Jim Nugent said:Mike, hope you don't mind- I re-ordered some stuff to prevent a mix of top
and bottom posting...
via this
But that's only if you let the session 02 code run. I should have clarified:
Either don't let it autorun (hold down the shift key on insertion), or...
What happens if you REJECT the EULA? Does it still install stuff?
I'm talking about someone who KNOWS about the issue; I acknowledge the
problems faced by someone caught off guard by all of this. Now, I have
Autorun enabled, but if I put in an audio CD, and got a EULA in my face, I'd
abort the whole deal and do some investigating with windows explorer. But
then I'm not the average user.
Maris said:A patch has been released at lease disabling the "cloaking" function:
http://www.sophos.com/pressoffice/news/articles/2005/11/stinxe.html
or http://tinyurl.com/bxctl
John said:Maris, thanks for posting the link to this tool. I'll definitely be
keeping a copy on hand for working on other people's computers. And if
it hadn't been for Angry Andrew, I and many others in this group might
have fallen victim to Sony's Trojan. My hat off, thanks and a bow to him.
By the way, here's a bit from the site with the tool from Sophos:
"This version of the tool detects and disables the Sony DRM copy
protection technology (which Sophos refers to as Troj/RKProc-Fam) and
other Trojans, including Troj/Stinx variants, which are stealthed by
Troj/RKProc-Fam."
As Mr. Burns says, "EHHHgzellent!"
--
Regards from John Corliss
My current killfile: aafuss, Chrissy Cruiser, Slowhand Hussein, BEN
RITCHEY and others.
No adware, cdware, commercial software, crippleware, demoware, nagware,
PROmotionware, shareware, spyware, time-limited software, trialware,
viruses or warez please.
John said:Maris, thanks for posting the link to this tool. I'll definitely be
keeping a copy on hand for working on other people's computers. And if
it hadn't been for Angry Andrew, I and many others in this group might
have fallen victim to Sony's Trojan. My hat off, thanks and a bow to him.
By the way, here's a bit from the site with the tool from Sophos:
"This version of the tool detects and disables the Sony DRM copy
protection technology (which Sophos refers to as Troj/RKProc-Fam) and
other Trojans, including Troj/Stinx variants, which are stealthed by
Troj/RKProc-Fam."
As Mr. Burns says, "EHHHgzellent!"
--
Regards from John Corliss
My current killfile: aafuss, Chrissy Cruiser, Slowhand Hussein, BEN
RITCHEY and others.
No adware, cdware, commercial software, crippleware, demoware, nagware,
PROmotionware, shareware, spyware, time-limited software, trialware,
viruses or warez please.
The whole isue has now made the NY Times:
1. From the Desk of David Pogue: Sony BMG's Copy-Protecting
Watchdog
=============================================================
My In box usually bursts to the seams with reader reaction to
stuff I've written. What was unusual this week, though, was
the amount of mail that came in on a topic that I've never
even mentioned: the Sony BMG rootkit tactic.
The story goes like this. Starting in June 2004, Sony BMG
records began copy-protecting its pop-music CD's. Over the
months, the company has used several software schemes for
preventing you, the customer, from making illegal copies of
its discs. But 20 albums are protected by a scheme devised by
a company called First 4 Internet-and it's caused an
incredible online furor.
These CD's, all bearing "Content Protected" labels on the
packaging (meaning "copy protected"), do something very
sneaky if you try to play them on a Windows PC: they install
a proprietary watchdog program that prevents you from copying
the CD more than twice. (On a Macintosh or Linux machine,
these CD's play just fine, without any copy protection.)
Last week, a programmer and blogger named Mark Russinovich
dug a little deeper, and found out something disturbing: the
Sony watchdog program not only installs itself deep in the
core of Windows-it's what's called a rootkit-but it also
makes itself invisible.
The record company doesn't dispute Russinovich's findings.
"The cloaking is an additional level of protection to hide
the protection files themselves," Mathew Gilliat-Smith, CEO
of First 4 Internet, told me. "It's an extra speedbump to
make it that much more difficult [for prospective music
pirates] to circumvent the protection." But Sony BMG didn't
seem to be prepared for the outcry from privacy advocates and
ordinary citizens who felt violated.
To them, Sony BMG's tactic was dangerous, sneaky, intrusive
and maybe even illegal. Some of the problems:
* The hidden-rootkit trick has been used by virus writers to
conceal their tracks. It doesn't give you such a rosy feeling
to know that Sony BMG is treating you the same way.
* Once hidden, the copy-protection software is invisible to
antivirus programs, too. So the baddies of the Internet
could, in theory, use Sony's software as a backdoor to infect
your machine, and your virus checker would miss it.
* If you try to remove the software manually, you risk
disabling your CD player completely. (Instead you should use
the Uninstall link on Sony BMG's customer-service Web site,
whose link appears on the Help screens of Windows Media
Player. Of course, then you can't play the CD on your
computer.)
* When you insert one of these music discs into your PC, one
of those software license agreements appears. It says
explicitly what's about to occur: "This CD will automatically
install a small proprietary software onto your computer. The
software is intended to protect the audio files on this CD.
It will reside on your computer until it is removed or
deleted."
But this note does not say that the software hides itself.
And, even more damning, you don't see this note until you've
scrolled down to the third page of legalese in the license
agreement. Let's not kid ourselves: NOBODY ever reads those
license agreements. They're too long, too opaquely written
and generally of little use to anyone except the lawyers.
* Sony's copy-protection software prevents you from playing
the music you've bought on your iPod, which happens to be the
world's most popular music player.
Once the true nature of the Sony BMG software tactic became
public, the company wasted no time in attempting to defuse
the issue. Within 48 hours, it released a patch that makes
its software visible again; you can download it from
http://cp.sonybmg.com/xcp. (Click the Software Updates
button.) Sony also provided the rootkit-cloaking information
to antivirus-software companies, so that the software will no
longer be a potential virus magnet.
At that same Web site, you'll find, incredibly, a link to a
Sony-sanctioned workaround that lets you copy the protected
songs to the iPod. (Sony says it will send you the workaround
by e-mail once you supply the name of the CD and other
information.)
Finally, Sony has abandoned the rootkit protection method.
(It says, in fact, that it had planned to do so even before
the trick became public.) It still intends to install copy-
protection software on every audio CD-but it will use other
methods.
For now, then, it seems that the cloaked-rootkit issue is
dead. If you bought one of the 20 affected CD's, you can
uncloak the software, and Sony won't be using this scheme
anymore.
My take? Audio CD's that install software onto your PC are
just creepy. I believe that distributing copies of a CD to
the Internet at large is wrong, so I understand the record
companies' concern. But installing secret, self-masking code
onto customers' computers seems just as wrong.
It's an "any means necessary" approach to the problem, like
dealing drugs to raise money for charity.
Personally, I can't understand why any music fan would buy
one of these discs. If you really want a song from Sony BMG,
why not just buy it from one of the online music stores and
avoid the whole issue? Sony BMG would soon get the message
that customers don't like being treated like criminals.
I was also surprised at how dismissive Sony BMG and First 4
Internet seem to be. "It's a tempest in a teapot," Mr.
Gilliat-Smith says. "It's benign content protection. It's not
malware, it's not spyware-it's innocent.
Consumers, for eight months, have been using these discs with
positive feedback. When the issue arose, we addressed it very
quickly."
I wondered if he could even understand why consumers might
feel a bit violated. I pointed out that the usual damage-
control plan for public-relations disasters (see also
Tylenol; Perrier; Pentium bug) is not to haughtily dismiss
customer fears, but to apologize profusely.
But the closest thing Mr. Gilliat-Smith would say is, "We
understand what the concern was, but there was no intent. We
reacted as quickly as we could, took responsive issues. And
now, hopefully, we move on."
OK, so sony have reacted to the lawsuits and growing media attention by
waving the white flag - but the lack of an apology suggests that they still
have not learned their lesson. The fallout will undoubtdly continue for some
time. As for NY Times article, while there were some factual errors, they
got most of what they reported right - while leaving out some of the juicy
bits. And no mention of the lawsuits....
Vic said:And no mention of how difficult, and how many hoops you have to jump
through, to actually get the patch.
Actually, I must point out that Mark Russovich's second blog entry is
incorrect on this point. You don't have to go through ANY hoops to get
the patch! It's a direct .zip file at the link I provided in my
article (http://cp.sonybmg.com/xcp). You do NOT have to supply your
name or any other information, you do NOT have to wait for a reply
for Sony, etc. You just click Software Updates, and then there's the
link!
The "hoops" and screenshots described by Mr. Russovich were for
getting the iPod workaround. They were not for getting the DRM
uncloaking patch.
(Otherwise, though, I'm totally with you all. It's clear that Sony BMG
has learned absolutely nothing from this outcry.)
--David Pogue
The New York Times
(e-mail address removed) wrote:
Actually, I must point out that Mark Russovich's second blog entry is
incorrect on this point. You don't have to go through ANY hoops to get
the patch! It's a direct .zip file at the link I provided in my article
(http://cp.sonybmg.com/xcp). You do NOT have to supply your name or any
other information, you do NOT have to wait for a reply for Sony, etc.
You just click Software Updates, and then there's the link!
The "hoops" and screenshots described by Mr. Russovich were for getting
the iPod workaround. They were not for getting the DRM uncloaking
patch.
(Otherwise, though, I'm totally with you all. It's clear that Sony BMG
has learned absolutely nothing from this outcry.)
Actually, I must point out that Mark Russovich's second blog entry is
incorrect on this point. You don't have to go through ANY hoops to get
the patch! It's a direct .zip file at the link I provided in my article
(http://cp.sonybmg.com/xcp). You do NOT have to supply your name or any
other information, you do NOT have to wait for a reply for Sony, etc.
You just click Software Updates, and then there's the link!
The "hoops" and screenshots described by Mr. Russovich were for getting
the iPod workaround. They were not for getting the DRM uncloaking
patch.
(Otherwise, though, I'm totally with you all. It's clear that Sony BMG
has learned absolutely nothing from this outcry.)
(http://cp.sonybmg.com/xcp/english/form14.html) and see exactly the
"hoops" described by Mark Russovich.
Thanks to you and your article though, far fewer people will fall
further victim to Sony's demand for personal information.
Daniel said:Russinovich. Mark Russinovich.
Best Regards,
Daniel Mandic
Mike Bourke said:
Querulantus said:"The requested URL /securityfix/2005/11/the_bush_admini.htm was not
found on this server."
"Cannot Find Server - The web site you typed in could not be found on
the internet."
Querulantus
Lots of links here:John said:Heh. As slippery as an eel soaked in snot.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.