Sony offers removal and replacement for rootkit DRM

Sony offers removal and replacement for rootkit DRM

Summary: By way of ZDNet reader Barb Bowman comes news that Sony BMG is moving quickly to clean up the PR disaster that ensued after Mark...

TOPICS: Malware

By way of ZDNet reader Barb Bowman comes news that Sony BMG is moving quickly to clean up the PR disaster that ensued after Mark Russinovich provided an incredibly detailed account of how the company was including Digital Restrictions Management (DRM) software on its artists' CDs that, like Trojan horses, not only surreptitiously installed itself on PCs, but used a common-to-malware technique known as a rootkit to cloak itself in a way that made discovery and/or removal of the software very difficult. 

As if news of the underhanded technique wasn't bad enough for Sony BMG, the situation spiraled even further out of control when it became apparent that Russinovich's exposure of the rootkit's details may have given hackers the hall pass they needed to treat the rootkit as a back door entry point into "infected" systems.  IT managers should take note since there's a likelihood that the CDs have been used in business systems. 

Sony promised a fix and now, within days of the rootkit's discovery (and subsequent outrage that spread on the Net like wildfire) that fix is apparently already available.  According to Bowman's blog, "Sony BMG and First 4 Internet have just released an update that will completely remove the rootkit based DRM content protection software and replace it with anon-rootkit DRM technology that is compatible with all current security protocols."  Oddly, the downloadable fix is being referred to as "Service Pack 2"  but it should not be confused with Microsoft's Service Pack 2 for Windows XP.  Whereas the fix only handles substitution of the new DRM technology for the old rootkit-based on, Sony is apparently providing another form-based process for removal altogether.  However, the removal procedure reveals yet another minor gaff that Sony says it hopes to have corrected later this month: it requires Internet Explorer and ActiveX.  

One question I have, in case anybody knows the answer, is what happens when you put one of these CDs into a non-Windows computer (ie: Mac or Linux).

Topic: Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Mac & Linux Systems

    The Sony rootkit DRM has no effect on Mac & Linux systems --
    they are immune to it, and the CDs function as ordinary audio CDs.
    I use a Mac system and haven't been affected by this outrageous
    conduct by Sony, I have still decided to boycott their products --
    ALL of their products. You know, I really don't need that new PS3
    game console, and Panasonic and other brands make DVD players
    and stereo equipment that's just as nice (and probably less
    expensive). DON'T BUY SONY PRODUCTS!!!
    • Why blame Sony?

      Why blame Sony as all they are doing is tu use a major security breach of Windows? What do you think of a system that allows any third party to install critical software without permission and cloaked? As stated by others, MacOS and Linux are not affected, and it would be much harder to do such a thing on those systems. If Windows was secure, this would not happen.
      • Can you spell activeX?

        We BLAME Sony because they chose an underhanded, nefarious, nasty, despicable behavior. It doesn't work on Linux/MAC, because the Sony/BMG are incompetent and failed to write code to get that one percent of their custormer. They hosed the 99 percent that use Windows. I don't blame Microsoft for this problem. ActiveX and IE are a feature not a bug, Just ask them. After all the user agrees to give up ownership of their computer to play the CD. The problem is DRM and the attempt to hide the DRM program. Sony used an open-ended rootkit, It doesn't cleanup behind itself. It opens access without security. And worst of all removal by hand disables CD players.
  • sony its too later sucker

    you got caught with your hand in the cookie jar. your toast period.

    How the hell do you think that you will regain confidence from the consumer .....never

    well maybe never
    except that with the fact that there a lots of moron out there that still will buy psp and ps3 sony movie and sony music .... its could be a real great moment to kill(put out buissness) a corporation as a exemple for all the other see and fear .....

    haa the good old day that you impale you enemy infront of your castel as a warning .......

    • poor taste

      i'll be honest, toxicfreak, Sony and BMG will never have much to worry about. Large conglomerates with largely public track records such as this merged company will never fail - and artist's rights are just as serious as you don't want them to be.

      my complaint is that i recently bought a SonyBMG album, by The Bad Plus, and i can't put it on my mp3 player. upon further investigation, the album is exclusively compatible with SONY products. This is where SonyBMG will run into issues. Also, a friend of mine could not even PLAY the cd on her iBook.

      While the entire music industry is evolving into its newest era, the digital divide still has no definition. The strategists at this company have done what Microsoft was sent to the Supreme Court for, and it's unfair to the consumer. If I thought they'd listen to me, I would tape my cd to a brick and break down a boardroom window, but we're useless on this matter.
  • Not good enough

    Sony still doesn't seem to realize that they've done something wrong here. Their announcement downplays the severity of what they've done, and there's no apology offered. Here's an article that speculates on whether they have broken the law with their actions:,2350,69467,00.html?tw=newsletter_topstories_html
    Sony may even have committed a crime under the U.S. Computer Fraud and Abuse Act, which can carry fines and prison terms for anyone who "knowingly causes the transmission of a program ... and as a result of such conduct, intentionally causes damage, without authorization, to a protected computer." Corrupting Windows so it misreports the contents of a hard drive sounds a lot like "damage," and the click-wrap license agreement on the Sony disk amounts to pretty thin "authorization" -- disclosing only that "this CD will automatically install a small proprietary software program ... intended to protect the audio files embodied on the CD."
    tic swayback
  • as bittie would say...go to jail don't stop at go.
  • who will care, who will notice

    Will anyone from the CD buying masses aside from a small minority even understand this story? I get what it means and it makes me sick, but I can't think of many folks I know who would care much. Most folks I know don't even really get, or care about, how offensive - and sometimes illegal - spyware can be, let alone this.
    • Some will notice....

      ....when they buy a cd and they can't put it on their iPod.

      This has received quite a bit of media exposure though, particularly in the mainstream media, not just the tech press. Expect more exposure when criminal charges are brought against Sony.
      tic swayback
    • Look at the reviews for the album on Amazon.

      While most users won't read tech news sites like this one to get the story directly, I would say this will be a hard secret for Sony or the artist to keep.

      I included the artist in my statement above because unless they do something like sue thier label, I think it is a bit convenient for them to lay all of this on Sony. If I see one more interview with an artist talking about how "It is all about the fans" while they go along with this kind of stuff, I think I'm going to be ill.
  • Patch is useless

    According to this:

    Sony's new patch doesn't actually remove the malware, it just makes it visible. Malware removal companies are still warning that removing it will break your PC.

    Pretty pathetic Sony.
    tic swayback
  • Too late

    For me.. it's just too late. I used to love Sony products, play their games. Most of my entertainment system is Sony, and i've never had a single quality issue.

    I know I'm just one guy... I never shop at places like Wal Mart because they cripple small business and constantly create asphalt graveyards where they build up, and then relocate.

    Sony is now added to my "never shop from" list. I've cancelled my online gaming accounts, and my entertainment systems will now come from other companies.

    Again.. I know I'm just one guy.. but at least *I* know I'm doing the right thing.
  • Hold the artists accountable too.

    One thing that surprises me about this is the pass the artists seem to be getting here. For them to blame "those evil record company executives" while collecting the profits seems a little too convenient. If someone did something this underhanded under my name (and with my picture prominently on the product), I wouldn't take it lying down.

    There is plenty they can do. How about a concert (perhaps with other bands) to raise money to lobby for anti DRM laws? Why not sue their label for damaging their reputation and causing lost sales (a fan boycott would help here).

    Sony has obviously decided it can take the heat, and the artists seem willing to let this stuff be done in their name so long as they have plausible deniability. If the bands don't suffer for taking part in this, nothing will change.
    • Good point

      Certainly the artists do bear some responsibility, if not for the act, then for their reaction to the act.

      I'll buy that they didn't know that Sony would use a Trojan to protect their rights. No problem. What their actions are now that they know may well determine what people think of them, at least some people.

      Contract law isn't a simple thing, so there may be limits as to what an artist can say publically without jeapordizing their monetary flow.. and we all know that's what it's all about.. money. Bottom line is, it's not about the fans.. it's not about just being a musician or an actor.. it's about the number of zeroes on their checks.

      I guess it comes down to the sad fact that the majority of consumers are sheep that happily chomp down whatever trash they are handed by those they want to believe in.
    • Are they to blame?

      Judging from the band reactions I've seen, most had no idea that
      their record company was including such measures on their cds,
      and several have publicly posted information on breaking the
      DRM. I don't know that they have any power under their
      contracts to make demands about such things, but I'd be willing
      to bet, given the negative reaction from fans (check any band's
      website where a crippled cd has been issued, Switchfoot for
      example), that in their next contract negotiations, such issues
      will be addressed.

      I do like the idea posted by someone else on this forum, that the
      artists in question here could sue their labels for destroying
      their careers and damaging sales. How many people are going
      to buy the Van Zant cd from Amazon, given that the page is now
      covered with 1 star reviews and warnings about how the cd will
      destroy your computer?
      tic swayback
      • Yes and No

        Are they to blame for Sony's move? No, I think you're right, they had no idea.

        I would say from this point out, they will be forced to shoulder the blame for anything like it.

        If they had a half-decent attorney help with their contract, there may/should be a clause which lets them terminate and move to another label if Sony does anything that negatively impacts the image of the artist, either intentinally or unintentionally. I would say this is such an act.

        I think the only way for the artists to recover would be to either A) Sue Sony for damages and for the rights of their fans, or B) Move to another label, and make sure the contract includes language that prevents the label from infecting their user's systems, or prevents their users from executing their fair use rights by copying a CD to their MP3 player, or other device.
        • I wish it were that easy

          I generally agree with you, but I'll point out how unfair and one-
          sided most contracts with major labels are. The artists have very
          little power, and no out clauses that allow them to leave. Most
          serve as a brutal and harsh learning experience for artists, who
          pay a little more attention the next time they sign.

          I would like to see the artists publicly speaking out against such
          measures though, as that's something they could certainly do,
          and I would also encourage the lawsuit aspect of things, against
          the label by fans for damaging their property, and against the
          label by artists for damaging their careers.
          tic swayback
  • I wonder how much a spammer would pay for a list of email addresses

    who bought a particular CD?
    I refuse to submit a request for the uninstall instructions because I don't want to be on the list. I wonder if $ony will provide a privacy notice? I wonder if they will retain a record
    of everyone who did the uninstall? I understand that the uninstall is only available online.
    I wonder how much data will be sent home before the uninstall is completed?

    Call me paranoid.
  • They must not het away like that!

    Criminal corporation Sony should not be allow to get away with it that easy. all cd containing the illegal protection must me removed from the market, each people who have been ripped off by those fake cd should bet a least pay 1000$ each from sony and the goverment has a duty to fine Sony for a sum = to the Sony Music division profit (for the last 8 months).

    Only with fast and strong action again openly criminal company like Sony will teach the crooked low life illegal enterteiment cartel that they cannot just go and break the law. (and the company (well parasite) who designed this so called copy protectio: First 4 Internet as just to be imediatly shutdown)
  • An analysis of the so-called "patch"

    Turns out it's not a patch at all. The arrogance of Sony is
    tic swayback