Sony distributes virus

[Murtak]

Some of you may already have heard of the latest in Sony copyright antics. For those who have not I thought I would provide a brief rundown on those fuckers violate not only every code of morals applicable to the electronic world, but also literally dozens of laws in multiple countries. I recommend to everyone who owns a computer and considers to install non-open-source software on it to read this carefully. This kind of crap has to be stopped now if we ever want to truly own the software we buy (or, looking at the palladium project, even the hardware we buy).

Currently it seems like the copyright mechanism is only present on some "audio CDs". I hesitate to call them that because they are not actually playable on regular CD players. Instead you have to install Sony's software to listen to the music. That software then allows you to listen to the music, but not to freely copy it, listen to it on any player you like or converting it to a format your stereo system recognizes. That is bad enough on it's own, but so far I can only accuse Sony of being shortsighted assholes who are afraid of embracing new technologies. The fun part comes when you look more closely at how the software works and what it does to your computer.



They install a fucking rootkit
For those who do not know the term, a rootkit is a term usually used to describe software which allows an intruder to hide from legitimate users of computers they compromised. Simply put, by altering core parts of your operating system a rootkit hides itself and it's payload from the users and most any applications, including directory listing and anti virus programs.

Then they fuck up your computer
Of course simply hiding their shit on your system is not enough for these fuckers. No, they also have to scan for you attempting to copy their precious content. So they scan your memory for known programs. 1500 times a minute. Great, so now even if I don't use their precious player my system gets slower. What else?

Why, next we phone home
Yep, they transmit data back to Sony. So far I do not know what exactly they send, but I can take a decent guess of what is sure to be sent (you bad boy you, you really should not copy our music) and I can imagine what else they might send if they felt like it (must. have. more. marketing. data.). By the way, there is an official Sony statement of this. Supposedly the software only downloads "banners". You know, a piece of malware downloading fucking advertisements would be bad enough on it's own. But, you know, since it downloads (and more importantly, uploads) even when they player is not running and since the player does not, in fact, display banners, mister public Sony speaker is lying through his teeth. Blatantly, obviously and with no concern at all even for later being able to say "I must have mistaken my briefing". So this stinking piece of malware stealth-installs on your computer, alters your very operating system, phones home like E.T. could only dream of and the manufacturer is smiling while kicking you in the nuts. Couldn't get worse, huh? Wrong.

You cannot even uninstall this festering pile of feces
Why, you say, but surely you can just delete the files? Well . . . sort of. I could, because people far more knowledgeable than me provided me with a step by step walkthrough. Even so I am not sure. Your average consumer? Heh, he won't even be able to see Sony's spyware. Stealth technology at it's finest. But if you do manage to actually find and remove the files, remove the registry entries, shut down all the processes and restart your windows ... your CD drive will not work anymore. If you are lucky that is. I already heard of worse results. Short version, unless you know windows down to the kernel level you are not getting rid of Sony's virus without formatting your hard drive.

Sony's reaction
Thankfully, as far as rootkits go, Sony's "copyright software" is a bloated ineffective piece of shit, so this discovered fairly early and is only installed on a couple million systems. And once people found out about it there actually was some complaining (enough to restore my faith in at least 0.01% of humanity). So Sony reacted. How, you ask? Oh, nothing drastic, no recalling actions, no replacements, nothing like that. No. They stated that, even though their software is fine, even though they think it is legal they recognize us poor customers are afraid and so, as the gracious leaders of humanity they are, they will suspend releasing more CDs with the software for the time being (read: 2 weeks, maybe even 3!). Upon further public pressure they even provided an uninstaller. Well, crappy reaction, but at least those who complain can get rid of it, eh? Wrong again.

The uninstaller makes it worse
Yep, that is right. Not only have to use an online form to apply (yes, fucking apply) for your uninstaller, but in doing so you also allow Sony to freely use the data you submitted. Apparently, once you submitted your data you will be contacted, verified as a real human being and then provided with a preliminary uninstaller. This "uninstaller" then installs a prograam which can be executed by any site you visit with an active-x browser (read: IE). You then visit the URL they provide and the uninstaller runs. However, it does not clean up your system. It gets rid of Sony's player (meaning you can not hear your music anymore). I am currently unclear as to whether they uninstall the rootkit. More importantly (yes, more importantly than an undetectable virus) the uninstaller does not uninstall itself. And as it allows any website to execute its part these are now left wide open for intruders. It again includes tons of spyware functions, but even more fun, two of the methods provided are called executeCode() and rebootMachine(). I don't think I have to add anything to that.

Meanwhile, viruses already target this software
Not only the uninstaller. Heck, you can circumvent that by not using IE, which I recommend anyway. No, they target the rootkit. It masks anything beginning with the letters $sys$ from next to all programs, including anti-virus software. So if you can get it and can rename your virus, trojan or whatever you get hidden by the rootkit. And this is much much easier than installing your own rootkit.

And Sony will likely deny responsibility
That's right. Sony does not produce their own viruses you see. No, they contracted a third party to do so. A company which is ran by an ex-Sony developer, which is situated in an so-far unaffected country and which is currently making huge losses. I can already see some Sony spokesperson pointing their finger yelling "those bad guys framed us! get them!" and said company shrugging and replying "dude, we ain't got no money to take from us". Oh boy.

And just to top it off
Of course Sony also needed to come up with an actual music player. And guess what? They stole code from open-source projects for this. Of course these projects operate under the GNU public license, which makes it absolutely illegal to use their code in non-open-source software. I am actually having trouble breathing, the irony is so thick. Yes, Sony pirated software for their anti-piracy software.



I won't even go into the similar Mac rootkit (which, to this day, is being continued), into the dozens of national and international laws Sony is breaking, into how their EULA states you have to delete your music if you get burgled, lose the original CD or leave the country or how it states Sony is only repsonsible for damages up to 5 bucks.

The important thing is, if Sony gets away with this everyone will do it. World-wide. You will sit in front of your rented hardware, listening to your one-time-rented songs, not allowed to listen to them at a later date or a different device (or, heavens forbid, at your convinience). And any company will legally be allowed to do anything they want to your computer. You, however, will not be allowed to get rid of the crap. And I doubt it will stop at computers either. So, those of you in the US, Australia or Italy (apparently the only countries affected so far): Write your congressman, state attourney or other representative. And anyone else I strongly advice to not buy from Sony. No music. No hardware. And, if possible, nothing with Sony parts in it. At all. For as long as possible. Personally I am aiming for 5 years. Return Sony goods to retailers. Whatever it takes to make those fuckers realize that not only is this kind of shit blatantly illegal, but it also amounts to anally raping loyal, trusting, paying customers while pirated copies remain safe to use.



P.S.: I am sorry for not providing links. I was too infuriated to take care bookmarking stuff. I will take some useful links as I find them again. Meanwhile you should be able to find information on any tech-heavy news site (such as slashdot) by searching for "sony +rootkit" or "sony +drm" or even just "sony".

Edit: removed some stuff which probably violates the CoC.

[Josh_Kablack]

Murtak, what you need to do is take a day or two to calm down.
Then take that post and edit it down to a PG-13 rating, polish it just a little, and then send it to every government official claiming to represent you and all of your local media.

[Murtak]

Won't work, as I live in Germany and the CDs in question are not sold in Germany (not yet anyways).

[MrWaeseL]

You are from Germany? Then can I just say that Gebäredolmetscherin is an awesome word.

[Murtak]

Some links (may contain profanity, especially from affected customers)


[counturl=27]A third party summary (seems reasonably reputable)[/counturl]

[counturl=28]First publicized find[/counturl]

[counturl=29]Information about the Uninstaller and proof of Sony's copyright violations[/counturl]

[counturl=30]Bruce Schneier's take[/counturl]

[Maj]

Last Friday, Sony suspended the production of CDs using XCP.

Monday, Microsoft declared it would help fight XCP and labeled it as a virus and spyware.

As of this morning, Sony is recalling CDs with XCP.

As an added bonus in general, Sony is facing lawsuits as a result of using XCP. The article also has a list of CDs that are protected by XCP.

[Murtak]

As of this morning, Sony is recalling CDs with XCP.

Good. Sony recalling the CDs is the first step towards trusting them again some time in the future. No availability date for the removal software was given so far, but I can deal with that.

I hope the media continue to leave their spotlights on Sony for the time being though. Hopefully Sony can be pressured into publically stating they will never interfere qith operating systems again, and of course to actually deliver the removal tool. Oh, and they need to recall their other rootkit too. A public apology for pirating open source software would also be nice.

So, please, if you have acted against this, even if only by preading the word, don't stop now. And if you intended to act, don't let this token gesture stop you. At most, this is the first step towards resolving this disaster. Promising, but nothing more.