http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

At that point I knew conclusively that the rootkit and its associated files were related to the First 4 Internet DRM software Sony ships on its CDs. Not happy having underhanded and sloppily written software on my system I looked for a way to uninstall it. However, I didn’t find any reference to it in the Control Panel’s Add or Remove Programs list, nor did I find any uninstall utility or directions on the CD or on First 4 Internet’s site. I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall. Now I was mad.

I deleted the driver files and their Registry keys, stopped the $sys$DRMServer service and deleted its image, and rebooted. As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.

When I logged in again I discovered that the CD drive was missing from Explorer. Deleting the drivers had disabled the CD. Now I was really mad. Windows supports device “filtering”, which allows a driver to insert itself below or above another one so that it can see and modify the I/O requests targeted at the one it wants to filter. I know from my past work with device driver filter drivers that if you delete a filter driver’s image, Windows fails to start the target driver. I opened Device Manager, displayed the properties for my CD-ROM device, and saw one of the cloaked drivers, Crater.sys (another ironic name, since it had ‘cratered’ my CD), registered as a lower filter:


I'll let the article speak for itself. To think, people think Microsoft is bad about their position with DRM... Sony's using rootkits!

Sony has released a patch for this DRM.

info:

November 2, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers.

link to download that patch:
http://updates.xcp-aurora.com/


This patch wil also make shure that ur Cd-drive keeps working after u remove this crap.
And they r gona pass the code for this stuff on to Anti-virus companies so that bad people cant use this to break into ur PC etc.

on a positive side Sony reacted quick but it shouldnt have come to this.

Whatever happened to the plain red book audio format?


Anyone that doesn't want anything installed just disables auto run and uses their own ripping software. The people that allow stuff to get installed without their permission are either testing it or don't know and care. This is just making my CDs more expensive.

i think they tried to use it in that way to see some reactions... if ppl wouldnt complain they wouldnt release anything to fix this issue... but ppl complained and they had the tool @ hand to make ppl :D

Let's hope some smart guy starts programming a "anti-virus" of sorts, or "anti-drm" application, which would scan and remove rootkits. Ofcourse, removing a complicated rootkit is not a easy task, maybe if you have time and know your system well enough.

-k0nsl

Let's hope some smart guy starts programming If microsoft starts having third party rootkits in its future EULAs, any anti-drm application may be considered illegal :rolleyes:

Just a bunch of nonsense from Sony, I really did wish they'd focus on the trade channels which ppl use to smuggle their software and pirate it instead of putting these ridiculous tracking programs on us normal users :mad: :shakes:

Perkam

If enough people :banana::banana::banana::banana::banana: about something... Any Company will fix it.. It is simple business.. If they piss off too many customers they go under... SO get as many people as possible To write companies to port their products to Unix so that we will never have to buy another operating system again...

DRM will soon be inforced by hardware. Intel and AMD both have to incorperate it at some point too. MS is pushing them to do it. Then its gonna be time to bust out the dusty linux CDs and use that for ripping/playing.

Or you can convert just Like I did to a unix operating system full time... the genisis project will completely remove your need to have windows on your computer...

Unix is totally unfriendly and basically useless to the average consumer. It doesn't break any less often that anything else, it just breaks differently but in most cases can be made to be more stable. The way most of these so called basement experts install Linux/BSD I'm surprised they can surf the web with it. Every post here on the board looking for a problem resolution can't be solved by installing some *nix variant no matter how often you post that it can be.

Besides if more people used it they would find a way to use DRM applications there as well. After all , these are operating systems, not some mysterious black boxes that can't be altered just because the source is "open".

Unix is totally unfriendly and basically useless to the average consumer. It doesn't break any less often that anything else, it just breaks differently but in most cases can be made to be more stable. The way most of these so called basement experts install Linux/BSD I'm surprised they can surf the web with it. Every post here on the board looking for a problem resolution can't be solved by installing some *nix variant no matter how often you post that it can be.


I mostly agree with you expect about breaking as often. While you might see the same number of security problems and fixes, the announcement for Windows are usually "visit a website and have your computer taken over" where in the Unix world alarge number of reports are "if you have two local Ethernet segments bridged (not routed to) by software on two cards, and somebody has physical access to your network...".

Also, security problems in Unix software are usually plugged. For MSIE and Outlook, there have always been several known vulnerabilities that did not get plugged for months or years.

%%

And Microsoft recently plugged a hole by just doing some checking in front of the bad code, left the bad code alone and somebody promptly found another code path to the same problem, invalidating the fix.

This cannot happen in OpenSource since everybody can look at the suggected fix and realizing that it is just a fragile workaround.


Besides if more people used it they would find a way to use DRM applications there as well. After all , these are operating systems, not some mysterious black boxes that can't be altered just because the source is "open".

Except people usually run Windows as root (Administrator) but don't do so in Linux, much less FreeBSD.

And there's no such thing as an autostart when you insert a CD in either Unix.

And Sony is the devil, but they have been for a long time, I don't understand why this affair surprises anybody.

Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked
to see evidence of a rootkit.

Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security
software, and they are usually employed by malware attempting to keep their implementation hidden

(see my “Unearthing Rootkits” article from thre June issue of Windows IT Pro Magazine for more information on rootkits).

The RKR results window reported a hidden directory, several hidden device drivers, and a hidden application:

EULA wasn't on the CD package, not on the shelves near by, and the blue shirted aisle trolls had no idea what I was talking about.

No, they could not provide me with one, I did ask though.

So, if you are dumb enough to buy a Sony CD, and don't want to rootkit your machine, you can't find out beforehand,
have to agree to a one sided contract that you can't read before you say yes, and can't get your money back. Wonderful, thank you Sony.

If you look at the Sony rootkit, it does several things. It strips you of your rights, it potentially causes your computer harm,

it breaks your computer if you remove it, and eats your CPU time.

All of these things are bad, no question there.
It also does the end user no good in any way, shape or form, not even by the most demented stretch of the imagination.

It only hurts those who spent money to buy it.



Sony DRM is worse than you might think. (http://www.theinquirer.net/?article=27426)

Sony, Rootkits and Digital Rights Management Gone Too Far (http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html)

RootkitRevealer (http://www.sysinternals.com/Utilities/RootkitRevealer.html)