Attached Link: http://www.cnet.com/4520-6033_1-6376177.html?tag=nl.e501

I just got done reading this article, and I am fuming. I had wanted to get a nice new PSP before this, but suddenly, I will never buy another Sony product again, including the new Playstation.

I am asking you to take a few minutes to read this article, then pass it on to others. Sony is literally using the same tools that criminals use to hijack your computer. And you get to keep what amounts to a virus on your system, for only the price of a new CD!

Sorry, but this is totally unacceptable. The only way to fight it is to get the word out, so that others will stop buying Sony as well. Maybe then they will wake up and treat the consumer as a valued customer, rather than a petty thief.

Here is the article: http://www.cnet.com/4520-6033_1-6376177.html?tag=nl.e501

Thanks for helping out.

"You don't have to be ripping the CD, either--just playing it from your CD-ROM drive triggers the installation. "

Very easy, just disable the autorun feature of your CD unit.
I never have the autorun enabled, I hate each time that load a CD it wants to install something that I have or have no interest to install. Also you can use Spybot that prevents installation of unwanted software.

Message edited on: 11/04/2005 12:50

Well that is just disgraceful, We shouldn't be surprised though, all big corporations use underhand tactics and black ops to stiff the consumers. They forget it's us that put them where they are in the first place!

" "You don't have to be ripping the CD, either--just playing it from your CD-ROM drive triggers the installation. " Very easy, just disable the autorun feature of your CD unit. I never have the autorun enabled, I hate each time that load a CD it wants to install something that I have or have no interest to install." and the music / disk won't work. requires the software on the disk to play. (details in the article.)

I read about this eariler, the system uses something called a rootkit to hide itself. So some anti-virus/antispyware won't remove it or even see it. Sony have released a tool to remove it, but I agree it's well out of order. In the UK it might even be an offence under the misuse of computers act. Unauthorised modification of computer material and the deliberate intent to impair the operation of a computer are all offences in this act. But it's a big record company thats deemed as OK. Doing stuff like this, sueing kids and even recently threatening a grandfather for allowing a kid to d/load films just shows much copyright law needs to change. I agree with the fixer and destro75, but a boycott doesn't work. So I reserve the right to, and do, remove the CRM from any products I've bought.

Attached Link: http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

"Sony's controversial hidden rootkit automatically loads into your machine when you put a newer Sony music CD in your computer. The software will break your computer if you try to delete it, uses 2%-3% of your CPU overhead at all times (whether you're playing the disk or not), and creates a vulnerability allowing others to install permanently cloaked (hidden) files and programs on your machine."

This is nasty stuff. The only complete solution seems to be submitting a request to Sony for an uninstall package.

wow thats disgusting... i have a sony mp3 player too...in fact all my portable music hardware is sony. Im furious. Going to check which artists are sony lol.

The only serious threat to OS X so far has been the "opener script", which is a rootkit apparently related in function to this Sony trojan. Since the advent of the "autostart virus" back in '96 or '97, Mac users habitually turn off autoplay in their CD/DVD prefs, but this is no protection against a downloaded rootkit. My guess is that the black hats will quickly copy this Sony trojan and modify it, then add it into illegal copies of useful apps, which will then be placed on warez sites, warez newsgroups and P2P services like BitTorrent. One of the Jaguar security updates supposedly took care of the rootkit problem, but I am unaware of any similar security update on the Windows side.

And they wonder why people resort to P2P ~eye roll~ Truly disgusting.

mateo_sancarlos, Funny you should mention the "opener script" I have habitually turned off the autostart feature in every mac and pc since then. Wow how time flies, I didn't realize it's been 8 years! The autorun feature always seemed like a bad idea from the get go. Someone can make a cd image of a cd and then add in malicious code to execute when the cd is run. I don't think any amount of "patches" can fix that. Unless the cd does a checksum of itself every time its inserted. And even then that can be hacked. The best part of the Sony debacle is, and you can quote me: "Virus they're not just for hackers anymore!"

Is very funny to see how the idiots invent more idiotic copy protections that will not work.
I still remember from the old days of 5 1/2" floppy disks as soon that appeared the first floppy that cannot be copied appeared a software "copywrit" that allowed to copy them.
The same will happen with CRM, if it become common you can be sure that will be a lot of programs for download that will kill the CRM.

Message edited on: 11/04/2005 14:28

Well, I didn't post this to find ways around it. I posted it because people should know about it. People should also take action, and make a stand on this. We shouldn't need to "work around" it. It shouldn't be there, period. I don't agree with pirating music, I never have, but this isn't even about that. The action that this software takes is the same thing the FBI imprisons people for. If this were a website that you received the software from, they would already have been shut down, and the webmaster probably arrested. I wanted to get the word out, since the majority of people who will be affected by this will have no idea what it is doing. I figured, the more people that this article got out to, the more people would be educated, and hopefully, angered at this. Anyway, thanks to all who have read it, and I hope you encourage others to as well! Take care all!

I have a sony DVD RW. And it comes with nero (Crappy software). I made a family video and like to burn onto a dvd. 9 months after I owned it, I am now burning a file (Family video). The thing doesn't even write only reads. I get error messages. I write to sony about it many times, and they never respond or help. So, I am into a new DVD RW. And not again Sony. The service is bad, and now this (hijacks)

i just thought....in my device manager my dvd is supposed to be sony and ive put a few dvd-rs in my machine to read and my machine just totally will not read them.... its not pirated stuff either..im wondering if this is why.....

Thanks. I will spread the word, and boycot Sony completely from now on. Even though we play music on the traditonal cdplayer and not on the puter, this is indeed scandalous and calls for action.

When I first read about this new fabulous copy protection scheme could work, is something impossible to be done.
This article gave me the clues how it works.
What makes any copy protection almost impossible is:

1. There's no way to change the information contained in a pressed CD.
2. The format used must be compatible with common CD players, if not it would be a commercial suicide, nobody will buy a special player for a restricted use CD.

For limiting the number of copies there must be a place where to store the previous history of use.
Where store this information?

1. In the CD: impossible!, presed CDs are not writtable.
2. In the CD reader: very difficult, a CD driver doesn't store any information, so it must be a special CD reader and all the fabricants must follow the same standart, of course Asiatic products will not follow this and old reader will not have the feature.
3. In the CD burning software: Very difficult, all the burner softwares must have included the protection scheme, and the softwares comes from all around the world.
   Anyway any cd burner protection software is easily bypassed by a common two step burning, you ripp the CD data into your hard disk and then burn CD with the hard disk content, all protection information is lost in the process.

So, what can prevent you for reading the content of the CD and doing anything you want with it?
The only possible solution is to alter the normal working of your computer, to hijack your computer in that way that it will not obey your orders!
The only way to be done requires:

1. To install a trojan in your computer (autorun)
2. To have support of the operating system for the nefasting job (they have Microsoft as accomplice).
   But the scheme for work will need the latest windows XP and the latest MediaPlayer.
   If you use previous Windows or MediaPlayer probaly the protection will not work, if you remove MediaPlayer and use other thing, probably will not work and with Mac, Linux, and other of course doesn't work. The negative effect of this protection scheme on users is that requires that the CD to be mixed medium (Data and Audio) and some CD players refuse to play a CD that has any data content. So many CD players are not able to play this CDs.

Message edited on: 11/04/2005 16:51

The pirates will probably "remove" the protection in about a week, if they havent done it already.

I always refuse to do any protection scheme in software. 1) It is a waste of time from my part, I can spend days making a scheme that will be cracked in only 15 minutes. 2) After the software was cracked I shall receive a complain from my client that I have not done a good work.

Thanks for pointing this out Destro. This has been in the news for a couple of weeks and it is interesting that this time its getting quite a bit of publicity compared to some of the other nasty stuff some corporations have tried to pull in this venue. If you want to be continually outraged at the exploits of these types, check in with www.slashdot.org often. These things find their way onto the front page there pretty quick - with accompanying discussions which range from enlightening and helpful to mundane flame wars (just like here). I'm off of Sony. They're just the tip of the iceburg unfortunately - in music they're part of a cartel called the RIAA who want to control all aspects of music - distribution, promotion, creation - to the extent that if they had it their way the only way anyone could make, distribute or listen to music is through their certified channels. It's bad news. I have not purchased any music by any artists affiliated with the companies under the RIAA umbrella (and I DO NOT copy/dowload/etc. when it infringes on copyright) for about 5 years now - they don't get my money to further their greed mongering. There's plenty of non-RIAA music out there, and I do pay for that. I listen to KCRW as often as I can - you can get podcasts of their shows at www.kcrw.com. My favorite show is Metropolis. Anyway they do play some artists that aren't slaves to the RIAA. If you're concerned on whether an album/recording is affiliated with an RIAA company, go to www.riaaradar.com and do a search, it'll give you that information. And hopefully don't buy it if it is owned by an RIAA company. Add Sony to the list of companies I won't give money to. Keep spreading the word folks, hopefully they'll get the message soon. Unzipped

Attached Link: http://www.invisiblethings.org/tools.html

What penalties should Sony get for creating things that people have gone to prison for,for less offenses?

thanks for the headsup, I haven't used my stereo in months & all new cd's go straight to the hard drive is there anyway to avoid this being installed?..(other than not using sony cd's) I dont have autorun enabled

Attached Link: http://www.snapfiles.com/get/RootkitRevealer.html

What are CD's? ;) Ever since the Napster debacle (*), I basically stopped buying Audio CDs. If I purchased any, it was from a used-CD store. Since iTunes, what are CD's again? I now only purchase songs through iTunes and play them on my shiny new 30GB video iPod. Hey, if there is anything unavailable there, oh well. * Wherein I was banned from Napster because I had Metallica songs - read carefully - ripped from my legally purchased Audio CDs to my computer for my own personal use (such as running in WinAmp with PaceMaker to adjust the pitch while practicing guitar) and not available for sharing - this was a legal copy of the music. I was banned just because the files 'existed' on my computer, albeit legally. They were not included in my Napster interface which I rarely used. As a matter of fact, the banning occurred several months after discontinuing any use of Napster. Could of just as easily uninstalled it at that time. It wasn't the banning that peeved me as much as the blind way in which it was done. Had I 'downloaded' the songs, justifiable. But was there any check of whether they were legal or not ... No. This is what DRM means for your future. Now they can frag with your computer at the kernel level and open the door to all sorts of malicious destruction whether direct or indirect (like formatting all of your harddrives and locking you out of Windows and sending all of your passwords to a hacker so that he can empty your bank account, fill your credit cards, and send you into bankruptcy - just in time for the new Chapter 11 laws). Welcome to the Brave New World!

Turbo Tax also installed a Macrovision file on to your computer without telling you. They claimed that it didn't interfer with any other program running on your pc. It just protected their intellectual property. Maybe that was true. I don't know. But I didn't like it that they didn't tell you ahead of time that if you bought their program it would do this. Or at least before you installed it. I didn't buy their program the following year. Besides I found an accountant through a friend who did my taxes for less than what it cost me to buy the state and the federal programs. If I wouldn have gotten the rebates like I was suppose to but they returned the one to me because they said I didn't include something. I forget what, but that frosted me a little too.

"Turbo Tax Macrovision file on to your computer without telling you". Discreet installed spyware as a DRM along with their demo of Max from the computer arts discs. Even if you bought Max the spyware remained, and if you removed the nasty then reinstalled the demo wouldn't work! "Wherein I was banned from Napster" Thats bang out of order, Napster has no right to see what music or files you have on your pc ? Thats a total invasion of privacy. And they wonder why folks use P2P! "What penalties should Sony get..." Thats easy. The same ones they use to persecute children.

Sony is not the only using this I think, EMI also has their own player with the 3 copy only protection scheme. It never ceases to amaze me how they go out of their way to irritate honest people who purchase their cd, while hackers have those same tunes on the web in no time. After I found out I could not download the EMI Rolling Stones album I legitimately bought to my iPod, I e-mailed them telling them I would no longer buy anything from them, or any company that prevented me from loading to the iPod. That's it for me I will only buy from iTunes from now on, and certainly no Sony artist will get my money for a good long time.

I found about this today and wasn't happy. I don't have any sony gear and haven't ever used my cd burner to play music with. I have a very nice stereo for playing music so I don't need to use my computer. But this reminds of years ago when VHS Movies first started to appear. There was a copyguard system called marcovision, it's still around, but I bought a movie and back then movies cost a bunch, this movie if I remember correctly cost around 80 bucks, and I couldn't play it on my VCR because of the stupid copy guard. The picture was so screwed up that no matter how I adjusted the tracking it would not play, and because I had opened the package, the store would not exchange or take back the movie, for years it sat on a shelf and I would try in various VCR's trying to find one that it would play in and I just remembered the movie it was Flash Gordon.... I don't want to rip anyone off but the whole system of copyguards it stupid. So body with the right know how and equip can defeat copyguard every time. The only people it stops is the everyday consumer....

Bookmark

While this doesn't specifically address the latest DRM scandal, I think it does nicely sum up Sony's attitude toward its customer base in general:

CTRL+ALT+DEL (November 4th, 2005)

The point of copy protection (etc.) is to prevent honest people from abusing the media. It has no effect on dishonest people.

Let me put it this way, as someone who does computer programming and development, has followed piracy for twenty years (and, boy, what I have seen), and has read up on the issue:

If Microsoft, who can expend hundreds of millions of dollars and thousands of expert personnel, cannot protect Windows and Office from appearing on a street corner in some foreign country at $2/CD (fully cracked and ready to be used), what makes you think there is any way to stop crackers and hackers. Heck, they've been able to defeat the most stringent mathematical encryptions ever invented. 128-bit, bah. 12098123740912874-bit wouldn't work either (yes, that's a randomly typed number).

In other words, DMC is B.S. It only hurts the consumer by causing grief and increasing profits (someone has to pay for all of that expenditure). Now, I don't mind weak DMC (such as used by iTunes). But anything that requires a retinal scan, reformats your harddisk to their specifications, and holds your sister for ransom is going too far.

They're nearly there - this "First 4 Internet" RootKit is reconfiguring the kernel of the OS (Windows). This has ramifications in that there is no simple removal method, it interfers with normal computer operations, causes a constant CPU usage - estimated at 2% to 5% (this alone could result in shortening the lifespan of your CPU), hides itself from detection, may break your OS access after an OS update, and could allow malicious code to be installed and executed without your knowledge or any way to intervene.

Macrovision may be nasty, but it isn't malicious. This move by Sony (and possibly EMI) is!

Sorrily, I have a nice Sony monitor and DVD-R drive. If finances weren't an issue, they'd be replaced just because of this entire affair. ETA: Forgot the moral of the tirade. If huge corporations think this lowly of purchasing customers, why bother? They envision the slippery slope similar to the fallacy that allowing 'gay marriage' would end in Joe-Bob having nuptials with his goat. Customers may abuse the system a little, but it is those who intentionally abuse it to make profit that should be the target. Instead, the customer is the victim and the crackers/hackers sing merrily along to their tune of 'Ka-ching!'

Message edited on: 11/05/2005 00:26

I don't care of all this, first the crap will not work with Win95/98, I don't use and never shall use XP, and second in case that something is installed I shall kill it within some hours.

That is the problem. You can't 'kill' it. It is not visible from the OS at all. It modifies the OS kernel. Do you understand what that means!? It patches the functions of the base functionality of the operating system (without your consent and without forewarning). The only way to remove such nastiness is with something like RootkitRevealer (spyware and antivirus software cannot detect this). There is one preventative measure if you have Sony Audio CDs with this infectious nonsense - turn off AutoPlay for CDs (which is how it gets installed). This is a good idea in every case, anyway. Never use AutoPlay EVER!

Hi destro75... thank you for posting this.

"It is not visible from the OS at all." Do you know there are many tasks invisible in Windows?, you need to use some tool to see them. "It modifies the OS kernel." What does this mean? it changes the dll's? Windows has less than ten basic dlls, the rest of the dlls are variable and always change to a newer version or older! The only way to hijack the computer is to install an active task and of course hide it from normal users.

Yes, there are services run all over the place. But Rootkits hide themselves from detection, purposely!

Have you read the links provided (especially the sysinternals one)? Yes, it literally modifies the OS kernel.

Rootkits that hide files, directories and Registry keys can either execute in user mode by patching Windows APIs in each process that applications use to access those objects, or in kernel mode by intercepting the associated kernel-mode APIs. A common way to intercept kernel-mode application APIs is to patch the kernels system service table, a technique that I pioneered with Bryce for Windows back in 1996 when we wrote the first version of Regmon. Every kernel service thats exported for use by Windows applications has a pointer in a table thats indexed with the internal service number Windows assigns to the API. If a driver replaces an entry in the table with a pointer to its own function then the kernel invokes the driver function any time an application executes the API and the driver can control the behavior of the API.

The "First 4 Internet" Rootkit used by Sony is a kernel-mode executable. And yes, it installs an executable and hides it from users (all users - except those who having expertise to detect such things). I believe it is also possible to intercept the installation if you run in a non-Administrator mode, but then who is that stupid. How can you run Windows in anything but Administrator mode (id est: with Adminstrator privileges)? Unlike MacOS, there is no 'super-user' command to temporarily elevate a user's privileges to administrator.

Message edited on: 11/05/2005 02:05

I'd also like to add (as if not enough already) that this DRM is completely useless. Do the guys at Sony who dreamed up this Draconian piece of work realize that it only works on Windows (and not x64 from the article)? So, that means that anyone with 1/5th a brain can just use another operating system to circumvent the DRM (Windows x64 (yay, I have this!), MacOS, BeOS, Unix, Linux, AmigaOS, etc. and so on). Schmucks comes to mind...

In regards to this RootKit tweaking the OS kernel, wouldn't this be against Microsoft's EULA, since this kit is in essence, re-compiling and modifying the OS? I think this could be something to look into. If it does violate Microsoft's EULA, Uncle Bill might just own Sony!!! I can't believe this, but I'm actually supporting Microsoft! -Starkdog

Yes, if you use Task Manager, you can see all of the running applications and tasks. You can also see all of the running services if you have Pro through the Administrative Tools. I'm not naive. This will not show in any of them. It purposely hides itself by modifying the OS to 'not see itself'. Rootkits are not just something that runs that is hidden but can be revealed using OS features. It is a stealth service actively hiding - again - not even spyware and antivirus software can detect these. Finding it requires delving into the OS kernel tables (that is beyond me).

"that it only works on Windows" And with Media Player! Also will depend of the software that you use for burning CDs, if you use some software that send directly commands to the burner Windows will be not able to stop your copy or ripping.

"The only way to hijack the computer is to install an active task and of course hide it from normal users." Which isn't as easy as it sounds if the normal user has the right tools http://www.sysinternals.com/utilities/rootkitrevealer.html to find the nasty little virus they've (Sony) installed. Windows XP does have some protection against this type of attack in that you can go back to a previous version of the system, "system file checker" can scan all those lovely files that Sony thinks are theirs to play with & change them back to unf**ked versions. Does anyone know how long Sony have been using this & is there a list of the cd's they've got it on?

" In regards to this RootKit tweaking the OS kernel, wouldn't this be against Microsoft's EULA," For this scheme to work you will need Microsoft as accomplice, and of course that it is!. Why do you think all the problems with EU forcing the removal of Media Player as a basic part of the OS?

Starkdog - Possibly. It is not 'recompiling' the OS. It is just patching the kernel's system service table. What this means is that there is a table of functions in the kernel (low-level OS system calls) and they are being rerouted to functions in the Rootkit service. kawecki - You must read the article that steerpike provided: http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html I don't think this service will show up under a normal check. Maybe the Memory Dump would show it, but there are more ramifications than the service itself. It installs the service, modifies the OS kernel, and adds Registry keys. Even if you find the service, stopping it is not enough.

You can hide a task making a call to an undocumented kernel32 function.

Starkdog, you make a very good point. I wonder how long until Uncle Bill decides this is the way for the XBox to finally bury the Playstation. If he owns the company, he can just scrap the whole thing. LOL. Seriously though, I would be curious to hear what MS has to say about this. If nothing else, it is a great chance to make some PR. The only downside is it once again shows how an MS system is vulnerable to things like this. Anyway, I posted this originally not for those who understand the topic, but for those who don't. For those who do understand, I ask that you spread the word to others who don't understand. The biggest problem, and most likely the reason Sony attempted it, is lack of knowledge by the majority of users. Most people would just see the tiny writing on the CD cover that tells them to pop in the CD for some bonus content, and it would install silently. I don't disagree with the record companies that they have a right to protect their property, however, the same applies to users. We have a right to protect our property. It is wholly disgusting that Sony was able to even get this far. I want to see the government actually step in. This should fall under the umbrella of cyberterrorism. I don't give a crap how big Sony is. If you choose to do business to the detriment of your customers, you should be punished. Thanks to everyone who has gotten involved today with this thing. It does make a difference!

"It installs the service, modifies the OS kernel, and adds Registry keys. Even if you find the service, stopping it is not enough." Once you have located the task you can search for it in the registry and delete the keys calling it. Anyway nothing can stop you sending/receiving data to port 170H, I assume that the CD is at the secondary IDE.

Message edited on: 11/05/2005 02:39

It is possible that this is what is being done. But the article doesn't detail what functions in the table are being rerouted. I would suspect that the functions most likely to be rerouted (and this is alluded to) would be those involving the CD/DVD drive and something to allow the service to remain hidden. Either way and to miraculously bring this back to Poser, this reminds me of the protection scheme initially used in Poser 5 (the name escapes me).

To add to the last post by kuroyume0161, uninstalling the service is detrimental to the operation of your system. As the article I provided clearly states, if you manage to uninstall the software, it ruins your OS's ability to access your CD drive. Once the software is on your system, it is too late.

I'm very glad that you brought this to our attention, destro75! As I've mentioned, there is little chance that I'd have this issue since AudioCDs are a thing of the past for me. But then, unabated, this type of DRM might appear in other places. Best stopped at first sniff. kawecki: If the keys are encrypted, it would be difficult indeed. I doubt that they reside in "..../Sony/DRM/..." ;) And it really isn't a matter of DRM (burning CDs or whatnot). It is that this has potentially catastrophic side-effects and some already revealed real ones. Constant CPU usage is bad. When I'm not doing anything, my CPU usage is 0% as it should be. But a constant 2-5% is detrimental in one way or another. Plus, an exploit is to be exploited. Once the scum find a way to exploit any deficiency in this service, they could append their little service along with it and do anything (since they'll have administrator priviledges on a service patching the OS kernel). That is horrific to contemplate!