Yes, Again. Another Vulnerability In A Sony BMG Offering

from the make-it-stop dept

How much do you think Sony BMG dislikes Alex Halderman? Halderman, a graduate student working under Ed Felten at Princeton, became quite well known to the recording industry two years ago after publicizing how the copy protection scheme being used by what was then just BMG, supplied by SunnComm, could be defeated by holding down the shift key as you inserted the disc. This wasn’t a high tech solution. The software needed to run to be installed, and it would run automatically if you had autorun enabled, which most people do. Holding down the shift key just overrides autorun. Nothing special — but Halderman made sure that blocked the copy protection and (more importantly) got that information out. That eventually meant that SunnComm even thought about suing Halderman for publishing a way to circumvent copyright protection, in violation of the DMCA. After realizing how stupid this idea was, SunnComm backed down on the lawsuit threats, leaving Halderman and Felten (who has been threatened with plenty of lawsuits himself) to continue their work. And, in the last couple of weeks, the two of them have been pretty damn busy investigating the whole Sony rootkit thing. Their big find, earlier this week, was how the uninstaller for the rootkit opened up new security holes. The rootkit, though, comes from First4Internet, not SunnComm. Sony BMG still does use SunnComm’s copy protection on other CDs, and over the weekend Halderman pointed out why SunnComm’s technology might not be a rootkit, but certainly fit the definition of spyware. To make things even better, Halderman has just published another post noting that SunnComm’s uninstaller is just as bad as the XCP uninstaller for the rootkit. In other words, if you’ve used SunnComm’s uninstaller to get rid of their copy protection, you’ve left your computer incredibly vulnerable to malicious attacks. Yes, the saga continues…

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Yes, Again. Another Vulnerability In A Sony BMG Offering”

Subscribe: RSS Leave a comment
Y Pennog Coch (profile) says:

One good thing did arise from this mess...

>>> The saga continues
>>> Yes, Again.

Second all the above posts – ongoing coverage much appreciated. This is one of those stories where even the tiniest new detail changes who is vulnerable to what, and that makes every last bit important to know.

Meanwhile, some good news. Thanks to Mark Russinovich’s original post at, I now know what a filter driver is, how to find them on your PC and how to remove one safely (it wasn’t a Sony thing in my case, I think pxhelp20.sys came with WinAmp). My ancient CD-writer drive now burns CD’s again.

BTW, if you find pxhelp20.sys on your system, don’t just delete the file, your CD drive will probably become unusable in Windows.

Fundriving says:


The sad part of this story is us techies are all a flutter and in an uproar about this story, but sadly, I think the general public doesn’t have a clue.

I have talked to clerks at local retail stores and students on the college campus I work on and there is no idea about the seriousness of this transgression. No outrage, no…nothing. Out of six people I have talked with 5 didn’t even know about the story.

My point is. How do we really send a strong message to Sony and big companies if the majority of consumers stay oblivious?

Anonymous Coward says:

No Subject Given

Mike, do you or any of your readers know of a site that has a comprehensive list of CD copy-protection-related malware? I know all eyes are on Sony right now, but I doubt they are the only company that First4Internet deals with. I would bet that all the other major labels include similar software… in which case, they ought to get a share of the scorn. There’s plenty to go around.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...