Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management...

...and the removal tool is over 3.5MB in size. Why so big?

 

http://cp.sonybmg.com/xcp/english/faq.html#trouble


Troubleshooting

1. What computer access rights do I need to use this disc on Windows?

You must log on to your computer with Administrator rights or Power User rights to fully use the disc. Normally, you should have Administrator rights, unless you are working in a corporate environment in which case, you'll need to contact your IT department to have them install the software for you.

On Windows XP Home Edition system you will need Administrator rights (typically the default setting) as well, not User rights.

 

Here's a possible double dilemma ! Sony may at the very least have broken some laws in some countries by not declaring a covert install etc, and Mark Russinovich may have technically violated DMCA digital rights management law.

There is more in the latest PodCast here.


Leo Laporte: This is Security Now! with Steve Gibson, Episode 12 for November 2, 2005, a special edition on Sony's Rootkit DRM.

http://www.grc.com/sn/SN-012.htm


StevieO

 

Miss-use of the Sony root-kit has already started with the game Warcraft. http://www.securityfocus.com/brief/34

 

Thanks for the link SteveO. Really good read--->

That's really the tip-off. Now, we'll have in our show notes a couple other links because Sony - the good news is, Sony is getting a huge amount of heat from this. You know, they are not saying they're not going to use it, but they do have a page now where they give you a link over to the XCP-Aurora.com site, where there is something that will remove this finally from your system.

Leo: And have we verified that it actually does that without crashing you?

Steve: No, but I've seen a whole bunch of blog postings from people who have said that - and explained that what it does is it'll - the other thing is it has to install one more thing. It works with an Active-X control, so you have to give it permission to install an Active-X control in your system in order to offer you the Service Pack 1 upgrade to this heinous bit of software. And then if you say No, it has an option for deleting it.

 

Someone claiming to be xcp support has responded to Mark's blog. Even more interesting though is the reply from Alexander Hanff.


http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html#113115287731060744

 

Nice. Corporate rootkit versus corporate trojan

 

My understanding is, that this is not an uninstaller, but, an unhider. Mark is still waiting for the link to the actuall uninstaller. Which suggests, that one hasn't even been made yet. :\

 

It seems it's not just Sony that are getting into this and actively using this method !

. . .

First 4 Internet - Independent Record Labels Turn to Content Protection Technology.

etc

"It is encouraging to see more artists and labels making use of the XCP technology, which achieves a sensible compromise of discouraging casual piracy without limiting the individual's ability to enjoy the music they have bought," said Matthew Gilliat-Smith CEO of First 4 Internet. "Independent consumer feedback surveys show that consumers have overwhelmingly reacted positively to these new discs."

http://www.xcp-aurora.com/press_article.aspx?art=aug_05_art3

. . .

Also see this interesting turn of events over at F-Secure about the " Fun " they had with the Sony/DRM rootkit etc.

http://www.f-secure.com/weblog/


StevieO

 

Ahh so it was just put out for PR but it can still screw up a system? Way to go Sony. Sure hope they`re taken to task for this.

 

I think he`s lying.

 

You bet. I'd love to know exactly what features of those disks the surveyed users were so enthusiastic about...

 

I wonder if the above quoted statement is true. The CEO guy who made that statement is just talking a bunch of crap. Who would react positively to discs that install rootkits!? Only people who have a mental problem will love those discs and install the rootkit.

Perhaps its the music? Or the rootkit?

 

Happy to see after only a few months
the experst here are not bashing me by saying oh dear rootkits are only therory.
Go back and look at old posts kids.

Now the truth starts to emerge. LOL

controler

 

Lying! A marketing weasel

I suspect that the independent consumer survey was something like:

Weasel: "Do you like this disc?"

Dude on street: "Yeah, man - look at that artwork, it rocks!"

probably prefaced with loaded questions like "Do you think it is wrong when people copy CDs and deprive artists of income"

 

Sony BMG is facing three lawsuits over its controversial anti-piracy software.

Revealed in late October by Windows expert Mark Russinovich, the software copy protection system hides using virus-like techniques.

One class-action lawsuit has already been filed in California and another is expected in New York.

http://news.bbc.co.uk/1/hi/technology/4424254.stm

 

And today bitdefender discovered a trojan using the backdoor Sony installed:
http://news.bitdefender.com/NW193-en--First-Trojan-Using-Sony-DRM-Detected.html

 

Very good.

 

What Scanners detects this?

Cheers,

 

[MOVE]"BUMP"[/MOVE]


Just Want To know if any Scanners Detects this RootKit?

 

Well, from a technical perspective, almost no scanner would be able to detect this rootkit. The rootkit would most likely hide itself deep inside the kernel, and using any type of security program to scan may not detect the rootkit.

Its a extremely complex task to remove a rootkit completely 100% from a computer.

Prevention is always better than cure. IF the rootkit can be prevented from infecting the system in the first place, then all the trouble can be avoided.

 

Hi Triple Helix,

You don't need a "scanner" to tell you the Sony rootkit is present. Just go Start/Run, type and execute msinfo32. If the rootkit is present you will see something like this under System Drivers...

Nick