Latest audio CDs install a virus?

Or at least a variant, it seems:

On Windows computers, it installs when you insert the CD (you must click OK in a misleading dialog box), and then it doesn’t let you copy the cd, make mp3 files from the contents or download the music into your iPod or similar music player. Apparently about 20 new releases from record labels under Sony are infected with this rootkit. If you try and uninstall the program, your cd player on your computer stops working, and is very difficult to fix.

Thanks, Sony. You can keep the rootkit. I like my computer to be virus-free.

Study of Sony Anti-Piracy Software Triggers Uproar
File-Hiding Technique Alarms Security Researchers; Developer Offers Patch

By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, November 2, 2005; 6:50 PM

Irate music fans who posted to dozens of online blogs vowing to never again buy Sony CDs as long as the company keeps using a suddenly beleaguered anti-piracy software program may find that their outbursts have been partially rewarded today.

On the heels of the Internet uproar over security concerns with its copyright-protection measures, the company that developed the software for recording-industry giant Sony BMG Music Entertainment says it is providing computer users with a “patch file” that will mitigate some of the features that alarmed security researchers when they were discovered earlier this week – especially the program’s built-in ability to hide files on the user’s system.

Privacy and security experts charged that the technology built into many of Sony’s music CDs since March is unnecessarily invasive and exposes users to threats from hackers and virus writers.

“Here you have one of the biggest name-brand corporations on the planet getting into what many people in other circumstances would consider hacking,” said Richard Smith, a security and privacy consultant based in Boston. “That’s just not acceptable.”

Earlier this week, computer security researcher Mark Russinovich published an analysis showing that some new Sony CDs install software that not only limits the copying of music on the discs, but also employs programming techniques normally associated with computer viruses to hide from users and prevent them from removing the software.

Russinovich’s findings – posted on the Web site (http://www.sysinternals.com/) that he runs with another researcher – indicated that the CDs in question use software techniques that behave similarly to “rootkits,” software tools that hackers can use to maintain control over a computer system once they have broken in.

He found that traditional methods of uninstalling the program would not work, and that attempts at removing it corrupted the files needed to operate his computer’s CD player, rendering it useless.

Sony spokesman John McKay said the technology has been deployed on just 20 titles so far, but that the company may include it on additional titles in the months ahead.

The music industry is aggressively defending its works from Internet and other forms of piracy, going so far as to sue individuals alleged to be trading large numbers of song titles online. The industry loses roughly $4.2 billion worldwide to piracy each year, according to the Recording Industry Association of America.

Russinovich discovered that the techniques employed by the Sony program to conceal its files from the user and to make them harder to remove could also be used by virus writers and hackers to hide malicious files on any computer running the anti-piracy program.

In response to criticisms that intruders could take such advantage, First4Internet Ltd. – the British company that developed the software – will make available on its Web site a software patch that should remove its ability to hide files, chief executive Mathew Gilliat-Smith said.

Russinovich called the offer of a patch “backpedaling and damage control in the face of a public-relations nightmare” and emphasized that users who try to remove the files manually after applying the fix will still ruin their CD-Rom drives.

Sony’s move is the latest effort by the entertainment companies to rely on controversial “digital rights management” (DRM) technologies to reverse a steady drop in sales that the industry attributes in large part to piracy facilitated by online music and movie file-sharing networks like Kazaa and Limewire.

DRM technologies by their very nature need to be secretive, according to Peter Ullman, a partner with Woodcock Washburn, a Philadelphia law firm that specializes in intellectual property matters.

“If the software is put there to protect valuable content from being misused, then the software has to be able to protect itself from being subverted, so the companies that produce this security technology tend not to want to publicize how their technology works,” Ullman said.

At issue is whether Sony has provided customers with adequate notice about what they can expect when installing the software, said Ari Schwartz, deputy director of the Washington-based Center for Democracy and Technology.

“Sony needs to be more transparent in how and what they’re installing so that consumers can make informed decisions,” Schwartz said.

Windows users cannot listen to tracks on the CD without agreeing to install the anti-piracy program, which merely advises that “it will install a small proprietary software program” that will remain there “until removed or deleted.”

But according to Mikko Hypponen, director of research for Finnish antivirus company F-Secure Corp., users who want to remove the program may not do so directly, but must fill out a form on Sony’s Web site, download additional software, wait for a phone call from a technical support specialist, and then download and install yet another program that removes the files.

Hypponen agreed that Sony’s software could help hackers circumvent most antivirus products on the market today. He added that installing the Sony program on a machine running Windows Vista – the beta version of the next iteration of Microsoft Windows – “breaks the operating system spectacularly.”

While the anti-piracy software allows consumers to make a limited number of additional copy-protected discs, it also imposes compatibility and portability constraints. Users of Apple Inc.'s iPod – the dominant portable media player on the market – have no way of transferring tracks from protected Sony CDs to their device, since Apple has not yet licensed its own DRM technology for use with copy-protected discs.

“We’re still in this new digital era where the entertainment industry wants to protect … their content, without due consideration of the consumer’s right to use that content in a fair way,” Russinovich said. “We need to have an open discussion as to where we should draw the line.”

David Eisner, a blogger and software developer at the University of Maryland’s Computer Aided Life Cycle Engineering Center, believes the record label’s actions will ultimately backfire and drive otherwise legitimate customers to download pirated music from the online file-sharing networks.

“The people they’re trying to stop from stealing their music are always going to find a way around these types of technologies,” Eisner said. “Sony is just hurting people who obtain their products legally, and many of these same people are now going to think twice about doing so.”

[post=524636]Here’s[/post] a link to a John Childs post on the issue where he links to a variety of sites with information on how to get rid of the installed driver.

Interesting…this isn’t Mediamax CD3. The latest Sony discs infected with DRM employ a much more malicious set of tools. Here’s a different process for removing the newest crap:

(Not 100% sure if that works. It is, after all, simply an anonymous Slashdot post.)

And here’s anouther article for good measure:

I had to rip a quick copy of a Sony disk for our music manager this afternoon (he wants to listen to the music while driving in his car so he can select tracks for the playlist and doesn’t want to risk damaging the station’s original disk in the process, so it get’s ripped - to my mind this is ‘fair use’ and if ‘they’ don’t like it…).
I chucked it into my PC’s CD-tray, fired up Nero (6 Ultra Edition version 6.3.0.2), hit ‘COPY DISK’ and it did.
No funny business, no dialogue boxes, just in and out, thanx for playing.

Should I be worried?

If you copied it no problem, you’re fine. I think they only sell the crippled (crippling?) cds in the United States anyway.

Ah, welcome to the third world.

From the article:

“At issue is whether Sony has provided customers with adequate notice about what they can expect when installing the software, said Ari Schwartz, deputy director of the Washington-based Center for Democracy and Technology.”

I suppose this should include mentioning whether the software can be uninstalled or not. Sounds like Sony is now in the malware business. Can’t rip a Sony CD to an iPOD? I’m sure that’ll be great for Sony sales…

The BOYCOTT SONY petition webpage.

Yup, Sony killed themselves here. While I’ve probably never bought more than 5 music CDs in my life (just not a music person, I guess), I’ll boycott buying anything from Sony, unless they take acceptable corrective action. Installing manipulative software on someones computer without them knowing the effects is just wrong. Even if they put it in an EULA (or hint at something like this), it’s still wrong, as most likely the user is not going to read all the BS in those EULAs. It needs to be spelled out before buying the CD that it can only be used in a way that probably nobody is going to use it.

I guess it’s time to get rid of my Sony 23" monitor here that I spend too much time in front of. I think BenQ and Samsung now offer a better product anyways. Hmmm, what other Sony crap do I have here.

PS. Haha, this is my 2000th post. Awesome!

Sony doesnt put out any cds that are worth listening to anyway, so this wont affect me. I agree that they are just digging themselves further into the hole here.

That’s a post about a different CD copy restriction scheme. The one with the rootkit like behavior is by First 4 Internet in the UK (the UK has evil software companies too :p). A different beast and style of CD copy restrition.

I did mention the Sony rootkit-like software in the thread about removing screws. That thread morphed into a discussion about MP3 players and iPods and then a post about the evil Sony software. My post about the Sony software and my rant about copy protection and DRM on CDs.

Nope. The UK and Europe have been a test market for the various crippled CDs for longer than the US.

The Sony software isn’t a virus. What it does is use rootkit-like behavior to hide itself. That is certainly not good, and the way that it is written makes it easy for other software to hide stuff on any computer that has the Sony (First 4 Internet) software installed. It’s not good from a security standpoint. It’s also not good from a system stability and reliability standpoint. I would put it in the category of poorly written junkware rather than as a virus or other malware.

People could get creative and intentionally install that Sony CD software on a system so they could hide a directory or application on a school computer or some other computer where, for whatever reason, you want to hide something. That’s the security risk in the Sony software and a reason why it’s a bad thing.

Sony has released an “update” that is supposed to remove the cloaking or rootkit-like behavior from the software. Sony Update

Just browsing the news and this headline popped out:

Interesting idea… Conspiracy? Blu-ray is on the way?

None the less, it’s still seems like bad PR and bad for the brand.

Maybe they’re just still trying to get back at us for preferring VHS?

Nope. As far as I know the various copy restriction schemes present dialog boxes and EULA text for any installs.

I would, however, take precautions so a production work computer doesn’t get “infected” by some sort of DRM or anti-copy manager from playing a CD. You don’t want a production computer to start misbehaving and not let you use the CD drive the way you expect.

So it would be a good idea to have a separate or non-production computer to do CD copies and rips with.

Make a disk image of the HD of the selected ripping computer. There are some imaging tools here. DriveImage XML looks like a goodie for Windows XP. I haven’t tried it, but from the web page it looks up to the task.

Image the HD and if the computer ever does get hosed by a CD you can reimage it to get it back to a normal state (the exact state it was in when it was imaged). Just be aware that reimaging the drive will wipe all data off the drive so if there are saved emails and such on the drive they will be gone (or put back to the state they were in when the disk was imaged).

The other thing I’d do for the Windows computers is turn off the CD Autoplay or Autorun. That’s how the CDs start the install software.

Another option would be to have a Linux computer set up to do disk ripping. No DRM stuff bothers to infect Linux yet. It would require that someone there get familiar with Linux to set it up.

Thanx John, those are some good suggestions. There’s no chance of getting another machine to use for the ripping. I’ll have a look at the imaging software when I get in there this afternoon.

If you’re networked or if you have a second drive or partition you can minimize the pain of reimaging by keeping your data (like My Documents and your emails and such) on a network drive or on the second drive or partition. That way you can reimage without having to worry about losing data files. It takes some effort and dedication to keep the data on a second drive instead of the main system drive, but it is worth it for making it easier to backup and easier to recover if you ever need to restore the system image.

Fortunately (i think) the only email I use on that machine is Gmail where all my stuff is archived in their system.
I am on a network. Locally, we run a novell network in the station but I access the internet via the company network which plugs into our network somewhere.
We are now in territory that I know preciously little about, so if I suddenly say something incredibly stupid, you’ll understand?

I just had an idea…

Do you know about bootable CD/DVD versions of Linix like Knoppix?
It’s a version of Linux that boots from a CD or DVD. It runs in RAM. It does not install anything to the hard drive. Everything is run from the CD/DVD and RAM. When you close Linux and reboot the computer it is all back to normal. The computer will boot back to Windows as if nothing had happened.

So here’s the idea. Create a bootable version of Linix that is optimized for playing CDs and ripping CDs. You’ll be able to play and rip copy restricted CDs without worrying about the DRM or other software getting installed. Then when the CD is ripped you close Linux and reboot to Windows. Windows stays completely safe throughout the operation.

It would also be possible to do something similar with BartPE. BartPE is a version of Windows that is bootable from a CD/DVD similar to the Knoppix idea. A plugin for BartPE could be created that configures and runs a CD ripper. Then when it’s done you close BartPE and reboot to regular Windows. With the right configurations to write protect the hard drives you would be safe from having anything installed to the hard drive while rippine and playing the CD.

I’m sure someone is going to come up with bootable systems for both Linux and BartPE to do just that. It will make it possible to rip copy restricted CDs without risking your main system getting “infected”.