More on Sony's "DRM Rootkit" 608
A couple of days ago we posted a story about Sony DRM installing a rootkit. Since then we have seen many more stories on the subject that I thought were worth sharing.
manno gave us a link to the inquirer and salemnic sent us a page from the washington post. smallfries gave us one from PC Pro.
It's nice to see this story not getting lost in the cracks since the implications are gigantic.
Re:DUPE? (Score:2, Informative)
Re:Sue (Score:5, Informative)
It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs
First4Internet (Score:5, Informative)
They're based in Banbury, Oxford and their CEO is Mathew Gilliant-Smith DBC.
6 South Bar Street
Banbury
Oxfordshire
OX16 9AA
United Kingdom
All info (and more) available on their website here http://www.first4internet.com/contact.aspx/ [first4internet.com]
That's about 20 minutes in the car for me, should I go pay them a visit - taking the best wishes of the
Re:I don't understand the fuss. (Score:5, Informative)
It's not a Windows-specific problem, it's just that Sony has only implemented it for windows.
Re:Russinovich's Take (Score:3, Informative)
Except that he put a link to a form, and not to a way to get rid of it. Looking further into the sony website the code used seems to originate from http://www.xcp-aurora.com/ [xcp-aurora.com] . Maybe that is the root of all problems.
Sue Sony -> Sony sue Aurora -> Lawyers will get rich and happy.
Yes, this is bad (Score:5, Informative)
On a related note: World of Warcraft hackers are now using Sony's DRM rootkit to hide from "the Warden" [wowsharp.net]. I tried to submit this as a standalone story, but since I saw this DRM news update, I figured I'd post it here.
Is Sony aiding and abetting cheaters?
Re:Let us hope: (Score:5, Informative)
From TFA:
Hypponen said the only way to uninstall the program in the conventional sense (without running the risk of hosing your system or CD-ROM drive) is to contact Sony BMG directly via a Web form and request removal.
At that point, a real, live person will call you back and ask for all kinds of information about your system, and your reason for wanting to remove the software. You're then directed to a Web page that downloads an ActiveX program (yes, you must be using Microsoft's Internet Explorer to do this), which determines what version is installed and reports that back to First4Internet. Then you get an e-mail containing a link to another site that downloads something that finally uninstalls the Sony program.
So, although they make you sell your firstborn to get it, they apparently do offer an uninstaller. IANAL, but maybe someone can still argue that the uninstaller needs to be bundled with the CD. Sony might also be liable if the installation damages your computer.
Not in Europe? (Score:4, Informative)
Re:I don't understand the fuss. (Score:2, Informative)
Re:I don't understand the fuss. (Score:1, Informative)
Re:Sue (Score:5, Informative)
Umm, nice to see that you didn't read the EULA either.
Re:Sue (Score:5, Informative)
I assume that you were trying to somehow infer that I didn't read the EULA [sysinternals.com]? Well, I did, but I'll post the important part of it here because it's fairly apparent that you did not, or at least didn't fully comprehend what it said:
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.
See that part about "the SOFTWARE will reside on YOUR COMPUTER until removed or deleted"? That's what people agree to when they click "I agree" on the EULA screen.
As far as being able to uninstall it via "add/remove programs", I wasn't aware that this made software dismissable via legal grounds. I thought it just meant that you could proudly wear the "Made for Microsoft Windows" on your retail box.
Re:Sue (Score:1, Informative)
Sony should immediately recall all XCP'd CDs (Score:3, Informative)
Re:Regardless of where this goes... (Score:5, Informative)
Hope this helps!
Re:Sue (Score:5, Informative)
You can contact Sony directly [sonybmg.com] and they will send you tools to remove the DRM software.
The F-Secure blog [f-secure.com] talks a little about this. It appears their removal software installs ActiveX controls.. just really messed up.
Re:Not in Europe? (Score:3, Informative)
I only have a few old crippled CDs, and I don't buy any new ones, so I can't tell if the rootkit is on anyone of them.
However, the Swedish Sony exec is blatantly lying in the article when he claims that Sony won't release any copy-controlled CDs until the protection works well for both the customers and the record labels.
Fix for the problem (Score:5, Informative)
I'm posting this via a proxy just in case Sony doesn't like what I post...
After reading this news story I decided to go after this software and defeat it, and I did.
The following is how you kill this hidden install. I did this in Windows XP Pro, so attempt on another OS at your discretion. This will require Administrator rights. Please read through the entire instruction set, and if you don't feel comfortable attempting this, then don't. The rest of you, follow me
1. hit windowsKey+R to open the RUN command. Type services.msc to run the services dialog. Find 'Plug and Play Device Manager' in the list, right click and choose Properties. Under the General tab of the box that comes up, in the middle there should be the "startup type" of the service. Set this value to "disabled" and click OK. Next find the service named 'XCP CD Proxy' and set its startup type to disabled as well. You won't be able to stop these services, only disable them from starting next time Windows starts.
2. Download and run the latest Blacklight beta from http://www.f-secure.com/blacklight/ [f-secure.com] This program will find the 'super hidden' CD proxy files we're trying to get rid of. When it finishes searching click next until you reach the screen that shows you all the hidden files it found. Select all these files and click the "rename" button to the right. Windows will restart once you click OK, and the files will be renamed.
3. Once Windows restarts you will have lost any and all CD/DVD drives. DON'T PANIC! Hit windowsKey+Pause/Break to open up your System dialog. Click on the Hardware tab, then on the "Device Manager" button. Your system will not list any CD/DVD drives, but you should see IDE slot(s) that have little yellow circles with exclamation points over them indicating a device with a problem. In order to restore the drivers to their un-sony-altered state you must right click on the affected device and choose "uninstall driver". Do this for each device with a problem.
4. Now that you have uninstalled the affected drivers, simply navigate to your Control Panel via the Start Menu and choose "Add Hardware". The add hardware wizard will run and find your previously disabled devices. Your drives are now restored and functional, and this potentially dangerous menace vanquished.
5. Advanced users may now go and clean up the mess, but this step is not necessary. Delete renamed files, and dare I say it, registry keys that pertain to Sony's program. Use this list for reference: http://www.europe.f-secure.com/v-descs/xcp_drm.sh
As an added note, once I got my drives back up and running, I popped in the CD that put this program on my computer. I was able to use a multi-session aware program (Roxio) to access the audio portion of the disk and rip MP3s to my hard drive where they will now be listened to in my preferred player the way God intended it to be. Oh, and the only illegal thing that went on here was what Sony did!
CONSUMER 1 - SONY 0
P.S. Once you rip MP3s from your Sony disc, burn it the old fashioned way, with gasoline and a match!
Re:I don't understand the fuss. (Score:1, Informative)
This is just an example, I'm sure a real cracker could come up with something doable.
Re:How to beat this... (Score:5, Informative)
Anyways, nothing is the EULA says that I can't just go and delete it.
Except that, if you read through Mark Russinovich's blog [sysinternals.com], you'll see that it cripples your system when you do this.
He goes on to detail the steps that were necessary to bring his computer back to fully-functional condition. It's not for Joe Q. Public.
Re:Contains LAME code? (Score:3, Informative)
Offtopic: Ya know, I don't have an actual CD player suitable for playing the CDs I buy. I absolutely cannot keep the original discs in my car, as they only last a few months getting shuffled around. Hell, they take a beating just being in my car, in a CD carrying case. Other than while driving, I listen to music while working, in several different locations, on my laptop.
Not just "Sony" (Score:5, Informative)
Arista Records
BMG
Columbia Records
Epic Records
J Records
Jive Records
LaFace Records
Legacy Recordings
Provident Music Group
RCA Records
RCA Victor Group
RLG - Nashville
Sony
So So Def Records
Verity Records
As a recording engineer / producer I'm against piracy - but I also hate DRM screwing with my machine and making it hard to enjoy the music I purchased in the way I want.
Support indy labels, and write letters to artists you like that are on majors - tell them to move on to an indy label or start their own.
And if you're really mad (as I am) boycott all of Sony. While Sony music walks to its own drummer, the parent company can't be loving the bad publicity.
I stopped buying all Sony products (including the pro gear I use as an audio engineer) when they initially started their annoying DRM. It is easy to break, but makes normal use of the CD harder.
There's more than one law here. (Score:3, Informative)
On the one hand, it's perfectly legal for me to play that CD on my laptop without running that software. Even assuming a clickthrough license is valid, I can simply refuse to accept that license, refuse to install the software, and treat it as an ordinary audio CD. If I'm not running Windows on my laptop, in fact, I don't even have an opportunity to use their spyware-enhancer.
On the other hand, even if it WAS a legal requirement, any contract that involves on or the other of the parties performing an illegal act as a requirement for fulfilling that contract is void. There's a reasonable case that this software violates the DMCA and thus the license is invalid.
Which takes you back to the first hand.
Re:I don't understand the fuss. (Score:2, Informative)
The BSD zealots have a point here - it is more secure to have all drivers run in separate sandboxes, so a borked driver won't bring down the whole OS.
Re:Russinovich's Take (Score:5, Informative)
Re:Simple Solution: Boycott Sony to Death (Score:3, Informative)
Look at the RIAA/MPAA and their correlation of sales/piracy. They'll never link sales could be down because the current music sucks or whatever - it's always the market's fault somehow - piracy, recession, depression, etcetera.
So next time you are tempted to buy a Sony product and instead decide to boycott it, write them a nice (I mean it) letter (not email) to their headquarters, preferable to a manager (find it on their site):
http://www.sony.com/SCA/senior_mgmnt.shtml [sony.com] (sorry, this is the best I can find, you'll have to go from there)
Explaining why you didn't buy their product. Specifically link it with their DRM practices. Include a copy of the reciept for the product you did buy - this way the impact on the bottom line is tangible and credible.
A small boycott without communication your frustration is nearly worthless.
Let them know how you feel.... (Score:3, Informative)
Technical Issue Feedback form... (Score:2, Informative)
i'm safe... (Score:1, Informative)
oh sh...
"The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk, and that its team worked closely with big antivirus companies such as Symantec to ensure that was the case." -cnet
Re:Sue (Score:2, Informative)
iTunes Does the Same Thing (Score:1, Informative)
Re:... until removed or deleted. (Score:3, Informative)
I think the bnetd case [eff.org] pretty much gives software publishers carte-blanche in restricting what you can do. They held that (1) the EULA was enforceable (2) it removes the consumers rights granted by copyright and DMCA laws (3) The UCC covers the transaction because the software is goods sold (4) the software is licensed, not sold, because the EULA says so.
In short - EULAs are enforceable, even when they are wordy, vague, and contradictory. And, they are contracts since they say "if you don't agree, return this for a refund" - even though there is no realistic way to actually get your money back for opened software.
Here's the address of the guy to write to at Sony: (Score:3, Informative)
President, Global Digital Business
Sony BMG Music Entertainment Company
550 Madison Ave.
New York, NY 10022-3211
I wrote this guy last summer after reading a piece in the New York Times featuring him discussing Sony's oh-so-wunnerful SunnComm copy protection. I can't locate the original NYT article, but this one [timesleader.com] says almost exactly the same thing.
I didn't receive a reply. I thought I stood a good chance of receiving one since I couched my language in civil terms and didn't call him a pig fucker. So, see what works for you.
Re:... until removed or deleted. (Score:2, Informative)
Re:... until removed or deleted. (Score:2, Informative)
Re:Sue (Score:3, Informative)
Take action to stop Sony from cont this outrage (Score:2, Informative)
Sony Corporation of America
Investor Relations
550 Madison Ave, 27th Floor
New York, NY 10022-3211
If you want a laugh, check out Sony's views on Corporate Social Responsibility site at http://www.sony.net/SonyInfo/Environment/about/in
From that site: "The Sony Group recognizes that
I wonder how they think installing rootkits on customer computers promotes the interests of Sony's customers!!!
Re:... until removed or deleted. (Score:3, Informative)
http://updates.xcp-aurora.com/unsupported.aspx [xcp-aurora.com]
Sigh.