Sony BMG’s release of a software patch for a controversial anti-piracy program has failed to stem criticism.

The patch was made available following widespread disapproval of Sony’s methods of stopping illegal CD copying.

But the patch has left unimpressed the man who started the debate about Sony’s copy protection policy.

Analysing the patch, Mark Russinovich said it did not do enough to allay user fears and he urged Sony to release a full uninstallation program.

In an entry posted to his SysInternals blog on 31 October Mr Russinovich wrote about his discovery of the “cloaked” files Sony BMG was using to stop people making illegal copies of a CD by country rock group Van Zant.

The files were used for a proprietary music player on Windows machines needed to play the CD. Mr Russinovich was outraged that the licence agreement for the CD made no mention of the methods used to hide the files or that the player could not be uninstalled.

The files were hidden deep inside the Windows system using techniques more often used by skilled virus writers said Mr Russinovich, a claim backed up by Finnish security firm F-Secure which performed a separate analysis on the proprietary player.

F-Secure said it feared that virus writers would use the cloaking system to hide their own creations making them impossible to find.

Currently anyone wishing to uninstall the proprietary player must apply to Sony BMG via a website. Mr Russinovich has applied to Sony for the uninstaller and plans to post an analysis of that when it arrives.

Leo LaPorte and Steve Gibson produced a special podcast on the details of the Sony hack of XP. Interesting and scary.

It’s a featured topic of discussion on TWIT 29, as well. Available via iTunes and all the usual sources.



  1. John L says:

    Reformat, never run sony anything ever again on your computer.

    They screwed up my harddrive with this crap.

  2. Mister Mustard says:

    After one experience (disastrous) with Sony’s lame copy protection scheme, I vowed never again to use a Sony product. I never have, and I never will. There are plenty of ways to play music without tethering an albatross like Sony around your neck.

  3. Thomas says:

    I’m honestly shocked that no one is taking Sony to court over this. Entertainment companies only understand law suits.

  4. gquaglia says:

    How far is story traveling outside the tech communiity. I know its been talked up big on zdnet and such, but I haven’t seen anything on the news about it. Are the bulk of CD buyers hearing about this bullshit.

  5. Ima Fish says:

    What Sony has to come clean about is the fact that the root-kit makes a computer utterly insecure. The fact that ANY file can be hidden merely by prefixing $sys$ to its name is shocking! And these files are not just hidden; they are completely hidden from the Operating System AND from any antivirus program. They’re hidden at the root level!

    The fact that Sony claims that such system is NOT secure is ludicrous. Heck, it’s an outright lie and Sony knows it.

    Sony should come clean, admit it screwed up, apologize, pull the remaining stock, offer exchanges for the ones sold, and promise to never do such dangerous nonsense again. And then of course FOLLOW THROUGH with that promise!

  6. Ima Fish says:

    I just found this over at slashdot which shows just how powerful and DANGEROUS Sony’s root-kit really is. Proves that the laws of irony are strictly enforced!

    “Also on this topic, Matt Nikki in the comments section discovered that the DRM can be bypassed simply by renaming your favourite ripping program with “$sys$” at the start of the filename and ripping the CD using this file, which is now undetectable even by the Sony DRM. You can use the Sony rootkit itself to bypass their own DRM!”

    http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html#113118588334788459

  7. Eideard says:

    The bypass Nikki mentions is discussed in the Security Now podcast. It’s an important and equally dangerous feature. Retaining the RootKit now makes it possible for script kiddies to plant whatever crap they want — using exactly that prefix.

  8. Jon says:

    And very likely these morons who wrote this “DRM tool” for Sony have no idea how to uninstall it themselves.

  9. Looks like they are getting sued, so the title says, I cannot read Italian:
    http://www.theinquirer.net/?article=27508

    Either way, Sony just lost my business forever.

  10. raindog says:

    I’m glad that the more mainstream tech outlets have at least started talking about “DRM” or “copy protection” and “infection” in the same sentence, following this debacle.

  11. Imafish says:

    raindog, the problem is that the media always gets it wrong. They’ll repeat the lie that the point of DRM is to stop music from getting on the net. That’s not true. The true purpose is so we have to buy multiple copies and won’t be able to share them with our friends.

    If the media said that the purpose of DRM was to screw over honest paying customers out of their fair use rights, I’d agree with you. But as long as the media keeps repeating the music industry’s lies, it does no good.

  12. Thomas says:

    As I have said many times before, DRM will eventually lead to pay per consumption. For every piece of content you purchase, there will eventually be a way of charging you every time you consume that content. If you hear people like Uncle George (Lucas) talk, he’s disgusted that people are able to watch his movies in the privacy of their own homes by only paying for a copy once. Once that technology becomes even moderately pervasive, it will be very difficult to stem the tide. A sad day indeed is on the horizon.

  13. Smith says:

    At what point did we actually lose control of our purchases? We use to go to our favorite store and buy our music and a blank cassett. Then we ran home to record the record/tape/CD onto the cassett for use in our car.

    But now the RIAA seems to be saying that we don’t “buy” anything; we lease it under contract.

    “So you want a Eminem CD for your computer? Well we got just the thing at a reasonable $19.95. Oh, you want to also play it in your car? Well, for another $19.95 we can give you a copy for your car. And for just $19.95 more we can let you have a copy for your home entertainment system — ah, what brand was that again? You don’t have an MP3 player do ya? We could sell you an MP3 version for $24.95. (Sorry, but there’s a 25% ‘pirating’ surcharge for MP3’s.).

    “Come back next year and we will renew your entire package for the low, low price of $69.95.

    “Heh, heh and please don’t do anything to violate that lease or the RIAA will make you think that Moses went easy on the Egyptians.”

  14. gquaglia says:

    “But now the RIAA seems to be saying that we don’t “buy” anything; we lease it under contract.”

    No surprise, M$ has been doing that for years to its customers.

  15. Abram Nichols says:

    Are we being screwed by the big dogs, or are we just being suckers for not doing it ourselves? If Sony doesn’t get in trouble for this, then the only thing we can conclude is that it must be ok (at least legally). So screw the incredulous guffaws; go out, start your own businesses, and rip off your customers the same way. It is legal, right?


0

Bad Behavior has blocked 4549 access attempts in the last 7 days.