Sony, Rootkits and Digital Rights Management Gone Too Far

Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden (see my “Unearthing Rootkits” article from thre June issue of Windows IT Pro Magazine for more information on rootkits). The RKR results window reported a hidden directory, several hidden device drivers, and a hidden application:

Given the fact that I’m careful in my surfing habits and only install software from reputable sources I had no idea how I’d picked up a real rootkit, and if it were not for the suspicious names of the listed files I would have suspected RKR to have a bug. I immediately ran Process Explorer and Autoruns to look for evidence of code that would activate the rootkit each boot, but I came up empty with both tools. I next turned to LiveKd, a tool I wrote for Inside Windows 2000 and that lets you explore the internals of a live system using the Microsoft kernel debugger, to determine what component was responsible for the cloaking.

Rootkits that hide files, directories and Registry keys can either execute in user mode by patching Windows APIs in each process that applications use to access those objects, or in kernel mode by intercepting the associated kernel-mode APIs. A common way to intercept kernel-mode application APIs is to patch the kernel’s system service table, a technique that I pioneered with Bryce for Windows back in 1996 when we wrote the first version of Regmon. Every kernel service that’s exported for use by Windows applications has a pointer in a table that’s indexed with the internal service number Windows assigns to the API. If a driver replaces an entry in the table with a pointer to its own function then the kernel invokes the driver function any time an application executes the API and the driver can control the behavior of the API.

...

The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

I couldn't agree more: this is going too far. As reward for being a honest customer, one gets his/her system trashed with potential security vulnerabilities and borderline illegal modifications. :grr:
Listening to audio CDs. Another thing one shouldn't do while logged in as admin.

...download it with a P2P program, preferrably under Linux. Isn't that ironic?

join the smug crowd with the Mac users over there. For all your smugness, you get zero sympathy when there is no compatible software and zero sympathy when no one supports it other than the community of tweaks who want to be the anti-Windows crowd.

Red Hat should be a drink, not software. And you can blather on for hours as to the wonderfulness of Linus without a blanket, but the fact remains that for better or worse, the world runs on Windows.


And Intel, which must piss Mac uses off no end now that they're no longer bastard children, wins the processor war. It was invertible that the hardware would be the same. Corporate America demanded it. And now when Gates and Intel get done with their dividing of the spoils, they'll buy Linux and bury it. Along with AMD. It's the conservative way. Competition, why? Look there's plenty.

I need more coffee.

:thumbsup:
Yes, a breakthrough for Linux desktops is unlikely to say the least, but the case stands: A Linux user is considerably better protected from stunts like the one Sony pulls.

Open source to him means writing his own version so that all but the most fringe of lunatics locked in their water-cooled paradises' will open their wallets and bow to him.

The debate could go on forever, but a perfectly good ops in 2000 was replaced by a perfectly complicated ops in 2003 and the same cycle is expected in a year or so.

Because Bill says so.

:rofl:

And please now inform us how Gates is going to buy Linux.

After all, who owns Linux to buy it from? Not just Linus Torvalds, but all the contributing developers. Gates will have to track down every single one of them and persuade them to sell their interest.

Be quite assured that if it was possible, he would already have done it.

I vote for your post as most moronic post of the year. Well done! :applause:

If Linux is so good, why isn't it good enough for Elementary school?


And I'll tell Charlie Brown that Linus' cousin Torvalds is still waiting for him. Now where's that eraser.

On edit;

I wondered what you'd do with $100 million and I know.

Nothing, because you'd still be trying to convince everyone that Linux works as well as Windows.

Apache on Unix/Linux is still by far the leading web server. Any sort of heavy lifting at the enterprise level is done (still) with mainframes, or with minicomputers and servers running Unix.

Windows owns the desktop and has penetration in the small server space, but Unix (and its derivatives) still has the upper hand-- and will for quite some time.

Unix has 20 years on Windows as far as maturity and track record. Sure it's not as "sexy", but it does a lot of the grunt work that makes the computing world go round.

For some reason I feel Zuni should post in this thread. Something. Anything.

you can do it digitally

Imagine how bad it is for people who aren't even aware of cookie use?? Or for their kids who install every bit of garbage thrown at them while they surf. Marketing software that kicks in when you view sites and up pops a coupon for a product, already including their name and address pilfered from their unsecured and quite frankly uncared for systems. Systems that take 20 minutes to start up so much shit is autorun that shouldn't be there.

Few if any care about this battle but everyone complains about how bad their systems run. For those who fight, they're up against the king of scumbags Bill Gates, who sees nothing wrong with how his software is used as long as he gets paid over and over and over again for it by everyone.

Fight the good fight, but when giants like Sony (who probably embedded their software with your DVD or CD/CD-RW or viewing application) who want nothing more than to turn every screw for every cent they can get from you and I, it will be like pissing uphill in winter on a mountain, you'll get the blow back and frustrations, not them.

They've instantly gained a ton of really bad PR by doing this. Specific tools will now be written to remove this software without destroying the OS in the process which will render the anti-piracy feature useless.

Maybe Sony should look at the reasons behind the piracy instead of developing ill-thought-out programs to stop it.

They're almost impossible to remove, and they're always deployed surreptitiously. Only virus authors and other nefarious malware authors write this garbage. Oh well, those cretins help keep me working, but it'll be hard to resist the temptation to enjoy a bit of schadenfreude when I tell someone I have to completely reformat and re-partition their hard drive because they played a Sony BMG CD on their PC, and that Sony ruined their computer.

Sony now has a rather large ostrich egg on their face, and I think it's funny. Especially since their electronics quality has gone down the toilet since the death of founder Akio Morita (who almost certainly would never have stood for this nonsense). Sony was a great company when Morita-san had the reins, now it's a pathetic version of its former self.

Todd in Beerbratistan

I have no idea what they are talking about, but would like a layman's explanation.

And to make matters worse, said software gets installed automatically when one puts the cd it into the cd drive (on a vanilla windows, that is) - no warning, no notification, no sign that it is present.

The icing is that there is no easy way to uninstall the software, trying to do so without the know-how essentially breaks the windows installation.

And if all that weren't enough, the software is buggy and a security hazard - it can cause errors and other programs - vira for example - can hide in its wake.

Or do the lawmakers let it slide as merely a side-effect of licensing and anti-piracy legislation and investigation?