Should SONY recall their rootkit DRM music Cd's?

From Wikipedia, the free encyclopedia. Definition of rootkit.

“A rootkit is a set of tools frequently used by an intruder after cracking a computer system. These tools are intended to conceal running processes and files or system data, which helps an intruder maintain access to a system for malicious purposes. Root kits are known to exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows. Rootkits received increased prominance in late 2005, when it was found Sony/BMG was including them on their music CD’s.”


There has been quite a lot in the news the past several days concerning a new “rootkit” type DRM solution from Sony. When inserting one of their products that contains this DRM on a Windows PC optical drive, anyone that has auto play enabled on their Windows computer and agrees to the end user license agreement in order to play the CD, will have a cloaking software installed to their hard drive without their knowledge and consent. Unfortunately, once installed it is difficult to remove properly and this even goes for experienced PC technicians. There is also a possibility that your CD drive would be rendered inoperative among other things. To remove the product also requires the use some help and a “patch” from Sony. It is being reported that in order to obtain the patch and instructions, that there are some privacy concerns connected with the procedure and people have even had to explain why they would like to remove the malware from their computer prior to obtaining assistance from Sony.

At first, this DRM solution was being looked upon as spyware or malware, but now, the situation has become much more serious. It is now believed that this cloaking technology will render anyone who has it installed upon their computer to be vulnerable to hackers and new viruses. Here is an excerpt from an article written by News Editor Seán Byrne:

"It has also been found to introduce a security vulnerability as well as potentially crash Windows during its installation of the patch to ‘decloak it’. Once the user agrees to the EULA when the CD is loaded, the rootkit is installed, which makes files, directories and registry keys beginning with ‘$sys$’ invisible to the system, such as those used by the Cd’s DRM software.

As Sony’s rootkit can hide files and registry keys, this introduces quite a serious security risk, since hackers, viruses or other unwanted software can make themselves invisible also on any system with this rootkit installed just by adding a $sys$ to the beginning of its file/directory names or registry keys. This is what makes it such a concern for the companies behind anti virus software since it cannot detect these type of files."

Please feel free to read the article in it’s entirety prior to filling out the poll. However, keep in mind that in any industry, when it is discovered by a company that a product it produced is defective, or it is discovered that said product can cause harm if left in the market, it is recalled. We have to ask ourselves if it is responsible for Sony to leave out in distribution such products. It is believed that there are some 20 music titles that contain this payload.

I don’t even know what rootkit is. So many things to restrict usage of so many new technologies. :frowning:

Good point Kenshin, so I added a definition from Wikipedia. Interesting that Sony is already mentioned there. Lawsuit anyone?

Yes this method of cd protection should be withdrawn immediately as it loads software directly into your computer, in particular altering the registry and then hides what it has done. All this without your permission and possibly Knowledge. I copy cds that I have bought for playing in my car. This is because in the past my vehicle was broken into and a collection of cassettes were stolen. The insurance company did not want to know unless I could produce the receipts. Who can? This cost me a considerable amount of money. I do not have pirated copies. It’s the price we get charged for cds in GB that stops me buying much of what is offered for sale even oldies because the companies are so greedy. If they were to offer these at a reasonable price I would buy much more. My latest cd`s are presents requested at birthdays Christmas etc. Some of the so called music offered today is laughable.
Getting back to the root kit, isn’t congress looking into making it illegal to tamper with computers in this way.
There must be a better way to protect company’s products than this?
Shame on them.

i voted for ‘yes’
but nevertheless it’s everybody’s own fault if you (still) have AutoRun enabled, or if you think you have to install a special “playback-software” just to listen to an audio cd.

I voted yes as well, this is copy protection taken to far IMO

Ivoted yes because I agree with Dee-27 but I dont run audio cd through pc anyways

Rootkit (so called because it is installed at the root level, and and originally by a “root” hacked superuser account on a unix system) compromises the operating system at a very low level. it is used primarily to hide processes and files, but in this day of high connectivity may also be used to hide outgoing or incoming network connections (such as backdoors).

Nowadays a rootkit can also be installed on modern desktop OSes, not just larger unix machines as was historically the case. A rootkit is most definately a hacker’s tool and technique for stealthing the evidence of a compromised system, and can only be truely detected by mounting the compromised OS disk on a clean, non-compromised machine and inspecting the disk ie without running the compromised OS.

Rootkits as a hacking technique have been used since the 70’s, but recently have become the “dirty little secret” of the anti-virus companies - they haven’t addressed this issue at all, even as PC rootkits have gained a foothold over the last few years, where before they were almost exclusively confined to unix boxes.

How it works: When you perform any action on a system (such as a file or process listing) you don’t actually perform it directly. You request this information from the operating system, and (depending on your user and system security), the OS generates the info and passed it back to you. A rootkit sits at such a low level in the system, that it can filter out any names or processes that the hacker wants to hide, regardless of user.

C’mon–where’s the Lawyers out there???
Sony is just begging to be sued and it seems that it would be a very easy case to win and for some lawyer to make his/her name known.

wired article

duff link.

Yes I agree with you on disabling autorun but the general public does not know this and they are the ones efected by this. The POINT is Sony should not be using hacker methods to protect their audio.

I voted Yes but I am not sure if they will as I explained in my reply on the front page - "Well I am not sure if they would offer a recall since you can download the update patch. But what happens if your PC is not online? Will they send you a CD w/ their SP2?

One thing is for certain, Sony & First 4 Internet screwed up. We can all rest assured that no more CDs will ship with the DRM Cloaking Technology, but that is only part of this protection. The protection by F4I still attacks your drives and gets deep into the registry, the answer is simply NOT use this software protection anymore.

XCP2 from design is a trojan rootkit and should never be used again by Sony or anyone. Malware is malware EVEN if you remove a small part of it the idea of taking over your CD/DVD drives by installing a filter driver is just plain BAD."

  1. Yes, SONY needs to recall all of these garbage malware CD’s.
  2. Autorun needs to be disabled by default. Microsloth are you listening???

Agree with everyone else on this
sony should get there a*** kicked

I hate all kinds of DRM… :frowning:

This needs to crash and burn. Who in their right mind voted no? Please post giving your reasoning.

Here is a great NPR audio broadcast for to people listen to, if they don’t understand the situation.

I just hope Sony has caused a wake up call for people to say that enough is enough and it’s time to put our rights back and the DRM has to go.

Good Cnet Editorial and Big Picture article on why they do it - not anti-piracy, but politics and greed against Apple’s Itunes success.

Well Sony tells us why they do this in the EULA Sony EULA

If you wish to uninstall the Toolkit you must use this link : Sony uninstall form
Sony says this the only way to uninstall it.

Both F-Secure and Secunia talks about this toolkit as a danger to your computer since hackers etc. can use this toolkit to make virus etc. that can hide from VirusScanners !!! :a This is not Good !!

You should also read this Mark’s Sysinternals Blog if you need to know how to find out if your computer has this rootkit installed.

Update : Hackers has now used this rootkit to Cheat in World Of Warcraft read more here :