Been brewing since Mark Russinovich's Halloween horror story about rootkits and DRM software on recent Sony/BMG CDs. I didn't hear about it for a couple of days, but as soon as i did i went hunting; this machine is quirky enough as it is without adding malware to allow media companies access or control capabilities.
I read the column and what little hair i have left stood more or less on end, and i resolved to
(A) not buy any Sony/BMG CDs ever again -- DRM or not. {Of course that resolve will last until about five minutes after something i really crave comes out on a Sony/BMG label}
and
(B) Check to make sure i wasn't already infected. I don't appear to be; i don't own any of the affected CDs, apparently, and various testware recommended by many helpful people here and there on-line says there's nothing of the sort on here.
and
(C) To find out what ever else i could about the situation.
So i clicked over to Russinovich's November 4 follow-up, in which he points out just what is wrong with the "decloaking" software that Sony is offering -- instead of simply revealing the ERM software, it installs almost 4Meg of updates to it... and does the decloak in a manner which could potentially crash (and possibly damage) your Windows software.
And that it passes info about you and or your music-playing hsbits to Sony without your knowledge or permission/
One thing i got from this was that the first time you insert the infected CD, it uses the Windows CD autostart function to bring up the "Install" function. No autorun, no install.
This, of course, led me to trying to figure out how to permanently disable a CD drive's "Autorun" setting in W2000, which is not listed in the "Help" files -- something i have been occasionally irritated enough by to want to shut it off but not suffciently (till now) to actually make a concerted effort to figure out how.
So i found this page that will help any Windows user to figure out how to do it (it requires manually editing the System Registry, which mkes me a bit nervous, and ought to make you nervous,too. But CDs no longer automatically open themselves or turn on the CD player when i sitck them in.
Other reading seems to indicate that what they have done is put the standard "Red Book" CD image into a file on the disc; once you have diisabled Autorun, you ought to be able to fish this out with ISOBuster, downloadable here, (or some similar program), and burn a DRM-less safe copy.
Meanwhile Sony has magnanimously decided to make an uninstaller available for their DRM software -- presumably, you can't/shouldn't play their music once you uninstall the software -- but do they publicise it, make it clear it exists, work hard to get it distributed, etc. like honest people who just weren't thinking in the forst place?
Nope.
First you have to download the decloaking/update/hope-it-doesn't-crash-my-computer patch and install it.
Then, after some difficulty, you have to discover where on Sony/BMG's customer "service" set to look to apply -- not download, order or execute, mind you, to apply -- for the uninstaller.
You have to fill out a form. You have to confirm that you really reeelly want to uninstall their crap.
Then you wait for them to send you an uninstall code. And then... Well, Russinovich, who has actually plodded through it, devoted his post for 9 November 2005 to actually getting Sony's uninstaller for this junk and making it work. Go there and let him tell it.
He also discusses, on 8 November, a communication he got from Matthew Gilliat-Smith, chief executive officer for First 4 Internet, the British company that supplied this crap to Sony.
In another article online, at TG Daily, standing there with his bare face hanging out (and smoke beginning to rise from his trousers, i'd say) he says:
"There's areas of misinformation which I'd be very happy to set straight," Gilliat-Smith told us. "The first is [the allegation that XCP is some form of] rootkit technology, in the form that would be used to spread malware. What it is, it's using cloaking techniques that are similar to a rootkit, for the purpose of making speed bumps on the content protection, to make it more difficult to circumvent the protection."
Gilliat-Smith said his software does not open up any connection between the stealth driver and its host. "Ours does not do that," he said. "All we're doing is using a hook and a redirect, so when you look for a file, it is hidden. It is very widely used...since way back in 1994, by many shareware companies and anti-virus companies.
Ya know, Abe Lincoln once asked "If you call a dog's tail a leg, how many legs has a fog?"
The answer?
"Four, because calling a tail a leg doesn't make it a leg."
If i take two slabs of C4, three pounds of screws, nails and other assorted iromongery and a Casio watch, and i pack it into a very pretty box that i send to school with my kid, i don't think it's gonna cut it to say that i'm very sorry, but i'm not responsible for the entire Senior Class being blown up in assembly, because that wasn't a bomb, that was an art project.
As of 9 November, one class-action suit had already been filed allegeing material harm to a groop of consumers by Mr Gilliat-Smith's little art project.
