Sony's DRM Snafu
Typically we don't do this sort of "blog" posting on our site, but this security snafu that Sony has recently unleashed will have quite a few consequences for them, and defiantly the internet population. People debating the issue have brought up the point of irony that this DRM technology that installs a rootkit, may in fact be in violation of the Digital Millennium Copyright Act (DMCA). The DMCA is defined by wikipedia as: "The (DMCA) act criminalizes production and dissemination of technology that can circumvent measures taken to protect copyright, not merely infringement of copyright itself, and heightens the penalties for copyright infringement on the Internet." While the rootkit doesn't stand out as circumventing or working around any protection schemes, it is an indiscriminant program that will soon be taken advantage of. There is a "Service Pack" available that states it removes the rootkit, however it does not. Lawsuits and litigation are going to be on Sony's doorstep very very soon, even though their intention was to protect their own copyrighted material. Their are also "Fair use" issues to consider with DRM technologies.
This is going to get ugly for the entire internet... not just Sony.
We predict however, that a virus will not be made to find those machines that have the Sony "DRM" rootkit installed on them, but rather the rootkit will be copied off a CD, and repackaged in a virus program or spyware program. Virus/Spyware makers are going to enjoy this one... A virus writer will use the code, and if caught act like a martyr sighting that he/she was "only trying to show the deleterious and recklessness of the "DRM" solution Sony has chosen".
F-secure and many others also think that a virus or spyware will take advantage of the rootkit in no time at all.
How did they arrive at their decision?
It's a wonder that they chose to use this technology in the first place. You'd think that someone working in the Sony DRM department would realize the small scope this protection offers. Let's lay out the Pro's and Con's of this solution, and decide for ourselves what issues the DRM technology accomplishes.
- Pro: It will help keep burned copies of the CD limited to 3 on most windows PC's
- Con: The "three" CD limit will also apply to the CD's that the user is allowed to create! (each CD allows 3 more to be made!)
- Con: Requires Administrator privileges to run, because of the rootkit, CD will not play on a Windows PC that the user is not an Administrator of
- Con: The rootkit will hide any program, file/folder, or registry key that beings with the string $sys$
- Con: Rootkit will cause harm to the PC's ability to play CD's if removed from PC with current techniques
In reality, the DRM used does very little to protect the copying of the CD. First it is targeted at Windows PC's exclusively, while it might make sense when you think of how much market share Windows PC's have, you may also think that there are a million different ways to obtain the audio off a cd, from a Windows machine or other CD player. Pc's aren't the only pieces of hardware that can make copies of CD's, or make an MP3 from a CD. Second, when you do use the program included on the CD to make a copy, that copy is also allowed to make up to 3 more copies... does that sound like a limiting factor in anyway? Third, Autorun must be enabled on the PC for the technology to work. When a CD is inserted into the cd-rom, if you hold down the shift key, autorun is disabled temporarily. You can also easily turn auto-run off in your settings or registry. The rootkit that is installed from a security perspective sounds like a bad idea, the ability to hide any program/process/file/folder by appededing $sys$ to it is asking for trouble. The "Service Pack" clearly states that it removes the program from the PC, however from others analysis of the update, it merely removes the "blanket" hiding string of $sys$ from the program. Computer gamer's are already using the program to hide their cheats, it's a matter of day's before Sony and "First 4" are both caught up in lawsuits for unleashing such a careless product. Further Reading
Another thorn in an Admin's side, and another argument for lower privileged accounts!
I knew there was a reason they called them "Best Practices"...
Please remember your Best Practices, rule number one is not to run programs with a higher privileged account than necessary for the task. If playing a new CD requires you to be an Administrator, you don't want anything to do with that CD! Record companies are going to have to change the way they do business if they think for 1 second that they can stop a CD from being copied, or the data extracted with current technology. On Experts-Excahnge this topic has been discussed in many forms and in many questions.
Interoptability is really the main challenge for DRM and Copyright enforcement. Sony/First 4 attempted to create a CD that when inserted into a windows PC would force the user to use the propriatary player and burner. This plan however relied solely on Auto-Run, as many computer CD "protection schemes" do. Auto-run is easily disabled, and if the CD doesn't execute the Auto-Run, then the DRM software is never loaded. So if you placed the CD in the Cd-rom and held Shift for a few seconds, then used any number of other programs to access the CD's music tracks, you'd easily get around the Auto-Run function. Now if Sony had encrypted or encoded the CD, and forced you to use the Auto-Run feature, then they could certainly have made it harder for piracy to take place. They lose interoptibility though, the CD would have to be sold to windows PC owners only, because the CD wouldn't play in a Home or Car CD player, that tradeoff has yet to come about. The record companies probably spend less than a penny for 10 CD's, and no one would buy the "Computer" verison of a CD if it had DRM, they'd buy "Home/Car CD player" verisons. The rootkit is a desperate and reckless attempt from Sony and First 4 to control the way in which the CD can be used. Be that as it may, were going to compile a list of CDDB CD ID tag's and place them on the bottom of this paragraph for use in Snort Rule's to help detect if your users or you yourself perhaps has installed a DRM/Rootkit CD.
- Sony, Rootkits and Digital Rights Management Gone Too Far
- Sony, Rootkits and Digital Rights Management Gone Too Far- Continued...
- Here is the First 4's response
- Using Sony's OWN rootkit against itself... funny, append $sys$ to the front of your CD burning software ($sys$xxx.exe for example), and viola!, you may have to rename the exe to something innoucous for this to work, like rename nero.exe to $sys$np.exe
- First of many Lawsuits to come from this... Sony has made a grievous error in judgement and ethics.
- We Told you so: See, only took afew days (added 11/10/2005)
- Sony: You don't reeeeaaaally want to uninstall, do you? (added 11/9/2005)
- It has begun, 11/10/2005- First trojan using Sony's DRM spotted!
- McAfee's Detection of the Rootkit Norton's Detection and Norton has a standalone Removal Tool (don't forget to turn off system restore!)
- Sony temporarily suspends making "rootkit" CD (added 11/13/2005)
- Again, Sony has made a grievious mistake with using First$Internet's "DRM"
- Sony: No More Rootkit - For Now (added 11/14/2005)
- You know it's a bad program when even Microsoft blocks it! (added 11/15/2004)
- SlashDot article on the topic "Bad day to be Sony" (added 11/15/2005)
Gosh, I can't keep up with this story any longer... Now it looks like Sony or First4Internet are using GPL OpenSource MP3 code, with no credit or mention of it, which is against most GPL agreements. Here is another Slashdot article about the debacle, and here is an essay by your favorite and mine Bruce Schneier. I think Bruce sum's it all up pretty well.
This Page was written/posted 11/2/2005