[TETENAL]

http://www.sysinternals.com/blog/200...al-rights.html

According to this article Sony installs a root-kit-like software on PCs to copy protect CDs.

[ReggieX]

LOL Autorun.

[tooki]

Yeah, this news isn't news. It's old -- it's been around for a couple of years. Kinda makes you glad to use Macs, eh?

tooki

[ReggieX]

Originally Posted by tooki

Yeah, this news isn't news. It's old -- it's been around for a couple of years. Kinda makes you glad to use Macs, eh?

Except for all the poor slot-loading iMac folks whose CD drives got screwed by that stupid copy protection scheme.

[tooki]

No, that was a different scheme.

tooki

[TETENAL]

Originally Posted by tooki

Yeah, this news isn't news. It's old -- it's been around for a couple of years.

No, this is new (Oct 31).

Whenever you play a copy protected Sony-CD with their player on the CD, Sony installs a rootkit (without user knowledge or approval) which

• Constantly checks whether their music is copied, even when their CD is not inserted, using 1-2% of your processor time all the time.
• Indiscriminately hides all files containing $sys$ in the name. Future malware just needs to prefix itself with $sys$ and is hidden from the user thanks to Sony.
• Conceals itself as "Plug and Play Device Manager".
• Does not come with an uninstall routine.
• Leaves the CD-ROM drive non-functional when manually being uninstalled by the user. For most users then requiring a reinstall of the OS.

In my opinion this copy protection scheme is far too invasive.

[ReggieX]

I'm still laughing at a guy who's so knowledgable about the inner workings of the NT kernel and yet leaves Autorun on.

[Chuckit]

Originally Posted by TETENAL

No, this is new (Oct 31).

Whenever you play a copy protected Sony-CD with their player on the CD, Sony installs a rootkit (without user knowledge or approval) which

• Constantly checks whether their music is copied, even when their CD is not inserted, using 1-2% of your processor time all the time.
• Indiscriminately hides all files containing $sys$ in the name. Future malware just needs to prefix itself with $sys$ and is hidden from the user thanks to Sony.
• Conceals itself as "Plug and Play Device Manager".
• Does not come with an uninstall routine.
• Leaves the CD-ROM drive non-functional when manually being uninstalled by the user. For most users then requiring a reinstall of the OS.

In my opinion this copy protection scheme is far too invasive.

Seriously? Is there some kind of license agreement? Because that sounds like grounds for a lawsuit.

[goMac]

Won't be long until the antivirus programs update to take care of this.

[Diggory Laycock]

F-Secure quick as ever:

http://www.f-secure.com/weblog/#00000691

[tooki]

Originally Posted by TETENAL

No, this is new (Oct 31).

Whenever you play a copy protected Sony-CD with their player on the CD, Sony installs a rootkit (without user knowledge or approval) which
<snip>
In my opinion this copy protection scheme is far too invasive.

No, it's not new. Copy protection via an autorun-installed driver is NOT new. Perhaps this specific implementation is new -- that they keep changing it wouldn't surprise me -- but the concept is NOT new.

I agree that it's invasive and stupid!

tooki

[Busemann]

As per http://tinyurl.com/daea2 it is also a clever stab at Apple. They're using the copy control not only to avoid piracy but also to make Apple open up the iPod to other services.

[Person Man]

Originally Posted by Busemann

As per http://tinyurl.com/daea2 it is also a clever stab at Apple. They're using the copy control not only to avoid piracy but also to make Apple open up the iPod to other services.

Why?

All you have to do is load the CD on a Mac and you can rip the songs normally.

[DeathMan]

Originally Posted by Busemann

As per http://tinyurl.com/daea2 it is also a clever stab at Apple. They're using the copy control not only to avoid piracy but also to make Apple open up the iPod to other services.

But its not clever at all, as all its doing is getting people pissed off at sony, including some label/artists who were not notified that their records were being shipped with malware, and have no say over what happens in the distribution of their records.

I first heard about on Jason Kottke's blog (more like link-o-rama, but thats why I like him) here is the story I read: http://bigpicture.typepad.com/commen...ippled_cd.html

It seems to me Sony is going to be the bad guy here, not Apple. Seems like a shame, I wouldn't mind checking out that CD, but I don't want to support such invasive DRM. Even though Macs are apparently unaffected. I don't even patronize the iTunes store.

[DeathMan]

Originally Posted by Person Man

Why?

All you have to do is load the CD on a Mac and you can rip the songs normally.

When people write in or contact Sony to complain, they reply with a, "This is all apple's fault. if only they would open up the iPod to other music stores, you could play this on you iPod."

Pathetic.

[Salty]

Yah Sony tried this kind of crap with the new Switchfoot CD. Pissed me right off!

[analogika]

Originally Posted by TETENAL

http://www.sysinternals.com/blog/200...al-rights.html

According to this article Sony installs a root-kit-like software on PCs to copy protect CDs.

THEY ARE NOT CDS.

They are copy-protected audio discs.

If you are not expressly notified at purchase that they do not conform to the CD audio standard (you can tell once you open them by the lack of the "Compact Disc" logo on the CD), you are tricked into buying under false assumptions, which is FRAUD.

It is your responsibility to all other customers to RETURN said discs as defective.

[Person Man]

Originally Posted by DeathMan

When people write in or contact Sony to complain, they reply with a, "This is all apple's fault. if only they would open up the iPod to other music stores, you could play this on you iPod."

Pathetic.

Then someone should reply back with a class-action lawsuit against Sony for these deceptive tactics. THEN we'll see if "This is all Apple's fault" holds up in court.

[tooki]

Originally Posted by analogika

THEY ARE NOT CDS.

They are copy-protected audio discs.

If you are not expressly notified at purchase that they do not conform to the CD audio standard (you can tell once you open them by the lack of the "Compact Disc" logo on the CD), you are tricked into buying under false assumptions, which is FRAUD.

It is your responsibility to all other customers to RETURN said discs as defective.

Wrong, this type of copy-protected disc is fully Red Book audio compliant. They're multisession discs that have a data session (fully standard, ignored by a CD player) which simply contains a self-running installer that installs a driver for Windows that tells it not to mount some CDs.

For emphasis: it is fully within the CD standard to have a data session along with the audio session.

This is not the same as other types of copy-protected discs, which actually damage the audio session, making it non-Red Book compliant.

tooki

[analogika]

Ah - the multi-session things I've seen include a Mac-software partition and do NOT have the CD logo on them.

The last one I saw was Goldfrapp's "Black Cherry", which is on Mute, owned by EMI, so not Sony. Oddly, there was Windows and Mac crap on there, and iTunes refused to rip it, but simply copying the AIFF files from the audio partition to the hard disk and burning/ripping those worked perfectly.

Morons.

[sc_markt]

What I don't understand is why aren't the Macs vulnerable to rootkits?

Also, if your mac did have a rootkit, could you see it using the activity monitor or could it hide itself?

- Mark

[TETENAL]

Originally Posted by sc_markt

What I don't understand is why aren't the Macs vulnerable to rootkits?

Macs are vulnerable to rootkits and such kits do exist. The Sony rootkit is for Windows only though.

Also, if your mac did have a rootkit, could you see it using the activity monitor or could it hide itself?

I would assume one could create a rootkit that hides itself (could replace top for example or some such thing).

[TETENAL]

Sony has now put up a website explaining their copy protection...

http://cp.sonybmg.com/xcp/english/home.html

...and a form where one can request an uninstaller.

http://cp.sonybmg.com/xcp/english/form14.html

[Diggory Laycock]

Nice.. from the FAQ from the link above:

Known Issues

Ejecting the disc while player is running causes the player to crash

Ejecting the disc while the player is running may cause the player to crash. Please quit the player before ejecting the disc.

So it's crap as well as invasive.

[meelk]

1)I run windows every day, as Ive always said I have an interest in OSX, not Apple hardware (another chance to bust out the lol at people who told me apple would never go x86), if you are dumb enough to leave autorun on you deserve to have a rootkit loaded
2)people are already using the loaded rootkit to hide hacks for WoW, I can imagine pretty much any other online game arent far behind, its apparently not hard.

[TETENAL]

Oh great, Sony already has a Mac version of its DRM software out.

http://www.macintouch.com/#tip.2005.11.10.sony

I recently purchased Imogen Heap's new CD (Speak for Yourself), an RCA Victor release, but with distribution credited to Sony/BMG. Reading recent reports of a Sony rootkit, I decided to poke around. In addition to the standard volume for AIFF files, there's a smaller extra partition for "enhanced" content. I was surprised to find a "Start.app" Mac application in addition to the expected Windows-related files. Running this app brings up a long legal agreement, clicking Continue prompts you for your username/password (uh-oh!), and then promptly exits. Digging around a bit, I find that Start.app actually installs 2 files: PhoenixNub1.kext and PhoenixNub12.kext.
Personally, I'm not a big fan of anyone installing kernel extensions on my Mac. In Sony's defense, upon closer reading of the EULA, they essentially tell you that they will be installing software. Also, this is apparently not the same technology used in the recent Windows rootkits (made by XCP), but rather a DRM codebase developed by SunnComm, who promotes their Mac-aware DRM technology on their site.

It doesn't say whether this is as invasive as the Windows version, but for me DRM on an audio CD for me certainly makes it useless. If I can't import into iTunes a CD is of no use for me. This is silly.

[tooki]

So wait... you have to manually launch their DRM? Hahahahaha!

I wonder what happens if you just don't launch Start.app?

tooki

[ReggieX]

Originally Posted by tooki

So wait... you have to manually launch their DRM? Hahahahaha!
I wonder what happens if you just don't launch Start.app?

Nothing?

Best part is you can just into the Extensions folder and manually delete them as well.

[Mastrap]

Originally Posted by TETENAL

Sony has now put up a website explaining their copy protection...

I can find no contact details so I can let them know what I think of Sony and their malware.

I know this will not worry them one bit but I for one will not purchase anything Sony for as long as this is their official policy. /rightful indignation

[production_coordinator]

I was wondering how they would install a rootkit without a password.

WHENEVER you are prompted for a user/password... you should ask yourself "why exactly do they need this information?"

[turtle777]

@ Sony

-t

[OldManMac]

Looks like they're realizing that pissing people off is not so smart, at least for now.

http://apnews.myway.com/article/20051111/D8DQELK0E.html

Nov 11, 2:02 PM (ET)

By TED BRIDIS


WASHINGTON (AP) - Stung by continuing criticism, the world's second-largest music label, Sony BMG Music Entertainment, promised Friday to temporarily suspend making music CDs with antipiracy technology that can leave computers vulnerable to hackers.
Sony defended its right to prevent customers from illegally copying music but said it will halt manufacturing CDs with the "XCP" technology as a precautionary measure. "We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said in a statement.
The antipiracy technology, which works only on Windows computers, prevents customers from making more than a few copies of the CD and prevents them from loading the CD's songs onto Apple Computer's popular iPod portable music players. Some other music players, which recognize Microsoft's proprietary music format, would work.
Sony's announcement came one day after leading security companies disclosed that hackers were distributing malicious programs over the Internet that exploited the antipiracy technology's ability to avoid detection. Hackers discovered they can effectively render their programs invisible by using names for computer files similar to ones cloaked by the Sony technology.
Sony's program is included on about 20 popular music titles, including releases by Van Zant and The Bad Plus.
"This is a step they should have taken immediately," said Mark Russinovich, chief software architect at Internals Software who discovered the hidden copy-protection technology Oct. 31 and posted his findings on his Web log. He said Sony did not admit any wrongdoing, nor did it promise not to use similar techniques in the future.
Security researchers have described Sony's technology as "spyware," saying it is difficult to remove, transmits without warning details about what music is playing, and that Sony's notice to consumers about the technology was inadequate. Sony executives have rejected the description of their technology as spyware.
Some leading antivirus companies updated their protective software this week to detect Sony's antipiracy program, disable it and prevent it from reinstalling.
After Russinovich criticized Sony, it made available a software patch that removed the technology's ability to avoid detection. It also made more broadly available its instructions on how to remove the software permanently. Customers who remove the software are unable to listen to the music CD on their computer.