Armed Polite Society

Main Forums => The Roundtable => Topic started by: Guest on October 31, 2005, 08:31:37 PM

Title: Look out, an explosion coming in the world of computer security...
Post by: Guest on October 31, 2005, 08:31:37 PM

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

For those not geeky enough to understand what we're looking at:

Sony is installing a copy protection mechanism on music CDs that is sheer evil incarnate.  It installs itself, hides DEEP in your computer, creates massive security vulnerabilities for any external party who knows about this garbage and if you try and UNinstall it, it sabotages your computer on the way out.

It did this without any warning to the customer.

The big music publishers already have an evil reputation...but this is a whole 'nuther level, the use of malicious techniques right out of the "black hat hacker" playbook to punish people who are trying to do the right thing by buying CDs!

The bands victimized by this scandal will probably sue, it's that bad.

Worse, Sony bought this "malware" piece of "flaming garbage" as it's discoverer put it (see link above) from a British company who almost certainly have other customers past Sony.

My take: this is literally bad enough to tank CD sales.  It could drive bands straight into the arms of Steve Jobs and the itunes system directly, cutting out the major labels as "evil untrustworthy parasites".

It will also make people much more aware of computer security in general and put a major kink in the rush to "Digital Rights Management" (DRM) by showing just how flat-out wicked that can get.  And it's brought to you by the same morons who have been suing schoolkids for using Grockster or whatever...so now if you DON'T use online downloads and try to "be good" by buying the CDs, you're to have your system *raped* by chimpanzees masquerading as programmers?!

I just cannot *believe* the stupidity of all involved, in assuming this wouldn't come to light.  In the same way that the rottenness of the Diebold system shined a spotlight on electronic voting, this is going to expose the hazards of DRM.

This story just hit today in "geek circles".  I guarantee it'll make the national news within a week, probably less.  I also guarantee Sony will do a full recall and refund to existing customers, the British programmers who spawned this abortion are simply *dead* as a company, this is gonna be huge.

Title: Look out, an explosion coming in the world of computer security...
Post by: roo_ster on November 01, 2005, 02:30:10 AM

Thank the mighty Penguin of Doom that my home PC runs Fedora Linux Core 4.

My wife's laptop, OTOH, is vulnerable to this sort of malware as it runs WinXP.

Let Sony, MS, & First 4 Internet all sink into the raw sewage of their malware.

Title: Look out, an explosion coming in the world of computer security...
Post by: mtnbkr on November 01, 2005, 02:33:01 AM

Yup, it's pretty nasty.  It won't have much of an effect on CD sales I imagine since it only affects those who play their CDs on PCs and care enough to maintain those PCs.  Folks like my parents who never play CDs on a computer or my in-laws who replace their computer every couple years when the malware makes it unusable won't notice.  

I didn't see it mentioned, but I wonder how this affects a computer's ability to rip tracks to MP3?  That's the only time my CDs are near my computer.  I'm assuming the CDs either can't be ripped or the software doesn't get installed since you're not actually playing the CD musically.  I dunno...

I read the article kinda quick, so I missed the security issue other than a user inadvertently installing the software to their PC.  That can happen with any hidden software though, not just this crap.  That's more of a user issue to me, but one that's hard to avoid unless you're clued in.

Chris

Title: Look out, an explosion coming in the world of computer security...
Post by: roo_ster on November 01, 2005, 04:11:33 AM

mtnbkr:

According to the article, the malware

Quote

cloaking code hides any file, directory, Registry key or process whose name begins with $sys$. To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.

So, a malware-generator (other than Sony/First 4 Internet) could use that as an exploit to install their own malware.

"Buy a Sony CD and you get extra special vulnerabilities in your OS...at no extra charge!"

Sony ought to be roasted alive for this one.

Title: Look out, an explosion coming in the world of computer security...
Post by: mtnbkr on November 01, 2005, 04:54:39 AM

Gotcha.  I missed that bit.  Like I said, I read through it pretty quickly.  That is definately nasty, mainly because it's overbroad.  

Quote

Sony ought to be roasted alive for this one.

Yeah, good luck with that one.  Like I said earlier, the majority of people will never notice.  Either because they don't play music on their PC (like me) or because they have the security awareness of gnats.  

Chris

Title: Look out, an explosion coming in the world of computer security...
Post by: Justin on November 01, 2005, 06:14:52 AM

Well, that snaps it.  Looks like I'll be making the switch over to Linux for my home machine.

I mean it this time.

Title: Look out, an explosion coming in the world of computer security...
Post by: mtnbkr on November 01, 2005, 07:05:35 AM

Just curious, would software that monitors registry changes have caught this?  I run an adware/malware package that does that (can't recall the name offhand).  I know when I install/remove software, it annoys the crap out of me by confirming each registry change/add/delete.  

Chris

Title: Look out, an explosion coming in the world of computer security...
Post by: Felonious Monk/Fignozzle on November 01, 2005, 08:31:40 AM

Jim,
Thank you for posting this.  I've sent it to my political PitBull buddies.
It's gonna get a little warm for Sony soon...

Title: Look out, an explosion coming in the world of computer security...
Post by: Headless Thompson Gunner on November 01, 2005, 10:12:10 AM

No good will come of this.  If this type of copy protection becomes common, so will the techniques for circumventing it.  In the end, the difference will be that your PC will be more vulnerable to attack.

Sony will lose a lot of goodwill, and pirating will continue unabated.

I have too many CDs for it to be convenient to play/store/handle/find that many individual discs.  So I loaded them all onto a PC tied into my stereo.  It's really the only viable way to maintain a large music collection.  

If the music industry ever does manage to "mp3-proof" commercial CDs (doubtful), then I'll stop buying them.  Simple as that...

Title: Look out, an explosion coming in the world of computer security...
Post by: Brad Johnson on November 01, 2005, 10:29:58 AM

Sent the link it to a friend of mine who is a hardcore software developer and freelance "hacker-proofer" (i.e. he found out how much money he could make legitimately trying to break into other people's software and systems). He did a quick run-down of the article and some preliminary research (popped in a CD and checked). He says two things - A) it looks like a genuine problem and B) it is really scary that it slipped in under the radar.

Brad

Title: Look out, an explosion coming in the world of computer security...
Post by: RadioFreeSeaLab on November 01, 2005, 10:41:36 AM

Ah, thank you Linus Torvalds and the rest of the Linux community
Hopefully EFF jumps all over this one.

Quote from: Justin

Well, that snaps it.  Looks like I'll be making the switch over to Linux for my home machine.

I mean it this time.

See http://www.ubuntulinux.com
Using it, love it.
Oh, and for those of you, like me, who don't have broadband and don't want to wait a week for Linux to download, Ubuntu will ship you a cd, or as many cds as you wish, for free.  100% free, no shipping costs, no nothing.  Get a few for the family.

Title: Look out, an explosion coming in the world of computer security...
Post by: garrettwc on November 01, 2005, 10:51:04 AM

Quote

I also guarantee Sony will do a full recall and refund to existing customers

I'm with mtnbkr, don't hold your breath on this one.

Time to download those linux isos.

Title: Look out, an explosion coming in the world of computer security...
Post by: Standing Wolf on November 01, 2005, 02:20:17 PM

After my last two Sony monitors, there's no more Sony anything in my house. Those slimy @#$%^&!s have ripped me off for the last time.

Title: Look out, an explosion coming in the world of computer security...
Post by: Telperion on November 01, 2005, 05:02:18 PM

Jim, didn't Arnold sign into law some anti-spyware bill last year?  It might be worth referring the matter to see if Sony is breaking the law in California.

Title: Look out, an explosion coming in the world of computer security...
Post by: jefnvk on November 01, 2005, 05:53:34 PM

Switching to Linux is a temporary solution to a permenant problem.  What happens when 10 years down the road, MS is no longer the big player, everybody and their kids and grandmas use Linux, and all those people who neither know nor care about security migrate over?

Title: Look out, an explosion coming in the world of computer security...
Post by: mtnbkr on November 01, 2005, 05:57:56 PM

Jefnvk, that's been my question all along.  The problem has never been with the platform, but with the people using it.  I can make a Windows box secure enough to avoid most, if not all, of the major security concerns, but it wouldn't make the average user happy.  Same thing for Linux...  The average user wants the bells and whistles that make a system insecure.  They'll accept this Sony malware if Sony tells them it'll enhance their media enjoyment.  Eventually it'll be ported to DVDs as well.  

To be honest, I miss the analog days.  Users had more control over tapes (audio and VHS).

Chris

Title: Look out, an explosion coming in the world of computer security...
Post by: garrettwc on November 01, 2005, 06:57:55 PM

True enough. We have to change the mindset of the end user first.

The typical Linux user at this point in time, is a more knowledgeable user. They will take the time to do the right things to protect their system. And being compilable source, Linux will let you do it.

The trouble with Windows is that even if you take the time to learn how to protect yourself, Windows may not allow you to do so because it interferes with the DRM strategy which Microsoft supports. We discussed this a little bit in the Windows Vista thread. A lot of Microsofts .Net framework just opens up more holes.

Title: Look out, an explosion coming in the world of computer security...
Post by: Guest on November 01, 2005, 07:30:26 PM

I think its amusing that someone can completely avoid this whole issue by limiting their music collections exclusively to illegally downloaded MP3s.

Having worked in retail during my highschool days i can flat out tell you that the average consumer is NOT intelligent enough to comprehend how this would work anyways. They will buy their CDs, play them, allow this crap to be installed, and never be the wiser. If the big box with the internet in it stops working they will just buy (CONSUME!) another one.

Title: Look out, an explosion coming in the world of computer security...
Post by: Telperion on November 02, 2005, 05:08:24 PM

As an interesting twist, I've read that online game cheaters (particularly World of Warcraft) have read about this and are purposely installing this rootkit in order to hide certain cheat files and programs from the game's cheat detection systems.

Title: Look out, an explosion coming in the world of computer security...
Post by: Preacherman on November 02, 2005, 11:33:13 PM

The BBC is already onto the story (http://news.bbc.co.uk/1/hi/technology/4400148.stm):

Last Updated: Thursday, 3 November 2005, 09:05 GMT

Sony attacked over anti-piracy CD

By Mark Ward
Technology Correspondent, BBC News website

Sony's music arm has been accused of using the tactics of virus writers to stop its CDs being illegally copied.

One copy protection system analysed by coder Mark Russinovich uses cloaked files to hide deep inside Windows.

The difficult uninstallation process left Mr Russinovich saying that Sony's anti-piracy efforts had gone "too far".

In response to criticism, Sony BMG said it would provide tools to users and security firms that would reveal the hidden files.

Search history

Mr Russinovich, a renowned Windows programming expert, came across the Sony BMG anti-piracy system when performing a scan of his computer with a utility he co-created that spots so-called rootkits.

Rootkits are starting to be used by a small number of computer virus writers because they allow malicious code to be inserted deep inside the Windows operating system, meaning that it will not be spotted by most anti-virus scanners.

Rootkits are used to hide malicious software once it is installed and ensure it is not found and removed by anti-virus programs

After extensive analysis Mr Russinovich realised that the "cloaked" software had been installed when he first listened to the CD album Get Right With the Man CD by country rockers Van Zant.

Although resembling a virus, Mr Russinovich found the hidden files had come from an anti-copying system called Extended Copy Protection (XCP) developed by UK software company First 4 Internet.

About 20 titles are thought to be using the XCP software and in May 2005 Sony said more than two million discs had been shipped using the technology. XCP is just one of several anti-piracy systems Sony is trying.

XCP only allows three copies of an album to be made and only allows the CD to be listened to on a computer via a proprietary media player. The hidden files are installed alongside the media player.

Ridding his computer of XCP proved difficult and briefly crippled Mr Russinovich's CD player.

Writing in his blog about the incident, he said: "Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall."

Mr Russinovich said the licence agreement that he accepted when he first listened to the CD made no mention of the fact that he could not uninstall the program or of the significant changes it made to his computer.

If Sony BMG released XCP copy-protected CDs in the UK this oversight could leave the music company open to prosecution under the Computer Misuse Act because it made "unauthorised" changes to a machine, said net law expert Nick Lockett.

"There would be no problem if there's a big screen coming up saying as part of the anti-piracy measures this CD will amend your operating system," he said.

Mr Lockett added that Sony might be inadvertently provoking piracy as consumers irritated by the anti-copying system rip the tracks to get around the restrictions.

Virus link

Mr Russinovich feared that diligent users trying to keep their systems clean of viruses could stumble across the hidden XCP files, delete them and inadvertently cripple their computer.

His worries were echoed by Mikko Hypponen, chief research officer at Finnish security firm F-Secure, who has been looking into XCP since it first came across it in late September.

"What we are scared of is when we find a new virus written by someone that relies on the fact that this [XCP] software is running on tens of thousands of computers around the world," he said. "The rootkit would hide that virus from pretty much any anti-virus program out there."

Mathew Gilliat-Smith, chief executive of First 4 Internet, said the techniques used to hide XCP were used by many other programs and added that there was no evidence that viruses were being written that took advantage of XCP.

He said the debate on the net sparked by Mr Russinovich's work had prompted the company to release information to anti-virus companies to help them correctly spot the hidden XCP files. Consumers can also contact Sony BMG for the patch to unveil, rather than remove, the hidden files.

He said that users were adequately warned about the copy protection software in the licence agreement and were told that it used proprietary software to play the CD.

"It's clearly packaged on the CD that its copy-protected," he said.

A spokesman for Sony BMG said the licence agreement was explicit about what was being installed and how to go about removing it. It referred technical questions to First 4 Internet.

Mr Gilliat-Smith said Mr Russinovich had problems removing XCP because he tried to do it manually something that was not a "recommended action". Instead, said Mr Gilliat-Smith, he should have contacted Sony BMG which gives consumers advice about how to remove the software.

Getting the software removed involves filling in a form on the Sony website, visiting a unique URL and agreeing to have another program downloaded on to a user's PC that then does the uninstallation.

He added that First 4 Internet had had no complaints about XCP since it started being used eight months ago. He also added that the latest generation of XCP no longer used cloaked files to do its job.

"We've moved away from using that sort of methodology," he said.

Title: Look out, an explosion coming in the world of computer security...
Post by: matis on November 03, 2005, 05:44:21 AM

Thought you might find this article interesting.  I'm calling my daughter after her school day today and telling her NOT to buy or use ANY Sony CDs on her computer.

It's a bit scary.


matis



Sony DRM is worse than you might think

Comment Active exploits and no help from Sony

By Charlie Demerjian: Thursday 03 November 2005, 09:40
SONY SCREWED UP WITH its rights removal to protect its profit margins philosophy and there is no way the use of rootkits can be justified.

Caught with its pants down, what did it do? Make things right? Heck no, it blamed the user, and doesn't do anything more than window dressing to deflect what are valid criticisms.

If you read the Sony PR spin masquerading as a FAQ here, the tepid responses it give are laughable. Number one states that the technology is used to prevent copying, but that is true for only Windows boxes, so why the discrimination? It only affects legitimate users. If you want to copy the music, all you need to do is hold down the shift key when inserting it and you are free to copy. That or have a non-Windows computer.

To make matters worse, a cursory check of the file trading networks shows that the Van Zant album is available for download on a whim. The pirates who don't want to pay will have no trouble getting it, but those who abide by the law will get punished. Also, if you look at FAQ Number 4 under equipment compatibility, it cuts iPod users out of the mix. Hmm, Sony only sells Windows based computers, and sells a competitor to the iPod. Sense a conflict of interest there that you are paying for?

So to Number 2. "How do I know if a Sony/BMG disc is" DRM infected? It says it is clearly marked on the label, and yup, it's right, it is. I went over to Best Buy tonight and found it on the label plain and clear. There was also absolutely no listing of rootkits being forcibly installed on your PC, and not being uninstallable, however.

There was no warning that you had to play it through their player, or that it would spit out the disc if you had programs open that it did not like. If you don't like these terms and rights removals, and you try to return it, those few places that will take back open recordings tend to charge a restock fee. In the case of Best Buy tonight, it is 15%, I asked. I don't think Sony will refund you that money.

Number four tells you to consult the EULA when you want to copy the disc. Which madhouse did we step into that now means a CD needs a EULA? I stopped buying CDs so I wouldn't have to give money to rapacious weasels years ago, and none of the CDs I own have a EULA on them. It is madness. So, at Best Buy tonight, I tried to consult the EULA before I bought the Van Zant CD.

It wasn't on the CD package, not on the shelves near by, and the blue shirted aisle trolls had no idea what I was talking about. No, they could not provide me with one, I did ask though. So, if you are dumb enough to buy a Sony CD, and don't want to rootkit your machine, you can't find out beforehand, have to agree to a one sided contract that you can't read before you say yes, and can't get your money back. Wonderful, thank you Sony.

The last part of the FAQ is Number 6, which claims that its CDs are not spyware/malware infected. The prefix 'mal-' according to Merriam-Webster means 1) bad 2) abnormal 3) inadequate. -ware is short for software. This means malware is defined as bad software.

If you look at the Sony rootkit, it does several things. It strips you of your rights, it potentially causes your computer harm, it breaks your computer if you remove it, and eats your CPU time. All of these things are bad, no question there. It also does the end user no good in any way, shape or form, not even by the most demented stretch of the imagination. It only hurts those who spent money to buy it.

It does Sony no good either because the files are rippable on a whim by anything more intelligent than a half-drunk monkey. So, you have software that does you flat out harm, and no good for the producer. What isn't malware about this, and how can Sony claim this? This is the service pack from hell.

If you want to look at this another way, take a different example. Imagine that you walked up to a person that you know and said: "Hey friend, check out this new cool CD I made". He drops it in his computer, and without his permission, it installs a rootkit on his machine. Good joke, right?

Say you want to remove the Sony stuff. According to no less a source than The Washington Post, the bare minimum you have to do to remove the rootkitted DRM infection is give up your privacy. If you go to the Sony page, here, you have to give Sony your email at the very least, and according to the WP story, Sony then grills you about your reasons for not liking being rootkitted.

So, if you want to remove it, go here and click the link. Don't use Firefox though, it won't work, it's Internet Explorer only. If you are concerned enough about security, you probably know enough not to use IE. Once again, brilliant Sony, just brilliant.

The funniest part is that you don't actually remove the software with this tool, only make it visible, and you are still infected up and down with DRM. Should you be lucid enough to realise that you don't want this crap within a few miles of your system, you have to go through the grilling process above. Want to make it seem even more surreal? If you remove the malware and DRM infection, you can't play the CD anymore. Nope, the money you spent on Sony products is gone. Mal-way or the highway.

If you try to remove it yourself, you risk breaking your optical discs, or it kills them for you. Mark from Sysinternals is more than smart enough to figure out how to fix this, but are you? Off the top of your head, how do you do that again, no looking it up? To make matters worse, it installs itself so it runs in safe mode, and if it conflicts with something, you are really hosed. Sony's response? "This component is not malicious and does not compromise security.". There are already exploits out there that take advantage of this.

Sony compromised your system and will not directly allow you to remove it without compromising your privacy. It also will not replace your defective CDs with non-infected ones. If you hose your computer or network with this infection, and want to play your music, do not pass go, do not collect $200. Really, it won't help customers who simply don't want this, read #3 in the FAQ.

Sony is generously working with anti-virus companies on this. Now, this means to deal with the problem, you have to know it's there, and that's kind of hard because the malware rootkit that Sony infects you with is designed to prevent this.

Now, let's just pretend we don't realise that the the antivirus companies themselves are not complicit. If you want to mass-rootkit people, just ask Symantec beforehand. Look at what Cnet had to say about it. "The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk, and that its team worked closely with big antivirus companies such as Symantec to ensure that was the case." But there are active exploits already, as we pointed out earlier.

All this makes you wonder a lot about Microsoft's upcoming security software, doesn't it?

So, rather than come clean, Sony minimises the problem, blames the user, and refuses to help you out. If you have CDs infected with this rootkit and DRM, Sony has to replace them. They are, flat out, a danger to computing. Don't believe me? Look at that Washington Post article again. The head of F-Secure says that the Sony malware, when running on Windows Vista "breaks the operating system spectacularly". Nope, that can't be right, just ask Sony, because it said so in the FAQ. It won't fix the problem, they won't let you work around it legally and still listen to the music you paid for, and won't help you.

As of four hours ago, these things were still on the shelf at Best Buy.

To end on an up note, just think about these two things. What you are seeing is the light and happy side of rights removing DRM infections. There is a bill going through congress to remove more of your rights. Yes, they can't control the analogue hole, and can't legally force you to bow to them, so they are buying government to change the laws and accomplish both goals. No good will come to the end user because of this, but it sure will make a lot of people rich.

More happy news? These merchants are designing the next generation drives called Blu-Ray with much more DRM built into the hardware. It is bad enough to make me back the views of Bill Gates on the subject with absolute open arms. These are scary times people, and if we let Sony get away with this now, it will only get worse and harder to stop later. µ

See Also
Intel to cut Linux out of the content market


 
M A R K E T P L A C E
Online Storage - IBackup
IBackup offers secure online storage, online backup and remote access services for consumers and businesses, for Windows, Mac and Linux including hand...
Refurbished and Used Networking Equipment
Network Liquidators sells refurbished and used networking equipment for up to 95% off list, with a 1 year warranty. We buy and sell top brands like Ci...
IT Certification and .NET Developer Training
Industry leading MCSE, CCNA, CCNP, MCSD, A+ courses and more. Live instructor led training on CD. Hands-on labs, study guides, exam simulators, Around...
Unix and Linux Performance Tuning Simplified
Automated recommendations, graphs, and explanations for Solaris, Linux, AIX, and HP-UX.

Home     Discuss on our Forum     Flame Author
Recommend this article      Print

Title: Look out, an explosion coming in the world of computer security...
Post by: mfree on November 03, 2005, 05:53:31 AM

"He added that First 4 Internet had had no complaints about XCP since it started being used eight months ago. He also added that the latest generation of XCP no longer used cloaked files to do its job."

It's hard to complain about something you don't know about.

"'We've moved away from using that sort of methodology,' he said."

Good. A rapist can move away from that sort of methodology that makes him attack women, but that doesn't reduce the veracity of his previous crimes at all.

Sony needs to be taken to task about this.

Title: Look out, an explosion coming in the world of computer security...
Post by: K Frame on November 03, 2005, 06:28:03 AM

I'm not the most computer saavy guy in the world, so I had mtnbkr explain all this to me in terms that I readily understood.

All I can say is WOW!

Bill Gates is nasty, but I think we have a new leader in corporate evil.

Title: Look out, an explosion coming in the world of computer security...
Post by: Zundfolge on November 03, 2005, 08:56:56 AM

Quote from: jefnvk

Switching to Linux is a temporary solution to a permenant problem.  What happens when 10 years down the road, MS is no longer the big player, everybody and their kids and grandmas use Linux, and all those people who neither know nor care about security migrate over?

You must understand how Linux works.

You can NOT install ANY software without the user being aware of it, because in order to install a piece of software the user must manualy enter their password.

So on a Linux machine when the Sony CD tries to install this malware, a little dialog box pops up asking for your user password at which point you can click "cancel", hit the eject button on the CD drive and fling that rotten piece of crap into the trashcan.


Now if a less savvy user goes ahead and installs it then all you have to do is delete that user's home folder and the offensive softare is gone (unless you gave a non savvy user root permission ... which most new linux distros don't do).





Anyone know if this crap will effect a Mac (which is Unix and operates similarly to Linux)?


At any rate, I think I'll keep getting my music the safe way, off p2p networks

Title: Look out, an explosion coming in the world of computer security...
Post by: garrettwc on November 03, 2005, 09:01:04 AM

Quote

Eventually it'll be ported to DVDs as well.

It won't take long apparently. From the link at the bottom of Matis post:

Intel to cut Linux out of the content market

On a side note, for all you legal eagles, when the bleep did fair use rights go away!? I thought this issue had been settled years ago over cassette tapes.

Title: Look out, an explosion coming in the world of computer security...
Post by: mtnbkr on November 03, 2005, 09:44:56 AM

Quote

You must understand how Linux works

I do, having installed several systems for both business and private use...

If you install it properly and give your users non-root accounts, what you say is true.  However, if it becomes popular enough to end up on granny's computer, you can bet the standard installation will give the primary user full access (just like with Windows 2k and XP).  Most users don't understand the concept of "user" and "root/admin", they will demand full control from a single user account as they are accustomed to having today.  When that happens, you'll have the same problems with Linux you now have with Windows.

The system isn't the problem, the users and their expectations are.  Had Windows started out with user accounts and gotten people conditioned to using a special account for system work, we probably wouldn't have the problems we have today.

Chris

Title: Look out, an explosion coming in the world of computer security...
Post by: Zundfolge on November 03, 2005, 10:36:23 AM

Quote from: mtnbkr

However, if it becomes popular enough to end up on granny's computer, you can bet the standard installation will give the primary user full access (just like with Windows 2k and XP).

This is the main reason why many newer Linux distros have done away with the root account (or at least its not set up in the default install). This requires people to sudo to perform root functions.

The same thing goes for MacOSX (which is really the first widely used desktop *nix).

Quote

...they will demand full control from a single user account as they are accustomed to having today.

Hasn't happened with MacOSX ... and all the more user friendly "desktop" distros of Linux I've run have all been set up this way (Mandrake, Ubuntu, Linspire, etc)

But yes, you are correct, if a Linux machine is not set up smartly it can easily be infected with this thing ... big difference is that it'll be cake to get rid of (worse case scenario you delete the user account and home folder of whomever installed it) whereas Windows (with its evil Registry) will be much harder to remove this kind of crap.

Title: Look out, an explosion coming in the world of computer security...
Post by: jefnvk on November 03, 2005, 12:53:46 PM

Quote

You can NOT install ANY software without the user being aware of it, because in order to install a piece of software the user must manualy enter their password.

No, I am completely aware of how Linux works.  I am also completely aware of how stupid people are.

Most people will click 'OK' on whatever boxes pop up.

Linux will not get far into the mainstream computing requiring people to 'sudo' everything.

If it ever does go mainstream, it will be ebcause people have the right to install stuff, even if they have no concept of root or admin accounts.
The thing is, people want to be able to download and install whatever the email of the day tells them is the newest and bestest thing to have on your computer.  They want to do everything easily.

Title: Look out, an explosion coming in the world of computer security...
Post by: Justin on November 03, 2005, 01:01:53 PM

Then they get what they deserve.

At least with LINUX it would appear that those who put some forethought into it will actually have a choice in the matter.

Title: Look out, an explosion coming in the world of computer security...
Post by: Zundfolge on November 03, 2005, 01:19:21 PM

Quote from: jefnvk

Linux will not get far into the mainstream computing requiring people to 'sudo' everything.

Tell that to all the Linux developers who are releasing "distros for the masses" right now, and tell that to Apple (who have had a ton more people "switch" since they went Unix).

Title: Look out, an explosion coming in the world of computer security...
Post by: Preacherman on November 04, 2005, 04:01:15 AM

Interesting comments from the BBC on the impact of Sony's copy-protection mindset (http://news.bbc.co.uk/2/hi/technology/4406178.stm):

Last Updated: Friday, 4 November 2005, 11:35 GMT

The rootkit of all evil?

Sony is in trouble but we might be the ones who lose out in the end, says technology commentator Bill Thompson.

Sony BMG, the record company part of the multinational corporation that makes laptops, TVs, movies and many other things, is in trouble this week thanks to a copy protection scheme it has used on a number of its CDs.

The software, called Extended Copy Protection or XCP, hides itself on your hard drive using techniques normally reserved for viruses, worms and trojans, which use similar "rootkits" to evade detection.

And if you notice it is there and try to remove it you may stop your computer recognising its CD drive.

This is because the cloaking techniques involve making changes to the Windows registry, altering the way device drivers work and generally messing with your installation.

XCP was developed by a UK company called First 4 Internet, and Sony says that it has been using it for months.

It is one of many competing techniques used by record companies to try to stop people making copies of music files from CD as they fear that their customers will then make the music available online without permission.

The existence of the hidden files was noticed by Windows expert Mark Russinovich.

He was scanning his system for security breaches when he noticed something odd going on, and he quickly realised that the suspicious software had been installed when he first listened to the album Get Right With the Man by country rockers Van Zant.

The point of the exercise is to force you to use the supplied music player software if you want to listen to the songs on the album. And, as you would expect, it also limits your ability to copy the music files to your hard drive or MP3 player.

A spokesman for Sony BMG said the licence agreement on the CDs were explicit about what was being installed and how to go about removing it. It referred technical questions to First 4 Internet.

Of course, like so many other companies, Sony's super copy protection only applies to people using Windows PCs.

If you have got a Mac or a Linux box then you can play and even copy you disc happily, because the real WAV files that a CD player uses are there on the disc.

If I was a PC user faced with a disc that insisted on using some non-standard player to let me listen to the music I had just paid for I would have no compunction at all about heading off to the nearest peer-to-peer site to download clean, high-quality copies of the songs I wanted.

Or just asking a Mac-using friend to rip them into my music library.

Of course I would keep the disc, because this is not about getting music for free and depriving artists of their income. It is about letting record companies know that we have reasonable expectations for what we can do with the music we buy and we will not put up with their games.

Fortunately, it is possible to avoid buying discs like this. Philips, who defined the CD standard and then made it widely available, has been very clear that these music delivery systems do not count as Compact Discs and cannot use the CD logo.

As far back as 2002, Philips representative Klaus Petri told Financial Times Deutschland that "those are silver discs with music data that resemble CDs, but aren't".

And online retailers like Amazon will tell you that what you are buying is a copy-protected data disc that may, just may, play properly in your CD player but will not work as expected on your computer.

What Sony has done is stupid, but I am willing to accept that they did not really understand what they were getting into.

In fact, I would be surprised if anyone at a senior level in Sony's record division even knows what "cloaking" is or has heard the word 'rootkit' before they hit the blogosphere.

The executives who signed up to use the Force 4 Internet software probably did not realise that they were unleashing a public relations disaster of biblical proportions, but my pity will not help them.

They have just released a program that will make the files visible, though it still leaves the player software on your system, and First 4 Internet say they have stopped using these techniques. But there is already talk of a consumer boycott, not only of copy-protected discs but of all Sony BMG discs.

Five years ago this would not have mattered, but there are enough net users and enough blog readers out there to make a difference. After all, if you are thinking of buying a Van Zant album today and type "van zant cd" into Google, guess what you will find on the first page of hits?

It would be nice to think that the furore over the choice of copy protection system will change the way Sony and other record companies think about their customers, and that they might start treating us as honest fans who will behave fairly if we are offered a good product at a decent price.

But I fear that they are far more likely to look at the way that Microsoft has cosied up to the Hollywood studios in designing Vista, the new version of Windows, and ask for similar privileges.

Microsoft has told technology companies that if they want to develop system-level software that lets Vista play movies then they have to get the approval of at least three of the major studios before it will be included in Windows.

I suspect that Sony would be very interested indeed in a version of Windows that controlled music playback without the need for any extra software from them.

And I fear that the fuss over XCP will prompt them to get in touch with their friends at Microsoft, and then all Windows users will find that they lose the ability to copy music CDs.

Mac users out there cannot look smug about this, since once Apple move to the Intel chipset for the Mac they have said they are going to start using trusted computing features in the hardware that will allow them to exert similar levels of control within Mac OS.

And of course once there is a "technological protection mechanism" in place then it is against the law - both in Europe and the US - to get round it, so open source players for Linux platforms will be illegal. All in all, it is not looking good for those of us who like to buy and listen to music.

Title: Look out, an explosion coming in the world of computer security...
Post by: garrettwc on November 07, 2005, 07:41:51 AM

Latest update:

Sonys Player Phones Home

It's getting worse.

Title: Look out, an explosion coming in the world of computer security...
Post by: Felonious Monk/Fignozzle on November 07, 2005, 08:22:18 AM

...besides Van Zant's disc, are there other titles they've found with this lovely piece of malware as added value?

Title: Look out, an explosion coming in the world of computer security...
Post by: garrettwc on November 07, 2005, 12:16:21 PM

Quote

...besides Van Zant's disc, are there other titles they've found with this lovely piece of malware as added value?

Sony didn't name names, but in the original link that Jim March posted they referenced somewhere between 20-50 other CDs that they had used this on IIRC.

Title: Look out, an explosion coming in the world of computer security...
Post by: matis on November 10, 2005, 01:24:56 PM

Here's (more) info on viruses designed to exploit Sony's rootkit.  More viruses, I'm sure, to come.

I think Sony will feel this backlash on their bottom line.

I have already told at least a dozen people.  All responded by saying they will suspend buying Sony CDs.  If this is typical then Sony will lose sales across their CD line.

They deserve it.  The only pain a corporation can feel is financial.  In that case, I'm a sadist.



matis







   
Viruses Exploit Sony CD Copy-Protection
Nov 10 5:08 PM US/Eastern
Email this story    

By MATTHEW FORDAHL
AP Technology Writer

SAN JOSE, Calif.

A controversial copy-protection program that automatically installs when some Sony BMG audio CDs are played on personal computers is now being targeted by malicious software that exploits the antipiracy technology's ability to hide files.

The Trojan horse programs _ three have so far been identified by anti- virus companies _ are named so as to trigger the cloaking feature of Sony's XCP2 antipiracy technology, security experts said Thursday.

"This could be the advanced guard," said Graham Cluley, senior technology consultant at the security firm Sophos. "We wouldn't be surprised at all if we saw more malware that exploits what Sony has introduced."

The copy protection program is included on about 20 popular music titles, including releases by Van Zant and The Bad Plus, and disclosure of its existence has raised the ire of many in the computing community, who consider it to constitute spyware.

Sony BMG Music Entertainment and the company that developed the software, First 4 Internet, have claimed that the technology poses no security threat. Still, Sony posted a patch last week that uncloaks files hidden by the software.

On Thursday, Sony released a statement "deeply regretting any disruption that this may have caused." It also said it was working with Symantec and other firms to ensure any content-protection technology "continues to be safe."

Neither Sony spokesman John McKay nor First 4 Internet CEO Mathew Gilliat-Smith returned messages seeking additional comment.

Windows expert Mark Russinovich discovered the hidden copy-protection technology on Oct. 31 and posted his findings on his Web log. He noted that the license agreement that pops up said a small program would be installed, but it did not specify it would be hidden.

Manual attempts to remove the software can disable the PC's CD drive. Sony offers an uninstallation program, but consumers must request it by filling out two forms on the Internet.

"What they did was not intentionally malicious," Cluley said. "If anything, it was slightly inept."

The copy-protection software, which Sony says is a necessary "speed bump" to limit how many times a CD is copied, only works on Windows- based PCs. Users of Macintosh and Linux computers are not restricted.

The viruses also only target Windows-based machines.

The infection opens up a backdoor, which could be used to steal personal information, launch attacks on other computers and send spam, antivirus companies said.

Sony also is facing legal headaches. On Nov. 1, Alexander Guevara filed suit in Los Angeles County Superior Court seeking class action staus. He claims Sony's actions constituted fraud, false advertising, trespass and violated state and federal laws barring malware and computer tampering.

His attorney, Alan Himmelfarb, did not immediately return calls seeking comment.

"Entertainment companies often complain that fans refuse to respect their intellectual property rights. Yet tools like this refuse to respect our own personal property rights," said Jason Schultz, a staff attorney for the Electronic Freedom Foundation. "Sony's tactics here are hypocritical, in addition to being a security threat."

Copyright 2005 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Title: Look out, an explosion coming in the world of computer security...
Post by: Felonious Monk/Fignozzle on November 10, 2005, 01:31:21 PM

It's heatin' up, boys & girls...

 California Class Action Suit Sony Over Rootkit DRM
http://yro.slashdot.org/article.pl?sid=05/11/10/0024259&from=rss

First Trojans in the wild exploiting Sony's DRM Rootkit:
http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/

Title: Look out, an explosion coming in the world of computer security...
Post by: Preacherman on November 10, 2005, 04:41:53 PM

Another article on lawsuits, and on viruses being written to exploit Sony's rootkit:  http://www.cnet.com/4520-6033_1-6376177.html

DRM this, Sony!

By Molly Wood, section editor, CNET.com

Thursday, November 3, 2005

Updated November 10, 2005

I hope this is the week that everyone in the world finds out what a root kit is. And I hope it's a week we look back on in amazement, as we consider just how far Sony was willing to go to criminalize consumers in its efforts to preserve control over its product. Because I believe this is the week that Sony effectively declared war on the consumer, announcing what most of us had already suspected: fair use is a joke in the movie and record industry, and the companies who control mass-market content will truly stop at nothing to protect their profits.

We're not gonna take it

But let me start at the beginning. On Monday, October 31, alert users discovered that Sony BMG is using copy-protected CDs to surreptitiously install its digital rights management technology onto PCs. You don't have to be ripping the CD, either--just playing it from your CD-ROM drive triggers the installation. The software installs itself as a root kit, which is a set of tools commonly used to make certain files and processes undetectable, and they're the favored tool of crackers who are, as Wikipedia puts it, attempting to "maintain access to a system for malicious purposes." In fact, root kits are often classified alongside Trojan horses. And Mark Russinovich, who created a root-kit detection utility and was one of the first to blog about the Sony intrusion, discovered another little gem when he tried to remove the DRM drivers. It broke his computer--disabling his CD drive.

So, let's make this a bit more explicit. You buy a CD. You put the CD into your PC in order to enjoy your music. Sony grabs this opportunity to sneak into your house like a virus and set up camp, and it leaves the backdoor open so that Sony or any other enterprising intruder can follow and have the run of the place. If you try to kick Sony out, it trashes the place.

And what does this software do once it's on your PC? It enacts unbelievably restrictive DRM, including possible incompatibility with computer CD-ROM players, DVD players, and car CD stereos. And in a deep-dive into the Sony end-user license agreement, the Electronic Frontier Foundation found some astonishing fine print. For example, if you lose the original CD or it's stolen, you lose the right to any digital copies you've made. You can't keep your music on computers at work. You must delete your songs if you move out of the country or if you file for bankruptcy. The list goes on and on. As for the artists whose names have been sullied by their association with the root kit, it seems that at least some of them didn't give permission to Sony to use the backdoor DRM technology and want no part of it.

Happily, and despite the use of scary words like root kit, this story hit the Web in a big way. The PR for Sony is, shall we say, not good. On Wednesday, November 2, Sony had announced that it would, in conjunction with the company that developed the root-kit plan in the first place (First4Internet) release a patch to antivirus companies so that hackers wouldn't, hopefully, be able to take advantage of the backdoor they just opened on your property. But the patch only reveals the the antipiracy software, it doesn't uninstall it. And of course, it leaves the insanely draconian copy protection cheerily intact. If you want to remove the software, you must beg Sony for an uninstall link. CNET's Brian Cooley reports that he received the link via e-mail, but that running the uninstall gave him an error. Visiting the support site to request help with the error, Cooley was sent to a form whose first field asks which country you're from. Neither USA nor North America are options. That's not trying very hard to fix the problem.

Actually, Sony's response to the mess it caused is almost as bad as the mess itself. The company continued to insist, despite growing evidence to the contrary, that its components weren't harmful in the first place. And in fact, the president of Sony BMG's global digital business division, Thomas Hesse, told National Public Radio that most people don't know what a rootkit is, so they shouldn't care that it had been secretly installed on their PCs. Mr. Hesse, they care. And they should start caring a whole lot more--on November 10, BitDefender uncovered the first Trojan horse (but possibly not the last) that takes advantage of the upatched DRM technology to open a backdoor on a Windows PC. So, if you're the recipient of the rootkit and you haven't yet received a patch, Sony has officially endangered your PC.

No, we ain't gonna take it

This is an unacceptable development in digital rights enforcement. I don't know how to put this any more clearly. Don't get me wrong--we've long since crossed the line of DRM insanity. But this--using the tactics of criminals to invade our PCs without our knowledge and to expose us to further attack, just so you can keep us from, say, burning a mix CD and giving it to our friends--this is beyond the pale.

And as many news sources are beginning to point out, there's some reason to think it might also be illegal, under the U.S. Computer Fraud and Abuse Act. As of this writing, two class-action suits had been filed against Sony BMG over the root kit--one in Italy, and one in California. I'm quite sure that won't be the end of it.

We're not gonna take it...anymore

Companies: You will never get the increasingly technology-aware, mass media-consuming populace to support your right to copy protection or digital rights management unless they are on your side. And because we are increasingly technology aware, your ever-increasing assault on not only our fair use but also our common sense will virtually guarantee that we use our God-given ingenuity to find a way around whatever bizarre restrictions you see fit to impose. Why? Not because we're dying to break the law, but because you have sold us a crappy product, and, fundamentally, because it is not our responsibility to protect your profits.

What's the solution? In the near term, for us, it's not to buy any Sony CDs, and maybe not any Sony anything. In the longer term, it's to start agitating for a rewrite of copyright law in the manner so eloquently suggested recently by Walt Mossberg of the Wall Street Journal. He suggests copyright law with actual teeth that can chomp on massive-scale piracy, but with broad exemptions for personal use, because excessive DRM is hampering innovation and alienating consumers. I couldn't put it any better. And companies? Sony? Are you really going to tell us that overhauling these outmoded rules is harder and more destructive than suing retirees over honest mistakes made by their 12-year-old grandsons? This is the path you're going to choose?

I'm truly sorry that there are, out there in the world, mass-production piracy operations that are digging into your bottom line, but you know what? I'm not one of them. Neither are most of the people who will be laboring under the nasty little flags, Trojan horses, and FairPlay/Plays For Sure doublespeak that you see fit to slap on the stuff we legitimately purchased.

And you know who's not going to labor under those restrictions? You know who's not even going to notice? The mass-production piracy operations, that's who. You know it, and I know it. So why are you engaged in this nickel-and-dime, small-time thrust-and-parry with me and my friends? Trust me, you're not going to make back the money by dropping viruses onto my PC, because my almighty dollar and I are going elsewhere--and you're probably not going to like where I end up.

Technology will march on. Technology is the reason we're in this fix in the first place, and technology will keep on giving us solutions to whatever irritating, invasive, and potentially illegal roadblocks you keep throwing in our path. And damned if we and our almighty dollars, no matter how long it takes, don't eventually win these little wars.

Title: Look out, an explosion coming in the world of computer security...
Post by: garrettwc on November 10, 2005, 06:33:35 PM

The genie is out of the bottle and the mainstream press has a hold of it. Executives at Sony better be wearing their fireproof undies!

Microsoft has even jumped on the "Get Sony" bandwagon. Microsoft has been spending some big marketing $$ trying to convince people that XP and the upcoming Vista are stable and secure. Now thanks to Sony, another big security hole is all over the six o'clock news.

Wonder what would happen to Sony's VAIO computer sales if their next shipment of Windows CDs was "unexpectedly delayed". :/

Title: Look out, an explosion coming in the world of computer security...
Post by: Zundfolge on November 10, 2005, 07:07:28 PM

I hope Van Zant gets his lawsuit in too ... Sony has just screwed him hard and good and made him into a pariah.

Title: Look out, an explosion coming in the world of computer security...
Post by: Gewehr98 on November 10, 2005, 07:11:41 PM

Getting bigger by the minute, this is from CNN tonight:

Quote

New virus uses Sony BMG software

Thursday, November 10, 2005; Posted: 5:20 p.m. EST (22:20 GMT)


AMSTERDAM, Netherlands (Reuters) -- A computer security firm said Thursday it had discovered the first virus that uses music publisher Sony BMG's controversial CD copy-protection software to hide on PCs and wreak havoc.

Under a subject line containing the words "Photo approval," a hacker has mass-mailed the so-called Stinx-E trojan virus to British email addresses, said British anti-virus firm Sophos.

When recipients click on an attachment, they install malware, which may tear down a computer's firewall and give hackers access to a PC. The malware hides by using Sony BMG software that is also hidden -- the software would have been installed on a computer when consumers played Sony's copy-protected music CDs.

"This leaves Sony in a real tangle. It was already getting bad press about its copy-protection software, and this new hack exploit will make it even worse," said Sophos's Graham Cluley.

Later on Thursday, security software firm Symantec Corp. also discovered the first trojans to abuse the security flaw in Sony BMG's copy-protection software. A trojan is a program that appears desirable but actually contains something harmful.

Sony BMG's spokesman John McKay in New York was not immediately available to comment.

The music publishing venture of Japanese electronics conglomerate Sony Corp.and Germany's Bertelsmann AGis distributing the copy-protection software on a range of recent music compact disks (CDs) from artists such as Celine Dion and Sarah McLachlan.

When the CD is played on a Windows personal computer, the software first installs itself and then limits the usage rights of a consumer. It only allows playback with Sony software.

The software sparked a class action lawsuit against Sony in California last week, claiming that Sony has not informed consumers that it installs software directly into the "roots" of their computer systems with rootkit software, which cloaks all associated files and is dangerous to remove.

Sophos said it would have a tool to disable the copy protection software available later on Thursday.

Sony BMG made a patch available on its Web site on Tuesday that rids a PC from the "cloaking" element that is part of the copy-protection software, while claiming that "the component is not malicious and does not compromise security."

The patch does not disable the copy protection itself.

The Sony copy-protection software does not install itself on Macintosh computers or ordinary CD and DVD players.

Title: Look out, an explosion coming in the world of computer security...
Post by: Preacherman on November 13, 2005, 07:56:27 AM

Sony has announced that it's suspending the production of CD's using its copy-protection system.  Full details at http://news.bbc.co.uk/2/hi/technology/4430608.stm for those interested.  Also, there are now half-a-dozen lawsuits against Sony as a result of all this.  Watch for future developments...

Title: Look out, an explosion coming in the world of computer security...
Post by: RadioFreeSeaLab on November 13, 2005, 08:08:02 AM

Excellent.

Title: Look out, an explosion coming in the world of computer security...
Post by: Preacherman on November 17, 2005, 04:23:34 PM

Sony has released a list of all the CD's it sold with its copy protection technology installed.  Might be worth checking to see if you have any of these, and take precautions appropriately...  See

http://cp.sonybmg.com/xcp/english/titles.html

for the list.  Also, see this article:

http://news.bbc.co.uk/2/hi/technology/4445550.stm

for the latest developments in the story.

Title: Look out, an explosion coming in the world of computer security...
Post by: Guest on November 17, 2005, 07:15:43 PM

Quoting my very first post on this subject the day it hit:

-----------
This story just hit today in "geek circles".  I guarantee it'll make the national news within a week, probably less.  I also guarantee Sony will do a full recall and refund to existing customers, the British programmers who spawned this abortion are simply *dead* as a company, this is gonna be huge.
-----------

Every prediction I made has come true.  Heh.  Kewl.

In other news: you know you're screwed when MICROSOFT is calling your corporate ethics "evil" .

Title: Look out, an explosion coming in the world of computer security...
Post by: Winston Smith on November 17, 2005, 07:25:42 PM

pwn.

Title: Look out, an explosion coming in the world of computer security...
Post by: Phantom Warrior on November 19, 2005, 02:15:25 AM

My first thought was that someone figured out how to efficently factor large numbers...  

Seriously, I've been uncomfortable with this concept of media players and music companies being able to control what happens on MY computer for a long time.  This just confirms my fears.