mysec
Premium
join:2005-11-29 | Sony DRM - Refresh my memory please!
I was never clear on how the software w/rootkit installed:
Did the software install surreptitiously via AutoRun inf file when the CD was loaded?
Or was the user prompted to install the software?
Thanks,
-rich |
|
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR
 ·Verizon FIOS
 ·Verizon Online DSL
| It was installed via autoplay like most DRM/copy protection malware, or manually running the software from the CD, the user was never prompted. Most companies try to justify it by putting a small notice on the back of the jewel case... a very small, and vague notice saying the disk uses/contain copy protection software. We are never given a chance to uninstall it, and we are not prompted to install it, along with we are not prompted for any agreement before its automatically installed. IT IS MALWARE.
I don't buy any CDs if they are not playable on my computer, and I have autoplay disabled, there are many CDs which are so screwed up with DRM that they won't play on your computer, however just barely play on a legacy cd player.
Their efforts with DRM are the cause of their own slowdown in cd sales, and higher pirating rates. They are trying to bypass 'fair use', and I refuse to buy songs/albums twice just so I can put it on my mp3 player/pda.
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed.
$125 per hour if you called tech support, and didn't fix the issue while making things worse |
|
mysec
Premium
join:2005-11-29
| said by BlitzenZeus  :It was installed via autoplay like most DRM/copy protection malware, If the software were blocked from installing, would the CD still play? |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
 ·Comcast
| The software(driver) - AnyDVD, kept the Sony/BMG rootkit from installing. 
Still does too!
It would/will allow most things to play no matter what DRM crapola companies put on their discs.
»www.slysoft.com/en/anydvd.html
--
Think outside the Fox... Opera |
|
mysec
Premium
join:2005-11-29 | Well, if the Sony CD would play w/o the DRM software installed, why would anyone install it? |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR | If I'm not mistaken the Sony DRM software was indeed required for the CD to play except for those who used alternative means. |
|
SpannerITWks
Premium
join:2005-04-22
| reply to mysec
Hi,
Here's the link to how/where it all kicked off, and the breakdown analysis of the SONY Rootkit by Mark Russinovich of System Internals - »blogs.technet.com/markrussinovic···far.aspx
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
mysec
Premium
join:2005-11-29 | reply to jbob
I never was able to get a clear picture of what happened. Some said you were prompted to install the software, others said the software installed surreptitiously. I wasn't able to find a copy in the stores - it had been pulled. |
|
Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
·AT&T U-Verse
| reply to mysec
IIRC, the SunComm DRM found on other BMG/Sony CDs was
equally as sneaky about installation as was the First4
Internet DRM.
More than a year later, I have to wonder if the music
industry hasn't learned a lesson from this, and we are
thus due a repeat. Or perhaps I'm being cynical here.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot) |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
·AT&T Southeast
 ·Cingular Wireless
·AT&T CallVantage
| reply to mysec
said by mysec :I wasn't able to find a copy in the stores - it had been pulled. And this is a bad thing? 
You may be able to find some DRM root-kit infested Sony CDs on eBay, if you really want them. 
--
Outsourcing is not the same as Offshoring!
Test your firewall. | Smell the flowers. |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR
·Comcast
·AT&T Southwest
| reply to mysec
Here is the BIG thread on DSLR that talked about it.
»DRM implementors == black hats
It's too long to look all the way through it but if I remember correctly you had to be logged in with Admin rights for it to install. I seem to remember someone posting some examples of it installing even before answering the prompts but that might have been for the ones who had autorun enabled. It's so far back now I'm not sure anymore. |
|
mysec
Premium
join:2005-11-29
| reply to NetFixer
said by NetFixer :said by mysec :I wasn't able to find a copy in the stores - it had been pulled. And this is a bad thing?
No, of course not, but I was interested to know what the steps were in how this was installed. The original blog did not specify. In fact, not until almost the end did he write,
quote:
At that point I knew conclusively that the rootkit and its associated files were related to the First 4 Internet DRM software Sony ships on its CDs. Not happy having underhanded and sloppily written software on my system I looked for a way to uninstall it.
I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall.
I wrote to him at sysinternals asking for specifics but never received a reply.
I thought back to this the other day when reading some stuff about DRM, and remembered that I had never been fully satisfied as to how it became installed on his system.
jbob , yes I plowed through that Sony thread at the time, but I don't think it was ever laid out step-by-step.
I may search through the thread again later.
-rich |
|
Kiwi
Premium
join:2003-05-26
USA | reply to mysec
Man, it was a nasty wake up call, now fortunately we have xfm |
|
Oleg
Bellsouth Fastaccess
Premium
join:2003-12-08
Birmingham, AL | reply to mysec
Does anyone know full list of DRMed CDs? |
|
dont do Sony
@comcast.net | »www.sonybmgcdtechsettlement.com/
»www.sonybmgcdtechsettlement.com/CDList.htm |
|
robo_mojo
join:2006-01-11
Ada, OK
| reply to mysec
said by mysec :Well, if the Sony CD would play w/o the DRM software installed, why would anyone install it? They weren't asked. It was installed via autorun as soon as the disc was inserted.
If you had autorun disabled (which you should, trusting unknown software by default = asking for trouble, thanks Microsoft!) then you wouldn't have had a problem.
Disabling autorun is just one of the many things a person should do for securing a newly installed windows system. Your average user does not do this though, of course, and gets infected by Sony.
Sony's attitude about this, that they just did this because they wanted to, and the customer didn't really have a say in the matter to start with, is the reason I don't buy Sony products anymore. Not just music, but anything made by Sony.
Congrats, Sony. You lost a customer for life. I didn't get infected by the malware of course (due to having autorun turned off), I just don't stand for a company that would use such practices. |
|
mysec
Premium
join:2005-11-29
1 edit | said by robo_mojo :They weren't asked. It was installed via autorun as soon as the disc was inserted.
Are you sure about that? Did you have the CD in question?
I ask, because in the earlier sony thread, it didn't seem to be clear whether MR was prompted for the installation of the software and then OKed it, not suspecting any malicious behavior from sony - or if it installed surreptitiously via AutoRun.
regards,
-rich |
|
Timmn
join:2000-04-23
Tinley Park, IL
·AT&T Yahoo
| I had one, and other than there was a slight delay before the CD started to play, you had no indication whatsoever that software was being installed in your computer.
Sony, or somebody, finally released an un-installer, but all that did was make things worse. I finally got rid of it by backing up all of my data and doing a format/reinstall.
Never again, Sony, never again. |
|
scooper
join:2000-07-11
Youngsville, NC
| I don't think I bought any CD's during that time period, and I'm POSITIVE I didn't buy any Sony ones.
Nevertheless - no Sony, no more here as well. There were some songs I really wanted, but when I went to iTunes and saw they were on the Sony label - I decided to either go without or acquire them through other channels. |
|
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs: | reply to mysec
My step-father had one of those DRM'ed CDs and he was never prompted. It made his whole computer f'ed up.
To think a company as large as Sony couldn't even write their own devious software properly is astounding. |
|
