The Real Danger Of Sony's Rootkit: It Lets Others Piggyback
from the uh-oh dept
While everyone's discussing the non-surprising fact that Sony's latest CD copy protection scheme uses "rootkit" style tricks to embed itself deep within your machine, Ed Felten Alex Halderman has picked up on a much more serious problem brought out by the discovery. The particular nasty software from Sony can actually be used by other malware to hide their own actions. In other words, it doesn't just treat you like a criminal and prevent you from making use of the music you legally bought: it makes it easier for real criminals to do bad things on your computer. Thanks, Sony! Update: Ed Felten points out that Alex Halderman wrote the piece on Felten's site.
Reader Comments (rss)
(Flattened / Threaded)
organized crime?
sounds like the method used to keep people honest is being bastardized into some weird organized crime tool that makes honest people want to start obtaining their music from some free site somewhere instead of buying it.
Yeah, thanks Sony! If you can't beat 'em, alienate 'em!
Disclaimer: I'll, by God, copy any damn CD I buy, for my personal use, and NOBODY will stop me.
(reply to this comment) (link to this comment)
No Subject Given
F U Sony.
(reply to this comment) (link to this comment)
No Subject Given
Sony and Microsoft are nearly direct competitors now, because of their game consoles. If I was Microsoft, I would be very tempted to use this as a PR knock against Sony.
I'd love to see their next security patch include "securing your system against Sony rootkits." I bet the press would eat it up, as well.
(reply to this comment) (link to this comment)
Re: organized crime?
They'll pry my CD Ripper from my Cold. Dead. Hands!
(reply to this comment) (link to this comment)
Blu-Ray?
And to think, this is the company we are trusting to define the specs and DRM software for the soon to be standard Blu-Ray. Boy, I can't wait to go out and buy new, more expensive media that lets Sony screw me in more interesting and thourough ways.
(reply to this comment) (link to this comment)
author of the piece
Actually, Alex Halderman wrote the piece you linked to.
(reply to this comment) (link to this comment)
Sony....Microshaft....DRM...RootKits
Ya know. I might be foolish for thinking this, but last time I checked I thought if I bought something, I "OWNED" it. And isnt possesion a supposed 9/10's of the US Laws ? so lets see I buy cd...I copy cd...I get rootkitted...drmed....virtually attacked via hackers and face possible persecution because I did what I wanted to what I owned ? No wonder I mod Playstations and turn them into something usefull, no wonder I helped work on mod chips for the first phase of xboxes.....anyone for some K&Y ? Seriously...I am done moaning or even thinkin they did me wrong. It has become my mission to take the shaft back out of my @$$ and stick it where it truly belongs.
(reply to this comment) (link to this comment)
Re: Sony....Microshaft....DRM...RootKits
"COPYRIGHT" does not mean that the original creator (or in this case some record company) gets to own every copy of the work for the rest of eternity. "Intellectual property" is a bullshit term that only confuses the issue.
The original idea of copyright was that the original artist or creator had some (intentionally limited) control over who was allowed to copy and distribute it, and perhaps some control over 'public performance' so that they'd have an incentive to create and contribute more creative works.
But now it's gone completely insane!
This is not about fair use. Everything you do that doesn't involve redistribution or public performance has nothing at all to do with copyright and should be an _unregulated_ use.
Once you've sold it you don't own it anymore. Let it go!!
(reply to this comment) (link to this comment)
...
1) Enterprising hacker creates worm that takes advantage of said rootkit
2) Millions of dollars in lost money
3) Class action lawsuit
4) No more stupid shennigans by sony
(reply to this comment) (link to this comment)
Sony's rootkit use
There is a real quick way to deal with this problem. Don't buy their damn products. Vote with your wallet (and tell everyone you know to do the same). If it affects the bottom line, it will be removed. I've quit buying any music from the big labels as I am sick of their tactics.
(reply to this comment) (link to this comment)
Ironically
Copied CDs won't have this problem.
(reply to this comment) (link to this comment)
Sony rootkit: Not on Linux!
For kicks I bought a CD last night at Best Buy that was labeled with a "Copyright Protection" from Sony. I used an old junker PC that has RedHat Linux version 8 on it ans successfully ripped MP3s from every track. I then burned them to CD, moved them to my Windows XP PC, and they played just fine. Likewise I added them to my iTunes collection and synched them to my iPod--no problem. Perhaps I should share these MP3s out over Limewire just to spite Sony!
(reply to this comment) (link to this comment)
Re: Sony rootkit: Not on Linux!
This gives people more incentive to acquire music from the store (on physical CDs)? I think that if the common music purchaser was more aware of these tactics, he would resort to only acquiring music ONLINE - or any forum OTHER THAN from an "Original Compact Disc Source".
I personally don't see why BestBuy, Virgin, TowerRecords, Walmart...etc are not getting upset by Sony on these matters aswell. For this affects all of their direct music customers -- and for a $18.99+ sale of a CD that only cost them $3.99 to purchase from their vendor, that's a heck of a lot of money they could be loosing if mass consumers are aware of Sony's practices and become afraid to purchase CDs anymore.
(reply to this comment) (link to this comment)
Re: Ironically
That depends; the software on the CD allows you to make up to three copies, and there's a very good chance that these copies will also have the same rootkit on them.
Never mind turning off autorun. The only safe way to deal with this crap is not to buy it!!
(reply to this comment) (link to this comment)
Re: Sony rootkit: Not on Linux!
you are my hero!
(reply to this comment) (link to this comment)
RE::::
While I certainly don't agree with Sony, nor buy their CD products, it was mentioned that the install couldn't happen without administrator privileges. I'm guessing the cd will still play without the install occurring? One generally wise solution, if you have to use windows, is to create a separate user account without a lot of the admin functions, local group policy editing would help with this as well. Most of us, typically don't need that level in day-to-day surfing, etc.. Problem is that most home users don't know how to do that, or that they should.
(reply to this comment) (link to this comment)
Re: organized crime?
Just post a complaint:
http://cp.sonybmg.com/xcp/english/form11.html
(reply to this comment) (link to this comment)
No Subject Given
This is crap! Oh man am I EVER going to buy a 360! Does anybody know where I can find a class action lawsuit for this? Boy will I sign up!
(reply to this comment) (link to this comment)
Re: organized crime?
And here are the contact details for the people who wrote the rootkit for sony. Email, fax, and everything.
http://www.first4internet.co.uk/contact.aspx
Another good place to express your views!
(reply to this comment) (link to this comment)
You must ask for permission from Sony to remove it
This is unbelievable. You must go here http://cp.sonybmg.com/xcp/english/form14.html to ask PERMISSION for removal. Then you are e-mailed a link to download an Active X control of all things for this First 4 Internet Spyware company. Like I am really going to trust the rookit maker to give me an Active X control which also means you must use IE. Are the no depths at which Sony will not sink? My kid will not get a PSP or a PS3 or anything Sony in my house period! I hope you read this Sony as I will be distributing many of my family and friends un-DRM copies for Christmas. Good job Sony using a rootkit to turn an HONEST customer into a pirate.
(reply to this comment) (link to this comment)
Re: Sony rootkit: Not on Linux!
Yes. Yes you should.
(reply to this comment) (link to this comment)
Re: organized crime?
Yeah, well done sony I had just starting to buy music cd's again, I will NEVER buy sony music again and why should I if your gonna do this to the ppl who do play ball, fuk ya... off to buy more blanks.
(reply to this comment) (link to this comment)
Re: Sony's rootkit use
I'm an X-Ol' school DJ of @ 25 yrs. I promoted the Big Labels big time as I was one of Canada's
major citie's most popular DJ.
Actually, 3 major cities in Canada.
Because of their shenanigans, I have boycotted purchasing anymore CDs @ all. I own an extensive collection of vinyl 12" singles, compilations & LPs and have enough music on vinyl (as I've taken very good care of my vinyl & 90% look brand new!)
The last thing I bought from Sony was a 3 CD/CD-R/RW player "Bookshelf" system @ 3 years ago.
BOYCOTT! That's the only way it might get Sony's
attention. If there was a massive boycott.
Say a few million people stopped buying anything Sony for even a month, their sales & stocks would drop drastically. We have a voice. Let's use it for cryin' out loud!
(reply to this comment) (link to this comment)
No Subject Given
How long has sony been doing this? I may have already unwittingly done this. This sucks
(reply to this comment) (link to this comment)
Sony needs to stick those CD's......... In my hand
This stupid DRM protection is THE dumbest thing that I have ever heard. Oh wait, I have Mac OS X. :-) This OS has been on the net for about 3 years now with no firewall or spyware protection. Just a port logger to intercept internet trafffic. Not one single piece of spyware has enbeded itself into my system and I'll be damned if sony has any chance! I think I will shoplift a CD, Print out Highres CD cover images and use CD stomper to secure them to my blank CD. Then send my un-DRMed CD back to Sony just to see what they do.
Two words.
Fuck. Sony.
sorry two more.
And PS3
(reply to this comment) (link to this comment)
Add Your Comment