|
|
Sony RootKit
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2000
Location: Toronto, ON
Status:
Offline
|
|
|
The Lord said 'Peter, I can see your house from here.'
|
|
|
|
|
|
|
|
Admin Emeritus
Join Date: Oct 1999
Location: Zurich, Switzerland
Status:
Offline
|
|
Yeah, this news isn't news. It's old -- it's been around for a couple of years. Kinda makes you glad to use Macs, eh?
tooki
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2000
Location: Toronto, ON
Status:
Offline
|
|
Originally Posted by tooki
Yeah, this news isn't news. It's old -- it's been around for a couple of years. Kinda makes you glad to use Macs, eh?
Except for all the poor slot-loading iMac folks whose CD drives got screwed by that stupid copy protection scheme.
|
The Lord said 'Peter, I can see your house from here.'
|
|
|
|
|
|
|
|
Admin Emeritus
Join Date: Oct 1999
Location: Zurich, Switzerland
Status:
Offline
|
|
No, that was a different scheme.
tooki
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
Originally Posted by tooki
Yeah, this news isn't news. It's old -- it's been around for a couple of years.
No, this is new (Oct 31).
Whenever you play a copy protected Sony-CD with their player on the CD, Sony installs a rootkit (without user knowledge or approval) which
- Constantly checks whether their music is copied, even when their CD is not inserted, using 1-2% of your processor time all the time.
- Indiscriminately hides all files containing $sys$ in the name. Future malware just needs to prefix itself with $sys$ and is hidden from the user thanks to Sony.
- Conceals itself as "Plug and Play Device Manager".
- Does not come with an uninstall routine.
- Leaves the CD-ROM drive non-functional when manually being uninstalled by the user. For most users then requiring a reinstall of the OS.
In my opinion this copy protection scheme is far too invasive.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2000
Location: Toronto, ON
Status:
Offline
|
|
I'm still laughing at a guy who's so knowledgable about the inner workings of the NT kernel and yet leaves Autorun on.
|
The Lord said 'Peter, I can see your house from here.'
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by TETENAL
No, this is new (Oct 31).
Whenever you play a copy protected Sony-CD with their player on the CD, Sony installs a rootkit (without user knowledge or approval) which
- Constantly checks whether their music is copied, even when their CD is not inserted, using 1-2% of your processor time all the time.
- Indiscriminately hides all files containing $sys$ in the name. Future malware just needs to prefix itself with $sys$ and is hidden from the user thanks to Sony.
- Conceals itself as "Plug and Play Device Manager".
- Does not come with an uninstall routine.
- Leaves the CD-ROM drive non-functional when manually being uninstalled by the user. For most users then requiring a reinstall of the OS.
In my opinion this copy protection scheme is far too invasive.
Seriously? Is there some kind of license agreement? Because that sounds like grounds for a lawsuit.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status:
Offline
|
|
Won't be long until the antivirus programs update to take care of this.
|
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2001
Location: London
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Admin Emeritus
Join Date: Oct 1999
Location: Zurich, Switzerland
Status:
Offline
|
|
Originally Posted by TETENAL
No, this is new (Oct 31).
Whenever you play a copy protected Sony-CD with their player on the CD, Sony installs a rootkit (without user knowledge or approval) which
<snip>
In my opinion this copy protection scheme is far too invasive.
No, it's not new. Copy protection via an autorun-installed driver is NOT new. Perhaps this specific implementation is new -- that they keep changing it wouldn't surprise me -- but the concept is NOT new.
I agree that it's invasive and stupid!
tooki
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Feb 2003
Status:
Offline
|
|
As per http://tinyurl.com/daea2 it is also a clever stab at Apple. They're using the copy control not only to avoid piracy but also to make Apple open up the iPod to other services.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
Originally Posted by Busemann
As per http://tinyurl.com/daea2 it is also a clever stab at Apple. They're using the copy control not only to avoid piracy but also to make Apple open up the iPod to other services.
Why?
All you have to do is load the CD on a Mac and you can rip the songs normally.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Capitol City
Status:
Offline
|
|
Originally Posted by Busemann
As per http://tinyurl.com/daea2 it is also a clever stab at Apple. They're using the copy control not only to avoid piracy but also to make Apple open up the iPod to other services.
But its not clever at all, as all its doing is getting people pissed off at sony, including some label/artists who were not notified that their records were being shipped with malware, and have no say over what happens in the distribution of their records.
I first heard about on Jason Kottke's blog (more like link-o-rama, but thats why I like him) here is the story I read: http://bigpicture.typepad.com/commen...ippled_cd.html
It seems to me Sony is going to be the bad guy here, not Apple. Seems like a shame, I wouldn't mind checking out that CD, but I don't want to support such invasive DRM. Even though Macs are apparently unaffected. I don't even patronize the iTunes store.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Capitol City
Status:
Offline
|
|
Originally Posted by Person Man
Why?
All you have to do is load the CD on a Mac and you can rip the songs normally.
When people write in or contact Sony to complain, they reply with a, "This is all apple's fault. if only they would open up the iPod to other music stores, you could play this on you iPod."
Pathetic.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jul 2005
Location: Winnipeg, MB
Status:
Offline
|
|
Yah Sony tried this kind of crap with the new Switchfoot CD. Pissed me right off!
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Feb 2005
Location: 888500128
Status:
Offline
|
|
Originally Posted by TETENAL
THEY ARE NOT CDS.
They are copy-protected audio discs.
If you are not expressly notified at purchase that they do not conform to the CD audio standard (you can tell once you open them by the lack of the "Compact Disc" logo on the CD), you are tricked into buying under false assumptions, which is FRAUD.
It is your responsibility to all other customers to RETURN said discs as defective.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
Originally Posted by DeathMan
When people write in or contact Sony to complain, they reply with a, "This is all apple's fault. if only they would open up the iPod to other music stores, you could play this on you iPod."
Pathetic.
Then someone should reply back with a class-action lawsuit against Sony for these deceptive tactics. THEN we'll see if "This is all Apple's fault" holds up in court.
|
|
|
|
|
|
|
|
|
Admin Emeritus
Join Date: Oct 1999
Location: Zurich, Switzerland
Status:
Offline
|
|
Originally Posted by analogika
THEY ARE NOT CDS.
They are copy-protected audio discs.
If you are not expressly notified at purchase that they do not conform to the CD audio standard (you can tell once you open them by the lack of the "Compact Disc" logo on the CD), you are tricked into buying under false assumptions, which is FRAUD.
It is your responsibility to all other customers to RETURN said discs as defective.
Wrong, this type of copy-protected disc is fully Red Book audio compliant. They're multisession discs that have a data session (fully standard, ignored by a CD player) which simply contains a self-running installer that installs a driver for Windows that tells it not to mount some CDs.
For emphasis: it is fully within the CD standard to have a data session along with the audio session.
This is not the same as other types of copy-protected discs, which actually damage the audio session, making it non-Red Book compliant.
tooki
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Feb 2005
Location: 888500128
Status:
Offline
|
|
Ah - the multi-session things I've seen include a Mac-software partition and do NOT have the CD logo on them.
The last one I saw was Goldfrapp's "Black Cherry", which is on Mute, owned by EMI, so not Sony. Oddly, there was Windows and Mac crap on there, and iTunes refused to rip it, but simply copying the AIFF files from the audio partition to the hard disk and burning/ripping those worked perfectly.
Morons.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Aug 2002
Location: Southern Ca.
Status:
Offline
|
|
What I don't understand is why aren't the Macs vulnerable to rootkits?
Also, if your mac did have a rootkit, could you see it using the activity monitor or could it hide itself?
- Mark
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
Originally Posted by sc_markt
What I don't understand is why aren't the Macs vulnerable to rootkits?
Macs are vulnerable to rootkits and such kits do exist. The Sony rootkit is for Windows only though.
Also, if your mac did have a rootkit, could you see it using the activity monitor or could it hide itself?
I would assume one could create a rootkit that hides itself (could replace top for example or some such thing).
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2001
Location: London
Status:
Offline
|
|
Nice.. from the FAQ from the link above:
Known Issues
Ejecting the disc while player is running causes the player to crash
Ejecting the disc while the player is running may cause the player to crash. Please quit the player before ejecting the disc.
So it's crap as well as invasive.
|
|
|
|
|
|
|
|
|
Baninated
Join Date: Jan 2005
Status:
Offline
|
|
1)I run windows every day, as Ive always said I have an interest in OSX, not Apple hardware (another chance to bust out the lol at people who told me apple would never go x86), if you are dumb enough to leave autorun on you deserve to have a rootkit loaded
2)people are already using the loaded rootkit to hide hacks for WoW, I can imagine pretty much any other online game arent far behind, its apparently not hard.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
Oh great, Sony already has a Mac version of its DRM software out.
http://www.macintouch.com/#tip.2005.11.10.sony
I recently purchased Imogen Heap's new CD (Speak for Yourself), an RCA Victor release, but with distribution credited to Sony/BMG. Reading recent reports of a Sony rootkit, I decided to poke around. In addition to the standard volume for AIFF files, there's a smaller extra partition for "enhanced" content. I was surprised to find a "Start.app" Mac application in addition to the expected Windows-related files. Running this app brings up a long legal agreement, clicking Continue prompts you for your username/password (uh-oh!), and then promptly exits. Digging around a bit, I find that Start.app actually installs 2 files: PhoenixNub1.kext and PhoenixNub12.kext.
Personally, I'm not a big fan of anyone installing kernel extensions on my Mac. In Sony's defense, upon closer reading of the EULA, they essentially tell you that they will be installing software. Also, this is apparently not the same technology used in the recent Windows rootkits (made by XCP), but rather a DRM codebase developed by SunnComm, who promotes their Mac-aware DRM technology on their site.
It doesn't say whether this is as invasive as the Windows version, but for me DRM on an audio CD for me certainly makes it useless. If I can't import into iTunes a CD is of no use for me. This is silly.
|
|
|
|
|
|
|
|
|
Admin Emeritus
Join Date: Oct 1999
Location: Zurich, Switzerland
Status:
Offline
|
|
So wait... you have to manually launch their DRM? Hahahahaha!
I wonder what happens if you just don't launch Start.app?
tooki
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2000
Location: Toronto, ON
Status:
Offline
|
|
Originally Posted by tooki
So wait... you have to manually launch their DRM? Hahahahaha!
I wonder what happens if you just don't launch Start.app?
Nothing?
Best part is you can just into the Extensions folder and manually delete them as well.
|
The Lord said 'Peter, I can see your house from here.'
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2001
Location: Toronto
Status:
Offline
|
|
Originally Posted by TETENAL
Sony has now put up a website explaining their copy protection...
I can find no contact details so I can let them know what I think of Sony and their malware.
I know this will not worry them one bit but I for one will not purchase anything Sony for as long as this is their official policy. /rightful indignation
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2005
Status:
Offline
|
|
I was wondering how they would install a rootkit without a password.
WHENEVER you are prompted for a user/password... you should ask yourself "why exactly do they need this information?"
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
@ Sony
-t
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jul 2001
Location: I don't know anymore!
Status:
Offline
|
|
Looks like they're realizing that pissing people off is not so smart, at least for now.
http://apnews.myway.com/article/20051111/D8DQELK0E.html
Nov 11, 2:02 PM (ET)
By TED BRIDIS
WASHINGTON (AP) - Stung by continuing criticism, the world's second-largest music label, Sony BMG Music Entertainment, promised Friday to temporarily suspend making music CDs with antipiracy technology that can leave computers vulnerable to hackers.
Sony defended its right to prevent customers from illegally copying music but said it will halt manufacturing CDs with the "XCP" technology as a precautionary measure. "We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said in a statement.
The antipiracy technology, which works only on Windows computers, prevents customers from making more than a few copies of the CD and prevents them from loading the CD's songs onto Apple Computer's popular iPod portable music players. Some other music players, which recognize Microsoft's proprietary music format, would work.
Sony's announcement came one day after leading security companies disclosed that hackers were distributing malicious programs over the Internet that exploited the antipiracy technology's ability to avoid detection. Hackers discovered they can effectively render their programs invisible by using names for computer files similar to ones cloaked by the Sony technology.
Sony's program is included on about 20 popular music titles, including releases by Van Zant and The Bad Plus.
"This is a step they should have taken immediately," said Mark Russinovich, chief software architect at Internals Software who discovered the hidden copy-protection technology Oct. 31 and posted his findings on his Web log. He said Sony did not admit any wrongdoing, nor did it promise not to use similar techniques in the future.
Security researchers have described Sony's technology as "spyware," saying it is difficult to remove, transmits without warning details about what music is playing, and that Sony's notice to consumers about the technology was inadequate. Sony executives have rejected the description of their technology as spyware.
Some leading antivirus companies updated their protective software this week to detect Sony's antipiracy program, disable it and prevent it from reinstalling.
After Russinovich criticized Sony, it made available a software patch that removed the technology's ability to avoid detection. It also made more broadly available its instructions on how to remove the software permanently. Customers who remove the software are unable to listen to the music CD on their computer.
|
Why is there always money for war, but none for education?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|