Wednesday, November 02, 2005

Are Sony BMG Copy-protected CDs Hiding Hackerware on YOUR computer?

Sony BMG has reached a new low in their efforts to copy-protect their content. According to Brian Krebs at the Washington Post, that new Ricky Martin CD you just bought could be hiding a big nasty surprise in addition to music that sucks.

"Sony BMG has configured some of its music CDs to install antipiracy software that uses techniques typically employed by hackers and virus writers to hide the program from users and to prevent them from ever uninstalling it.

The CDs in question make use of a technique employed by software programs known in security circles as "rootkits," a set of tools attackers can use to maintain control over a computer system once they have broken in.

People may differ over what exactly a rootkit is, but the most basic ones are designed to ensure that regular PC monitoring commands and tools cannot see whatever has been planted on the victim's machine. Because rootkits generally get their hooks into the most basic level of an operating system, it is sometimes easier (and safer) to reformat the affected computer's hard drive than to surgically remove the intruder.

Sony's anti-piracy program installer pops up when you drop one of these content-protected CDs into your drive. If you agree to install it, there is no "uninstall" feature. Russinovich was able to use his knowledge of rootkits and the Windows operating system to zero in on the offending driver files needed to run the software. Unfortunately, he found that removing the program also erased the system files that power his CD-ROM drive, rendering it useless. "


Here's the blog of the guy who discovered the unauthorized program, Mark Russinovich. For those who might be interested, there is a way to disable the Autorun feature on your PC and keep a program from starting without your OK. Annoyances.org outlines it in this article.
When an Autorun-enabled CD-ROM is inserted into a CD-ROM drive, Windows automatically launches the program contained on the disk, whether you want it to or not. Similarly the audio CD player pops up whenever you insert an audio CD and starts playing it immediately. This is cute the first or second time, but soon gets infuriating. What's worse, is that if you double-click on the your CD icon in My Computer, the autorun fires up, instead of a folder window as you'd expect. This is especially irritating on slower computers, where you have to wait for what seems like an eternity for it to load some ridiculous welcome screen. Here's how to do it:

Any OS
If you hold down the Shift key when inserting the CD, the autorun is bypassed. (although it's not exactly graceful trying to insert a CD while holding down keys on the keyboard.)

There are more details on how to protect your computer from underdesired programs at that website link. There's also a more detailed examination of copy protection here by J. Alex Haldeman, a Princeton computer sciences student.

People wonder why there's a market for illegal downloads (or legal ones, for that matter)! As Krebs points out...
I understand Sony's desire to protect its intellectual property, and piracy certainly is a problem. But installing software that opens people up to further security risks and potentially destabilizes the user's computer can't be the best way to address that problem.

In truth, most antipiracy programs created thus far (and this one is no exception) place limits on legitimate users, but usually do little to prevent determined users from getting around the copy protection altogether.

I wouldn't be at all surprised if this ends up in a major class action suit that goes all the way to the Supreme Court. Mark my words.

No comments: