"kawecki: If the keys are encrypted, it would be difficult indeed." There is a very simple rule that works fine with Microsoft. You search for xxx.dll or xxx.exe or xxx.vxd, once you found just delete all key, don't waste your time trying to understand the values or any information in the key, just delete and delete all the instances in the whole registry.

Another workaround, I have not experimented, but must it work. Search in the registry for CDA and delete all the entries. Now you have nothing to play your music CDs, if you open the cd and click on the tracks Windows will ask you with what you want to open, just select any player that you have (ie Winamp), I think that Media Player will not work because is probably corrupted by the CRM.

Again, it depends if they've made it that simple - don't know. And it was Pace for Poser 5. :) I don't get this super-protection stuff. My interPoser plugin has minimal protection - just enough that honest customers remain honest and that's all. I know there was at least one dishonest customer since the license key was cracked (and this cannot be done from the demo since the license key decryption code is omitted). Still, anything more would be detrimental to both myself and the customers (either in time, cost, hair loss). So, I lose a few sales, but I provide a working, stable product without ridiculous hassles. Since there is absolute no measure that completely avoids piracy, the best outlook is to consider your honest customer base first and tend to them. Sony has lost focus!

" Again, it depends if they've made it that simple - don't know."
Probably they have no idea of this, but is very little what can be done with Windows.
Windows by itself doesn't know what is a CD, it only has vxd services for accessing the data, but what is the data Windows doesn't know. Windows needs the Windows explorer and Media Player for identifying the data and to know what to do with it.
If you change the registry or remove the Media Player the behaviour of Windows will be different. You don't need the Media Player, you only need the audio and video codecs installed and any player will be able to play.

Message edited on: 11/05/2005 03:34

It must be remembered that Microsoft creates the tools for hackers and hijackers. One of the genial Microsoft's creation was that you can install hooks in the TCP stack, what it means?, it means that when you are trying to access some site the installed hook can redirect your browser to another site. Once I had some spy installed on my computer, don't remember the name, this spy installed a hook in the TCP stack. I have discovered it running Adaware and removed it. What happened?, the hooked routine was not in the computer anymore and the TCP stack was broken with a missing link, the result was that IE stopped to work. I had to download a tiny software to restore the stack to the original form. One more curiosity is that the only internet application that stopped to work was IE!

Attached Link: http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

Mark lists all the down and dirty technical details of how he discovered and finally removed the culprit. FWIW, Bill is already denouncing BluRay DRM as being too drastic so take your pick and believe who you want. Also, rootkits work on Linux too: http://www.usenix.org/publications/login/1999-9/features/rootkits.html

I've seen reports that some features of this Sony rootkit are already being exploited by other software. It apparently will conceal any file which has a certain filename extenstion, a featrue which is being used to conceal player-installed hacks for online games, so that the game security checks don't work. It looks like this Sony solution might fit the definition of a tool to break DRM protection, which would make it illegal. And there are a lot of small content producers who just can't afford to buy in to the DRM model.

Kaweki,

While I understand your point, you seem to be missing mine. You obviously know how to play inside Windows. How many other people do you know who ignore MS's advice to never touch the Registry?

I am a computer guy myself. I have a couple of good friends who are too. Whenever the topic of the Registry comes up, even we cringe a bit.

The point I was trying to make is that we need to let the average user know what is going on. Those of us who know how to get around problems like this don't need the extra info. We would figure it out on our own. The problem lies with those users who have no clue, and simply use their equipment the same way the manual instructs them.

What I am scared of is the legal precident this could make. I envision some very real disasters being possible.

1. Someone takes Sony to court over wrecking thier system, and it is determined that Sony has the right to do whatever they can to protect their IP. This creates a precident for anyone who releases digital media to put whatever they want on the disk. Think about the ramifications of a cracker putting malware on a disk, under the guise of DRM, and you know you can't beat him in court, even though he stole your CC info, just because Sony set the precident.
2. Sony is found to not be liable for damages resulting from misuse of their software. Basically, a cracker can use their backdoors, and although the cracker is still responsible for his/her actions, Sony walks away with no penalities, and the software is still there for the next cracker to abuse.
3. Let's not act like Sony is totally innocent either. To hijack systems in this manner is unscrupulous at best. Given that they did it under the radar to begin with, who knows if they had bigger plans to use this software in the future for other means.

Let's be honest here. This system won't hurt the real culprits, the big-time pirates. These are groups who use "throw-away" systems to do their dirty work. They will hack away at it, until they find a way around the protection. If you can build it, someone else can break it, it is a fact in the programming world. The problem is that this affects your brother or sister, or cousin, or neighbor. The people who regularly consume this material for innocent reasons.

Why is it a big deal to Sony for you or me to make an MP3 out of a song on an album to play on an MP3 player? Why should we have to pay for the same music twice? Back in the day (not that I am old or anything,) I made mix tapes of my favorite songs to listen to. The fact is, 50-60% of album music is crap. It's those 3 to 5 songs on an album I want to hear. What is the big deal there?

The matter comes down to the same old story, with the usual suspects. The big corporations want to make more money, by sucker-punching Joe Public. I really hope you can understand my point here. It isn't about you or me, and our ability to get around these things we would consider a nuisance. It is about our friends and family who aren't in the "know." Sometimes, it is our responsibility, as people in the "know" to take care of our peers.

Again all, thanks for listening, and for getting the word out!

When I heard about this, I wrote to Sony (after spending a half hour at their site trying to find one, any, email address for contact) telling them that I'd never buy another Sony product. Any Sony product. I quit buying CDs new many years ago, because that keeps the money from reaching the RIAA pigs who "own" the songs. Eventually, the companies will own the secondhand stores, and I'll shop garage sales. And if you want to play Sony music on your PC, just copy the CD from a player to your PC through the audio port, neh? Unless that's against the CD's EULA.... I don't see how the audio output could "send" the root kit. Time consuming, but so much for Sony's BF. The lesson here is, you are prey. When the government sees itself as an extension of the corporations, you are doubly prey. Some herd animals will defend each other, not just themselves, when the jackals move in. It's not a trait I've seen much in humans. As the hyenas in big business become more and more blatant in their contempt for their prey, I find myself less and less willing to condemn the fringe element, the Clyde Barrows and Robin Hoods, who spit in their champagne. It's a bit like caring when a pimp gets mugged. You are prey. Do something about it, or get used to it. Mick

The thing that concerns me is the fact that the rootkit itself will be hacked, cracked, and used for a new generation of virii and malware.
The registry is only the first step. There's a malware called cool web search, which people are already tired of me complaining about..;)
What happens with the registry, is that it is modified by .dll files (dynamic linked libraries), and this happens to an extent, even before you see the 'Windows' startup screen. So you can delete registry entries all day long, and the next time you boot up, the dll file will 're-infect' the Registry.
Now for a while, you could look for recently-modified dll files (under properties, for date, and also to see if it has all the legal folderol saying who has the copyright, etc., and the 'bad' dll's usuall don't have it). Giving it a name doesn't help, since it randomly renames itself after every reboot.
What happened is that beneath the dll, is an executable file, which renames and recreates the dll every time you delete.
Now the kernal is the very base of the Operating system. It tells your computer chip what dlls are, what they mean to do, what the registry is, what all the files, handles, etc., must do to have your operating system act like a computer instead of a toaster..;)
If the kernel is infected, unless you've got a good hacking kit or program, you're looking at a 're-image'..i.e., formatting the hard drive and starting over. It basicly doesn't affect the Operating system, it becomes the operating system (in otherwords, you're using Sony Windows instead of Microsoft Windows). That's what the fuss is all about.

"What happened is that beneath the dll, is an executable file, which renames and recreates the dll every time you delete." Many times is not easy to locate the real responsable and the second big problem is that Windows denies its deletion. The only way to delete the file is boot the computer with other OS, can be DOS, if is possible to use it, or Linux. I am from a technical are and like these discussions, in case of DRM I know very little and am in the learning process. Until now I found: 1) You must have autorun enabled to be infected. 2) Sony DRM doesn't work with Win95 or 98 3) Sony DRM doesn't with Mac, Linux, FreeBDOS, etc. 4) XP Windows Explorar is responsable for not allowing you see hidden files. 5) The DRM spy hooks the CD software driver. 6) Microsoft MediaPLayer 9 comes with DRM included. 7) Microsoft Windows is very unsecure OS.

Another very big problem with DRM is that every new protected CD that you put in the player will install or update the previous spy, also the DRM spy will suffer modifications correcting bugs and creating new ones and as usual one version can be not compatible with the other, the order of CD that you play can be in any chronological order, you can play first a newer CD and then an older CD. The result of all this will be that your computer become slower and have malfunctions until the moment when you insert a protected CD and your computer will crash, you will lose all your data and have to install Windows again and of course, Sony neither Microsoft will pay you a single cent for the damage.

Well is technical discussion, but most of the people hasn't technical knowledge, what happens?

1. Most of people are not aware of the existence of DRM spies, they will continue buying protected CDs and playing them until a moment that the computer will crash and lost all their data, then they will buy a new hard disk thinking that the current one is broken.
2. Other group of people will be aware of the DRM spies, but will ignore all and continue using and defending it, in the same way as ignore all the warnigs and continue using and defending IE and Outlook.
   The end result will be the same as #1
3. Other group will be scared, they will disable autorun and never purchase or play a DRM CD.
4. Soon will appear some software for blocking or removing DRM, this software will be added to the other softwares that you must have in your computer such as: AntiVirus, SpyFinders, Popup Blockers and Firewall.

Message edited on: 11/05/2005 11:22

ot i know but house call by trend have a tool to remove the cool web search and it works!