-Caveat Lector-
Begin forwarded message: Date: November 6, 2005 8:01:54 PM PST Subject: Fwd: Even Your Music is Spying on You
Date: November 2, 2005 1:21:15 PM PST Subject: Even Your Music is Spying on You
![]()
Is Sony Trying to Kill the CD Format for Music?
| ![]()
By now, you've probably heard the news that Sony, the media giant, has been quietly installing hidden software on PCs, when people buy music albums published by Sony BMG Music, and try to play them on their computers. The software, called Extended Copy Protection (or XCP) uses rootkit techniques similar to those used by viruses, Trojan horse programs, and spyware to hide the fact that it is installed from the user.
The discovery, by security expert Mark Russinovich (whose outfit, Sysinternals.com, makes several free Windows utilities I find invaluable in diagnosing spyware infestations), details how Sony uses commercial software that automatically installs itself when you put a music CD in a Windows PC's CD drive.
Russinovich's own anti-rootkit software, Rootkit Revealer, as well as the Blacklight rootkit detection utility (made by F-Secure, an antivirus company), now detect the software used by Sony, which was licensed from a British firm called First 4 Internet.
The bigger question people have got to ask is, does Sony not respect the integrity of the computers of its customers? This cavalier act of sneaking software onto PCs not only violates our own Prime Directive -- it's our PC, dammit -- but threatens the entire music industry.
After all, if you suspect that a commercial CD will install software secretly, which you won't be able to remove and which, itself, may increase the already-great security problems of your Windows PC, would you continue to buy CDs?
I'll tell you right now, I won't. I'd much rather buy an unrestricted copy of a song electronically, using iTunes, or Rhapsody, or one of the other music services that offer this feature, than take a chance that some music disc will stick some hidden files in my Windows folder, which I can't see or remove.
Sony has dealt itself a serious blow, and the best thing it -- and the rest of the music publishers -- can do right now is condemn this practice, apologize to the customers that were affected, provide a method to get this junk off affected PCs, and make declarations that they will never, ever do this again.
I don't think they will. And if they don't, I simply won't buy CDs anymore. Period. From any publisher. And I recommend that you don't, either. As a fan of music who respects the need for artists to make a living, and a security-savvy PC user, I'm incensed that Sony -- any company -- would think it's OK to do this. It's not. But the only way (I can see) to send that message effectively to Sony BMG executives is to vote against CDs with my wallet.
Sony was crucial in creating the CD format more than 25 years ago. In this age where every purchasing choice we make affects the level of control we have over our PCs, they seem to be committed to killing it.
|
------------------------- insider_reports_insider ]
Sony Distributing Spyware
John Stith | Staff Writer
2005-11-02
| | |
Sony, in their futile digital rights management efforts, has taken to playing dirty with the music CDs. Multiple security sources are confirming the existence of spyware in the form of rootkits on Sony's music CDs. This behavior is unethical in the eyes of many and the legality may be questionable as well.
Editor's Note: One of the biggest issues today is protecting computers from spyware. How can users do that when something so simple as listening to a music CD can put the computer at risk? Tell us your thoughts on WebProWorld.
The first point will be to define rootkits. F-Secure said this about it on their blog: Rootkit is technology that hides software from the user and security software. This kind of technology is normally used by malware authors that want their presence to remain undetected in the system as long as possible. DRM software is not malicious but it has other reasons for hiding from the user. DRM software restricts the user's ability to make copies of a record and for that reason uses technology that prevents removal and modification of the software. F-Secure went on to say Sony BMG is using the rootkit-based DRM on some CDs sold in the U.S. and the system may have been in use since March of 2005. The real irritating part is even when one reads the End User License Agreement, there's no mention of software being installed on the computer. Mark Russinovich over at SysInternal said this on the company blog: At that point I knew conclusively that the rootkit and its associated files were related to the First 4 Internet DRM software Sony ships on its CDs. Not happy having underhanded and sloppily written software on my system I looked for a way to uninstall it. However, I didn't find any reference to it in the Control Panel's Add or Remove Programs list, nor did I find any uninstall utility or directions on the CD or on First 4 Internet's site. I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall. Now I was mad.
I deleted the driver files and their Registry keys, stopped the $sys$DRMServer service and deleted its image, and rebooted. As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.
When I logged in again I discovered that the CD drive was missing from Explorer. Deleting the drivers had disabled the CD. Now I was really mad. Windows supports device "filtering", which allows a driver to insert itself below or above another one so that it can see and modify the I/O requests targeted at the one it wants to filter. I know from my past work with device driver filter drivers that if you delete a filter driver's image, Windows fails to start the target driver. I opened Device Manager, displayed the properties for my CD-ROM device, and saw one of the cloaked drivers, Crater.sys (another ironic name, since it had ‘cratered' my CD), registered as a lower filter. Both F-Secure and SysInternals said conventional means won't get rid of the file. They said if you just delete it, it could "cripple" your computer. Mikko at F Secure said the fix has to come directly from Sony BMG via their website. Users have to fill out a web form and ask directions on how to remove the rootkit directly from Sony. This will certainly create strife in some of the music industry. This unethical behavior by Sony shows the lengths companies are willing to go to protect the music. Passing around malware in the form of rootkits could create real problems for many computer users and possibly leave them susceptible to other hackers in the future. The whole purpose of this rootkit is to be sneaky and stick stuff in they don't want you to know about.
This issue is now one of integrity. They own the rights to all this material and obviously are willing to use any means to prevent the filesharing of that material. While the filesharing has hurt the current business model, they insist on continuing down the current path of unethical means to protect that model. The path they go down not only destroys consumer trust, it puts those consumer at a potential financial loss, even if they've done nothing wrong. Now Sony has become no better than those they claim to fight against. The hypocrisy knows no bounds.
www.ctrl.org
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are unwelcomed. Substance—not soap-boxing—please! These are
sordid matters and 'conspiracy theory'—with its many half-truths, mis-
directions and outright frauds—is used politically by different groups with
major and minor effects spread throughout the spectrum of time and thought.
That being said, CTRLgives no endorsement to the validity of posts, and
always suggests to readers; be wary of what you read. CTRL gives no
credence to Holocaust denial and nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://www.mail-archive.com/ctrl@listserv.aol.com/
<A HREF="">ctrl</A>
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
|
