Sony Rootkit Phones Home 494
strider44 writes "Mark from Sysinternals has digged a little deeper into the Sony DRM and discovered it Phones Home with an ID for the CD being listened to. XCP Support claims that "The player has a standard rotating banner that connects the user to additional content (e.g. provides a link to the artist web site). The player simply looks online to see if another banner is available for rotation. The communication is one-way in that a banner is simply retrieved from the server if available. No information is ever fed back or collected about the consumer or their activities." Also on this topic, Matt Nikki in the comments section discovered that the DRM can be bypassed simply by renaming your favourite ripping program with "$sys$" at the start of the filename and ripping the CD using this file, which is now undetectable even by the Sony DRM. You can use the Sony rootkit itself to bypass their own DRM!" Update: 11/07 14:21 GMT by H : Attentive reader Matteo G.P. Flora also notes that an Italian lawyer has filed suit against Sony on behalf of the Italian equivalent of the EFF. Translation availabe through the hive mind. Update: 11/07 15:18 GMT by H : It does appear that in fact Sony does see through the $sys$ - see Muzzy's comment for more details.
Anyone know if the "phone home" is in the EULA? (Score:5, Interesting)
LGPL violation? (Score:5, Interesting)
Also, go check Contents\GO.EXE in the cd and search for string "LAME". This is possible LGPL violation, since LAME mp3 library has been statically linked against the executable. You can see that version.c has been compiled in since it generates those version strings, and I found tables.c as well. Didn't locate any code though, apparently removed by optimizing compiler due to being unreferenced, but I couldn't test for all LAME code as I don't have proper tools available (such as sabre-security bindiff)
Re:The market provides! (Score:5, Interesting)
If others are apathetic about it, then that's fine, but they shouldn't complain when people who do care want to take issue with Sony's actions. If enough consumers take issue with it now, the message will become clear enough in the baby-stages of the new CD DRM that at least some companies will refrain from doing this. The idea isn't to just complain over a little thing, but to stop something that people do not want to happen. I don't see an issue with that.
And it's not necessarily that anyone denies Sony's rights to provide this either; people simply do not want it, or are indifferent to it. Those who are indifferent shouldn't care either way, and those who don't want it shouldn't have to have it, and as a corporation, Sony should listen to the consumers a little and realize this is technology that people do not want.
Of course, this leads a lot into the discussion of wanted technology vs unwanted technology and how a lot of the larger corporations nowadays just put enough money into things so that they live long enough to be considered common place, and hence gain acceptance, which is altogether a frustrating business model which made me stop watching television long ago...but yeah...different topic.
What if. . . (Score:5, Interesting)
What happens then? Do you get an error message? Does the CD not play? What if you block the ad retrieval via your firewall?
What if I turn off the monitor and walk away while the CD plays? Am I stealing ala Jack Valenti and not watching commercials on tv?
Re:The market provides! (Score:5, Interesting)
But, by not adding an uninstaller, not putting it it in the EULA what it is doing and playing the blaim game to apple*, their software is not better than the worst spyware. They think they can install anything on a users PC, but this might be plain illegal.
If you do not care about spyware and viri, please let it pass, but if you care for your privacy and/or your pc you should not "vote with your wallet", but name it what it really is.
*(their faq keep babbling you can not transfer it ot itunes because apple did something to make their api incompatible, instead of watching their DRM solution)
Re:I wonder...NOT (Score:2, Interesting)
It is because the damned thing is NEVER allowed online!
And if and when I eventually go to VISTA, I won't allow it to go online either.
Microsoft has simply created an unbelievable amount of ill-will and lack of trust in me.
My Macs are the only thing I trust to go online, with the exception of running XP in emulation on my Mac.
Re:No information (Score:2, Interesting)
Re:The $sys$ prefixing thing was apparently wrong (Score:2, Interesting)
NPR had it... (Score:3, Interesting)
Currently I own 2 Sony products--a Clie and a Cybershot. If this kind of thing continues, however, I will make these my last Sony purchases of any kind.
There is a good reason that this matters, not just to us, but to everyone: Sony has obviously lied about their actions, and should be held responsible. If we as consumers don't stand up and say "stop", then this will get worse. Currently computers are very powerful, but with more and more of this crap, we will all soon need Cray's to run even the simplest game smoothly because of the myriad background services that are hogging resources. I've already decided that as soon as I can I will ditch Windows (all that I need is money to buy SPSS/SAS for linux, or the ability to run SPSS in wine, and I'm good)--for the same reasons.
If I get rid of windows, then sony can't pull this crap.
Finally, is there a non-Sony-provided version of an uninstaller for this crap? I don't trust them!
Re:The market provides! (Score:5, Interesting)
If something isn't done about this soon, clearly network effects will result in pretty much every "CD" being DRM-encumbered, containing, as Sony did, software that actively damages the configuration of the systems the CD is meant to play upon. However, it would be entirely wrong to hold companies like Sony to account for this. They, after all, are merely trying to make money. It is entirely right that they should do so by taking advantage of ignorance to encourage people to do things that are entirely not in their best interest. If businesses were not able to do this, if businesses had incentives to make money when honest, then freedom itself would be at risk. Liberty would be in peril.
What kind of "choice" is it where you do not need to be a technology geek to decide whether or not to buy a "CD" of music? What kind of "freedom" does one have if every vendor of cellular service is telling the truth about their talk plan prices? How are we free if we do not, in practice even if we rarely do, have to hire a lawyer before taking a job or even installing software? Can we be described as supportive of liberty when a shop cannot put a price label on an item that actually reflects the retail price minus some "mail in rebate" the customer might not even qualify for, and if they do, might not get anyway?
Those who defend the intervention of government into these matters ignore market forces. Just as, say, if people like purple cars, the market will eventually end up producing purple cars, so it follows that what we're seeing here is market forces. People, through their unwillingness to spend every waking moment researching every aspect of the products they buy before they buy them, refusing to visit factories to determine environmental and employment issues, refusing to educate themselves about 14 bit 44.1KHz encoding, refusing to examine the contracts of the artists who produced the works, refusing to understand the lower level Win32 APIs and the registry, refusing to even design proxy-device drivers to understand these basic concepts, demonstrate that they want ignorance, and they consider being taken advantage of, being fooled, as actually a thing of value. We cannot have honesty in business when the market wants dishonesty.
But, no, there are those who want to smother consumers in regulation and red-tape. They want to prevent consumers from getting the products and services they deserve. And why? Because the more dishonest the market becomes, the more they scream and think something needs to be done.
This quagmire of people complaining about the market when the market is actually providing them with what they asked for will not disappear by itself. Resources need to be devoted, and unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman [house.gov] or senator [senate.gov]. Tell them that the market is important to you. Tell them that you appreciate the work being done by Sony, Steam, Kevin Jones Staples and Off
Re:Brilliant marketing (Score:3, Interesting)
Bull (Score:4, Interesting)
If I play this CD and it "phones home", then "they" know
Re:The $sys$ prefixing thing was apparently wrong (Score:5, Interesting)
Anyway, as a bonus, even though the rootkit doesn't install in virtual PC, it still calls home and tells sony about you
Re:The market provides! (Score:4, Interesting)
Intellectual Property is an even trickier area -- the concept that ideas have market value doesn't go back very far: maybe to the era of verbose hacks like Charles Dickens. Anyway, the problem here is that with IP, "The Market Provides" doesn't work as an argument, since IP guarantees a monopoly over a certain product. Don't like paying $110 for a Star Trek season DVD? Tough -- nobody else can sell that, and IP gives the owner the right to ask whatever price he likes. Yet the limited number of companies that control the market generally fix those prices fairly high. Remember the LP to CD transition? In changing formats, the retail cost of a recording doubled, artist royalties dropped, as did the production and distribution costs for the new media. But prices have "hard" value. What happens when these oligopolies decide to go after stuff with intangible value, such as personal information? If one company decides to make "phoning home" and "customer profiling" part of the package, they'll probably find most people won't object. And the other handful of companies that control the market can and will follow suit -- that's not a slippery slope; it's maximizing revenues. That leaves us with the choice of wearing tinfoil hats and living in caves, or surrendering valuable information about how we live our lives.
That's not a choice, and it is a good reason for governments to get involved on what are in effect unconscionable terms being foisted on the purchaser.
Then again, in a society where Google never forgets, I probably should be posting as AC if I wanted to maintain my privacy.
Firewall? (Score:2, Interesting)
I am using ZoneAlarm if anyone wants to know.
Security Advisory - ANYWHERE?? (Score:1, Interesting)
Hmmm, possibly because if they sent out advisoriies and/or their products detected the trojan, then their customer's would be (rightfully) upset that the product did not remove the threat. And removing the threat constitues a violation of DMCA.
Sad that "mainstream" security researchers are saying nothing on this subject. Some of these companies charge corporate IT-Sec groups handsomely for their "threat feeds". Since this is almost a week old, and no mention by these groups, it doesn't say much for the "threat feed" services.
Re:Honest question (Score:4, Interesting)
So I forfeit the rights that I payed for when I bought the CD? Something doesnt add up here....
Re:why is this even possible? (Score:3, Interesting)
In this case, the rootkit patches the system call table, so that calls to functions to look at directory contents are intercepted by the driver, which just pretends that no files starting with $sys$ exist.
This raises a few good questions. First, how long will it be before someone uses this to hide their virus/worm/trojan (besides Sony that is)? Or for that matter, just creates a 30 gig file called $sys$ThereGoesYourFreeSpaceSuckerFindItIfYouCan?
2. Other than the lack of DAs falling over themselves to get this to a grand jury, how does it differ from what a teen in Iowa might release?
3. What are the implications for secured networks (corporate or government)? Playing a commercial audio CD on a desktop computer is supposed to be safe, but thanks to Sony, it now has security implications. Perhaps DoD and others should consider banning any Sony CD from the workplace?
iTunes Pro (Score:5, Interesting)
Weird.
Class Action Investigation Against Sony (Score:2, Interesting)
If you or anyone you know has purchased a compact disc with the XCP2 copy protection program (apparently most of Sony's releases since August 2005) and played or attempted to pay the compact disc on a Windows personal computer, you may have a claim against Sony and other parties. If you would like representation in this matter, please contact me at: LAWYER ADVERTISEMENT
Re:The $sys$ prefixing thing was apparently wrong (Score:2, Interesting)
Re:Common sense violation? (Score:3, Interesting)
Re:The $sys$ prefixing thing was apparently wrong (Score:3, Interesting)
Yes. In fact, if someone wrote a script that mimics the rootkit with regard to talking to Sony HQ that just spits out random bogus data, I'd run that script all day (after getting a programmer friend to check it for malware).
It's our duty to poison phishers' and corporate data harvesters' databases.