Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Sony BMG's Copy-Protecting Watchdog

  • Please log in to reply




  • Retired Staff
  • 11,413 posts
Sony BMG's Copy-Protecting Watchdog

By David Pogue
New York Times
November 10, 2005

My In box usually bursts to the seams with reader reaction to stuff I've written. What was unusual this week, though, was the amount of mail that came in on a topic that I've never even mentioned: the Sony BMG rootkit tactic.

The story goes like this. Starting in June 2004, Sony BMG records began copy-protecting its pop-music CD's. Over the months, the company has used several software schemes for preventing you, the customer, from making illegal copies of its discs. But 20 albums are protected by a scheme devised by a company called First 4 Internet-and it's caused an incredible online furor.

These CD's, all bearing "Content Protected" labels on the packaging (meaning "copy protected"), do something very sneaky if you try to play them on a Windows PC: they install a proprietary watchdog program that prevents you from copying the CD more than twice. (On a Macintosh or Linux machine, these CD's play just fine, without any copy protection.)

Last week, a programmer and blogger named Mark Russinovich dug a little deeper, and found out something disturbing: the Sony watchdog program not only installs itself deep in the core of Windows-it's what's called a rootkit-but it also makes itself invisible.

The record company doesn't dispute Russinovich's findings. "The cloaking is an additional level of protection to hide the protection files themselves," Mathew Gilliat-Smith, CEO of First 4 Internet, told me. "It's an extra speedbump to make it that much more difficult [for prospective music pirates] to circumvent the protection." But Sony BMG didn't seem to be prepared for the outcry from privacy advocates and ordinary citizens who felt violated.

To them, Sony BMG's tactic was dangerous, sneaky, intrusive and maybe even illegal. Some of the problems:

* The hidden-rootkit trick has been used by virus writers to conceal their tracks. It doesn't give you such a rosy feeling to know that Sony BMG is treating you the same way.

* Once hidden, the copy-protection software is invisible to antivirus programs, too. So the baddies of the Internet could, in theory, use Sony's software as a backdoor to infect your machine, and your virus checker would miss it.

* If you try to remove the software manually, you risk disabling your CD player completely. (Instead you should use the Uninstall link on Sony BMG's customer-service Web site, whose link appears on the Help screens of Windows Media Player. Of course, then you can't play the CD on your computer.)

* When you insert one of these music discs into your PC, one of those software license agreements appears. It says explicitly what's about to occur: "This CD will automatically install a small proprietary software onto your computer. The software is intended to protect the audio files on this CD. It will reside on your computer until it is removed or deleted."

But this note does not say that the software hides itself. And, even more damning, you don't see this note until you've scrolled down to the third page of legalese in the license agreement. Let's not kid ourselves: NOBODY ever reads those license agreements. They're too long, too opaquely written and generally of little use to anyone except the lawyers.

* Sony's copy-protection software prevents you from playing the music you've bought on your iPod, which happens to be the world's most popular music player.

Once the true nature of the Sony BMG software tactic became public, the company wasted no time in attempting to defuse the issue. Within 48 hours, it released a patch that makes its software visible again; you can download it from http://cp.sonybmg.com/xcp. (Click the Software Updates button.) Sony also provided the rootkit-cloaking information to antivirus-software companies, so that the software will no longer be a potential virus magnet.

At that same Web site, you'll find, incredibly, a link to a Sony-sanctioned workaround that lets you copy the protected songs to the iPod. (Sony says it will send you the workaround by e-mail once you supply the name of the CD and other information.)

Finally, Sony has abandoned the rootkit protection method. (It says, in fact, that it had planned to do so even before the trick became public.) It still intends to install copy-protection software on every audio CD-but it will use other methods.

For now, then, it seems that the cloaked-rootkit issue is dead. If you bought one of the 20 affected CD's, you can uncloak the software, and Sony won't be using this scheme anymore.

My take? Audio CD's that install software onto your PC are just creepy. I believe that distributing copies of a CD to the Internet at large is wrong, so I understand the record companies' concern. But installing secret, self-masking code onto customers' computers seems just as wrong.

It's an "any means necessary" approach to the problem, like dealing drugs to raise money for charity.

Personally, I can't understand why any music fan would buy one of these discs. If you really want a song from Sony BMG, why not just buy it from one of the online music stores and avoid the whole issue? Sony BMG would soon get the message that customers don't like being treated like criminals.

I was also surprised at how dismissive Sony BMG and First 4 Internet seem to be. "It's a tempest in a teapot," Mr. Gilliat-Smith says. "It's benign content protection. It's not malware, it's not spyware-it's innocent.

Consumers, for eight months, have been using these discs with positive feedback. When the issue arose, we addressed it very quickly."

I wondered if he could even understand why consumers might feel a bit violated. I pointed out that the usual damage-control plan for public-relations disasters (see also Tylenol; Perrier; Pentium bug) is not to haughtily dismiss customer fears, but to apologize profusely.

But the closest thing Mr. Gilliat-Smith would say is, "We understand what the concern was, but there was no intent. We reacted as quickly as we could, took responsive issues. And now, hopefully, we move on."
  • 0


Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
We've been analysing the backdoor program which uses the Sony rootkit technology.
Trend Micro has told us that the backdoor was mass mailed using spamming technologies. The message sent was as follows:

  • 0

Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Sony sued over copy-protected CDs

A CD by Celine Dion is protected with the anti-piracy system
Sony BMG is facing three lawsuits over its controversial anti-piracy software.

  • 0

Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
WASHINGTON - Stung by continuing criticism, the world's second-largest music label, Sony BMG Music Entertainment, promised Friday to temporarily suspend making music CDs with antipiracy technology that can leave computers vulnerable to hackers.


WASHINGTON - Stung by continuing criticism, the world's second-largest music label, Sony BMG Music Entertainment, promised Friday to temporarily suspend making music CDs with antipiracy technology that can leave computers vulnerable to hackers.

Sony defended its right to prevent customers from illegally copying music but said it will halt manufacturing CDs with the "XCP" technology as a precautionary measure. "We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said in a statement.

The antipiracy technology, which works only on Windows computers, prevents customers from making more than a few copies of the CD and prevents them from loading the CD's songs onto Apple Computer's popular iPod portable music players. Some other music players, which recognize Microsoft's proprietary music format, would work.

Sony's announcement came one day after leading security companies disclosed that hackers were distributing malicious programs over the Internet that exploited the antipiracy technology's ability to avoid detection. Hackers discovered they can effectively render their programs invisible by using names for computer files similar to ones cloaked by the Sony technology.

A senior Homeland Security official cautioned entertainment companies against discouraging piracy in ways that also make computers vulnerable. Stewart Baker, assistant secretary for policy at DHS, did not cite Sony by name in his remarks Thursday but described industry efforts to install hidden files on consumers' computers.

"It's very important to remember that it's your intellectual property, it's not your computer," Baker said at a trade conference on piracy. "And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."

Sony's program is included on about 20 popular music titles, including releases by Van Zant and The Bad Plus.

"This is a step they should have taken immediately," said Mark Russinovich, chief software architect at Winternals Software who discovered the hidden copy-protection technology Oct. 31 and posted his findings on his Web log. He said Sony did not admit any wrongdoing, nor did it promise not to use similar techniques in the future.

Security researchers have described Sony's technology as "spyware," saying it is difficult to remove, transmits without warning details about what music is playing, and that Sony's notice to consumers about the technology was inadequate. Sony executives have rejected the description of their technology as spyware.

Some leading antivirus companies updated their protective software this week to detect Sony's antipiracy program, disable it and prevent it from reinstalling.

After Russinovich criticized Sony, it made available a software patch that removed the technology's ability to avoid detection. It also made more broadly available its instructions on how to remove the software permanently. Customers who remove the software are unable to listen to the music CD on their computer.
  • 0



    Member 3k

  • Member
  • PipPipPipPipPipPip
  • 3,046 posts
Sony rootkit signatures now available
We have analyzed several versions of the rootkit that have been shipped as part of Sony’s XCP software.
We are calling the family WinNT/F4IRootkit. We chose the name based on the company that authored this component. We have added detection and removal for those versions via the online scanner at the Windows Live Safety Center. To quickly scan and remove those versions of the rootkit from your computer, you can select the "Full Service Scan" followed by the "Quick scan" option.

The Windows AntiSpyware Beta will be able to detect and remove this as well with the 11/17/05 signature release. Detection and removal will also be added to the December release of the Malicious Software Removal Tool which will be released the second Tuesday of December.

We also wanted to take a moment to confirm that we are not removing or disabling Sony’s XCP software. We are only removing the rootkit component published by First 4 Internet which is included as part of Sony’s XCP software. We will continue to monitor the situation and react as conditions change

MS Anti-Malware Engineering Team»
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP