I ask that you spread the word to others who don't understand. The biggest problem, and most likely the reason Sony attempted it, is lack of knowledge by the majority of users. Most people would just see the tiny writing on the CD cover that tells them to pop in the CD for some bonus content, and it would install silently. I don't disagree with the record companies that they have a right to protect their property, however, the same applies to users. We have a right to protect our property. It is wholly disgusting that Sony was able to even get this far. I want to see the government actually step in. This should fall under the umbrella of cyberterrorism. I don't give a crap how big Sony is. If you choose to do business to the detriment of your customers, you should be punished. Thanks to everyone who has gotten involved today with this thing. It does make a difference!
kawecki posted Sat, 05 November 2005 at 2:37 AM
"It installs the service, modifies the OS kernel, and adds Registry keys. Even if you find the service, stopping it is not enough." Once you have located the task you can search for it in the registry and delete the keys calling it. Anyway nothing can stop you sending/receiving data to port 170H, I assume that the CD is at the secondary IDE.
Message edited on: 11/05/2005 02:39
Stupidity also evolves!
kuroyume0161 posted Sat, 05 November 2005 at 2:40 AM
It is possible that this is what is being done. But the article doesn't detail what functions in the table are being rerouted. I would suspect that the functions most likely to be rerouted (and this is alluded to) would be those involving the CD/DVD drive and something to allow the service to remain hidden. Either way and to miraculously bring this back to Poser, this reminds me of the protection scheme initially used in Poser 5 (the name escapes me).
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
destro75 posted Sat, 05 November 2005 at 2:40 AM
To add to the last post by kuroyume0161, uninstalling the service is detrimental to the operation of your system. As the article I provided clearly states, if you manage to uninstall the software, it ruins your OS's ability to access your CD drive. Once the software is on your system, it is too late.
kuroyume0161 posted Sat, 05 November 2005 at 2:48 AM
I'm very glad that you brought this to our attention, destro75! As I've mentioned, there is little chance that I'd have this issue since AudioCDs are a thing of the past for me. But then, unabated, this type of DRM might appear in other places. Best stopped at first sniff. kawecki: If the keys are encrypted, it would be difficult indeed. I doubt that they reside in "..../Sony/DRM/..." ;) And it really isn't a matter of DRM (burning CDs or whatnot). It is that this has potentially catastrophic side-effects and some already revealed real ones. Constant CPU usage is bad. When I'm not doing anything, my CPU usage is 0% as it should be. But a constant 2-5% is detrimental in one way or another. Plus, an exploit is to be exploited. Once the scum find a way to exploit any deficiency in this service, they could append their little service along with it and do anything (since they'll have administrator priviledges on a service patching the OS kernel). That is horrific to contemplate!
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
kawecki posted Sat, 05 November 2005 at 2:56 AM
"kawecki: If the keys are encrypted, it would be difficult indeed." There is a very simple rule that works fine with Microsoft. You search for xxx.dll or xxx.exe or xxx.vxd, once you found just delete all key, don't waste your time trying to understand the values or any information in the key, just delete and delete all the instances in the whole registry.
Stupidity also evolves!
kawecki posted Sat, 05 November 2005 at 3:08 AM
Another workaround, I have not experimented, but must it work. Search in the registry for CDA and delete all the entries. Now you have nothing to play your music CDs, if you open the cd and click on the tracks Windows will ask you with what you want to open, just select any player that you have (ie Winamp), I think that Media Player will not work because is probably corrupted by the CRM.
Stupidity also evolves!
kuroyume0161 posted Sat, 05 November 2005 at 3:09 AM
Again, it depends if they've made it that simple - don't know. And it was Pace for Poser 5. :) I don't get this super-protection stuff. My interPoser plugin has minimal protection - just enough that honest customers remain honest and that's all. I know there was at least one dishonest customer since the license key was cracked (and this cannot be done from the demo since the license key decryption code is omitted). Still, anything more would be detrimental to both myself and the customers (either in time, cost, hair loss). So, I lose a few sales, but I provide a working, stable product without ridiculous hassles. Since there is absolute no measure that completely avoids piracy, the best outlook is to consider your honest customer base first and tend to them. Sony has lost focus!
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
kawecki posted Sat, 05 November 2005 at 3:30 AM
" Again, it depends if they've made it that simple - don't know."
Probably they have no idea of this, but is very little what can be done with Windows.
Windows by itself doesn't know what is a CD, it only has vxd services for accessing the data, but what is the data Windows doesn't know. Windows needs the Windows explorer and Media Player for identifying the data and to know what to do with it.
If you change the registry or remove the Media Player the behaviour of Windows will be different. You don't need the Media Player, you only need the audio and video codecs installed and any player will be able to play.
Message edited on: 11/05/2005 03:34
Stupidity also evolves!
kawecki posted Sat, 05 November 2005 at 3:57 AM
It must be remembered that Microsoft creates the tools for hackers and hijackers. One of the genial Microsoft's creation was that you can install hooks in the TCP stack, what it means?, it means that when you are trying to access some site the installed hook can redirect your browser to another site. Once I had some spy installed on my computer, don't remember the name, this spy installed a hook in the TCP stack. I have discovered it running Adaware and removed it. What happened?, the hooked routine was not in the computer anymore and the TCP stack was broken with a missing link, the result was that IE stopped to work. I had to download a tiny software to restore the stack to the original form. One more curiosity is that the only internet application that stopped to work was IE!
Stupidity also evolves!
lmckenzie posted Sat, 05 November 2005 at 5:10 AM
Attached Link: http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
Mark lists all the down and dirty technical details of how he discovered and finally removed the culprit. FWIW, Bill is already denouncing BluRay DRM as being too drastic so take your pick and believe who you want. Also, rootkits work on Linux too: http://www.usenix.org/publications/login/1999-9/features/rootkits.html"Democracy is a pathetic belief in the collective wisdom of individual ignorance." - H. L. Mencken
AntoniaTiger posted Sat, 05 November 2005 at 5:56 AM
I've seen reports that some features of this Sony rootkit are already being exploited by other software. It apparently will conceal any file which has a certain filename extenstion, a featrue which is being used to conceal player-installed hacks for online games, so that the game security checks don't work. It looks like this Sony solution might fit the definition of a tool to break DRM protection, which would make it illegal. And there are a lot of small content producers who just can't afford to buy in to the DRM model.
destro75 posted Sat, 05 November 2005 at 7:31 AM
Kaweki,
While I understand your point, you seem to be missing mine. You obviously know how to play inside Windows. How many other people do you know who ignore MS's advice to never touch the Registry?
I am a computer guy myself. I have a couple of good friends who are too. Whenever the topic of the Registry comes up, even we cringe a bit.
The point I was trying to make is that we need to let the average user know what is going on. Those of us who know how to get around problems like this don't need the extra info. We would figure it out on our own. The problem lies with those users who have no clue, and simply use their equipment the same way the manual instructs them.
What I am scared of is the legal precident this could make. I envision some very real disasters being possible.
Let's be honest here. This system won't hurt the real culprits, the big-time pirates. These are groups who use "throw-away" systems to do their dirty work. They will hack away at it, until they find a way around the protection. If you can build it, someone else can break it, it is a fact in the programming world. The problem is that this affects your brother or sister, or cousin, or neighbor. The people who regularly consume this material for innocent reasons.
Why is it a big deal to Sony for you or me to make an MP3 out of a song on an album to play on an MP3 player? Why should we have to pay for the same music twice? Back in the day (not that I am old or anything,) I made mix tapes of my favorite songs to listen to. The fact is, 50-60% of album music is crap. It's those 3 to 5 songs on an album I want to hear. What is the big deal there?
The matter comes down to the same old story, with the usual suspects. The big corporations want to make more money, by sucker-punching Joe Public. I really hope you can understand my point here. It isn't about you or me, and our ability to get around these things we would consider a nuisance. It is about our friends and family who aren't in the "know." Sometimes, it is our responsibility, as people in the "know" to take care of our peers.
Again all, thanks for listening, and for getting the word out!
mickmca posted Sat, 05 November 2005 at 8:45 AM
When I heard about this, I wrote to Sony (after spending a half hour at their site trying to find one, any, email address for contact) telling them that I'd never buy another Sony product. Any Sony product. I quit buying CDs new many years ago, because that keeps the money from reaching the RIAA pigs who "own" the songs. Eventually, the companies will own the secondhand stores, and I'll shop garage sales. And if you want to play Sony music on your PC, just copy the CD from a player to your PC through the audio port, neh? Unless that's against the CD's EULA.... I don't see how the audio output could "send" the root kit. Time consuming, but so much for Sony's BF. The lesson here is, you are prey. When the government sees itself as an extension of the corporations, you are doubly prey. Some herd animals will defend each other, not just themselves, when the jackals move in. It's not a trait I've seen much in humans. As the hyenas in big business become more and more blatant in their contempt for their prey, I find myself less and less willing to condemn the fringe element, the Clyde Barrows and Robin Hoods, who spit in their champagne. It's a bit like caring when a pimp gets mugged. You are prey. Do something about it, or get used to it. Mick
pakled posted Sat, 05 November 2005 at 10:02 AM
The thing that concerns me is the fact that the rootkit itself will be hacked, cracked, and used for a new generation of virii and malware.
The registry is only the first step. There's a malware called cool web search, which people are already tired of me complaining about..;)
What happens with the registry, is that it is modified by .dll files (dynamic linked libraries), and this happens to an extent, even before you see the 'Windows' startup screen. So you can delete registry entries all day long, and the next time you boot up, the dll file will 're-infect' the Registry.
Now for a while, you could look for recently-modified dll files (under properties, for date, and also to see if it has all the legal folderol saying who has the copyright, etc., and the 'bad' dll's usuall don't have it). Giving it a name doesn't help, since it randomly renames itself after every reboot.
What happened is that beneath the dll, is an executable file, which renames and recreates the dll every time you delete.
Now the kernal is the very base of the Operating system. It tells your computer chip what dlls are, what they mean to do, what the registry is, what all the files, handles, etc., must do to have your operating system act like a computer instead of a toaster..;)
If the kernel is infected, unless you've got a good hacking kit or program, you're looking at a 're-image'..i.e., formatting the hard drive and starting over. It basicly doesn't affect the Operating system, it becomes the operating system (in otherwords, you're using Sony Windows instead of Microsoft Windows). That's what the fuss is all about.
I wish I'd said that.. The Staircase Wit
anahl nathrak uth vas betude doth yel dyenvey..;)
kawecki posted Sat, 05 November 2005 at 10:54 AM
"What happened is that beneath the dll, is an executable file, which renames and recreates the dll every time you delete." Many times is not easy to locate the real responsable and the second big problem is that Windows denies its deletion. The only way to delete the file is boot the computer with other OS, can be DOS, if is possible to use it, or Linux. I am from a technical are and like these discussions, in case of DRM I know very little and am in the learning process. Until now I found: 1) You must have autorun enabled to be infected. 2) Sony DRM doesn't work with Win95 or 98 3) Sony DRM doesn't with Mac, Linux, FreeBDOS, etc. 4) XP Windows Explorar is responsable for not allowing you see hidden files. 5) The DRM spy hooks the CD software driver. 6) Microsoft MediaPLayer 9 comes with DRM included. 7) Microsoft Windows is very unsecure OS.
Stupidity also evolves!
kawecki posted Sat, 05 November 2005 at 11:07 AM
Another very big problem with DRM is that every new protected CD that you put in the player will install or update the previous spy, also the DRM spy will suffer modifications correcting bugs and creating new ones and as usual one version can be not compatible with the other, the order of CD that you play can be in any chronological order, you can play first a newer CD and then an older CD. The result of all this will be that your computer become slower and have malfunctions until the moment when you insert a protected CD and your computer will crash, you will lose all your data and have to install Windows again and of course, Sony neither Microsoft will pay you a single cent for the damage.
Stupidity also evolves!
kawecki posted Sat, 05 November 2005 at 11:21 AM
Well is technical discussion, but most of the people hasn't technical knowledge, what happens?
Message edited on: 11/05/2005 11:22
Stupidity also evolves!
originalkitten posted Sat, 05 November 2005 at 1:54 PM
ot i know but house call by trend have a tool to remove the cool web search and it works!
"I didn't lose my mind, it was mine to give away"