Not all legal music makes good music

Sony music, a Rookit, and the wrong man

External Link

Check this out. Mark Russinovich's Systernals Blog.

"The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far."

Mark is an authority (understatement) on the detection of Rootkits (in essence stealth technology that enables programs to remain hidden from the OS while they perform whatever their function is). Although they can be genuinely useful for administrators trying to protect their system from abusers, they are mostly at the moment associated with Trojans, although they are increasingly being used on a wider basis for more more general malware/adware.

On a protected machine they should be reasonably preventable - so how & why did Mr Russinovich fall victim to one. Simple, he bought a Sony CD from Amazon.Com. and because he trusted the name - he gave the CD permissions he came to regret.

I encourage you to take a look, it is an object lesson in what happens when you haven't felt the need to fully understand what you're saying yes to. Also Mark illustrates his search for the offending files, which is interesting and educational for those interested in computer forensics.

As for Sony - this could and should bite them back hard. After all, if you can get hit on this level by Sony, what price the argument for not sourcing P2P because of the fear of infection. It certainly hasn't helped the music industry.

N.B. Understand that Mark Russinovich is great at what he does, and that not all Rootkits are equal. Prevention is the key, the cure is 99% of the time a total reformat of a system compromised by a malicious rootkit.

internet

Locked Post

Advanced Search

Watch this post

Do not email me updates for this post Email me updates for this post

Successfully updated karma reason!

I am glad you posted this article. I am not generally a paranoid person, but I do keep my eyes open. I had no idea that DRM had gone this far. I guess what makes me really uneasy is, if a "reputable" company which has so many holdings in not only music distribution/labels, but also hardware, is willing to commit intrusive acts such as this, how less protected can you be from other "less scrupulous" vendors? I am concerned that this problem may be inicative of a larger scheme. I believe that creators have the right to protect their content, but the disclosure of the means of protection must be transparent. Otherwise, we are going to end up in a "cold war" with DRM and consumers. Quite possibly, we could get to a time where consumers are less concerned about fidelity than privacy, and we would see more rampant sharing of content in the digital domain, absent of built in DRM schemes... more as a protest to percieved violation than as a means to "save a buck". But, that's just my two cents.

Successfully updated karma reason!

Snowman

Join Date 03/2001

+343

Not all legal music makes good music

Just listen to Britney Spears and you know that's a fact!

(Sorry, just couldn't resist)

Successfully updated karma reason!

Mark IS the authority, just check out how many and what kind of referrals he has all over the net referring to your computing safety. Everyone should rummage through his site for a little educational tour at least once. I have, and I use all applicable applications he's written on my PC for hardening, networking, and general security. By the way, his Rootkitrevealer will see WB.EXE as a possible rootkit...

Successfully updated karma reason!

Sony and others are so worried about the money they think they might be losing, they are willing to chase away paying costumers.

Successfully updated karma reason!

If you think you may have been affected or just want more information then follow this link to F-secures blog.

Link

It'll give a little more information and provides a link to a Sony BMG web form. They will then provide you with the tools needed to safely remove the rootkit.

The principle reason for removing the rootkit being - it is not in itself malicious, but it does provide a potential hiding place for malicious software. Also createsfalse positives in software, including some AV's that look for rootkits.

The hiding techniques used by the DRM software can be abused by less technical malware authors to hide their backdoors and other tools. If a malware names its files beginning with the prefix '$sys$', the files will also be hidden by the DRM software. Thus it is very inappropriate for commercial software to use these techniques.

Hopefully this will be of use to someone.

Successfully updated karma reason!