Yes, Again. Another Vulnerability In A Sony BMG Offering

from the make-it-stop dept

How much do you think Sony BMG dislikes Alex Halderman? Halderman, a graduate student working under Ed Felten at Princeton, became quite well known to the recording industry two years ago after publicizing how the copy protection scheme being used by what was then just BMG, supplied by SunnComm, could be defeated by holding down the shift key as you inserted the disc. This wasn't a high tech solution. The software needed to run to be installed, and it would run automatically if you had autorun enabled, which most people do. Holding down the shift key just overrides autorun. Nothing special -- but Halderman made sure that blocked the copy protection and (more importantly) got that information out. That eventually meant that SunnComm even thought about suing Halderman for publishing a way to circumvent copyright protection, in violation of the DMCA. After realizing how stupid this idea was, SunnComm backed down on the lawsuit threats, leaving Halderman and Felten (who has been threatened with plenty of lawsuits himself) to continue their work. And, in the last couple of weeks, the two of them have been pretty damn busy investigating the whole Sony rootkit thing. Their big find, earlier this week, was how the uninstaller for the rootkit opened up new security holes. The rootkit, though, comes from First4Internet, not SunnComm. Sony BMG still does use SunnComm's copy protection on other CDs, and over the weekend Halderman pointed out why SunnComm's technology might not be a rootkit, but certainly fit the definition of spyware. To make things even better, Halderman has just published another post noting that SunnComm's uninstaller is just as bad as the XCP uninstaller for the rootkit. In other words, if you've used SunnComm's uninstaller to get rid of their copy protection, you've left your computer incredibly vulnerable to malicious attacks. Yes, the saga continues...

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    Steve, 17 Nov 2005 @ 6:02pm


    Hi Mike,
    Your columns are great, thanks!

    reply to this | link to this | view in chronology ]

  • identicon
    arcfixer, 17 Nov 2005 @ 6:40pm

    No Subject Given

    Agreed. Keep it coming.
    (Next to last sentence: "incredibly" for "incredible"?)

    reply to this | link to this | view in chronology ]

  • identicon
    Y Pennog Coch, 18 Nov 2005 @ 5:53am

    One good thing did arise from this mess...

    >>> The saga continues
    >>> Yes, Again.

    Second all the above posts - ongoing coverage much appreciated. This is one of those stories where even the tiniest new detail changes who is vulnerable to what, and that makes every last bit important to know.

    Meanwhile, some good news. Thanks to Mark Russinovich's original post at, I now know what a filter driver is, how to find them on your PC and how to remove one safely (it wasn't a Sony thing in my case, I think pxhelp20.sys came with WinAmp). My ancient CD-writer drive now burns CD's again.

    BTW, if you find pxhelp20.sys on your system, don't just delete the file, your CD drive will probably become unusable in Windows.

    reply to this | link to this | view in chronology ]

  • identicon
    Fundriving, 18 Nov 2005 @ 8:14am


    The sad part of this story is us techies are all a flutter and in an uproar about this story, but sadly, I think the general public doesn't have a clue.

    I have talked to clerks at local retail stores and students on the college campus I work on and there is no idea about the seriousness of this transgression. No outrage, no...nothing. Out of six people I have talked with 5 didn't even know about the story.

    My point is. How do we really send a strong message to Sony and big companies if the majority of consumers stay oblivious?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Nov 2005 @ 8:50am

    No Subject Given

    Mike, do you or any of your readers know of a site that has a comprehensive list of CD copy-protection-related malware? I know all eyes are on Sony right now, but I doubt they are the only company that First4Internet deals with. I would bet that all the other major labels include similar software... in which case, they ought to get a share of the scorn. There's plenty to go around.

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.