Progarchives.com has always (since 2002) relied on banners ads to cover web hosting fees and all.
Please consider supporting us by giving monthly PayPal donations and help keep PA fast-loading and ad-free forever.
/PAlogo_v2.gif "Progarchives.com Homepage") |
|
Post Reply 
|
| Author | ||
Certif1ed 
Special Collaborator 
Honorary Collaborator Joined: April 08 2004 Location: England Status: Offline Points: 7559 |
 Topic: Sony CDs - WARNINGPosted: November 11 2005 at 08:27 |
|
|
Here's a warning to anyone who buys CDs; Sony are using a technology that is essentially a root kit - a collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network. This root kit enables virus writers to insert their own code, well and truly hidden and virtually unremovable, on your computer (if you're using a PC) - and there's already a virus that takes advantage of this hole. Sony's EULA for this software basically says "Tough luck if your computer breaks - we're not responsible and don't care. Your call. Listen to the music and take the risk, or simply enjoy looking at the pretty patterns on the CD".
This is a top-level link from the BBC; http://news.bbc.co.uk/1/hi/technology/4413856.stm This is a slightly more technical link from The Register - with links to loads of related articles http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/ This link is part of a blog by highly respected Windows wizard Dr Mark Russinovich, who found it, and is highly technical in nature; http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-d igital-rights.html
|
||
 |
||
|
Certif1ed
Special Collaborator
Honorary Collaborator Joined: April 08 2004 Location: England Status: Offline Points: 7559 |
Posted: November 11 2005 at 08:32 |
|
|
...and this has JUST appeared on the BBC about the virus: |
||
|
||
|
MikeEnRegalia
Special Collaborator
Honorary Collaborator Joined: April 22 2005 Location: Sweden Status: Offline Points: 20563 |
Posted: November 11 2005 at 08:35 |
|
|
As far as I know this technique is not yet used for european CDs ... but I very well might be using some U.S. import CDs. This proves how important a good Firewall is these days. I surely will avoid these CDs ... Firewall or not, I will not have someone take control of my PC just so that I can listen to the music. |
||
|
||
|
chopper
Special Collaborator
Honorary Collaborator Joined: July 13 2005 Location: Essex, UK Status: Offline Points: 19952 |
Posted: November 11 2005 at 08:46 |
|
|
Nice one Sony.
|
||
|
||
|
cobb
Forum Senior Member 
Joined: July 10 2005 Location: Australia Status: Offline Points: 1149 |
Posted: November 11 2005 at 09:11 |
|
|
Interesting reading Certif1ed. The modified EULA reads a lot like a rogue malware product, than a trusted company agreement. DRM was only ever going to produce problems for one type of person, the honest user.
|
||
|
||
|
cobb
Forum Senior Member
Joined: July 10 2005 Location: Australia Status: Offline Points: 1149 |
Posted: November 11 2005 at 09:13 |
|
|
This silent installer has not much to do with a firewall Mike, it's already on the wrong side of the wall.
|
||
|
||
|
MikeEnRegalia
Special Collaborator
Honorary Collaborator Joined: April 22 2005 Location: Sweden Status: Offline Points: 20563 |
Posted: November 11 2005 at 09:23 |
|
|
I know that. But the Firewall alerts me if the software tries to communicate with the internet ... and if a trojan installs a "backdoor", the firewall blocks other computers from opening connections to my computer (portscan etc.). I know that there are ways to avoid detecting outgoing communication ... but most of the time trojans are not as cleverly written as one might think. BTW: I guess running Windows with restricted rights would prevent this software from installing ... but it also means that you won't be able to listen to it, naturally.
Edited by MikeEnRegalia |
||
|
||
|
cobb
Forum Senior Member
Joined: July 10 2005 Location: Australia Status: Offline Points: 1149 |
Posted: November 11 2005 at 09:27 |
|
|
Not the point, Mike. Sony should not be allowed to do this, full stop. You bought the right to play the CD, now they want to take control of your computer as well. Sounds slightly illegal to me.
|
||
|
||
|
Snow Dog
Special Collaborator
Honorary Collaborator Joined: March 23 2005 Location: Caerdydd Status: Offline Points: 32995 |
Posted: November 11 2005 at 09:31 |
|
|
^ Thiis is why they are being sued!
|
||
|
||
|
||
|
MikeEnRegalia
Special Collaborator
Honorary Collaborator Joined: April 22 2005 Location: Sweden Status: Offline Points: 20563 |
Posted: November 11 2005 at 09:40 |
|
|
Sure. What I'm trying to say here is that with a proper firewall and anti virus software installed, the risk of this software becoming a security risk is marginal. Of course I agree that it's not ok for them to do this ... ANY software installer should ask the user prior to installing, and give the user a chance to disagree. |
||
|
||
|
goose
Forum Senior Member
Joined: June 20 2004 Location: United Kingdom Status: Offline Points: 4097 |
Posted: November 11 2005 at 11:05 |
|
It's entirely undecectable by traditional anti-virus because it installs itself in high level code that's already part of Windows (if I read correctly, that is.) I'm not sure where it stands with firewalls though. |
||
|
||
|
MikeEnRegalia
Special Collaborator
Honorary Collaborator Joined: April 22 2005 Location: Sweden Status: Offline Points: 20563 |
Posted: November 11 2005 at 12:10 |
|
|
^ Once the anti virus software is aware of that installer, it can be blocked. If the software is already installed prior to the anti virus software (or an update of it), it won't be detected.
|
||
|
||
|
Certif1ed
Special Collaborator
Honorary Collaborator Joined: April 08 2004 Location: England Status: Offline Points: 7559 |
Posted: November 12 2005 at 10:03 |
|
|
If you look at the dissection by Mark Russinovich, you'll notice that the Rootkit installs itself at a level just beneath the Windows CD Drivers. Sony did not originally ship the software with a means of uninstallation (something that fails Windows Certification tests, by the way), but have since released a patch that is supposed to uninstall it. Dr Russinovich discovered that any method of uninstalling the patch carries a high risk of causing a Windows system to blue screen, and the Sony driver is even used in Safe Mode, so restoring a system that it crashes carries a risk of losing data. Although the Anti Virus companies are already on the case, Dr Russinovich discovered this hole on 31st October, and a Virus only needs a few seconds to wreak havoc. The virus was discovered yesterday.
A few tips from a paranoid computer user; If you turn Autoplay off, no software cannot install itself unbidden from a CD. Log in as a non Administrative User for your main activities, and make sure that the Administrator password is strong. Always keep your Anti-virus software up to date. Windows Firewall should be switched on if you have it - it's much better than nothing, although it can be circumvented by clever virus writers - all it does is block ports at a software level on the computer. I use a hardware router with built in firewall that blocks ports at the network layer - no Windows software will ever circumvent that.
Even better, install Linux, and use that for Internet-related activites, switching to Windows only when you need to run Windows software. There are very, very few viruses that affect Linux - and absolutely no Windows DRM |
||
|
||
|
Tony R
Special Collaborator
Honorary Collaborator / Retired Admin Joined: July 16 2004 Location: UK Status: Offline Points: 11979 |
Posted: November 12 2005 at 10:18 |
|
|
Sony has abandoned it! |
||
|
||
|
Certif1ed
Special Collaborator
Honorary Collaborator Joined: April 08 2004 Location: England Status: Offline Points: 7559 |
Posted: November 12 2005 at 10:22 |
|
|
Yay!! Let's hope this is the beginning of the end of Media companies treating customers as if they're pirates before proven innocent.
|
||
|
||
|
cobb
Forum Senior Member
Joined: July 10 2005 Location: Australia Status: Offline Points: 1149 |
Posted: November 14 2005 at 05:42 |
|
|
No wonder Sony have abondoned it, here's Microsoft view on the rootkit
(quote) Sony DRM RootkitI've been getting a lot of questions in the last week about Microsoft's position on the Sony DRM and rootkit discussions, so I thought I'd share a little info on what we're doing here. We are concerned about any malware and its impact on our customers' machines. Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems. We use a set of objective criteria for both Windows Defender and the Malicious Software Removal Tool to determine what software will be classified for detection and removal by our anti-malware technology. We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta, which is currently used by millions of users. This signature will be available to current beta users through the normal Windows AntiSpyware beta signature update process, which has been providing weekly signature updates for almost a year now. Detection and removal of this rootkit component will also appear in Windows Defender when its first public beta is available. We also plan to include this signature in the December monthly update to the Malicious Software Removal Tool. It will also be included in the signature set for the online scanner on Windows Live Safety Center. |
||
|
||
|
Certif1ed
Special Collaborator
Honorary Collaborator Joined: April 08 2004 Location: England Status: Offline Points: 7559 |
Posted: November 14 2005 at 09:21 |
|
|
||
|
ElwoodHerring
Forum Senior Member
Joined: November 12 2005 Location: United Kingdom Status: Offline Points: 232 |
Posted: November 15 2005 at 19:14 |
|
|
http://blogs.washingtonpost.com/securityfix/2005/11/the_bush _admini.html http://www.sysinternals.com/blog/ http://www.eff.org/IP/DRM/Sony-BMG/?f=open-letter-2005-11-14 .html There is plenty more information going around on the same subject. Just google for any combination of the words SONY, rootkit, russinovich, DRM, "First 4 Internet" etc. If you have played any CDs on your home computer which have Sony's DRM copy protection on then, then your pc has been COMPROMISED. Virus writers are already frantically working to exploit the security holes that SONY have opened up. If your system is infected you might be able to get compensation from Sony if they are found guilty of any of the SIX class-action lawsuits currently filed against them. Edited by ElwoodHerring |
||
|
[IMG]http://www.herring.pwp.blueyonder.co.uk/DRMkillb.JPG">
Right the Copyright Wrongs (Bill Thompson's BBC blog - essential reading!) |
||
|
||
|
Certif1ed
Special Collaborator
Honorary Collaborator Joined: April 08 2004 Location: England Status: Offline Points: 7559 |
Posted: November 17 2005 at 07:54 |
|
|
For anyone still interested in where this is going; Sony have pulled the offending titles - but seem to think there are rather less than there appear to be, and that the effects are less widespread than they are; http://www.theregister.co.uk/2005/11/15/sony_bmg_bodycount/ http://www.theregister.co.uk/2005/11/16/sony_withdraws_xcp_c ds/ And Virus writers have begun exploiting code in the REMOVAL patch... http://news.bbc.co.uk/1/hi/technology/4445550.stm
Poor old SONY - they also got caught in the recent Internet price-rigging row; http://www.channelregister.co.uk/2005/11/15/sony_variable_pr icing/
...and then there was this rather tempting USB cable offer... http://www.theregister.co.uk/2005/11/17/sony_usb_offer/
Gosh Edited by Certif1ed |
||
|
||
|
Certif1ed
Special Collaborator
Honorary Collaborator Joined: April 08 2004 Location: England Status: Offline Points: 7559 |
Posted: December 07 2005 at 10:04 |
|
|
UPDATE: Sony are in trouble over a vulnerabilty in other software it surruptiteously installs on computers - not only that, but other companies use this particular software too. The software not only contains a newly exposed vulnerability to viruses and hackers, but also communicates stuff back to base about your music (and presumably browsing) habits, and it's next to impossible to uninstall... http://www.theregister.co.uk/2005/12/07/sony_cd_security/ Remember, it's YOUR computer, and YOUR copy of the music that you paid for!!! |
||
|
||
|
Post Reply
|
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Sony CDs - WARNING
Topic Options
cobb wrote:
