Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sony DRM Installs a Rootkit?

ScuttleMonkey posted more than 8 years ago | from the slice-of-privacy-pie dept.

Security 801

An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.

cancel ×

801 comments

Sorry! There are no comments related to the filter you selected.

My question: (4, Interesting)

conJunk (779958) | more than 8 years ago | (#13919067)

Now is that *sony's* rootkit, or a soon-to-be-former-sony-employer's rootkit?

Re:My question: (4, Interesting)

ryanr (30917) | more than 8 years ago | (#13919136)

If you read the article, there's a strong implication that this is a purchased commercial rootkit. Presumably, Sony very deliberately licensed and distributed it.

Mark didn't get into a lot of detail about all of the functions, but he didn't mention any backdoors or phone home functionality.

Re:My question: (4, Interesting)

networkBoy (774728) | more than 8 years ago | (#13919153)

Honestly, I see this as a real exposure to a lawsuit. If I accidently install this rootkit on my system, then try to remove it (seeing as it looks like a genuine security breach) and then disable my computer, thus having to bring it in for service what then?. If a malware company uses the rootkits ability to hide $sys$ prefixed files and uses that to steal my identity, costing me thousands of dollars and hundreds of hours of time to get my identity back, can I sue?

-nB

Re:My question: (1)

interiot (50685) | more than 8 years ago | (#13919188)

No, the rootkit wasn't necessarily intentionally purchased by Sony. Re-read the article. Google for first 4 internet. Find this site [first4internet.co.uk] . Notice they sell DRM. Thanks for playing.

Re:My question: (2, Insightful)

networkBoy (774728) | more than 8 years ago | (#13919210)

I don't understand what you mean. Do you mean that Sony did not understand that this DRM was a rootkit? or that the DRM is not a rootkit?
AFAIK this is a rootkit in more ways than one.
-nB

Re:My question: (1)

ryanr (30917) | more than 8 years ago | (#13919216)

Uh... the point of the original article is that Sony is shipping DRM in the form of a rootkit on their CDs. The rootkit appears to have been licensed from the company you link to. I'm not sure what point you were trying to make. You appear to be agreeing with me that they are the likely sellers of said rootkit.

Re:My question: (2, Insightful)

interiot (50685) | more than 8 years ago | (#13919269)

there's a strong implication that this is a purchased commercial rootkit. Sony very deliberately licensed and distributed it.

It's obvious that a rootkit exists on the CD. It's quite likely that Sony purchased the DRM from First4Internet. It's not obvious that Sony asked First4Internet to include a rootkit in the product that was delivered to Sony.

Re:My question: (5, Informative)

interiot (50685) | more than 8 years ago | (#13919167)

The rootkit is by First 4 Internet [first4internet.co.uk] . It's possible that Sony simply purchased this DRM from this outside company, not realizing that the DRM contained a rootkit.

Still, one would hope that Sony would only choose reputable suppliers, ones who wouldn't allow a virus/trojan to be distributed intentially or even through neglect.

In democratic america... (5, Insightful)

Anonymous Coward | more than 8 years ago | (#13919071)

corporations exploit YOU!

hrm, so much for humor. I don't find it funny at all :/

Re:In democratic america... (5, Insightful)

conJunk (779958) | more than 8 years ago | (#13919126)

damn... you know it's getting scary when the soviet russia joke is not only unfunny, but frightening....

i don my tinfoil hat and robe...

Re:In democratic america... (0)

Anonymous Coward | more than 8 years ago | (#13919173)

i don my tinfoil hat and robe...

HARRRRRRRRRRR!!!

Re:In democratic america... (4, Funny)

nmb3000 (741169) | more than 8 years ago | (#13919249)

i don my tinfoil hat and robe...

Wow, a tinfoil hat and robe! When do the pants and underwear come in? :)

However when you said "hat and robe", my first thought was of Bloodninja's cyber adventures [albinoblacksheep.com] .

Re:In democratic america... (4, Interesting)

caluml (551744) | more than 8 years ago | (#13919275)

Or as Osama says: "I'm free - what about you?"

irony? (0)

Anonymous Coward | more than 8 years ago | (#13919237)

It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!)

I wouldn't call it irony... more like truth in advertising, really.

as if (5, Insightful)

scenestar (828656) | more than 8 years ago | (#13919074)

DRM wasn't intrusive in the first place.

Unsafe software (0)

Anonymous Coward | more than 8 years ago | (#13919081)

Crap, and now we can get viruses from our CD's, too.

and now with no liability (3, Interesting)

jeremy111 (95134) | more than 8 years ago | (#13919089)

And let me guess, it offers you an EULA and exempts Sony from any liability for damages caused by this thing?

Re:and now with no liability (5, Informative)

redshadow01 (113325) | more than 8 years ago | (#13919128)

RTFA, the EULA does not mention this at all...the writer of the article made a specific point with respect to this.

Re:and now with no liability (1)

einhverfr (238914) | more than 8 years ago | (#13919243)

IANAL....

Does this mean that we can sue Sony for computer tresspass?

What is the difference between this and any other back door used for unauthorized access?

See that thing swirling in the toilet? (1)

Asshat Canada (804093) | more than 8 years ago | (#13919091)

Is that VanZant's career prospects?

Nice move Sony (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13919092)

How will Sony's cult followers react when they discover that Sony wants to make it nearly impossible to disturb its lackluster, sappy gravy train? Is it a professional simpleton or merely a well-meaning amateur? And where do disorderly hostes generis humani like it come from, and what are we going to do with them? This letter is not the place to explore the answers to those questions. Its purpose is instead to make a cause célèbre out of exposing Sony's monographs for what they really are. Here's my side of the story: Relative to just a few years ago, craven yokels are nearly ten times as likely to believe that black is white and night is day. This is neither a coincidence nor simply a sign of the times. Rather, it reflects a sophisticated, psychological warfare program designed by Sony to suck up to acrimonious despots. While criticizing its opponents for enforcing an overweening orthodoxy, Sony itself is trying to enforce a particular orthodoxy -- the orthodoxy of scary, nettlesome expansionism.

I must ask that Sony's faithfuls address the continued social injustice shown by incorrigible derelicts. I know they'll never do that, so here's an alternate proposal: They should, at the very least, back off and quit trying to blame those who have no power to change the current direction of events. What we have been imparting to Sony -- or what it has been eliciting from us -- is a half-submerged, barely intended logic, contaminated by wishes and tendencies we prefer not to acknowledge. Sony's pals say, "Censorship could benefit us." Yes, I'm afraid they really do talk like that. It's the only way for them to conceal that I am not concerned with rumors or hearsay about Sony. I am interested only in ascertained facts attested by published documents, and in these primarily as an illustration that Sony says that it needs a little more time to clean up its act. As far as I'm concerned, Sony's time has run out. Even if we accepted Sony's ethics, so what? Does that mean that it has the authority to issue licenses for practicing recidivism? Of course not.

Even if I agreed that Sony's sinful practices were of paramount importance, it would still be the case that even when Sony isn't lying, it's using facts, emphasizing facts, bearing down on facts, sliding off facts, quietly ignoring facts, and, above all, interpreting facts in a way that will enable it to talk about you and me in terms which are not fit to be repeated. It is becoming increasingly obvious to many people that Sony is trying to subject human beings to indignities. Their mission? To treat anyone who doesn't agree with it to a torrent of vitriol and vilification. The union of theory and practice, in Sony's hands, becomes a union of pomposity and hooliganism. Never forget that and never let Sony convince others that humorless patronizing-types are the "chosen people" of scriptural prophecy.

Anti-spyware Bill (5, Insightful)

AKAImBatman (238306) | more than 8 years ago | (#13919094)

We *really* need to get a anti-spyware bill on the books. Something along the lines of, "It shall be a criminal offsense to install non-application software on any computer when the user has not been reasonably notified in advance and/or agreed to have the modifications made. This bill will be reevaluated for its effect in three years."

Anything running in the background, rootkits, and other forms of spyware (which generally rely on the user not knowing they're there) would immediately become illegal.

Re:Anti-spyware Bill (1)

conJunk (779958) | more than 8 years ago | (#13919151)

It shall be a criminal offsense to install non-application software on any computer when the user has not been reasonably notified in advance and/or agreed to have the modifications made

i'm 100% with you, but what happens when the lawyers get their teeth into it? shall we define "non-application software"? what constituteds "agreed to"?

you and i can act like we know what that means, but we aren't lawyers... somehow (unless its brilliantly done) i can imagine certain big scary companies using charges under this hypothetical spyware act to intimidate competition

Re:Anti-spyware Bill (4, Insightful)

AKAImBatman (238306) | more than 8 years ago | (#13919184)

shall we define "non-application software"?

The bill would actually need a definition of "application software" so that anything that doesn't meet that definition would be automatically covered. e.g. "Application Software refers to a self-contained program that is installed on the consumer's computer. To be considered self-contained, it must not modify the operating system to execute any software at any time other than when the user runs the software in question."

what constituteds "agreed to"?

The courts do. Considering the difficulties they've been giving to the click-through licensers, I'm perfectly okay with that.

Re:Anti-spyware Bill (0)

Anonymous Coward | more than 8 years ago | (#13919160)

yeah but in what nation?
how would the government of england enforce a law like this against a korean software firm rooting a guy's computer in the united states?

-GenTimJS

Re:Anti-spyware Bill (1)

emarkp (67813) | more than 8 years ago | (#13919175)

We do. Or at least Washington state [informationweek.com] does.

Quick! If you live in WA:

1. Buy spyware CD
2. Sue Sony Corp. for $100,000
3. Profit!

Re:Anti-spyware Bill (0)

Anonymous Coward | more than 8 years ago | (#13919197)

What about printer drivers, scanner control panels, sound panel replacements, stuff that makes the media keys work? The list could go on and on.

What is really needed is something that makes intent part of the law. I'm sure someone here who IAL can provide more details about this concept.

Re:Anti-spyware Bill (1)

Mephiska (49638) | more than 8 years ago | (#13919224)

You know they'd just hide the consent for that in the EULA, which hardly anyone reads anyway.

Re:Anti-spyware Bill (4, Interesting)

AKAImBatman (238306) | more than 8 years ago | (#13919261)

That's where the "reasonably notified" comes in. The courts haven't been too happy about EULAs as they are. If you try to slide things past the consumer, the courts will find that the contract was misrepresented and hold the company accountable.

Re:Anti-spyware Bill (0)

Anonymous Coward | more than 8 years ago | (#13919267)

We already HAVE laws on the books that make this illegal.
Stop creating new laws for actions that are already covered! Seriously you idiots, cut it out.
If I stuck a phaser in your face and demanded your wallet would that not be covered by exisitng armed assault and robbery laws? Of course it would be covered.
Amazon is nothing more than a MAIL ORDER CATALOG, it doesn't matter that it has a web interface.
Spyware is malfeasant intrusion, it doesn't matter that it's a video game and not a home security system.
Spam is trespass and harassment, it doesn't matter that it is delivered using SMTP.

I understand that computer professionals are some of the most silly, blinkered fools on the planet, but even they should be able to understand these ridiculously simple principles. Please stop this idiotic insanity.

Re:Anti-spyware Bill (1)

jrockway (229604) | more than 8 years ago | (#13919282)

> anything running in the background

Like Apache or cron?

What is it exactly? (1)

realbadjuju (870896) | more than 8 years ago | (#13919100)

I RTFA (submitted it too, not fast enough) and honestly it goes way over my head. Is it actually a root kit, ie can Sony or Sony's adgents (in a legal sense, not a black helicopters sense) push arbitrary code onto the machine and have it executed?

Re:What is it exactly? (1)

networkBoy (774728) | more than 8 years ago | (#13919185)

If it walks like a duck, talks like a duck, and looks like a duck, then it is a duck.

How's that for an answer? Any security pro I know would call this a rootkit.
-nB

Better than that (0)

Anonymous Coward | more than 8 years ago | (#13919283)

If it walks like a duck, talks like a duck, and looks like a duck, then it is a duck.

Whoa! What you actually have there is a talking duck. Start negotiating the TV show and merchandising options immediately!

Re:What is it exactly? (4, Informative)

RingDev (879105) | more than 8 years ago | (#13919206)

Being a root kit just means that the program works at the OS level, USUALLY in such a way that the end user will not notice it, nor will virus detectors flag it. It changes something about "Windows" as opposed to adding something to it. (over simplified)

The arbitrary code in this case is installed when you hit 'OK'.

-Rick

Re:What is it exactly? (5, Informative)

abscondment (672321) | more than 8 years ago | (#13919218)

You're confusing the terms "rootkit" and "trojan"/"backdoor".

A trojan in its strictest sense tricks a user into executing one set of code when they think they're executing another. A backdoor simply allows remote execution of arbitrary code.

A rootkit is usually the set of tools that an attacker deploys on a compromised system. "rootkits" in the terms of this article are programs that trick your kernel into doing things it shouldn't do. This could include a trojan or a backdoor, but not necessarily.

Sony's program is a rootkit because it runs without authorization from the CD and alters the Windows API in order to disguise itself. As far as the article indicates, it doesn't include the ability for Sony to execute code on your machine. It's still dirty and sinister, if you ask me. It also allows any other malicious attackers to conceal anything they plant on your machine - simply by prefixing any file name with $sys$ - that's not cool!

I love it. (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13919102)

I don't give to shits about DRM and I love it when you fags get rooted it by it. Just like another unwanted dick in your asshole.

RootKits coming out in bundles? (5, Interesting)

cwtrex (912286) | more than 8 years ago | (#13919107)

I'm downloading RootkitRevealer now. I wonder how long it is going to take for Norton and McAfee to upgrade their Rootkit detection abilities? Next years anti-virus release? The last rootkit that Norton found on a computer at work was well spread and had been out for 6 months. It still was unable to remove/fix the infection. :(

OS's fault (3, Interesting)

aachrisg (899192) | more than 8 years ago | (#13919110)

Microsfot needs to make it completely impossible for any software to do something like this unless the user runs in some special maintenance mode or logs in as some special account. They can make an exception for windows updates which are signed by them.

Re:OS's fault (4, Insightful)

redshadow01 (113325) | more than 8 years ago | (#13919176)

Yeah, that's called "Trusted Computing"...where Microsloth decides what you can and can't run...

Re:OS's fault (5, Informative)

speeDDemon (nw) (643987) | more than 8 years ago | (#13919262)

Trusted Computing...

I think this lil video on Trusted Computing [lafkon.net] is perfect at explaining trusted computing.

I leave it running on the computers on display in my store. Hopeing that I can educate enough people in my small section of the world about the follies they are about to embark on.

Re:OS's fault (2, Informative)

LLuthor (909583) | more than 8 years ago | (#13919187)

These kind of changes can only be made with changes to the driver model.

They can't make it impossible to do this kind of thing on 32-bit versions of Windows (without breaking A LOT of drivers and programs), but on all 64-bit Windows versions this is already impossible.

Re:OS's fault (1)

Trillan (597339) | more than 8 years ago | (#13919238)

It could be done without breaking many programs by having certain APIs invoke a privlege escalation warning; a lot like XP's firewall.

Re:OS's fault (0, Flamebait)

kerohazel (913211) | more than 8 years ago | (#13919234)

Some special account... like, the Administrator account, which almost all Windows users I know log in as all the time?

Rootkits exploit weaknesses in an OS. Of course the company that made said OS would be wise to get rid of those holes. But you can't blame everything on the OS. If I make software that crashes every 15 seconds, it might not be Windows, it might be that I just can't code for crap. If I'm Sony and I make software that has a rootkit hidden in it, it might just be that I'm at fault for being negligent.

Re:OS's fault (1)

EmperorKagato (689705) | more than 8 years ago | (#13919241)

Which could also mean that Sony could go to Microsoft and ask this feature to be installed with a Windows Update.

Since when did you like Trusted Computing ? (0)

Anonymous Coward | more than 8 years ago | (#13919281)

You just described Palladium .. more-or-less

Re:OS's fault (3, Informative)

dtfinch (661405) | more than 8 years ago | (#13919288)

They at least ought to turn off the seriously insecure by design autorun feature by default.

Didn't Notice? (4, Funny)

KidHash (766864) | more than 8 years ago | (#13919111)

Not that this makes it better in any way, but I liked how he said

I hadn't noticed when I purchased the CD from Amazon.com that it's protected with DRM software, but if I had looked more closely at the text on the Amazon.com web page I would have known

followed by a picture of the amazon web page in question with [CONTENT/COPY-PROTECTED CD] clearly visible in massive letters.

What part of protected == rootkit? (2, Insightful)

Anonymous Coward | more than 8 years ago | (#13919205)

There's a slight difference between a copy restricted CD and an "install a rootkit on your computer" CD, though...

Re:Didn't Notice? (1)

Captain Chaos (13688) | more than 8 years ago | (#13919211)

Does anyone know how reliable Amazon's notice is? I bought my first CD in years (The Legend of Johnny Cash) and it is still sealed because I want to make sure there is no protection. Even if I would only listen to the actual CD and never make a backup I don't plan on supporting that type of behaviour. The RIAA members have really hurt themselves with this type of behaviour. Years ago I averaged at least one CD purchase a week, now they are lucky if I buy one a year and that has been to give as gifts only. The lack of good new music doesn't help, but there are old releases I wouldn't mind buying if they'd stop treating customers like criminals.

Re:Didn't Notice? (0)

Anonymous Coward | more than 8 years ago | (#13919302)

bought my first CD in years (The Legend of Johnny Cash) and it is still sealed because I want to make sure there is no protection.

hold down the fucking shift key, Einstein. Getting around DRM is mindnumbingly easy.

Re:Didn't Notice? (1)

vettemph (540399) | more than 8 years ago | (#13919292)

>followed by a picture of the amazon web page in question with [CONTENT/COPY-PROTECTED CD] clearly visible in massive letters.

You can still blame Amazon. There is a huge difference between CONTENT/COPY-PROTECTED CD and CRIPPLES YOUR PC WITHOUT CLEAR PERMISSION. Of course you would buy niether given the "choice".

Sony means to degrade society (0, Flamebait)

Anonymous Coward | more than 8 years ago | (#13919112)

This is why I hate Hip Hop and Rap. Sony and Hiphop and Rap are rootkits on the good parts of humanity.

Re:Sony means to degrade society (1)

Heem (448667) | more than 8 years ago | (#13919239)

the album in question is a country album. almost the exact opposite of rap.

Re:Sony means to degrade society (1)

pinkfalcon (215531) | more than 8 years ago | (#13919305)

I suppose I could look this up if I wasn't so lazy, but isn't Van Zant from Lynard Skynard? Not exactly country and definately not Rap or Hip Hop.

Is the EULA valid? (4, Insightful)

nweaver (113078) | more than 8 years ago | (#13919115)

Since spyware WITH a proper EULA has been held to be in violation by the FTC, and since this EULA [sysinternals.com] doesn't really mention the rootkit's difficulty of removal, this might be litigatable.

Of course, Mark Russinovich did (inadvertantly) dissasemble content protected by the EULA.

Re:Is the EULA valid? (2, Insightful)

Billly Gates (198444) | more than 8 years ago | (#13919204)

Worse it should not be legal in the first place for such an extreme eula. Many spyware programs from 180networks already do not have an euala and just come bundled.

If we had an eula where the user agreed to be held as a slave would that be legal too? I think not.

Re:Is the EULA valid? (1)

Phat_Tony (661117) | more than 8 years ago | (#13919242)

Even if you can't win a case directly regarding the rootkit, I would sure hope [IANAL] you'd have a good case if exploits come out and damage occurs. If you try to play an ordinary disc in your computer and end up with a sneaky backdoor for hackers that was covertly and intentionally installed by Sony, then, say, lose thousands of dollars worth of software and information, I'd sure hope Sony would be found at least partially liable for that. If it's a widespread exploit, then perhaps a class-action lawsuit?

I hope some company takes sony to court (0)

Anonymous Coward | more than 8 years ago | (#13919118)

NT

Sony has gone too far... (4, Insightful)

chrispyman (710460) | more than 8 years ago | (#13919140)

It's one thing to copy protect your CDs to make it difficult to rip but it's another thing to install a rootkit that is by definition difficult to remove. Who'se going to clean up this mess when a Microsoft patch or SP comes around and breaks any computer with this installed?

Thanks (4, Interesting)

BCW2 (168187) | more than 8 years ago | (#13919144)

I am very glad to hear about this. That CD WAS on my birthday list for next week.

Sony just lost a sale, end of story.

Re:Thanks (5, Insightful)

Flower (31351) | more than 8 years ago | (#13919279)

Don't tell Sony. Tell the Brothers that they lost a sale. Let them know that the product they worked so hard on now has poorly written software on it that could damage your computer. And through you want their music you can't buy it and you're going to tell your friends not to risk buying this CD.

But... (1, Insightful)

bhirsch (785803) | more than 8 years ago | (#13919145)

Do people actually install the crap that comes with audio CDs?

Re:But... (2, Informative)

kuzb (724081) | more than 8 years ago | (#13919169)

Often times you're not presented with a choice. The first time you insert a CD, it will autoplay - this is when this crap makes it in. I know you can shut that feature off, but most people either don't knwo how, or won't.

Re:But... (1)

bhirsch (785803) | more than 8 years ago | (#13919203)

I guess I am just a relic with a normal CD player. Though I want to say that the last Windows computer I setup had autoplay disabled. I'm not sure if it was done after the initial OS install or a Windows update.

Re:But... (1)

Namronorman (901664) | more than 8 years ago | (#13919209)

Yes, some people DO install the stuff that comes with their CD's, because sometimes that "crap" gives them the ability to rip so many licensed copies of the song to share with friends.

For example, a friend of mine wanted to share a few Velvet Revolver songs with me so she used the built in feature to rip them to a phone home .wma, which of course I couldn't use...

Re:But... (0)

Anonymous Coward | more than 8 years ago | (#13919246)

which of course I couldn't use...

You're better off.

Re:But... (4, Informative)

WWWWolf (2428) | more than 8 years ago | (#13919296)

Yes, some people DO install the stuff that comes with their CD's, because sometimes that "crap" gives them the ability to rip so many licensed copies of the song to share with friends.

After being presented with a sell-your-babies-to-the-almighty-record-label EULA, and before shoving awfully encoded WMA format files down their throats.

Hint #1: There's no "copy protection" on CDs. For most parts, it's misshapen multi-session CDs. cdrdao read-cd --session 1 ... Hint #2: If you're encoding the files to MP3, Vorbis or, good heavens, WMA, digital rips are wayyyy overrated and plain old CD player, analog RCA-to-RCA cable and an audio recorder app can do really wonders. =)

Re:But... (1)

chill (34294) | more than 8 years ago | (#13919226)

From the article...

"The DRM reference made me recall having purchased a CD recently that can only be played using the media player that ships on the CD itself and that limits you to at most 3 copies."

Why anyone would purchase a CD under those terms to begin with, is beyond me.

Do formats like this not violate the Red Book standard and thus forfeit their right to be called "CD Audio"?

  -Charles

Hmm (0)

Anonymous Coward | more than 8 years ago | (#13919146)

Let me guess, this root kit installs itself and is designed to be completely hidden, too?

Re:Hmm (4, Insightful)

redshadow01 (113325) | more than 8 years ago | (#13919202)

To make matters worse, not only is everything hidden, but you can't just delete the files and reg keys or you'll cripple your system...the author of the article is a developer and he spend a lot of time just getting rid of the damned thing...I know I couldn't do it

Re:Hmm (2)

networkBoy (774728) | more than 8 years ago | (#13919266)

"the author of the article is a developer and he spend a lot of time just getting rid of the damned thing...I know I couldn't do it"

But thanks to his hard work, now we can! I for one love this guy.
Now I have another reason to dump Windows, this rootkit won't run on Linux or Mac.
-nB

Class Action Lawsuit? (2, Interesting)

eyebits (649032) | more than 8 years ago | (#13919154)

Sounds like an opportunity for a class action lawsuit. Everyone who played the CD on their windows system would be eligible. ...good opportunity for a group of lawyers to get rich. (The members of the action never do.)

I never buy this crap (1)

Arker (91948) | more than 8 years ago | (#13919159)

But I know a lot of people here do. Please, every one of you that have bought faux-CDs with this junk on them, get together, find some lawyers, sue the bloody bejesus out of Sony, ok?

Could be . . . (1)

crimguy (563504) | more than 8 years ago | (#13919161)

a DMCA violation to put that thingie in there.

Re:Could be . . . (0)

Anonymous Coward | more than 8 years ago | (#13919201)

Nope, it's more likely a violation of the DCMA to try to evade it.

Re:Could be . . . (1)

E8086 (698978) | more than 8 years ago | (#13919300)

They'll probably try and use the DMCA to make it illegal to remove it without expressed written concent from Sony.

This has gone too far! (4, Insightful)

Billly Gates (198444) | more than 8 years ago | (#13919182)

What is next? Drm that will rewrite your bios and turn your pc into an expensive doorstop for copyright violation?

As if spyware itself is miraculiously legal and now we have this? Rootkits and spyware programs that append to windows in the mbr so even a reinstall wont delete thim IS TOO FAR!

I agree with a previous poster that is should be a criminal offense the same catagory as spypainting someones house or breaking an entry. Why do we allow this crap to be legal?

Its time we wrote our elected officials and inform them about what is happening and about Sony's drm and demand civil and criminal responsibility for malware makers. I dont care if its the CEO of some company spraypainting my house vs a teenage kid. Its still illegal and Sony should be held accountable.

I was reading on cnn about the drop of ecommerce even though there is still a rise in internet usage. This is due to all the spyware/scams/malware that is infecting pc's at record rates. This is killing out economy and many companies such as Google, Amazon, and Ebay are already getting hit with their wallets over these scams.

Lets organize and make a difference. This is a slippery slope and I fear what is coming next.

DMCA (1)

randyflood (183756) | more than 8 years ago | (#13919250)


Will Sony now sue the author of the Article for violating the DMCA and reverse engineering their technology that was intended to protect their copyrights and trying to help people illegally copy their music? I'm not saying he did any of that, because he certainly didn't. But, I'm just wondering if Sony will try to take that position...

Re:This has gone too far! (0)

Anonymous Coward | more than 8 years ago | (#13919254)

Please hire an editor before you write anyone in the U.S. Congress.

Like unto a virus (2, Funny)

Shadow Wrought (586631) | more than 8 years ago | (#13919191)

Man, Sony'll do anything to make sure your system has their Cell in it.

Perhaps it's time to restart my 1 man boycott (0)

Anonymous Coward | more than 8 years ago | (#13919193)

of Sony Music. I can't believe what he had to go through to remove that software. I don't have nearly his level of expertise, so I'd have had to wipe my system and start clean. Just another reason why I hate Sony (and AOL, and am starting to worry about Google. We KNOW MS is somewhat evil, so they don't scare me nearly as much as the others).

TIme to... (4, Informative)

heinousjay (683506) | more than 8 years ago | (#13919194)

Turn off autorun [annoyances.org] .

Re:TIme to... (1)

sqlrob (173498) | more than 8 years ago | (#13919244)

And stop running as an admin level user.

Tell me again (0)

Anonymous Coward | more than 8 years ago | (#13919199)

Just why we do business with Sony?

Bills/Laws (1)

davro (539320) | more than 8 years ago | (#13919214)

Quote from AKAImBatman "We *really* need to get a anti-spyware bill on the books."

Remember two Law's don't make a Right.

I think I speak for all of us.. (1)

Psionicist (561330) | more than 8 years ago | (#13919228)


I think I speak for all of us when I say someone should sue their fucking ass off. Talk about a double standard! Sony doesn't want the people to infringe on their content, but they themself are perfectly fine with destroying a users system. I don't live in the US, but weren't there laws passed against malware in several states? I do hope so.

Heck, Sony and RIAA treat their CD's as physical property (for example, they use the word theft and stealing instead of copyright infringement). Isn't this the equivilance, using their logic, of breaking into my house and installing cameras (or whatever the rootkit actually does).

FTA (1)

hereschenes (813329) | more than 8 years ago | (#13919230)

> I next turned to LiveKd, a tool I wrote for Inside Windows 2000 and that lets you explorer the internals of a live system

Clearly, this man has been using Windows for too long!

The Power of a Hammer... (1)

PortHaven (242123) | more than 8 years ago | (#13919231)

I swear, it's crud like this that makes me want to walk into Circuit City with a hammer and smash all the copies.

Look at the manager any say...."send them back to SONY...explain to them that installing of viral code is illegal" because it's pretty well known that "illegal" only applies to "us - the individuals" and NOT large corporations. Because they "purchased" the laws...therefore, they do not have to abide by them.

- The Saj

Has sony realized... (1)

Spy der Mann (805235) | more than 8 years ago | (#13919245)

they could face lawsuits for jeopardizing a computer's security with this rootkit?

Profit (1)

future assassin (639396) | more than 8 years ago | (#13919256)

Read Slashot
Get Van Zant's "Get Right with the Man". Cd
Install Cd
Get pwned
Call lawyer
Sue Sony
Profit!!!! for you and Van Zant

Sony DRM Installs a Rootkit (0)

Anonymous Coward | more than 8 years ago | (#13919263)

And now we know why Sony hasn't been a party to the last two iTMS. They couldn't convince Apple to add the rootkit to fairplay.

What if you refuse the EULA? (4, Interesting)

BeBoxer (14448) | more than 8 years ago | (#13919264)

I know you can disable auto-run and such to get around this type of crap. But what happens if you just 'disagree' or whatever on the EULA? I assume that Sony will then not install the rootkit and you can rip the CD with whatever tool you normally use? Or does Sony install the rootkit anyway, setting themselves up for criminal prosecution? Does anybody have a copy of this thing to try and answer that question?

It just seems kind of silly to have DRM which is totally dependant on the user to request it be installed. Or can refusing an EULA be considered a violation of the DMCA?

This is as good as... (3, Funny)

elgee (308600) | more than 8 years ago | (#13919271)

Getting a cockroach with my just purchased pizza.

Great corporate thinking (3, Insightful)

sikandril (924466) | more than 8 years ago | (#13919273)

This is exactly the same mentality that brought us the memory stick and the mp3 walkman who could not play mp3's, only ATRAC. Incidentally, Sony profits are down 46% this quarter. I can only add that this is another nail in the coffin of a company once known for its innovation, high standards and uncanny understanding of the consumer's mind. They better hope the Ps3 saves their collective asses

Rootkit? No evidence of that. (0, Troll)

krisamico (452786) | more than 8 years ago | (#13919276)

It is disappointing that the article does indeed call this a rootkit without providing proof. All I see is some DRM shovelware that is surreptitiously installed and hard to remove, which is bad enough without resorting to hyperbole. IMO, the article needs to prove that this software maliciously intercepts communication or opens holes to be able to use that word.

EULA's do not trump the law (4, Informative)

LM741N (258038) | more than 8 years ago | (#13919278)

You can't enter into a contract which violates the law. Thus a "contract killing" is not a valid contract.

Here is what a kid had to say... (5, Interesting)

cyclocommuter (762131) | more than 8 years ago | (#13919287)

...after he tried to rip another Sony produced CD "Healthy in Paranoid Times" by the Our Lady Peace:

Disappointing, to say the least..., October 14, 2005

A Kid's Review (Amazon.com)

I tried copying this CD, not knowing that it was protected. So, I ripped it to my hard-drive and burned it. But, when I inserted the burned copy into my computer, the screen froze for a while, and an installer icon appeared on the taskbar in the bottom right. It installed somthing - and now I cannot burn anything, with any program. I've even tried using a different, external CD burner. A disk error comes up during burning, even if I am not not burning audio CDs. This was not a fluke. I've talked to other people this has happened to. Avoid anything with "copy protection." Sony might as well burn viruses onto the CDs they distribute.

Sony, do us a favor (1)

Spy der Mann (805235) | more than 8 years ago | (#13919290)

Stick to the gaming business and let us play our fsking music.

Arigato -_-

It's immoral to buy RIAA music (4, Interesting)

Jason1729 (561790) | more than 8 years ago | (#13919309)

I used to buy a lot of CDs but stopped around the time of the napster lawsuit. I would probably still be buying 2-3 discs/month if I didn't consider it immoral to buy CDs.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?