11/12/2005: 'Holy CD Rootkit Nightmare, Batman'....
These Sony folks deserve to have their *bleeping* asses sued OFF and let a few Non-industry officials and Courts decide between the *fair-use* and *privacy* protections VERSUS the HUGE potential damage from their "Digital Rights Management" efforts:
"For those readers that are coming up to speed with the story, here’s a summary of important developments so far:
The DRM software Sony has been shipping on many CDs since April is cloaked with rootkit technology:
* Sony denies that the rootkit poses a security or reliability threat despite the obvious risks of both
* Sony claims that users don’t care about rootkits because they don’t know what a rootkit is
* The installation provides no way to safely uninstall the software
* Without obtaining consent from the user Sony’s player informs Sony every time it plays a “protected” CD
Sony has told the press that they’ve made a decloaking patch and uninstaller available to customers, however this still leaves the following problems:
* There is no way for customers to find the patch from Sony BMG’s main web page
* The patch decloaks in an unsafe manner that can crash Windows, despite my warning to the First 4 Internet developers
* Access to the uninstaller is gated by two forms and an ActiveX control
* The uninstaller is locked to a single computer, preventing deployment in a corporation
Consumers and antivirus companies are responding:
* F-Secure independently identified the rootkit and provides information on its site
* Computer Associates has labeled the Sony software “spyware”
* A lawfirm has filed a class action lawsuit on behalf of California consumers against Sony
* ALCEI-EFI, an Italian digital-rights advocacy group, has formally asked the Italian government to investigate Sony for possible Italian law violations."
-- Mark at Sysinternals.com.
Here is full description of the problems at this Part I link and at this Part II link.
After what I just went through to reconfigure my system on this PC and others - I think I am *Safe* to date. (And while this could be a solution to "removing" this rootkit - by wiping and restoring one's sytem - it's not a simple choice for the normal PC user. Nor, is it one I'd like to face because of the lack of information provided at the time and the secretive nature of their writing this program onto my PC in the first place.)
I really hope the consumer and Anti-virus efforts DO go forward which establishes and creates the appropriate balance of guidelines for the personal and property rights of PC users versus the Digital Copyright Protections for the industry.
Allowing the Industry to set the standards and police itself is clearly not working or workable if this is the kind of results to be developed.
Give read through these two articles and then "Beware" of Sony Rootkits! The Enemy is Out There.
UPDATE: Here is the link that describes the process of how to Disable the AutoRun Feature for CD's. :-)
Karen on 11.12.05 @ 09:25 AM CST