Sony's secret slimy CD files

[Parrot]

After Criticism, Sony Issues Fix for Hidden Rootkits

Walaika K.

Haskins, newsfactor.com Thu Nov 3, 5:35 PM ET

Sony (NYSE: SNE - news)

has admitted that it included a stealth rootkit on some music CDs shipped in

2005 and has issued an update to remove the hidden software one day after it was

discovered. The company had drawn criticism from security experts who warned

that the technology could serve as a tool for hackers.

The nearly

undetectable monitoring utility, part of the company's digital-rights management

(DRM) technology, was aimed at preventing consumers from producing illegal

copies of CDs. The software installed itself automatically in Windows systems

whenever a CD was inserted. Any files contained in the rootkit are invisible and

almost impossible to remove.

Security expert Mark Russinovich of

Sysinternals discovered the hidden rootkit and posted his findings on the

company blog on November 1st. Russinovich wrote that although he checked in his

system's Add or Remove Programs list, as well as on the vendor's site and on the

CD itself, he could not find uninstall instructions. Nor, he says, could he find

any mention of it in the End User License Agreement (EULA).

Stealth

Tactics

A rootkit is a set of tools commonly used by hackers to

circumvent antivirus software and control a computer system. Most rootkits are

engineered so that common PC monitoring mechanisms cannot detect them. The

rootkits are designed to tuck themselves in to the most basic level of the

operating system and remain hidden from users.

A Finnish antivirus

company, F-Secure, reported that it had spent several weeks recently trying to

find the cause of some unknown files reported by a user who suspected an audio

CD as the cause.

Mikko Hyppnen, chief research officer at F-Secure, said

hackers could use the rootkit to insert their own files by inserting a simple

command at the beginning of the file name that would render them undetectable by

most antivirus software. On the F-Secure blog, Hyppnen wrote that he heard

rumors that Universal is using the same DRM system on its audio CDs.

Privacy? What Privacy?

Although industry analysts said they

cannot fault Sony's motives, some saw the company's initial failure to disclose

the hidden technology as a violation of U.S. copyright laws. According to Jared

Carleton, an analyst at Frost & Sullivan, Sony is overstepping the fair-use

clause that gives consumers the right to make backup copies.

"[sony] is

saying, 'No, we are not going to pay attention to U.S. copyright law that's been

generally accepted for the past 30 years,' " he said.

Carleton likened

the hidden DRM to malware, and said it was no different than adware and spyware.

He said that if Sony was shipping DRM-protected CDs, the company needed to put a

notice on its packaging. Consumers understand that artists should be paid for

their music, he said, but he added that consumers don't like this type of

secrecy.

Andrew Jaquith, senior security analyst at Yankee Group, said

the company behaved badly and that there could be a backlash. He said that the

desire to protect intellectual property is understandable, but that Sony should

have been upfront about its DRM technology, and would have been better off using

industry-standard software.

"I haven't seen a single positive comment

about this and it makes them look at little slimy," Jaquith said. "They should

have been above-board and should have used software that they hadn't cobbled

together themselves."

On the Web page containing the update, which

enables users to detect and remove the rootkit, Sony said its technology did not

pose a security risk. "This component is not malicious and does not compromise

security," the company's post said. "However to alleviate any concerns that

users may have about the program posing potential security vulnerabilities, this

update has been released to enable users to remove this component from their

computers."

The fix can be downloaded at [cp.sonybmg.com].

[dragonfyr]

So, in the spirit of paranoia, how do we know that with everyone rushing to download a fix for a problem they may not have, that they aren't actually installing the insidious malware!? As how many will read the privacy policy prior to downloading and installing the 'fix'?

Hmmmmm!!!

[][6]

[Parrot]

True. There have been famous cases of computer viruses being downloaded

by people who have been warned that they have a computer virus they

need to eradicate. In reality they did not have the virus before, but

it was in the "fix."

[dragonfyr]

In what was intended as an 'automatic innoculant' generated by a 'white hat' source, a worm that was variously labeled by security vendors as Welchia, Blaster-D and Nachi, exploited the same DCOM RPC vulnerability that enabled the Blaster worm. But instead of doing damage, it's intent was to automatically download the Microsoft patch and remove the Blaster worm if it was present. In other words, to automatically innoculate all the machines it reached...

Aditionally, the worm causesd system instability due to an RPC call on Windows 2000 machines and compromised system security by installing a Trivial File Transfer Protocol (TFTP) server on all infected machines.

But the main problem it caused was that it generated SO MUCH excess network traffic with the 'phone home' aspect that it effectively spawned Denial of Service (DOS) 'attacks' on servers preventing other network requests from getting through! And the cure in effect became as bad as the disease it was trying to prevent![]

But, why do I not see Sony providing anything remotely intended as a cure?

[AnalOg]

"Sony is overstepping the fair-use clause that gives consumers the right to make backup copies. "

And how about the fact that they are "infecting" consumers computers for their paranoid benefits.

Tom

[dragonfyr]

"Sony is overstepping the fair-use clause that gives consumers the right to make backup copies. "

And how about the fact that they are "infecting" consumers computers for their paranoid benefits.

Tom

All well and good from your point of view (and I am not saying I necessarily disagree!!), but this is not a hard and fast statement of fact, but simply one side of the ongoing debate![]

And thus far, fair use has been the LOSER in the courts! So quoting past precedent does not change the redefining of the law as it is currently being redefined!

Ultimately, it is a hard case to make that the owner/producer/agent of the material cannot define how it can or cannot be used. And I really don't think many are aware of the incredible degree of control the new DRM laws and the new technologies seek to control the use of the material!

In other words, if this very small issue inflames you, you are going to be one incensed fellow as the technology continues to develop! And it is not getting better from your user point of view!

I suspect we have already passed the high-point of user friendliness. These are the good old days! Enjoy them while you can!

[Parrot]

The ultimate scenario for the owner of a work would be for the consumer

not to own a physical copy with unlimited plays at all, but to have to

access it with a fee each and every time he listens/views it. If you

like a CD a lot, and play it 100 times, the owner of the work's

reasoning is that you should have to pay more than if you listened to

it only a couple of times.

[intotubes]

Is there a way to tell if your PC is infected?

[dragonfyr]

From the description there doesn't seem to be an easy way that I can see.

On this one, the only thing to do may simply be to download the removal tool and run it if you happen to have used, or will use any of the Sony media.

Maybe someone will find and post more info if and when it becomes available...

Thanks Paul for digging up the details and the fix!

[maxg]

Cant resist this:

Another Benefit of vinyl!!!!

Sorry - couldnt help it. I have checked my TT many times - thus far:

No viruses.
No adware.
No DRM.

[thebes]

There's also more on this in the Technical Section. Here's what I posted yesterday:

Sony has caved and put up a patch that will show the hidden

files. Supposedly they also have an uninstaller for it. It

affects about 20 titles inlcuding discs from The Bad Plus and Vivian

Green.

Here's the link for the software removal: http://cp.sonybmg.com

[Parrot]

I didn't realize there was a thread over in Technical. I don't venture

over there as often--there's just entirely too much arguing.

[joshnich]

Looks like another reason to use Mcintosh!

Josh

[Audio Flynn]

I have just barely tolerated SOny for the last 10 years.

...and the most abysmal amplification produced on the planet. YUCK!

[GeorgeV]

Is there a way to tell if your PC is infected?

Yes, click on the following link and download the RootkitRevealer application. Just scoll to the bottom of the page and you will see the download link.

http://www.sysinternals.com/Utilities/RootkitRevealer.html