0 Members and 1 Guest are viewing this topic.
At that point I knew conclusively that the rootkit and its associated files were related to the First 4 Internet DRM software Sony ships on its CDs. Not happy having underhanded and sloppily written software on my system I looked for a way to uninstall it. However, I didn’t find any reference to it in the Control Panel’s Add or Remove Programs list, nor did I find any uninstall utility or directions on the CD or on First 4 Internet’s site. I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall. Now I was mad.I deleted the driver files and their Registry keys, stopped the $sys$DRMServer service and deleted its image, and rebooted. As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.When I logged in again I discovered that the CD drive was missing from Explorer. Deleting the drivers had disabled the CD. Now I was really mad.
This "anti rootkit protection" is not a new function of AnyDVD , rather it is the nature of AnyDVD to filter all undesired stuff between a CD/DVD drive and the operating system. It is just one example, how well AnyDVD's option to "Remove CD Digital Audio Protection" is working.
I speculated that the player sends Sony’s web site a CD identifier as part of a check to see if new song lyrics or artwork was available, which they essentially confirm. Their claim that the communication is “one way” from Sony’s web site is false, however, since Sony can make a record of each time their player is used to play a CD, which CD is played, and what computer is playing the CD. If they’ve configured standard Web server logging then they are doing that. As I stated earlier, I doubt Sony is using this information to track user behavior, but the information allows them to do so. In any case, First 4 Internet cannot claim what Sony is or is not doing with the information since they do not control those servers, and the First 4 Internet response fails to address the fact that the End User License Agreement (EULA) and Sony executives either make no mention of the “phone home” behavior or explicitly deny it.Another point that I made in the post is that the decloaking patch that Sony has made available weighs in at a relatively large 3.5 MB because it not only removes the rootkit, it also replaces most of the DRM files with updated versions. First 4 Internet responded with this:In addition to removing the cloaking, Service Pack 2 includes all fixes from the earlier Service Pack 1 update. In order to ensure a secure installation, Service Pack 2 includes the newest version of all DRM components, hence the large file size for the patch. We have updated the language on our web site to be clearer on this point.It’s not clear to me what they mean by “a secure installation”, but like most of the disclosure in this story, they’ve acknowledged the updating nature of the patch only after someone else has disclosed it first. What’s also lost in their response is that Sony DRM users not following this story as it develops have no way of knowing that there’s a patch available or that they even have software installed that requires a patch.
The EMI Group, one of the world's largest recording companies, has distanced itself from the controversy surrounding digital rights management (DRM) software used by Sony BMG by stating that it does not use rootkits on its own products.Sony has been criticized for including DRM software with a music CD that runs even when the CD is not being played, and hides itself using rootkit technology. The software is difficult to remove and, if removed manually, could shut off access to the computer's CD player.It has been rumored that other recording giants including EMI and the Universal Music Group use technology similar to that used by Sony; an EMI spokesman said on Friday that the DRM used on EMI's CDs can be completely removed if the user doesn't want to play the CD any more."The content-protection software that we're using can be easily uninstalled with a standard uninstaller that comes on the disc. EMI is not using any software that hides traces of the program. There is no 'rootkit' behavior, and there are no processes left running in the background," said an EMI spokesman in a statement."EMI is not using First 4 Internet technology. We recently completed a trial of three content-protection technologies (Macrovision's CDS300, SunnComm's MediaMax and SonyDADC's key2audioXS), and First 4 Internet's technology was not one of those tested," said the spokesman.
here is how to get rid of the Sony DRM1.Format your HDD.2.Install Linux.or you can take the long route and call in Jappan's help desk
Sony knew they were dead in the water when the Department of Homeland Security (DHS) admonished them on the CD rootkit scandal - at a Chamber of Commerce event on combating intellectual-property theft. According to Briand Krebs of the Washington Post the Department of Homeland Security's assistant secretary for policy, Stewart Baker, made at the event "a remark clearly aimed directly at Sony and other labels": "It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days" The Recording Industry Association of America's CEO Mitch Bainwol was in attendance and you knew that these words had to run a shiver down his spine. He is spending quite a bit of time on the beltway these days pushing several new bills to give Hollywood control of how consumers use future electronic products. But, it is hard to call certain activities illegal when one of your members spreads what security pundits called malicious code to millions of home computers. It just undermines his argument, especially when a senior Bush official looks him straight in the eye and says he agrees with the pundits.Bainwol has another big worry. The controversy from the Sony scandal has the potential to go beyond Sony by tainting the CD format itself in the eyes of consumers. This could kill the format, though it is not clear yet what effect, if any, this will have on record sales. The word-of-mouth building on the Net looks ominous right now. The industry is now looking to lay low and hope this passes.
Microsoft will update its security tools to detect and remove part of the copy protection tools installed on PCs when some music CDs are played. The Redmond, Wash., software maker has determined that the "rootkit" piece of the XCP software on some Sony BMG Music Entertainment CDs can pose a security risk to Windows PCs, according to a posting Saturday to a Microsoft corporate Web log. The Sony BMG software installs itself deeply inside a hard drive when a CD is played on a PC. The technology uses rootkit techniques to hide itself. Experts blasted the cloaking mechanism, saying it could be abused by virus writers. The first remote-control Trojan horses that take advantage of the veil provided by Sony BMG have surfaced. To protect Windows users, Microsoft plans to update Windows AntiSpyware and the Malicious Software Removal Tool as well as the online scanner on Windows Live Safety Center to detect and remove the Sony BMG software, the software maker said in its blog.
