Sony's incredibly dumb DMR rootkit

A

Anonymous Bob

plun said:
It´s Ok with a visible program for this so users knows............

http://www.f-secure.com/weblog/
Click to expand...

I think there are still problems in the following areas:
1. The lengthy EULA still doesn't give full disclosure, therefore there
can't be informed consent.
2. No uninstall program.
3. Potential damage to the operating system should the user attempt removal.

There may other problems as well. I haven't delved too deeply into this
thing as yet and I may not, as I have no intention of ever installing this
software on my system.

Bob Vanderveen
 
P

plun

Anonymous Bob explained :
I think there are still problems in the following areas:
1. The lengthy EULA still doesn't give full disclosure, therefore there
can't be informed consent.
2. No uninstall program.
3. Potential damage to the operating system should the user attempt removal.

There may other problems as well. I haven't delved too deeply into this
thing as yet and I may not, as I have no intention of ever installing this
software on my system.

Bob Vanderveen
Click to expand...

Hi

Well maybe, it´s visible anyway and I don´t believe Sony has
a market for any records after this...........

But maybe Sony wanted to push for someyhing else without
to be paranoid, this cannot have been a secret for all others.
Impossible.

We have seen someones really greedy face anyway again.
 
B

Bill Sanderson

It is not OK.

The program consumes resources--significant amounts of CPU--even when you
are not playing protected content.

The program cannot be removed by the user without contact with Sony. Last I
read, this required making contact with Sony, and getting a phone call from
them--not a simple, mass-oriented process. This stuff qualifies for removal
by antispyware apps, in my opinion.

--
 
P

plun

I agree and then there's this:
http://www.securityfocus.com/brief/34

The argument that others might use Sony's cloak is academic no more.

Bob Vanderveen
Click to expand...

Hi

Academic ? I´ve seen many academic patches from MS and this month
it went well but in august nearly a tragedy.

I don´t believe the bad guys finds this academic and also cheating
gamers ;)

Wow great, when they sees Sonys protection and starts to program
something evil.
 
B

Bill Sanderson

Ah - I just posted a different reference to that--but yours explains it much
more clearly.

I think this is a wonderful development--this should knock a little sense
into the development world--and be a useful case study of some sort.

--
 
A

Anonymous Bob

Bill Sanderson said:
Ah - I just posted a different reference to that--but yours explains it much
more clearly.

I think this is a wonderful development--this should knock a little sense
into the development world--and be a useful case study of some sort.
Click to expand...

I fear the worst is yet to come. I haven't played a guitar in years, but if
I want music in my life I may have to take it up again.<g>

http://www.theinquirer.net/?article=24638

Bob Vanderveen
 
B

Bill Sanderson

Anonymous Bob said:
I fear the worst is yet to come. I haven't played a guitar in years, but
if
I want music in my life I may have to take it up again.<g>

http://www.theinquirer.net/?article=24638
Click to expand...

That sucks.

If the article is correct:

"The transcoding will basically add DRM to anything that touches the box,
preventing you from using any fair use rights..."

that's bad. I don't know enough about current MCE machines to know if this
is true today, or a change with this new hardware--it sure isn't something I
know anyone who'd go for.
 
B

Bill Sanderson

Bob's link is about a system which would presumably do away with the need
for rogue software such as Sony includes on that CD. The DRM is built-into
both the hardware and the software on the PC, and made attractive by some
pretty nifty abilities to transcode on the fly for the needs of different
portable devices. The article claims that the DRM is mandatory, however,
which isn't the case with Windows software and devices I've looked at so
far.

--
 
P

plun

Hi

I noticed that, a TPM clone of course..........

All industry roads goes to TPM and clones with different names.

But after this Sony "mistake" either more roads are blocked or
TPM is dead when the community understands how the industry
tricks.
 
R

Richard Urban

See another new write up on this from ZDNet at
http://news.zdnet.com/2100-1009_22-5937730.html

Especially note this from the article:

In a bizarre twist, though, it's not only Sony that could be facing a legal
migraine. So could anyone who tries to rid their computer of Sony's hidden
anticopying program.
That's because of Section 1201 of the Digital Millennium Copyright Act,
which bans the "circumvention" of anticopying technology.

"I think it's pretty clear that circumventing Sony's controls violates the
DMCA," says Tim Wu, a Columbia University professor who teaches copyright
law. (Violations of the DMCA include civil fines, injunctions, computer
confiscations, and even criminal penalties.)

Will this crap never end?


--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
A

Anonymous Bob

Richard Urban said:
See another new write up on this from ZDNet at
http://news.zdnet.com/2100-1009_22-5937730.html

Especially note this from the article:

In a bizarre twist, though, it's not only Sony that could be facing a legal
migraine. So could anyone who tries to rid their computer of Sony's hidden
anticopying program.
That's because of Section 1201 of the Digital Millennium Copyright Act,
which bans the "circumvention" of anticopying technology.

"I think it's pretty clear that circumventing Sony's controls violates the
DMCA," says Tim Wu, a Columbia University professor who teaches copyright
law. (Violations of the DMCA include civil fines, injunctions, computer
confiscations, and even criminal penalties.)

Will this crap never end?
Click to expand...

Good evening Richard.

The DMCA aspects are very troubling. I've found examples of problems related
to Sony's software including BSOD's and unusable cd drives dating back
several months on various security sites. As it stands, any of us could be
charged with a felony if we help someone restore the basic function of their
computer. Historically it has been said that a system was "owned" when it
was infected by a trojan. Now, it seems, that is literally and legally the
truth.

Although it seems this software qualifies as malware under the ASC
guidelines, Microsoft, as a competitor in the DRM area, may be unable to
respond to this threat directly and specifically. However, it may be
possible to block and alert on attempted installation of any rootkit like
software. Strider comes to mind.<g>

On the plus side, it seems ZAP 6.0 and at least the corporate edition of NAV
(I strongly suspect that any version with their IDS function would do this)
will detect and offer to block installation of the software. Prevention
seems to be the only option for now and I would be happy with a simple
utility that would immunize a pc against such an infection.

BTW, I'm running ZAP 6.0 and NAV 2005 on this system.<bEg> <*really* big
EVIL grin>

Let's hear it for real time monitoring. ;-)

Bob Vanderveen
 
G

Guest

I have stopped purchasing Sony products and refuse to watch/listen to them
until it is clear that Sony respects consumers. Head in the sand? No, but
those who continue to get sucked into Rootkit acceptance may have their
collective head in the sand...
 
B

Bill Sanderson

http://www.viruslist.com/en/weblog

has an analysis of a new trojan actively distributed in the wild and using
(if it is installed) Sony's cloaking to hide itself.

I think this clarifies whether Sony's code is copy protection, or a security
vulnerability. It's clearly a security vulnerability and should be removed.

--
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

History of Xbox 360 defects - Dean Takahashi has the inside story(long) 2

Top