« Windows Live (beta) | Main | Owner of UNA shot »
November 3, 2005
Sony Rootkit found on Van Zant (and other) DRM'ed CDs
There is no breaking news that Sony has been found distributing a rootkit on some of their most recent DRM'ed CDs, such as Van Zant's - Get Right With The Man. Besides creating a huge interest in Van Zant's music, this triggered practically hundred of thousand of angry voices at this unheard of abuse from Sony. Just to give you an ideea:
I Don't Buy Content/Copy-Protected Cds, October 19, 2005
Reviewer: J. H. Smith "Fair Use Advocate" (Easton, PA USA)
No offense to the brothers Van Zant, but I'll never buy this CD because it's copy protected. I don't have an MP3 player and I don't download music illegally, but I DO make mix CDs from my own discs, so I couldn't do that here. This is an infringement of my fair-use rights and I refuse to go along with it - and so should you.
Safer to download!, November 3, 2005
Reviewer: Elvis
After reading these reviews I decided it was probably safer to download it using Emule, Nice one Sony BMG!
This CD, plus all others by Sony that have copy protection, install Malware, November 3, 2005
Reviewer: PhilNZ (Switzerland)
If you install this Malware, hidden software will be installed on your computer, that runs without your knowledge, uses your CPU and RAM constantly, and can NOT BE REMOVED!
For a detailed analysis go to sysinternals and search for rootkit
Sony's scheme worse than you thought, November 3, 2005
Reviewer: T. Rowe "Tolkien Fan" (Georgia)
Again, no offense to the Van Zant brothers (they should switch lables if they can). The hidden program and directories that the copy protection method installs on your system can be used by viruses to hide from AV software. DO NOT buy Sony CD's until they quit using this scheme.
Even if you own a non-windows machine, I don't think Sony should be patronized.
I rate this a 1 only because of Sony. I like the Van Zant's music, but won't buy this one.
I could include more, but you get the point. Now, back to our story. Unheard? Sure thing - no. Because DRM is not something new by all means, and because there have been cases of rootkits being distributed with DRM'ed CDs in the past.
So what is different this time?
Basically, it's the "last drop" effect. You buy a music CD from Amazon, put it into your Windows computer for playing and Accept the EULA (you just paid for it, right?). Then you click Yes/OK during the next dialogs warning you that there is something fishy going on, such as a music CD installing drivers into your system. Later, you run a regular anti-rootkit tool, such as Rootkit Revealer or F-Secure's BlackLight, and surprise - they say you have a rookit! Which in theory is bad, right? Rootkits are there because hackers installed them in the first place to get further access to your machine, to keep the door open, or because some tricky malware put them into your system to cover its tracks. The source of the rootkit? Well, the last Audio CD from Sony, which presumably thought you are a dark ugly pirate which will undoubtely rip their CDs first thing after putting it in the computer. So much for the honest customer presumption - and even better, while you run the treacherous rootkit on your system, the pirates just use Linux or MacOS or even Windows to rip the CD and upload it on the web or distribute it in some other form. But you are a single voice in a large ocean called the Internet, so nobody hears your angry screaming. But then, somebody else falls victim to this, and there are two voices screaming. And more. And more... until you reach the final drop.
Luckily, the last drop is good, and there's a positive outcome of this whole story. Sony removed the stealthy rootkit from their latest Aurora (the name of the DRM scheme they use) update and hopefully, future Van Zant albums will come out clean of Windows drivers and other hidden/hiding software. One maybe not so positive outcome for Sony is that now even more people will go to P2P networks to download "clean" copies of DRM'ed packages, which maybe they would have bought in the first place. In all cases, I can bet Apple's iTunes will become even more popular; at least their DRM content doesn't open hidden backdoors into your system.
For the Italian-enabled readers, my friend Marco Giuliani at HWUPGRADE.IT came up with the following interview. Thanks again, Marco!
Posted by Costin Raiu at November 3, 2005 6:19 PM
Comments
That Sony stunt surely backfired.
I have no statistics about how many CD buyers are actually using computers to listen to them but i`d expect some damage of Sony`s image overall.
What was surprising to me is the fact that this "rootkit" was found "poorly coded". One would think that a company of that level could have done better (putting aside the disagreement with use of such technique for amoment).
Greetings,
Micha
Posted by: Micha 
at November 5, 2005 6:20 AM