sparx 0 Report post Posted November 7, 2005 If you haven't already heard the buzz created by the discovery of a potential malware-type software (called a root-kit) installed when a SONY-BMG Copyright Content protected Audio CD is played, head here. To make a long story short, when you try to play a content protected Audio CD on your PC, proprietary software is installed allowing you to play that CD and to create up to 3 additional protected copies of that CD. What was wrong was the implementation - SonyBMG tried to hide the proprietary software using rootkit technology a method that is usually associated with the installation of something that tries to stay hidden on your system. Root-kits are usually intended to conceal running processes and files or system data, which helps an intruder maintain access to a system for malicious purposes. But for a content-protected Audio CD that you've paid for and agreed to an EULA (in which nothing like this is expressly mentioned) this sort of stay-hidden programming is a big no-no in my and many others' books. SonyBMG has now (wisely) bowed to public pressure and released a patch which will de-cloak the files and registry entries in use. Just one more attempt by big companies trying to think for us and install stuff that a user might perhaps not want or agree to. Share this post Link to post Share on other sites
jcguy 0 Report post Posted November 9, 2005 This is clearly a very wrong move by Sony. By using such tricks, even if the intention is to prevent copyright infringement, it makes Sony no different from the many spyware and malware companines out there. If this is accepted then it may well lead to a herald of companies installing such stuff on our computers. Share this post Link to post Share on other sites
Cassandra1405241487 0 Report post Posted November 9, 2005 There's a very good (IMHO) article on the subject by the famed Steve Gibson at https://www.grc.com/SecurityNow.htm . It's available in various textual and audio formats. Share this post Link to post Share on other sites
finaldesign1405241487 0 Report post Posted November 10, 2005 To make a long story short, when you try to play a content protected Audio CD on your PC, proprietary software is installed allowing you to play that CD and to create up to 3 additional protected copies of that CD. 1064328898[/snapback] hmm, How the heck is possible, for one CD when it's inserted, to install rootkit, to system, and run it?!? Share this post Link to post Share on other sites
Cassandra1405241487 0 Report post Posted November 10, 2005 hmm, How the heck is possible, for one CD when it's inserted, to install rootkit, to system, and run it?!? 1064329196[/snapback] I haven't actually seen it, but from what I understand - ased on what I heard in the interview with Steve Gibson I cited above, when the CD either autoruns or when you try to run it using the normal Windows software, it gives you a EULA screen, and if you hit OK, it installs the rootkit and whatever other software it feels like installing. Share this post Link to post Share on other sites
sparx 0 Report post Posted November 10, 2005 hmm, How the heck is possible, for one CD when it's inserted, to install rootkit, to system, and run it?!? 1064329196[/snapback] These CDs (content-protected) are NOT Audio CDs in the true sense of the term - they're a hybrid consisting of an Audio section where the tracks are stored and a data section where the proprietary player software installation files are stored. Case 1 - When inserted into a normal Audio CD player, the hardware recognizes it for it's supposed to be .. an audio CD and plays it normally. Case 2 - When the CD is inserted into a PC, the PC sees the data track and is led to believe that a data CD is inserted (which it is, in fact). The autorun then asks if you want to install a player with which you're able to play this CD ( It makes you believe that this proprietary player MUST be installed and is the only way you can listen to the CD tracks on your PC). The setup then proceeds to install this player and in some cases additional software which allows the owner to make 2 or 3 more copy-protected copies of the CD. That's when the EULA is displayed. Nowhere however, is the fact mentioned that software installed will NOT be visible to the user or is using dubious methods of staying in memory. That's the major bone of contention. Share this post Link to post Share on other sites
Jguy101 0 Report post Posted November 11, 2005 Yeah, heard about this on the news a couple of hours ago. Even though they've released a patch, the whole thing is stupid; people intent on piracy are still going to find a way, so it's really just not letting people who won't pirate create many multiple copies for their personal use. My dad did that with tapes; he'd make copies of the original so he didn't have to buy a new tape if the one he used got broken, and just have to make a new copy. Share this post Link to post Share on other sites