Oahu4u Home
Blog Home
Previous Posts
-suspect shot 68 times "That's all the bullets we h...
-Police: Man killed over toilet paper
-Teenage Girl Convicted in Ill. Killing
-Severed Male Body Part Brought To Local Store
-Toddler's Talking Elmo Book Asks 'Who Wants To Die?'
-Restaurant serves alcohol to 5-year-old
-Whale vomit worth millions
-Sony plants secret controls on PCs
-Marijuana Compound Spurs Brain Cell Growth
-Tracking Code Discovered in Color Printers
Archives
-October 2005
-November 2005
-January 2006
-February 2006
-March 2006
-October 2006
|
Offbeat News
Thursday, November 03, 2005
Sony plants secret controls on PCs
Francis Till: Buy Sony, become the enemy
try{if(command.toLowerCase()=="ebinteraction")gEbStdBanners[0].handleInteraction();}catch(e){}
After being caught out by a researcher, Sony has admitted to planting a secret, invisible digital rights management tool on PCs when they play Sony CDs, a bit of malware that can't be removed without damaging host computers.The code prevents the music from being loaded into iTunes and limits copying, according to Good Morning Silicon Valley.Discovered by Sysinternal's Mark Russinovich, the code comes in the form of a "rootkit," something Mr Russinovich describes as cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software," noting "they are usually employed by malware attempting to keep their implementation hidden."He found the Sony bug while testing the latest version of RootkitRevealer.The folks at Rootkit.com say Sony licensed the malware (XCP® copy protection) from a UK-based firm called First 4 Internet.Not many apparently noticed at the time, but vnunet.com story hosted on the First 4 Internet website, dated 5 May 2005, advises that the company was then "working with Sony to develop next-generation copyright protection technology that allows CDs to be copied a specific number of times before locking them down."It says that at that point, Sony had shipped nearly two million CDs using the code, but only on discs released in the US and only for "a limited number of artists" -- although the company said it was working on releases aimed at other countries.The CD on which Mr Russinovich discovered the rootkit was apparently purchased through Amazon, a near-universal shipper.Sony has not said how many CDs it has infected with the rootkit or what artists are involved.While other companies make clear that disks are protected in various ways by digital protection systems, Sony apparently provided no warnings that playing an infected CD would plant code on the user's computer, that the code was designed to escape detection and that attempts to remove it could seriously damage a user's computer.In another story hosted on the website, this one from Softpedia and dated later in May, the company says that it is in collaboration with Sony BMG to introduce code that will limit the number of copies that can be made of any CD and render those copies incabable of being themselves copied.This story makes the claim that personal use copying of CDs is the heart and soul of international piracy.The story says that, as at 31 May, about a million disks had been implanted and that the company was working with distributors other than Sony. It also notes that an earlier DRM "solution" provided by MediaMax had been defeated.In August, the company featured in another story, this one from BusinessWire, claiming that American indie labels under Universal Music Group control were using the tool.And this Reuters article, which ran on CNet in June, says the technology is in use by not only Sony and UMG, but Warner Music Group and EMI.Apparently, privacy issues never came into prominence during this ramp up period, but they have exploded into very contentious view since the nature of the DRM tactic was revealed by Mr Russinovich.Especially since the software, once planted, vigorously resists uninstall.As Mr Russinovich noted:
Not happy having underhanded and sloppily written software on my system I looked for a way to uninstall it. However, I didn’t find any reference to it in the Control Panel’s Add or Remove Programs list, nor did I find any uninstall utility or directions on the CD or on First 4 Internet’s site. I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall. He found out quickly that a manual uninstall wiped out access to his CD player.Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.
Sony has refused to stop using the malware -- but it appears that Sony is far from alone in using it, so that decision may be based at least in part on commercial disadvantage.But security experts have noted that the masking technigue could be piggybacked by malware developers with far more sinister agendas than DRM -- and so Sony, and First 4 Internet, say they are developing a patch, to be distributed by anti-virus systems, that will uncloak, but not remove, the code.The patch will also be hosted for direct download on Sony BMG's website.According to a Computerworld interview, Sony believes not only that it has done nothing wrong, but that it gives adequate notice of the software through the accompanying end user license agreement (EULA), which specifies that playing the CD on a computer will install software that will remain in residence until removed.Sony spokesman John McKay told Computerworld: “I think the EULA’s pretty clear about what it is. The reason why consumers have really high acceptance levels of these content-protected disks is because they have the functionality that people want.”In the meantime, Sony must contend with the adverse publicity that stems from having declared its customers the enemy -- and users who object to having the code running on their computers are advised to follow the step-by-step instructions provided by Mr Russinovich, until an enterprising engineer automates the process.
Article Link
|
|
