Home |
Search |
Today's Posts |
#1
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits
The following is an e-mail a friend of mine, with some other quotes
included, on the subject of Sony rootkits. I think it's worth a read. Mark Z. ************************************************** ** This is a good essay about the Sony rootkit problem. I have included the links published with the essay. That's why it's attached. Followed by my comments. Sony: The rootkit of all evil? So Sony BMG has been getting a lot of flack lately for, well, for a bunch of things. First it installed Trojan horse software on users' computers, then claimed it wasn't a problem, then released a "removal" tool that was actually spyware.. It's enough to make you turn to pirated music. There seem to be two kinds of news stories about the ongoing Sony debacle. Some gloss over what Sony did, simply saying that the company's anti-piracy software has caused some concern among users. Others get into the nitty-gritty of what Sony did, getting into rootkits and ActiveX scripting, which is a quick way to put you to sleep. I'm going to try to bridge that gap, because what Sony is as interesting as it is nasty. An understanding of how the company's hidden software works is important to understanding what all the hubbub is about - and to protecting yourself. Hacker holes Sony, like most music companies, wants complete control over how you use the music you buy. They want to prevent you from copying it, even to an iPod or a mix you take in your car. But in its latest attempt to control its customers' use of music, Sony went overboard. You almost can't blame it. Back in 2002, in a much-publicized debacle, the copy-protection scheme Sony used was undermined in a decidedly low-tech way: You simply needed to draw a line around the CD with a magic marker. Ouch. So this time Sony took it to the max. It hired a company called First4Internet to design a copy-protection system called XCP. If you tried to play a protected disk in your computer, you first had to agree to install a Sony music player to listen to it. But what Sony didn't say out loud was that the software also included a rootkit. Rootkits were invented for Unix systems (where you could log in as "root" to have complete control over a computer). They were designed by the bad hackers to let them log into a system as "root" without the owner knowing. A rootkit effectively creates a hidden space on users' computers. In that space, Sony (or anyone else who knows how to access that space) could put anything it wanted to hide. In Sony's case, it hid its copy-protection software so users couldn't remove it. But Sony and First4Internet did such a lousy job that the hidden space created by the rootkit could be used by anyone who knew about it. In other words, it created a huge security hole - a space on every user's computer that a virus writer could hide some nasty code. Sony's excuse? Users didn't care about rootkits because they didn't know what they were. In an NPR interview, Thomas Hesse, president of Sony BMG's global digital business said, "Most people I think don't even know what a rootkit is, so why should they care about it?" Mark Russinovich cared. The computer expert and co-author of the Sysinternals blog discovered the rootkit and figured out where it had come from. Then he discovered what it did. Besides installing a player for the CD and copy-protection software, Sony also hid other code that contacted the company every time a user played a song. Yes, you read that right. Now you're starting to see why people got upset. Patch problems Russinovich also discovered a problem. Not only did Sony and First4Internet create a hidey-hole on users' computers, that hole is disturbingly easy to get into. Essentially, thanks to Sony, anything beginning with "$sys$" would be invisible to a user and his anti-virus software. Even a program named "$sys$erase-your-files.exe." So Russinovich tried to remove the rootkit, and couldn't without damaging his system. So he spread the word. Sony's first reaction was to deny there was a problem - Hesse's NPR interview was a case in point. But as word spread, first among blogs and then to the mainstream media, the company reluctantly released a patch program that closed the hidey-hole. Sounds reasonable, if a bit slow. But it wasn't. Get this: In order to get the patch, you have to provide your name, e-mail address, and other personal information to Sony. When you finally download the thing, it does the patch thing, and then it installs all sorts of new stuff that Sony doesn't tell you about. And it continues to send your listening habits to Sony and its partners, but now it has a bunch of your personal information too. But wait. Incredibly, there's more. The patch itself, it turns out, opens another big security hole. If you install it, it includes a program called "CodeSupport." The programmers who slapped this thing together designed it so any website could access CodeSupport on your computer to do things to it. In other words, if you go to a bad guy's site after installing the Sony patch, a hidden program on that site could look for CodeSupport, and could do all sorts of nasty things to your. The whole thing has gotten so bad that the original XCP software (which had the rootkit), the patch Sony BMG released, and the new software installed by the patch are all classified as Trojans by Computer Associates' security division in its Spyware Encyclopedia. None of this, of course, is what you agree to when you click "Accept" to play the Sony CD. (What do you agree to? Among other things, you agree not to play the CD at work, to install any update Sony asks you to (and not to hold the company liable if it damages your system), and, oddly enough, to delete all the music if you file for bankruptcy.) How bad? None of this is doing Sony much good. The blinding light of publicity has brought other things to the forefront. For example, XCP isn't the only copy protection the company uses. Other CDs from the company are "protected" with SunnComm's MediaMax software, which installs things on your computer whether or not you accept the license agreement. It, too, sends information about your activities, this time to SunnComm. And it also came to light that Sony has patented a method for prohibiting a video game from being played on anything but the original machine it was bought for. Speculation is that it will be used for the upcoming PlayStation 3, preventing gamers from, say, bringing a game to a friend's house, or selling a used game. The fallout has hit more than Sony. The CD that started it all is Van Zant's Get Right with the Man. Check out its page on Amazon.com. As I write this, the average customer review gives it one and a half stars. "DO NOT PURCHASE - Installs dangerous software on your PC," reads the first review. There are 237 more; a dozen or so are positive. Most give it one star. At this point, despite Sony's belated recall of the infected disks, many computers - and networks - have been hit with the Sony rootkit. This means huge potential security problems not only for personal computers but also for corporate and government networks. In fact, a researcher in Seattle figured out how to see how many networks were infected. The rough answer? More than 500,000. That's a lot of cleanup to do. Anti-virus companies are already on the case, releasing tools to remove the problem files. One company has released software that allows you to play "protected" CDs and DVDs without dealing with the Sony software. Of course, the lawyers are just getting started, with class-action suits in the works in the U.S. and Europe. I started writing this column last Saturday, Nov. 12. Since then, every day has brought new twists. For music lovers, it's a big problem. For technology columnists, it's a gift that keeps on giving. Andrew Kantor is a technology writer, pundit, and know-it-all who covers technology for the Roanoke Times. He's also a former editor for PC Magazine and Internet World. Read more of his work at kantor.com. His column appears Fridays on USATODAY.com. Comment from James: As of Dec.10, 05. Using an infected and "patched" computer, and a packet sniffer. I found a keyboard logger/bot which looks for the keyword "Sony" in saved text or Outlook documents. It then sends entire content of your documents to Sony BMG! It will even report if you type the word "Sony" at the keyboard and do nothing else. All of this without your knowledge or consent. I then exposed and examined the root kit. Yes - The rootkit which was supposedly "removed" by the "patch" from Sony. It has been my experience this rootkit makes the system unstable by corrupting file allocation. And eventually leads to an unrecoverable hard drive failure due to inaccessible or overwritten drive sectors. I have seen a bunch of these failures in recent months. Upon examination of the failed hard drives, it was found (with one exception) all had been exposed to the Sony spyware. The only way I know to restore a drive, once exposed, is to partition and format the entire hard drive. This destroys all data on the drive, including the O.S. It is more then likely that not enough of the drive survives to make this effort worth while anyway. I see evidence of physical damage due to thrashing causing surface defects and bad sectors. Think your safe because you use a Mac? Think again. The rootkit and it's contents are the same. Just compiled for a Mac. When researching this I found Sony BMG and other lables using a anti-piracy technique which interrupts the audio data stream contained on the CD. Making the CD unplayable on many CD players. Sony BMG is among the labels being sued by they're own "talent" for withholding of royalty payments, and other breaches of contract. At this point I am boycotting all RIAA member labels. The last thing the RIAA did of any value what so ever was to establish the phono EQ curve. Unfortunately I won't be buying Sony products for a while either. Many retailers in Texas no longer carry the Sony line of consumer electronic products. Citing a high failure rates. Currently the State of Texas is suing Sony in two consumer protection actions. One involving the rootkit. The other involving repeated failures of Sony consumer electronics products within, and just out of the warranty period. On a personal note. I find Sony's misconduct disturbing. I have proudly serviced Sony products for many years. At one time not long ago, the name Sony stood for the best products and conduct in the industry. It seems with the passing of the former founder and CEO of the company, disturbing changes have taken place at Sony. I hope Sony can turn it around and recapture its glory days. Meanwhile: The record industry (the last bastion of organized crime) can go strait to hell on a pirated MP3. James |
#2
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits
François Yves Le Gal writes:
On Tue, 13 Dec 2005 13:05:49 GMT, "Mark D. Zacharias" wrote: The following is an e-mail a friend of mine, with some other quotes included, on the subject of Sony rootkits. The solution is quite simple : don't buy copy protected CD's. And don't How does one know that the CD is copy protected in the first place? Is there a lable saying so? forget to disable autoplay on your Wintel boxes... Or leave Windows out of the game alltogether. There are many good reasons for this but since these groups are dedicated to audio I won't bother you with any of them. -- ================================================== ====================== Martin Schöön "Problems worthy of attack prove their worth by hitting back" Piet Hein ================================================== ====================== |
#3
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits
That should be in Wikipedia. Could you persuade your friend to submit it
there? "Mark D. Zacharias" wrote in message . com... The following is an e-mail a friend of mine, with some other quotes included, on the subject of Sony rootkits. I think it's worth a read. Mark Z. ************************************************** ** This is a good essay about the Sony rootkit problem. I have included the links published with the essay. That's why it's attached. Followed by my comments. Sony: The rootkit of all evil? So Sony BMG has been getting a lot of flack lately for, well, for a bunch of things. First it installed Trojan horse software on users' computers, then claimed it wasn't a problem, then released a "removal" tool that was actually spyware.. It's enough to make you turn to pirated music. There seem to be two kinds of news stories about the ongoing Sony debacle. Some gloss over what Sony did, simply saying that the company's anti-piracy software has caused some concern among users. Others get into the nitty-gritty of what Sony did, getting into rootkits and ActiveX scripting, which is a quick way to put you to sleep. I'm going to try to bridge that gap, because what Sony is as interesting as it is nasty. An understanding of how the company's hidden software works is important to understanding what all the hubbub is about - and to protecting yourself. Hacker holes Sony, like most music companies, wants complete control over how you use the music you buy. They want to prevent you from copying it, even to an iPod or a mix you take in your car. But in its latest attempt to control its customers' use of music, Sony went overboard. You almost can't blame it. Back in 2002, in a much-publicized debacle, the copy-protection scheme Sony used was undermined in a decidedly low-tech way: You simply needed to draw a line around the CD with a magic marker. Ouch. So this time Sony took it to the max. It hired a company called First4Internet to design a copy-protection system called XCP. If you tried to play a protected disk in your computer, you first had to agree to install a Sony music player to listen to it. But what Sony didn't say out loud was that the software also included a rootkit. Rootkits were invented for Unix systems (where you could log in as "root" to have complete control over a computer). They were designed by the bad hackers to let them log into a system as "root" without the owner knowing. A rootkit effectively creates a hidden space on users' computers. In that space, Sony (or anyone else who knows how to access that space) could put anything it wanted to hide. In Sony's case, it hid its copy-protection software so users couldn't remove it. But Sony and First4Internet did such a lousy job that the hidden space created by the rootkit could be used by anyone who knew about it. In other words, it created a huge security hole - a space on every user's computer that a virus writer could hide some nasty code. Sony's excuse? Users didn't care about rootkits because they didn't know what they were. In an NPR interview, Thomas Hesse, president of Sony BMG's global digital business said, "Most people I think don't even know what a rootkit is, so why should they care about it?" Mark Russinovich cared. The computer expert and co-author of the Sysinternals blog discovered the rootkit and figured out where it had come from. Then he discovered what it did. Besides installing a player for the CD and copy-protection software, Sony also hid other code that contacted the company every time a user played a song. Yes, you read that right. Now you're starting to see why people got upset. Patch problems Russinovich also discovered a problem. Not only did Sony and First4Internet create a hidey-hole on users' computers, that hole is disturbingly easy to get into. Essentially, thanks to Sony, anything beginning with "$sys$" would be invisible to a user and his anti-virus software. Even a program named "$sys$erase-your-files.exe." So Russinovich tried to remove the rootkit, and couldn't without damaging his system. So he spread the word. Sony's first reaction was to deny there was a problem - Hesse's NPR interview was a case in point. But as word spread, first among blogs and then to the mainstream media, the company reluctantly released a patch program that closed the hidey-hole. Sounds reasonable, if a bit slow. But it wasn't. Get this: In order to get the patch, you have to provide your name, e-mail address, and other personal information to Sony. When you finally download the thing, it does the patch thing, and then it installs all sorts of new stuff that Sony doesn't tell you about. And it continues to send your listening habits to Sony and its partners, but now it has a bunch of your personal information too. But wait. Incredibly, there's more. The patch itself, it turns out, opens another big security hole. If you install it, it includes a program called "CodeSupport." The programmers who slapped this thing together designed it so any website could access CodeSupport on your computer to do things to it. In other words, if you go to a bad guy's site after installing the Sony patch, a hidden program on that site could look for CodeSupport, and could do all sorts of nasty things to your. The whole thing has gotten so bad that the original XCP software (which had the rootkit), the patch Sony BMG released, and the new software installed by the patch are all classified as Trojans by Computer Associates' security division in its Spyware Encyclopedia. None of this, of course, is what you agree to when you click "Accept" to play the Sony CD. (What do you agree to? Among other things, you agree not to play the CD at work, to install any update Sony asks you to (and not to hold the company liable if it damages your system), and, oddly enough, to delete all the music if you file for bankruptcy.) How bad? None of this is doing Sony much good. The blinding light of publicity has brought other things to the forefront. For example, XCP isn't the only copy protection the company uses. Other CDs from the company are "protected" with SunnComm's MediaMax software, which installs things on your computer whether or not you accept the license agreement. It, too, sends information about your activities, this time to SunnComm. And it also came to light that Sony has patented a method for prohibiting a video game from being played on anything but the original machine it was bought for. Speculation is that it will be used for the upcoming PlayStation 3, preventing gamers from, say, bringing a game to a friend's house, or selling a used game. The fallout has hit more than Sony. The CD that started it all is Van Zant's Get Right with the Man. Check out its page on Amazon.com. As I write this, the average customer review gives it one and a half stars. "DO NOT PURCHASE - Installs dangerous software on your PC," reads the first review. There are 237 more; a dozen or so are positive. Most give it one star. At this point, despite Sony's belated recall of the infected disks, many computers - and networks - have been hit with the Sony rootkit. This means huge potential security problems not only for personal computers but also for corporate and government networks. In fact, a researcher in Seattle figured out how to see how many networks were infected. The rough answer? More than 500,000. That's a lot of cleanup to do. Anti-virus companies are already on the case, releasing tools to remove the problem files. One company has released software that allows you to play "protected" CDs and DVDs without dealing with the Sony software. Of course, the lawyers are just getting started, with class-action suits in the works in the U.S. and Europe. I started writing this column last Saturday, Nov. 12. Since then, every day has brought new twists. For music lovers, it's a big problem. For technology columnists, it's a gift that keeps on giving. Andrew Kantor is a technology writer, pundit, and know-it-all who covers technology for the Roanoke Times. He's also a former editor for PC Magazine and Internet World. Read more of his work at kantor.com. His column appears Fridays on USATODAY.com. Comment from James: As of Dec.10, 05. Using an infected and "patched" computer, and a packet sniffer. I found a keyboard logger/bot which looks for the keyword "Sony" in saved text or Outlook documents. It then sends entire content of your documents to Sony BMG! It will even report if you type the word "Sony" at the keyboard and do nothing else. All of this without your knowledge or consent. I then exposed and examined the root kit. Yes - The rootkit which was supposedly "removed" by the "patch" from Sony. It has been my experience this rootkit makes the system unstable by corrupting file allocation. And eventually leads to an unrecoverable hard drive failure due to inaccessible or overwritten drive sectors. I have seen a bunch of these failures in recent months. Upon examination of the failed hard drives, it was found (with one exception) all had been exposed to the Sony spyware. The only way I know to restore a drive, once exposed, is to partition and format the entire hard drive. This destroys all data on the drive, including the O.S. It is more then likely that not enough of the drive survives to make this effort worth while anyway. I see evidence of physical damage due to thrashing causing surface defects and bad sectors. Think your safe because you use a Mac? Think again. The rootkit and it's contents are the same. Just compiled for a Mac. When researching this I found Sony BMG and other lables using a anti-piracy technique which interrupts the audio data stream contained on the CD. Making the CD unplayable on many CD players. Sony BMG is among the labels being sued by they're own "talent" for withholding of royalty payments, and other breaches of contract. At this point I am boycotting all RIAA member labels. The last thing the RIAA did of any value what so ever was to establish the phono EQ curve. Unfortunately I won't be buying Sony products for a while either. Many retailers in Texas no longer carry the Sony line of consumer electronic products. Citing a high failure rates. Currently the State of Texas is suing Sony in two consumer protection actions. One involving the rootkit. The other involving repeated failures of Sony consumer electronics products within, and just out of the warranty period. On a personal note. I find Sony's misconduct disturbing. I have proudly serviced Sony products for many years. At one time not long ago, the name Sony stood for the best products and conduct in the industry. It seems with the passing of the former founder and CEO of the company, disturbing changes have taken place at Sony. I hope Sony can turn it around and recapture its glory days. Meanwhile: The record industry (the last bastion of organized crime) can go strait to hell on a pirated MP3. James |
#4
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits
"mc" wrote in message ... That should be in Wikipedia. Could you persuade your friend to submit it there? Not quite sure how much of it was his original. But I did find it intersting to read. I'm not a real tech guru, especially regards computers, but it was written simply enough that I could readily understand it. Thought the group might benefit. Mark Z. |
#5
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits
"Mark D. Zacharias" wrote:
That should be in Wikipedia. It would be more fair to consider Mark Russinovitch's explanation of it for that purpose. Not quite sure how much of it was his original. But I did find it intersting to read. Googling will lead you to Mark Russinovithc's tale of how he discovered it. Mark Z. Kind regards Peter Larsen -- ******************************************* * My site is at: http://www.muyiovatki.dk * ******************************************* |
#6
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits
François Yves Le Gal wrote:
"Mark D. Zacharias" wrote: The following is an e-mail a friend of mine, with some other quotes included, on the subject of Sony rootkits. The solution is quite simple : don't buy copy protected CD's. And don't forget to disable autoplay on your Wintel boxes... Don't forget: cross Sony off your equipment list and send them a letter to that effect. Their stuff is madly overpriced anyway. Francois. |
#7
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits
Don't forget: cross Sony off your equipment list and send them a letter to that effect. Their stuff is madly overpriced anyway. ...and madly unreliable. My Sony GRX560 laptop, which has been the core of my portable DAW, died yesterday morning. It has the dreaded soldering defect with the SODIMM sockets that about 900 other Sony users have reported on HardwareAnalysis.com already. I have a major Christmas Eve concert to record and I've just sent my laptop to a shop in NY for repair. This does not make me feel good about Sony. The corporate attitude is like that of Hewlett-Packard: screw the customer. Unfortunately, it was the best damned laptop I've ever owned and finding another with an LCD screen like that has turned up nothing. Hopefully the repair shop will solve the problem once and for all before end of next week. Oh yeah, that rootkit thing was incredible. The authors used code stolen from other programmers. One of their programmers was trolling around USEnet looking for tips on how to embed drivers in Windows in stealth. They don't even know what they are doing. Sony made a bad choice hiring that British firm to create their DRM solution. More like a nightmare. -- Best Regards, Mark A. Weiss, P.E. www.mwcomms.com - |
#8
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits (lots of info)
Hi François and everyone,
Have provided a lot of information concerning various protection schemes at http://www.enjoythemusic.com/magazin...5/hijacked.htm . Note the many links to my other articles on that page. This is not a new issue, but now Sony has taken it upon themselves to what some say is going WAY over the line. Enjoy the Music, Steven R. Rochlin http://www.EnjoyTheMusic.com Where you can find: Superior Audio, The Absolute Sound, Review Magazine, The $ensible Sound, The Audiophile Voice... and MUCH more! "(null)" wrote in message news:1134633298.424422@smirk... François Yves Le Gal wrote: "Mark D. Zacharias" wrote: The following is an e-mail a friend of mine, with some other quotes included, on the subject of Sony rootkits. The solution is quite simple : don't buy copy protected CD's. And don't forget to disable autoplay on your Wintel boxes... Don't forget: cross Sony off your equipment list and send them a letter to that effect. Their stuff is madly overpriced anyway. Francois. |
#9
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits (lots of info)
"Steven R. Rochlin" writes:
Hi François and everyone, Have provided a lot of information concerning various protection schemes at http://www.enjoythemusic.com/magazin...5/hijacked.htm . I didn't know computers could enjoy music. :-) -- ================================================== ====================== Martin Schöön "Problems worthy of attack prove their worth by hitting back" Piet Hein ================================================== ====================== |
#10
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits
In article , "Mark D.
Zacharias" wrote: The following is an e-mail a friend of mine, with some other quotes included, on the subject of Sony rootkits. The other Sony copy-protection software mentioned, Sunncomm's MediaMax, is also a problem. If autorun is enabled, it installs itself on your system *before* you accept the licence agreement. Although not a rootkit, it's essentially spyware. Anti-virus and anti-spyware companies don't seem to be onto it yet, though. If you reject the licence agreement, the CD is ejected from the drive but the software remains on your system. If you do nothing and attempt to play the CD, the software inserts noise in the audio stream making the CD essentially unlistenable. If you attempt to rip the CD, some programs will do it but the result will be affected by the same noise problem; some won't. Solution (windows systems): disable autorun, preferably permanently in the registry settings or temporarily by pressing the shift key while loading the CD. This will stop the software from loading itself onto your system - where it needs to be in order to screw up the audio (ie it doesn't work from the CD itself). Ripping programs that can find the audio tracks (Audiograbber and Easy CD Creator worked for me, Nero didn't) will then proceed as normal. Sunncomm has a removal tool on their website which, unlike the one for the rootkit, seems to get rid of the thing with no resulting problems; but better to avoid getting it on your system at the outset. Once ripped, destroy the original CD; or if you'd rather not buy such poison in the first place, look for Sunncomm's URL in the "Compatible With" box on the back of the case. Geoff -- Actually, I do have spots. |
#11
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits (lots of info)
Martin,
I didn't know computers could enjoy music. :-) Sure they can! Midi lets them talk to each other too Enjoy the Music, Steven R. Rochlin http://www.EnjoyTheMusic.com Where you can find: Superior Audio, The Absolute Sound, Review Magazine, The $ensible Sound, The Audiophile Voice... and MUCH more! ""Schöön" Martin" wrote in message ... "Steven R. Rochlin" writes: Hi François and everyone, Have provided a lot of information concerning various protection schemes at http://www.enjoythemusic.com/magazin...5/hijacked.htm . I didn't know computers could enjoy music. :-) -- ================================================== ====================== Martin Schöön "Problems worthy of attack prove their worth by hitting back" Piet Hein ================================================== ====================== |
#12
Posted to rec.audio.tech,rec.audio.misc
|
|||
|
|||
Sony Rootkits
"Mark D. Zacharias" writes:
The following is an e-mail a friend of mine, with some other quotes included, on the subject of Sony rootkits. I think it's worth a read. It's pretty well done. Thanks for posting it. |
Reply |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
FA: from $0.99 SONY Theater RECEIVER ($600 less!) dOUBLEdECK AND headphones HiFi awesome | Marketplace | |||
Sony Rootkits | General | |||
Sony Digital Amps (and SACD) vs. Sony Analog Amps | High End Audio |