The Elecktronick Tyger Roares
10 November 2005
  Talkin' Sony BMG DRM Rootkit Malware Blues
Okay, so most of us who hang out on line are at least peripherally aware of the whole Sony/BMG "Digital Rights Management"/rootkit thingy, right?

Been brewing
since Mark Russinovich's Halloween horror story about rootkits and DRM software on recent Sony/BMG CDs. I didn't hear about it for a couple of days, but as soon as i did i went hunting; this machine is quirky enough as it is without adding malware to allow media companies access or control capabilities.

I read the column and what little hair i have left stood more or less on end, and i resolved to

not buy any Sony/BMG CDs ever again -- DRM or not. {Of course that resolve will last until about five minutes after something i really crave comes out on a Sony/BMG label}


(B) Check to make sure i wasn't already infected. I don't appear to be; i don't own any of the affected CDs, apparently, and various testware recommended by many helpful people here and there on-line says there's nothing of the sort on here.


(C) To find out what ever else i could about the situation.

So i clicked over to
Russinovich's November 4 follow-up, in which he points out just what is wrong with the "decloaking" software that Sony is offering -- instead of simply revealing the ERM software, it installs almost 4Meg of updates to it... and does the decloak in a manner which could potentially crash (and possibly damage) your Windows software.

And that it passes info about you and or your music-playing hsbits to Sony without your knowledge or permission/

One thing i got from this was that the first time you insert the infected CD, it uses the Windows CD autostart function to bring up the "Install" function. No autorun, no install.

This, of course, led me to trying to figure out how to permanently disable a CD drive's "Autorun" setting in W2000, which is
not listed in the "Help" files -- something i have been occasionally irritated enough by to want to shut it off but not suffciently (till now) to actually make a concerted effort to figure out how.

So i found
this page that will help any Windows user to figure out how to do it (it requires manually editing the System Registry, which mkes me a bit nervous, and ought to make you nervous,too. But CDs no longer automatically open themselves or turn on the CD player when i sitck them in.

Other reading seems to indicate that what they have done is put the standard "Red Book" CD image into a file on the disc; once you have diisabled Autorun, you ought to be able to fish this out with ISOBuster, downloadable here, (or some similar program), and burn a DRM-less safe copy.

Meanwhile Sony has magnanimously decided to make an uninstaller available for their DRM software -- presumably, you can't/shouldn't play their music once you uninstall the software -- but do they publicise it, make it clear it exists, work hard to get it distributed, etc. like honest people who just weren't thinking in the forst place?


First you have to download the decloaking/update/hope-it-doesn't-crash-my-computer patch and install it.

Then, after some difficulty, you have to discover where on Sony/BMG's customer "service" set to look to apply -- not download, order or execute, mind you, to apply -- for the uninstaller.

You have to fill out a form. You have to confirm that you really reeelly want to uninstall their crap.

Then you wait for them to send you an uninstall code. And then... Well, Russinovich, who has actually plodded through it, devoted his post for 9 November 2005 to actually getting Sony's uninstaller for this junk and making it work. Go there and let him tell it.

He also discusses, on 8 November, a communication he got from Matthew Gilliat-Smith, chief executive officer for First 4 Internet, the British company that supplied this crap to Sony.

In another article online, at TG Daily, standing there with his bare face hanging out (and smoke beginning to rise from his trousers, i'd say) he says:

"There's areas of misinformation which I'd be very happy to set straight," Gilliat-Smith told us. "The first is [the allegation that XCP is some form of] rootkit technology, in the form that would be used to spread malware. What it is, it's using cloaking techniques that are similar to a rootkit, for the purpose of making speed bumps on the content protection, to make it more difficult to circumvent the protection."

Gilliat-Smith said his software does not open up any connection between the stealth driver and its host. "Ours does not do that," he said. "All we're doing is using a hook and a redirect, so when you look for a file, it is hidden. It is very widely used...since way back in 1994, by many shareware companies and anti-virus companies.

Ya know, Abe Lincoln once asked "If you call a dog's tail a leg, how many legs has a fog?"

The answer?

"Four, because calling a tail a leg doesn't make it a leg."

If i take two slabs of C4, three pounds of screws, nails and other assorted iromongery and a Casio watch, and i pack it into a very pretty box that i send to school with my kid, i don't think it's gonna cut it to say that i'm very sorry, but i'm not responsible for the entire Senior Class being blown up in assembly, because that wasn't a bomb, that was an art project.

As of 9 November, one class-action suit had already been filed allegeing material harm to a groop of consumers by Mr Gilliat-Smith's little art project.

Comments: Post a Comment

Links to this post:

Create a Link

<< Home
My interests are broadranging -- comics, music, movies and good ol' science fiction mostly dominate. My Five Most Favouritest Films are (this week) Once Upon A Time in the West, Dark Star, O Lucky Man, Day for Night and Whatever I Watched Recently That Was Good. Currently that's Day for Night.

My Photo
Name: mike weber
Location: gainesville, Georgia, United States

Latter fifties, married, out of work (had knee surgery and haven't gotten back to work); my (step) son-in-law is back from Iraq, but a lot of boys are still over there. Support our troops -- throw the Republicans out!

November 2005 / December 2005 / January 2006 / February 2006 / March 2006 / April 2006 / May 2006 / July 2006 / August 2006 / September 2006 / October 2006 / February 2007 / August 2007 /

  • Baby pics; My [step] granddaughter.
  • Experiments in stereo (3D) imaging
  • Cowboy Mouth: Butt-Kickin' New Orleans Rock'n'Roll
  • Fairport Convention -- Pretty much the founders of modern Brit folk-rock
  • The Radio Ranch: Dick ("Chickenman") Orkin's freelance radio production facility
  • Laire of the Elecktronick Tyger -- my Web Page, such as it is. Book, movie, CD and comics reviews
  • My Amazon profile. Read my reviews. Buy things.
  • Long John Baldry: Arguably the most important force in the early days of British Blues.
  • Dark Star (DVD) -- See where George Lucas got some of his ideas.
  • Fallen Angel (TPB) Collects the first 6 (of 20) issues of the DC run.
  • Google News
  • The Nutbar Files:
  • 911: The "True" Story
  • A Typical "Moon Hoax" site
  • Powered by Blogger

    This requires a Java-enabled browser.
    Terror Alert Level
    Alert Level
    Cost of the War in Iraq to Date
    (JavaScript Error)

    Try - share your musical tastes, find others who share them, and generally interact in a music-oriented on-line community.

    My Blogroll
    (some ringers)

    DISCLAIMER: Unless unambiguously noted, all opinions expressed on this blog are those of the owner/author.  ***   The author's opinions do not represent those of his employers (if he had any), nor of anyone else beside himself, including his wife, mother, step-daughter or infant step-grand-daughter.  ***   All original material is copyrighted and property of the author.  If you use it at least have the decency to give me credit for it.  Don’t steal it or I reserve the right to irritate you to heck and back, to tell everyone in the blogosphere you're a big poopyhead, or even to sue.  ***   Other info may have been copyrighted by someone else; the author believes that such work as is quoted here does not exceed reasonable "fair use" of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes..  ***   Opinions in comments or trackbacks are not mine, so if you have a problem with those, sorry, I can’t help you.  Did the jerk you're honked off with leave a URL or e-mail? If so, go bug him.  ***   Anyone mentioned in relation to a crime is innocent until proven guilty in a court of law.  ***   Contact: fairportfan AT All e-mails are presumed to be for publication on the site unless I am specifically told otherwise.  ***   All comments are subject to deletion, revision or derision should the author find them offensive, irrelevant or just simply take a dislike to you.  ***   Trolling is not tolerated.  Trolls will be savagely mocked one time and then ignored.  ***   This disclaimer modeled (with extra added snarkiness) on that of "Queer Conservative".