[Rumori] sony caught distributing malicious software in its DRM

stAllio!the original wanksta stalliongsta at yahoo.com
Wed Nov 2 21:02:20 PST 2005 

this story has been circling the blogs for a few days since russinovich
made his original post here:
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

sony is distributing drm that installs a rootkit on windows computers,
and now they've been caught.  

http://www.wired.com/news/rants/0,2350,69467,00.html?tw=wn_tophead_2
Wired News Staff  |   Also by this reporter

02:07 PM Nov. 02, 2005 PT

Sony BMG is facing a cacophony of criticism this week following the
revelation that some of its CDs are packed with special copy-protection
software that conceals itself with an advanced hacker cloaking
technique. We think the company is getting off easy.

The firestorm began when Mark Russinovich, a computer security expert
with Sysinternals, discovered evidence of a "rootkit" on his Windows
PC. Through heroic forensic work, he traced the code to First 4
Internet, a British provider of copy-restriction technology that has a
deal with Sony to put digital rights management on its CDs. It turns
out Russinovich was infected with the software when he played the Sony
BMG CD Get Right With the Man by the Van Zant brothers.

A rootkit is a particularly insidious type of Trojan horse that hides
its existence from users and programs by tampering with the operating
system on the most fundamental level. Where normal malicious code might
be content to choose a deceptive file name, a rootkit "hooks" operating
system calls that might reveal its presence, and essentially reprograms
them to lie -- like bribing the coroner to conceal a murder.

And the lie the First 4 Internet code tells is a whopper. Under the
program's influence, Windows will deny the existence of any file,
directory, process or registry key whose name begins with "$sys$."
Russinovich verified this by making a copy of Notepad named
"$sys$notepad.exe," which promptly vanished from view.

That means that any hacker who can gain even rudimentary access to a
Windows machine infected with the program now has the power to hide
anything he wants under the "$sys$" cloak of invisibility. Criticism of
Sony has largely focused on this theoretical possibility -- that black
hats might piggyback on the First 4 Internet software for their own
ends.

On Wednesday, Sony answered its critics by promising to issue a patch
that allows antivirus software to pierce First 4 Internet's cloaking
function. But in our view, the hacker and virus threat is something of
a red herring. The harm of the Sony DRM scheme is not that it enables
evildoers, but that Sony itself did evil.

We needn't go skulking through the computer underground to find
malicious action here. By deliberately corrupting the most basic
functionality of their customers' computers, Sony broke the rules of
fair play and crossed a bright line separating legitimate software from
computer trespass. Their actions may be civilly actionable.

Sony may even have committed a crime under the U.S. Computer Fraud and
Abuse Act, which can carry fines and prison terms for anyone who
"knowingly causes the transmission of a program ... and as a result of
such conduct, intentionally causes damage, without authorization, to a
protected computer." Corrupting Windows so it misreports the contents
of a hard drive sounds a lot like "damage," and the click-wrap license
agreement on the Sony disk amounts to pretty thin "authorization" --
disclosing only that "this CD will automatically install a small
proprietary software program ... intended to protect the audio files
embodied on the CD."

Nor are we comforted by assurances from First 4 Internet's CEO Mathew
Gilliat-Smith, who, in an interview with CNET's News.com, defended his
software this way: "For the eight months that these CDs have been out,
we haven't had any comments about malware (malicious software) at all."
Rootkits, like other cover-ups, rarely generate complaints before
they're discovered.

Sony should immediately disclose the full details of its deployment of
the First 4 Internet software, and assure the public that it will not
use similar tactics in the future. Honest programs have no need to
conceal themselves or their actions from users. Honest companies, too. 

---
"The labor of a human being is not a commodity or article of commerce."
http://www.animalswithinanimals.com * http://badtaste4life.com
* subscribe to awiannounce, the st!/awia announce list: 
http://www.animalswithinanimals.com/mailman/listinfo/awiannounce


		
__________________________________ 
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com

More information about the rumori mailing list