Removing Sony's CD 'rootkit' kills Windows - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 11-01-2005, 06:46 AM   #1 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Removing Sony's CD 'rootkit' kills Windows

Sysinternals' Mark Russinovich has performed an analysis of the copy restriction measures deployed by Sony Music on its latest CDs: which he bluntly calls it a 'root kit'. Using conventional tools to remove Sony's digital media malware will leave ordinary users with a dead Windows systems.

While the Sony CDs play fine on Red Book audio devices such as standard consumer electronics CD players, when they're played on a Windows PC the software forces playback through a bundled media player, and restricts how many digital copies can be made from Windows.

A 'root kit' generally refers to the nefarious malware used by hackers to gain control of a system. Root kits have several characteristics: they finds their way onto systems uninvited; endeavor to remain undetected; and then may either intercept system library routines and reroute them to its own routines, or replace system executables with its own, or both - all with the intention of gaining system level ownership of the computer.

What makes Sony's CD digital media software particularly nasty is that using expert tools for removing the parasite risks leaving you with a Windows PC that's useless, and that requires a full reformat and reinstall.

So is Sony bundling a root kit, or is it the latest in a long line of clumsy, and sometimes laughably inept attempts to thwart the playback of digital media on PCs?

We were inclined to the latter - but in practical terms, for ordinary users, the consequences are so serious that semantic distinctions are secondary.

In actuality both, reckons Russinovich. It's a 'root kit' that arrived uninvited, but it's also "underhanded and sloppy software" , that once removed, prevented Windows from playing his CD again (Van Zant's 'Get With The Man') he notes in his analysis.

The Sony CD creates a hidden directory and installs several of its own device drivers, and then reroutes Windows systems calls to its own routines. It intercepts kernel-level APIs, but then attempts to disguise its presence, using a crude cloaking technique.

Disingenuously, the copy restriction binaries were labelled "Essential System Tools".

But the most disturbing part of the tale came when Russinovich ran his standard rootkit-removal tool on the post-Sony PC.

"Users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files," he writes.

Which puts it in an entirely different class of software to the copy restriction measures we've seen so far, which can be disabled by a Post-It note. Until specialist tools arrive to disinfect PCs of this particular measure.®
__________________

__________________
Osiris is offline  
Old 11-01-2005, 08:16 AM   #2 (permalink)
Chillin Techie
 
Join Date: Nov 2004
Location: USA
Posts: 11,861
Default

there a way around everything. use a home cd and send the digital signal to a computer. somebody did a similar trick 2 years ago and they were outlaw from using it. it would basically unistall your drivers if you insert their cd into a pc

what everybody should do is boycott sony products, since they so stuck on preventing you from copy anything
__________________

__________________
The Ultimate Hard Drive Utility PowerMax 4.23. (It now has the ability to clean a Boot Sector virus on the quick erase option.)
The best browser Netscape 8
Have you accidently delete something? Look here (trial. the better one) and here(free)
EricB is offline  
Old 11-01-2005, 11:13 AM   #3 (permalink)
Master Techie
 
Join Date: Oct 2003
Posts: 2,258
Default

Please get your notes right! The article clearly only skimmed over the posting from Mark Russinovich. Read the whole thing. removing the root kit will not cripple your machine as long as you get all of it.
Read the whole article...

http://www.sysinternals.com/blog/200...al-rights.html

PS. Warez,
you need to list your source. the site can get in trouble for plagiarism if you just copy and paste from another site. Add a link to where you got it from. it's pretty simple...
Inaris is offline  
Old 11-01-2005, 11:42 AM   #4 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

For what? I always post the whole article. Giving a reference to the site isnt going to give any more info that what I always post. What the different if I'm a poster for www.jcxp.net and post the same article on their website from www.theregister.com? It's not like I pull these articles outa my *** so there is no reason to suspect a ****ty post. I always get my info from the register.com
__________________
Osiris is offline  
Old 11-01-2005, 11:54 AM   #5 (permalink)
Master Techie
 
Join Date: Oct 2003
Posts: 2,258
Default

Doesn't matter. it's plagerism. You have to post a source. if they decide to get upset about it, guess who gets the fault. The website. not the user who put them up. it's something you should have learned in school. If you don't post who it's from, you are taking the credit...
Look at the end of here:
News.com story is here and searchenginewatch is here.®

not even theregister will fully quote. I know it's based on visability, but why risk it. it's easy to just add a link.
Inaris is offline  
Old 11-01-2005, 12:28 PM   #6 (permalink)
Master Techie
 
RicoDirenzo's Avatar
 
Join Date: May 2005
Posts: 2,102
Default

This is a easy problem to overcome. Put the CD in cd player. RCA Jacks to any Hard Disk recorder. Matered in Adobe Audition or like program. Re-master the cd and stick it in limewire. These cd producers using copy protection are only protecting themselves against the people who won't copy the CD in the first place. They just sufficiently "piss off" the people with whom they should be communicating for a reasonalble solution to the copy protection issue..........the geeks who read this stuff including me. They are a group of arrogant nitwits!!! I hope sony reads this.......a bunch of totalitarian jackasses be you(Yodaneese).

Edit: Is this a problem for systems administrators? If you are managing a network, say a corporation or government agency, and your workstations users are playing Sony CD's on their workstations....???????????? Yikes......this could get ugly!!!!! Sony will be sued over this....guarenteed......they need to include malware in thier EULA, which to date, they do not!!!!!
__________________
Noli Nothis Permittere Te Terere!!
EVGA 680i, Dual EVGA 8800GT'S (650/950), 4 gigs OCZ DDR2 1066, Intel Q9450 at 3.8 Ghz, Koolance Water Cooled, Dual Plextor16x DL DVD+/-RW. Dual WD 250gb 16mb Cache Sata 3.0. 3DMark06 score = 19,168.
RicoDirenzo is offline  
Old 11-03-2005, 08:54 AM   #7 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Sony to offer patch for 'rootkit' DRM

Sony BMG said today it will offer a patch for one of its own exploits - one that comes bundled with its music CDs.

The code cloaks itself and by intercepting and redirecting low level windows system calls, forces the audio through a custom player, and restricts the number of CD burns that can be made.

As Sys Internals' Mark Russinovich discovered this week, removing the Sony code using standard anti-malware tools leaves the user with an inoperable CD drive.

Russinovich also pointed out that because the cloaking technique it used to hide itself was so crude, malware authors could hide their own nefarious programs on users hard disks using Sony's DRM software.

However, the patch that Sony will offer doesn't remove the 'rootkit' DRM: it only makes the hidden files visible.

Macintosh and Linux users are unaffected by the DRM kit, which only works on Windows PCs.

It isn't quite the "bombs" the RIAA once suggested it was developing to deter music downloads, but it's in the same spirit.

At time of writing, we don't have a download link from Sony or First 4 Internet Ltd, the British company that developed it . There's merely the standard problem-reporting form.

Anti-malware company F-Secure discusses the Sony DRM software here. F-Secure says its rootkit detection software will spot the hidden files, but strongly advises users not to remove it using its Blacklight software, and instead advises users to contact Sony.

"If you find this rootkit from your system, we recommend you don't remove it with our products. As this DRM system is implemented as a filter driver for the CD drive, just blindly removing it might result in an inaccessible CD drive letter," advises F-Secure.

It is alarming how little outrage there is from ordinary PC users. While Register readers are well versed in the restrictions of DRM and the dangers of malware, there's little sign the public shares this knowledge.

Incredibly, the Sony DRM malware has been out on the market for eight months and is bundled on 20 CD titles. Sony said it hadn't received a single complaint until this week. So, disturbingly, most people either haven't run into serious problems yet, or even more disturbingly, don't find the Sony DRM particularly onerous. We pray it's not the latter.

However, Sony's decision to offer a 'patch' that fails to remove the DRM code suggests it isn't too concerned by the howls of outrage heard this week from sophisticated PC users.

And with this level of apathy, the music giants will be emboldened to try these techniques again. And again. And again
__________________
Osiris is offline  
Old 11-03-2005, 10:32 AM   #8 (permalink)
Master Techie
 
RicoDirenzo's Avatar
 
Join Date: May 2005
Posts: 2,102
Default

All this does is piss people off. I don't download warez songs myself. I am a musician and have a production studio owner (more a hobby than a business) but I can see that this kind of behavior by Sony will start a war. You do not want to piss off the people that can make it esay for people to do the very thing that they are trying to prevent. As for me...Sony can go to hell...I will not buy a CD from those jackasses and I'll be emailing their Corporate offices saying just that!! Mindless greed!!!! Boarding on totalitarinaism. So they have a EULA lettings us all know they are doing this? Not!!!!
__________________
Noli Nothis Permittere Te Terere!!
EVGA 680i, Dual EVGA 8800GT'S (650/950), 4 gigs OCZ DDR2 1066, Intel Q9450 at 3.8 Ghz, Koolance Water Cooled, Dual Plextor16x DL DVD+/-RW. Dual WD 250gb 16mb Cache Sata 3.0. 3DMark06 score = 19,168.
RicoDirenzo is offline  
Old 11-05-2005, 07:55 AM   #9 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

http://www.theregister.com/2005/11/04/secfocus_wow_bot/
__________________
Osiris is offline  
Old 11-05-2005, 06:59 PM   #10 (permalink)
True Techie
 
Join Date: Oct 2005
Posts: 125
Default

HAHA morons over there at sony.
__________________

__________________
\"Beware of computer programmers that carry screwdrivers.\"
Intel Pentium 4 CPU 2.40GHz ; Mainboard : Intel D845PEBT2
768MB DDR-SDRAM ; NVIDIA GeForce4 Ti 4200 with AGP8X
WD(C))56GB (2.5GB, 5% Free Space) ; WD(D)112GB (1.4GB, 1% Free Space)
WD(E)112GB (364MB, 0% Free Space) : WD(G)37GB (625MB, 2% Free Space)
WD(H)75GB (16MB, 0% Free Space) ; Creative SB Audigy LS
Linksys LNE100TX
\"Must master the google young one\"
cook is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 10:18 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.