Is Email The Best Method For Real-Time Alerts?
How Not To Jumpstart Your MVNO

The Real Danger Of Sony's Rootkit: It Lets Others Piggyback

(Mis)Uses of Technology

from the uh-oh dept

Tue, Nov 1st 2005 3:14pmMike Masnick
While everyone's discussing the non-surprising fact that Sony's latest CD copy protection scheme uses "rootkit" style tricks to embed itself deep within your machine, Ed Felten Alex Halderman has picked up on a much more serious problem brought out by the discovery. The particular nasty software from Sony can actually be used by other malware to hide their own actions. In other words, it doesn't just treat you like a criminal and prevent you from making use of the music you legally bought: it makes it easier for real criminals to do bad things on your computer. Thanks, Sony! Update: Ed Felten points out that Alex Halderman wrote the piece on Felten's site.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

25 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    jdw242, 1 Nov 2005 @ 4:09pm

    organized crime?

    sounds like the method used to keep people honest is being bastardized into some weird organized crime tool that makes honest people want to start obtaining their music from some free site somewhere instead of buying it.

    Yeah, thanks Sony! If you can't beat 'em, alienate 'em!

    Disclaimer: I'll, by God, copy any damn CD I buy, for my personal use, and NOBODY will stop me.

    link to this | view in chronology ]

  • identicon
    Kevin, 1 Nov 2005 @ 4:22pm

    No Subject Given

    F U Sony.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Nov 2005 @ 4:24pm

    No Subject Given

    Sony and Microsoft are nearly direct competitors now, because of their game consoles. If I was Microsoft, I would be very tempted to use this as a PR knock against Sony.
    I'd love to see their next security patch include "securing your system against Sony rootkits." I bet the press would eat it up, as well.

    link to this | view in chronology ]

  • identicon
    Riley, 1 Nov 2005 @ 4:31pm

    Blu-Ray?

    And to think, this is the company we are trusting to define the specs and DRM software for the soon to be standard Blu-Ray. Boy, I can't wait to go out and buy new, more expensive media that lets Sony screw me in more interesting and thourough ways.

    link to this | view in chronology ]

  • identicon
    Ed Felten, 1 Nov 2005 @ 4:43pm

    author of the piece

    Actually, Alex Halderman wrote the piece you linked to.

    link to this | view in chronology ]

  • identicon
    Mr_Inc, 1 Nov 2005 @ 6:06pm

    Sony....Microshaft....DRM...RootKits

    Ya know. I might be foolish for thinking this, but last time I checked I thought if I bought something, I "OWNED" it. And isnt possesion a supposed 9/10's of the US Laws ? so lets see I buy cd...I copy cd...I get rootkitted...drmed....virtually attacked via hackers and face possible persecution because I did what I wanted to what I owned ? No wonder I mod Playstations and turn them into something usefull, no wonder I helped work on mod chips for the first phase of xboxes.....anyone for some K&Y ? Seriously...I am done moaning or even thinkin they did me wrong. It has become my mission to take the shaft back out of my @$$ and stick it where it truly belongs.

    link to this | view in chronology ]

    • identicon
      zcat, 1 Nov 2005 @ 6:45pm

      Re: Sony....Microshaft....DRM...RootKits

      "COPYRIGHT" does not mean that the original creator (or in this case some record company) gets to own every copy of the work for the rest of eternity. "Intellectual property" is a bullshit term that only confuses the issue.

      The original idea of copyright was that the original artist or creator had some (intentionally limited) control over who was allowed to copy and distribute it, and perhaps some control over 'public performance' so that they'd have an incentive to create and contribute more creative works.

      But now it's gone completely insane!

      This is not about fair use. Everything you do that doesn't involve redistribution or public performance has nothing at all to do with copyright and should be an _unregulated_ use.


      Once you've sold it you don't own it anymore. Let it go!!

      link to this | view in chronology ]

  • identicon
    David Oh, 1 Nov 2005 @ 8:58pm

    ...

    1) Enterprising hacker creates worm that takes advantage of said rootkit

    2) Millions of dollars in lost money

    3) Class action lawsuit

    4) No more stupid shennigans by sony

    link to this | view in chronology ]

  • identicon
    DragonWoodWorker, 1 Nov 2005 @ 9:15pm

    Sony's rootkit use

    There is a real quick way to deal with this problem. Don't buy their damn products. Vote with your wallet (and tell everyone you know to do the same). If it affects the bottom line, it will be removed. I've quit buying any music from the big labels as I am sick of their tactics.

    link to this | view in chronology ]

    • identicon
      David, 10 Nov 2005 @ 9:41am

      Re: Sony's rootkit use

      I'm an X-Ol' school DJ of @ 25 yrs. I promoted the Big Labels big time as I was one of Canada's
      major citie's most popular DJ.
      Actually, 3 major cities in Canada.
      Because of their shenanigans, I have boycotted purchasing anymore CDs @ all. I own an extensive collection of vinyl 12" singles, compilations & LPs and have enough music on vinyl (as I've taken very good care of my vinyl & 90% look brand new!)
      The last thing I bought from Sony was a 3 CD/CD-R/RW player "Bookshelf" system @ 3 years ago.

      BOYCOTT! That's the only way it might get Sony's
      attention. If there was a massive boycott.
      Say a few million people stopped buying anything Sony for even a month, their sales & stocks would drop drastically. We have a voice. Let's use it for cryin' out loud!

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Nov 2005 @ 12:53am

    Ironically

    Copied CDs won't have this problem.

    link to this | view in chronology ]

    • identicon
      zcat, 2 Nov 2005 @ 10:25am

      Re: Ironically

      That depends; the software on the CD allows you to make up to three copies, and there's a very good chance that these copies will also have the same rootkit on them.

      Never mind turning off autorun. The only safe way to deal with this crap is not to buy it!!

      link to this | view in chronology ]

  • identicon
    Marcus Andresin, 2 Nov 2005 @ 4:49am

    Sony rootkit: Not on Linux!

    For kicks I bought a CD last night at Best Buy that was labeled with a "Copyright Protection" from Sony. I used an old junker PC that has RedHat Linux version 8 on it ans successfully ripped MP3s from every track. I then burned them to CD, moved them to my Windows XP PC, and they played just fine. Likewise I added them to my iTunes collection and synched them to my iPod--no problem. Perhaps I should share these MP3s out over Limewire just to spite Sony!

    link to this | view in chronology ]

    • identicon
      Happy user, 2 Nov 2005 @ 9:39am

      Re: Sony rootkit: Not on Linux!

      This gives people more incentive to acquire music from the store (on physical CDs)? I think that if the common music purchaser was more aware of these tactics, he would resort to only acquiring music ONLINE - or any forum OTHER THAN from an "Original Compact Disc Source".

      I personally don't see why BestBuy, Virgin, TowerRecords, Walmart...etc are not getting upset by Sony on these matters aswell. For this affects all of their direct music customers -- and for a $18.99+ sale of a CD that only cost them $3.99 to purchase from their vendor, that's a heck of a lot of money they could be loosing if mass consumers are aware of Sony's practices and become afraid to purchase CDs anymore.

      link to this | view in chronology ]

    • identicon
      N8, 2 Nov 2005 @ 10:38am

      Re: Sony rootkit: Not on Linux!

      you are my hero!

      link to this | view in chronology ]

    • identicon
      John Dalton, 8 Nov 2005 @ 4:11pm

      Re: Sony rootkit: Not on Linux!

      Yes. Yes you should.

      link to this | view in chronology ]

  • identicon
    hmarshall, 2 Nov 2005 @ 12:56pm

    RE::::

    While I certainly don't agree with Sony, nor buy their CD products, it was mentioned that the install couldn't happen without administrator privileges. I'm guessing the cd will still play without the install occurring? One generally wise solution, if you have to use windows, is to create a separate user account without a lot of the admin functions, local group policy editing would help with this as well. Most of us, typically don't need that level in day-to-day surfing, etc.. Problem is that most home users don't know how to do that, or that they should.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Nov 2005 @ 10:32pm

    No Subject Given

    This is crap! Oh man am I EVER going to buy a 360! Does anybody know where I can find a class action lawsuit for this? Boy will I sign up!

    link to this | view in chronology ]

  • identicon
    Mark, 3 Nov 2005 @ 6:29pm

    You must ask for permission from Sony to remove it

    This is unbelievable. You must go here http://cp.sonybmg.com/xcp/english/form14.html to ask PERMISSION for removal. Then you are e-mailed a link to download an Active X control of all things for this First 4 Internet Spyware company. Like I am really going to trust the rookit maker to give me an Active X control which also means you must use IE. Are the no depths at which Sony will not sink? My kid will not get a PSP or a PS3 or anything Sony in my house period! I hope you read this Sony as I will be distributing many of my family and friends un-DRM copies for Christmas. Good job Sony using a rootkit to turn an HONEST customer into a pirate.

    link to this | view in chronology ]

  • identicon
    Matt, 11 Nov 2005 @ 4:23pm

    No Subject Given

    How long has sony been doing this? I may have already unwittingly done this. This sucks

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Nov 2005 @ 8:31pm

      Sony needs to stick those CD's......... In my hand

      This stupid DRM protection is THE dumbest thing that I have ever heard. Oh wait, I have Mac OS X. :-) This OS has been on the net for about 3 years now with no firewall or spyware protection. Just a port logger to intercept internet trafffic. Not one single piece of spyware has enbeded itself into my system and I'll be damned if sony has any chance! I think I will shoplift a CD, Print out Highres CD cover images and use CD stomper to secure them to my blank CD. Then send my un-DRMed CD back to Sony just to see what they do.
      Two words.
      Fuck. Sony.
      sorry two more.
      And PS3

      link to this | view in chronology ]


Is Email The Best Method For Real-Time Alerts?
How Not To Jumpstart Your MVNO
Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

Friday

19:39 Important Announcement: Techdirt Is Migrating To A New Platform (0)
More arrow

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.