Mark Russinovich of sysinternals recently came across a Sony sanctioned DRM technology that bares a startling similarity to a (clumsily written) root-kit.
For those interested in such things, here's his blog describing the proceedings:
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
Mirno
For those interested in such things, here's his blog describing the proceedings:
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
Mirno
Okay this is dumb. I hate programs that do things that I don't expect them to do like installing a device driver. Got to be kidding me.
Anyway, the article is well-written.
Anyway, the article is well-written.
I stumbled upon this earlier today - pretty scary stuff. Good thing I have a plextor drive so I can rip those CDs to lossless audio format... and good that I don't ever run those crappy players, and don't have autorun enabled.
I stumbled upon this earlier today - pretty scary stuff. Good thing I have a plextor drive so I can rip those CDs to lossless audio format... and good that I don't ever run those crappy players, and don't have autorun enabled.
Scary man, truly scary. I am glad I dont buy random CD's.
f0dder, it appears that it is not the drive, but the CD that caused the problem. Looks like you need to install certain stuff from the CD and that was what that installed the DRM rootkit. Correct me if I am wrong..
Haha, lets boycott cd's from sony.
Haha, lets boycott cd's from sony.
The only wrong thing, that there is no uninstaller and there is no notice on the cd (or the player installation window) notifying that other software besides the player will be installed.
If those two were included, no one would bother to talk about some protection scheme being installed on their pcs event if it resembles a rootkit in some ways.
If those two were included, no one would bother to talk about some protection scheme being installed on their pcs event if it resembles a rootkit in some ways.
f0dder, it appears that it is not the drive, but the CD that caused the problem. Looks like you need to install certain stuff from the CD and that was what that installed the DRM rootkit. Correct me if I am wrong..
Well, the idea with these protections is that they do all kinds of trickery to make the CDs unplayable in computer drives, to avoid ripping - some of these protections violate the CD standards so much that the CDs aren't allowed to use the standard CD logo.
Fortunately, the mix of a plextor drive and plextools is able to handle a lot of these CDs.
I tend to refuse to buy CDs that I can't rip, even if it's good stuff. I won't support any of their silly DRM schemes, and I kinda hope other people would do the same.
The only wrong thing, that there is no uninstaller and there is no notice on the cd (or the player installation window) notifying that other software besides the player will be installed.
If those two were included, no one would bother to talk about some protection scheme being installed on their pcs event if it resembles a rootkit in some ways.
I *very much* care - I want fair use of the things I've spent my hard-earned money on. And I certainly do NOT want intrusive crap like this on my machine. Same reason I will not buy any games that are protected with StarForce and friends - I don't want their ugly drivers on my system.
There is a comment at the end, tought Im not registered there, I will post the first thing that come to my mind when I read it.
You don't need to protect your system if there is nothing that harm it.
Little childs are not responsible of breaks in security, you dont need security 101 if there is no infringmement, you dont need security administration if there is no harm, SONY is going toward you in the security...
They should ideally be setup to only have user level access anyway. Only the Administrator (presumably yourself) should be able to install anything. Not sure how this stacks up with root kits but its a start on Basic Security 101.
You don't need to protect your system if there is nothing that harm it.
Little childs are not responsible of breaks in security, you dont need security 101 if there is no infringmement, you dont need security administration if there is no harm, SONY is going toward you in the security...
I *very much* care - I want fair use of the things I've spent my hard-earned money on. And I certainly do NOT want intrusive crap like this on my machine. Same reason I will not buy any games that are protected with StarForce and friends - I don't want their ugly drivers on my system.
Exactly as the company producing the product wants a fair reward for effort spent creating the product. The less intrusive (and simpler) piracy preventing schemes has became by now inefficient and from Sony's point of view the reasons behind using DRM are pretty understandable.
Although from end user point of view it's really crosses some boundaries. A protection from piracy shouldn't make a legit user suffer. I guess I wouldn't be happy either if anything like that was installed on my system especially without me knowing so.
p.s. f0dder, plextor drives rock!. Seems like they can ready everything, even those ancient & badly scratched disks I found the other day...
It's not only intrusive, also uses %2 of CPU constantly. That's another reason not to want this! :(
While I don't see anything wrong with companies designing protection schemes to protect their commercial investments, producing software that uses stealth techniques hidden from the computer owner that cannot safely be removed is an unreasonable trade practice that should be prevented, especially when the software is badly written and uses a measurable percentage of processor capcity doing nothing. I am much of the view that if entertainment industry manufacturers want closed protection systems, they should provide their own systems and hardware to do it rather than impose on general purpose computer equipment in this manner.
Sony is just another ruthless inernational corporation that will extract every buck it can by whatever means it can so there is no reason to extend any special privileges to them when it comes to loading junk onto a customer's computer. I would happily support forcing any of these corporations to install effective uninstall programs for their software that garrantees that this junk is not left on a users machine.
Something I regularly hear when I go to a video store is the moralistic bullsh*t about pirate DVDs yet it functions as little more than a form of "Resale Price Maintainance" for corporations that are motivated by extracting the highest price possible and will never drop the price, no mater what the piracy percentage may be reduced to. The real problem with music and video is it is seriously overpriced and instead of these corporations addressing their own defective marketting, they opt for tacky tecniques at the expense of their customers.
Sony is just another ruthless inernational corporation that will extract every buck it can by whatever means it can so there is no reason to extend any special privileges to them when it comes to loading junk onto a customer's computer. I would happily support forcing any of these corporations to install effective uninstall programs for their software that garrantees that this junk is not left on a users machine.
Something I regularly hear when I go to a video store is the moralistic bullsh*t about pirate DVDs yet it functions as little more than a form of "Resale Price Maintainance" for corporations that are motivated by extracting the highest price possible and will never drop the price, no mater what the piracy percentage may be reduced to. The real problem with music and video is it is seriously overpriced and instead of these corporations addressing their own defective marketting, they opt for tacky tecniques at the expense of their customers.
Questions that raise my mind... SONY don't trust us, and I see that don't trust the law :), why you would do a bad thing where there is no necesity of it? I guess they have argeed that install such a program is a good thing that pass the user and the law... I see the unethical face of this company, they say that we must do good things, but hey!!!, they are at the end doing bad things.
Remember that for this guys money is the god, remember that i-Tunes has reported a "covets of the music industry" or some like that... interesting that after some days weeks of such declarations we find/see another fact, proof of such covets.
---------------------------
By the way hutch, what you say about "no mater what the piracy percentage may be reduced to" is a defacto, I have readed somewhere some like "we will never get a spet back in the price", that mean that dosent matter that all the "piracy" is cleaned deleted from the world, they will never down his price, and if posible like they whant always, they will try to get more and more.
Remember that for this guys money is the god, remember that i-Tunes has reported a "covets of the music industry" or some like that... interesting that after some days weeks of such declarations we find/see another fact, proof of such covets.
---------------------------
By the way hutch, what you say about "no mater what the piracy percentage may be reduced to" is a defacto, I have readed somewhere some like "we will never get a spet back in the price", that mean that dosent matter that all the "piracy" is cleaned deleted from the world, they will never down his price, and if posible like they whant always, they will try to get more and more.
Exactly as the company producing the product wants a fair reward for effort spent creating the product. The less intrusive (and simpler) piracy preventing schemes has became by now inefficient and from Sony's point of view the reasons behind using DRM are pretty understandable.
The problem here is that they only end up hurting the end-users... pirates have access to much more sophisticated gear than end-users. Even if they manage to make a disc unreadable in plextor drives, there will be a pirate with access to studio-quality equipment. Either a cd player/reader with digital out that doesn't care about the copyright bit, or high-grade analog out that's indistinguishable from the digital original.
Not to mention the professional pirates in asia and russia.
So... they stop the casual end-user giving a copy of their CD to a friend, can't do anything about the professional pirates, and end up pissing off millions of legit customers.
p.s. f0dder, plextor drives rock!. Seems like they can ready everything, even those ancient & badly scratched disks I found the other day...
yeah :) - for most people, the extra price of plextor drives aren't justifiable. But when you care about audio quality, the fine mechanics and special firmware + plextools is a really wonderful combination. My "...and justice for all" CD is so damaged that I'll have to buy a new one, though :(
they should provide their own systems and hardware to do it rather than impose on general purpose computer equipment in this manner.
They're already trying to force this down our troaths with the new SACD system... I just hope that there will always remain companies that don't accept this, and violate the copyrights to stop the big corporations from infringing on the legit end-users.
The real problem with music and video is it is seriously overpriced and instead of these corporations addressing their own defective marketting, they opt for tacky tecniques at the expense of their customers.
Definately right Hutch.
Remember way back when CD's first hit the market, their price was astronomical, compared to the price of a vinyl lp. The recording companies assured us the consumers that they would get cheaper as production increased. Surprise ,surprise, they have'nt come down in price much if any at all.
When they first hit the market here in the US, the Federal minimum wage, which is what most of the target age group of music companies get paid,;ie-teenagers- was about $3 Us. So a cd cost them around 5 hours of work, which was ridiculous. Now with the Ferederal Minimum wage at around $5.75 US, cds are still selling at around $15 to $19 range, about 3 hrs worth of work.
After 20 years, there was no real appreciable drop in the price of a CD.
The Music industry lied to us.
There is no reason, given the cost of materials involved that the price of a cd should be over $8, which would give at least $7 to cover the royalty if any to the band, and other production costs.They would definately sell more albums at the lower price, which in turn would'nt have consumers looking for cheaper-"pirated copies'.
IF they are trying to recoup the cost of producing a new band or an album by an established band, with a higher price and less sales approach, to ensure some sort of return on their investment, then they should rethink their policy of putting out crappy products, and having us pay for their mistakes.
Great products + fair pricing = Awesome sales
regards,
Rags
This becomes even more hilarious...
http://news.bbc.co.uk/1/hi/technology/4427606.stm - Viruses use Sony anti-piracy CDs
http://news.bbc.co.uk/1/hi/technology/4427606.stm - Viruses use Sony anti-piracy CDs
Its not just Sony, I notice that EMI doesn't have the logo anymore either.
Its copyrighted by Philips and unless it's a real CD, you are not allowed to use the logo.

Philips, who defined the CD standard and then made it widely available, has been very clear that these music delivery systems do not count as Compact Discs and cannot use the CD logo.
As far back as 2002, Philips representative Klaus Petri told Financial Times Deutschland that "those are silver discs with music data that resemble CDs, but aren't".
http://news.bbc.co.uk/2/hi/technology/4406178.stm
Its copyrighted by Philips and unless it's a real CD, you are not allowed to use the logo.

Philips, who defined the CD standard and then made it widely available, has been very clear that these music delivery systems do not count as Compact Discs and cannot use the CD logo.
As far back as 2002, Philips representative Klaus Petri told Financial Times Deutschland that "those are silver discs with music data that resemble CDs, but aren't".
http://news.bbc.co.uk/2/hi/technology/4406178.stm
Same reason I will not buy any games that are protected with StarForce and friends - I don't want their ugly drivers on my system.
This is why I dual boot Win XP regular and x64. The x64 version I use for developing and keep perfectly clean. The regular 32 version I used for testing apps and playing games. BTW by avoiding StarForce games you are depriving yourself of the wonderful (if buggy) X3 Reunion which has consumed most of my life over the last 2 weeks :lol: .
P.S. what is DonationCoder?
Yeah, eek. Just say no to any audio CDs without the CDA logo.
Eóin, those protection systems really suck. I simply won't install any of those games, even though I could play them on one of my brothers' boxes which can easily be restored with TrueImage - and I will not support any company that uses such a pain-in-the-ass-for-the-enduser protection.
I might make an exception with UFO:Aftershock, but I won't buy the game before some group releases a 'fix' that lets it run without starforce. And the only reason I make an exception to my will-NOT-support rule is that I love the UFO games too much to let it pass.
DonationCoder is... different? :). Good software reviews, small coding "competitions", donationware programs etc. It's a pretty nice place, with at least a couple of decent apps. Jibz pointed me there originally, blame him :)
Eóin, those protection systems really suck. I simply won't install any of those games, even though I could play them on one of my brothers' boxes which can easily be restored with TrueImage - and I will not support any company that uses such a pain-in-the-ass-for-the-enduser protection.
I might make an exception with UFO:Aftershock, but I won't buy the game before some group releases a 'fix' that lets it run without starforce. And the only reason I make an exception to my will-NOT-support rule is that I love the UFO games too much to let it pass.
DonationCoder is... different? :). Good software reviews, small coding "competitions", donationware programs etc. It's a pretty nice place, with at least a couple of decent apps. Jibz pointed me there originally, blame him :)
...and even worse - the rootkit remover from Sony also has security implications: http://www.sysinternals.com/Forum/forum_posts.asp?TID=2363&PN=1
Aaaaand, now there's a new batch of problems - http://news.com.com/New+Sony+CD+security+risk+found/2100-1002_3-5984764.html