We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]

Rootkits

The BBC has an interesting piece up about Sony being sneaky:

Mr Russinovich, a renowned Windows programming expert, came across the Sony BMG anti-piracy system when performing a scan of his computer with a utility he co-created that spots so-called rootkits.

Rootkits are starting to be used by a small number of computer virus writers because they allow malicious code to be inserted deep inside the Windows operating system, meaning that it will not be spotted by most anti-virus scanners.

Rootkits are used to hide malicious software once it is installed and ensure it is not found and removed by anti-virus programs

After extensive analysis Mr Russinovich realised that the “cloaked” software had been installed when he first listened to the CD album Get Right With the Man CD by country rockers Van Zant.

No mention of Rootkits, according to Mr Russinovich, in the licensing agreement he signed when he stuck the CD in his computer to play it.

My attitude to all such things is that the market will decide, aided by the internet, which will spread stories like this around. People copying CDs illegally, and now Sony putting intrusive software on their CDs, seem to me to be opposite sides of the same coin, the coin being the unviability – so it now appears to me – of the old way of doing things in a new time. Moralists may curse, and maybe they will, here, again.

What Mr Russinovich presumably wants the market to decide is that Sony are, as this guy would put it, bastard people! And maybe it will. But maybe, instead, it will decide what Sony and most of the other Big Content and Electric Toy companies presumably want them to decide, which is not just not to copy CDs, but not, as a general rule, to allow pre-recorded CDs anywhere near their computers. That way CDs never get copied, and we all have to have two lots of Electric Toys, one lot to compute, and the other lot to play music and stuff. Although personally I do like to keep entertainment separate from computing, largely out of habit but also because when one breaks down I still want the other to work, I cannot see such separation really catching on.

For me, there is a certain irony in Sony, notable pioneers in cheap music copying technology and now leading the way in do it yourself movie making – ideal for sneaking into cinemas – now trying to make disc copying especially difficult and dangerous. I guess they of all people know how easy copying has now become.

Meanwhile, Adriana throws interesting light on the digital info-habits of the kind of people who will be e deciding the future of all this.

23 comments to Rootkits

  • GCooper

    The question is one of consent.

    If people are told that by using a product purchased from Sony they will be consenting to such-and-such, that is one thing.

    If they are not, then Sony has gained illegal access to their property and deserves to be brought to its knees: it is no better than the teenage hacker governments like to humiliate by ‘making an example’ of.

  • Tim

    I’ve also heard of a CD installing software silently to the machine when it installs (when you pop a CD in, Windows looks for, and runs a file called autorun.inf).

    I’ve now set my CD drive to not autorun, so that I then open up my cd player and tell it to play the CD files.

    What’s disappointing with this is that certain groups are making large play of files from file sharing services containing viruses. Personally, I count a music CD doing a silent install as a virus.

  • I’m failing to see why this isn’t punishable by imprisonment and fines, except that its Sony, of course.

    Anyway, take a look at the relevant statute:

    http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_2.htm#mdiv3

    Like I said, no Sony execs will go to jail, but the law does allow for fines or imprisonment or both depending on “summary conviction” vs “incitement” not sure what the difference is.

    We should remember Daniel Cuthbert’s “../../../” that set a pretty low bar for the prosecutor and ended in a small fine. Cuthbert was well intentioned, didn’t cover his tracks and made no change to anything but this rootkit causes actual impairment and modification of the targets, of which there must be thousands.

    SJG

  • Julian Taylor

    I’ve had the software on one computer and I am here to say that the b****y uninstaller did not do it!!.

    All I did eventually was reformat the HD – faster, quicker and my Sony Vaio RX201 is now a totally Sony-free zone.

  • GCooper

    Julian Taylor writes: “… a totally Sony-free zone.”

    Which is pretty close to a (digital) state of grace.

    Sony executives should face threat of imprisonment for this.

    If nothing else, it would concentrate the buggers’ minds, wonderfully!

  • Sony is beginning to backtrack on this. They say that the next version of their DRM software won’t be quite as strange. They’re also going to start offering a utility for download.

    The utility won’t actually remove their magic package. What it will do is to make it so that it isn’t invisible any more. Once you’ve done that, you’ll have to contact Sony directly for removal instructions.

    Generous of ‘em, ain’t it?

  • It turns out that you can take advantage of the Sony malware package to undetectably run cheat-aid programs for massively-multiplayer online games like World of Warcraft. How cool is that?

  • Mark H-J

    Another interesting twist to this story is that hackers have been able to make use of Sony’s rootkit to circumvent the security in another piece of software, described here.

  • Julian Morrison

    Even in today’s un-libertarian legal climate, I wouldn’t be in the least surprised if they get their asses handed to them in court. I suspect that’s why they’re trying to brazen it out, with this attitude of “so it’s a rootkit, so what?”. Their legal damage control team must be panicked that any hint of apology would be putting words in the prosecution’s mouth.

  • rosignol

    All I did eventually was reformat the HD – faster, quicker and my Sony Vaio RX201 is now a totally Sony-free zone.

    That makes about as much sense as saying a reformat and reinstall of OS X would make a Mac a totally Apple-free zone.

  • GF

    Hmm, I didn’t realise I’m running Sony Windows on my computer, rosignol.

  • Andrew Duffin

    No GF it’s a SONY computer, so how can it be a Sony-free zone…

  • Claxton

    There’s something like this that is angering a lot of gamers, a program called Starforce or something similar, written (originally) by the KGB as an uber-trojan or something like that, now marketed to game companies as copy protection. There’s a program out there that removes it.

    The major offender with Starforce, so far, is Ubisoft, in pretty much every PC game from Splinter Cell 3 onwards. A few other companies are starting to use it as well, I don’t know them off the top of my head, but hey, it’s Russian (cheap), and most people would never notice it.

  • Julian Taylor

    No GF it’s a SONY computer, so how can it be a Sony-free zone…

    Ok, it installs Windows XP SP1 from 4 CD’s, plus a myriad of other Sony applications, such as their truly abysmal Flash-powered attempt at iTunes, MovieShaker and other others, all of which I have removed. So where as the hardware has a Sony label, there is now no Sony software per se on this computer. It’s not quite like Compaq where the OS is occasionally modified so that you require a proprietary version of Compaq Windows XP for reinstallations.

    By the way, would it not be easier for Sony to go cap in hand to Apple and ask for a license under the iTunes Music Store, with all the software security that that entails, rather than continue to flush funds down the drain in pursuit of more ways to alienate buyers of their products?

  • Sandy P

    Can you say class action lawsuit????

    Sony is going to pay big.

  • Steven Den Beste wrote:

    “It turns out that you can take advantage of the Sony malware package to undetectably run cheat-aid programs for massively-multiplayer online games like World of Warcraft. How cool is that?”

    I wonder if Blizzard is going to go after Sony for the DMCA violation…

  • My Sony laptop (a Vaio T2XP, the same one that was sold in the US as the Vaio T250) is a lovely piece of hardware, but I agree with Julian that all the Sony-crap software is really irritating. I haven’t done what Julian has and removed it though. I probably should.

  • Chris H

    The really nasty thing about the Sony root kit is that it doesn’t just hide the sony copy prevention code from antivirus software. The rootkit hides any file who’s name is of a certain form. This means that all the creator of malware (spyware, viruses, worms, trojans or whatever) needs to do is name the files in a certain way to make them invisible to antivirus software!

    Our last three laptops have been Vaios but our next one won’t be. I like the engineering but each laptop has had more junk on it that’s been harder to remove. The latest one, which I got for my wife has a 40gb drive, which was already 3/4 full. It was actually impossible to install Sims 2 on to the laptop out of the box because of the way the hard drive had been partitioned.

  • Julian Taylor

    Chris H, my latest was the Acer 1694 – all the merits of a Sony (same screen etc) but with no bloatware installed (apart from Windows of course).

    Oh, and comes in well under £1000 inc VAT.

  • If it has not already been mentioned, one of the commentors on Mr. Russinovich’s blog, attached a sniffer to his computer. A sniffer monitors or tracks internet interactions by the host computer. He claims that the Sony software makes regular exchanges of information with Sony-owned web sites.

    This might be as unimportant as the serial number of the CD in question, or as important as… Well, use your imagination.

    Sony really needs to be spanked for this.

  • Dale Amon

    Just switch to Linux and give Sony the middle one.

  • rosignol

    By the way, would it not be easier for Sony to go cap in hand to Apple and ask for a license under the iTunes Music Store, with all the software security that that entails, [...]

    What software security? All you have to do to remove iTunes’ DRM is to burn the track to an audio disc, and then rip the tracks to mp-three.

  • Not a Sony fan

    So, has anyone implemented a Linux version of the Sony DRM as a simple script? I want to be able to play Sony copy-protected CDs on my Linux system and I want to be sure that all of the data is properly reported to them. I don’t mind if it doesn’t actually collect any data from my system and just sends placeholders for now. I can always fill in the blanks for them.