Jump to content
xisto Community
sparx

Rootkits Installed By Sonybmg's Drm

By sparx, in Security issues & Exploits

Recommended Posts

sparx    0

sparx
Posted

If you haven't already heard the buzz created by the discovery of a potential malware-type software (called a root-kit) installed when a SONY-BMG Copyright Content protected Audio CD is played, head here.

 

To make a long story short, when you try to play a content protected Audio CD on your PC, proprietary software is installed allowing you to play that CD and to create up to 3 additional protected copies of that CD.

 

What was wrong was the implementation - SonyBMG tried to hide the proprietary software using rootkit technology a method that is usually associated with the installation of something that tries to stay hidden on your system. Root-kits are usually intended to conceal running processes and files or system data, which helps an intruder maintain access to a system for malicious purposes. But for a content-protected Audio CD that you've paid for and agreed to an EULA (in which nothing like this is expressly mentioned) this sort of stay-hidden programming is a big no-no in my and many others' books.

 

SonyBMG has now (wisely) bowed to public pressure and released a patch which will de-cloak the files and registry entries in use.

 

Just one more attempt by big companies trying to think for us and install stuff that a user might perhaps not want or agree to.

Share this post

Link to post
Share on other sites

jcguy    0

jcguy
Posted

This is clearly a very wrong move by Sony. By using such tricks, even if the intention is to prevent copyright infringement, it makes Sony no different from the many spyware and malware companines out there. If this is accepted then it may well lead to a herald of companies installing such stuff on our computers.

Share this post

Link to post
Share on other sites

finaldesign1405241487    0

finaldesign1405241487
Posted

To make a long story short, when you try to play a content protected Audio CD on your PC, proprietary software is installed allowing you to play that CD and to create up to 3 additional protected copies of that CD.

1064328898[/snapback]

hmm, How the heck is possible, for one CD when it's inserted, to install rootkit, to system, and run it?!? ;)

Share this post

Link to post
Share on other sites

Cassandra1405241487    0

Cassandra1405241487
Posted

hmm, How the heck is possible, for one CD when it's inserted, to install rootkit, to system, and run it?!?  ;)

1064329196[/snapback]

I haven't actually seen it, but from what I understand - ased on what I heard in the interview with Steve Gibson I cited above, when the CD either autoruns or when you try to run it using the normal Windows software, it gives you a EULA screen, and if you hit OK, it installs the rootkit and whatever other software it feels like installing.

Share this post

Link to post
Share on other sites

sparx    0

sparx
Posted

hmm, How the heck is possible, for one CD when it's inserted, to install rootkit, to system, and run it?!?  ;)

1064329196[/snapback]


These CDs (content-protected) are NOT Audio CDs in the true sense of the term - they're a hybrid consisting of an Audio section where the tracks are stored and a data section where the proprietary player software installation files are stored.

 

Case 1 - When inserted into a normal Audio CD player, the hardware recognizes it for it's supposed to be .. an audio CD and plays it normally.

 

Case 2 - When the CD is inserted into a PC, the PC sees the data track and is led to believe that a data CD is inserted (which it is, in fact). The autorun then asks if you want to install a player with which you're able to play this CD ( It makes you believe that this proprietary player MUST be installed and is the only way you can listen to the CD tracks on your PC). The setup then proceeds to install this player and in some cases additional software which allows the owner to make 2 or 3 more copy-protected copies of the CD. That's when the EULA is displayed. Nowhere however, is the fact mentioned that software installed will NOT be visible to the user or is using dubious methods of staying in memory. That's the major bone of contention.

Share this post

Link to post
Share on other sites

Jguy101    0

Jguy101
Posted
Yeah, heard about this on the news a couple of hours ago. Even though they've released a patch, the whole thing is stupid; people intent on piracy are still going to find a way, so it's really just not letting people who won't pirate create many multiple copies for their personal use. My dad did that with tapes; he'd make copies of the original so he didn't have to buy a new tape if the one he used got broken, and just have to make a new copy.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept