OFF Topic Sony DRM Rootkit may be on your PC 
Author Message
 OFF Topic Sony DRM Rootkit may be on your PC

Found this in Macintouch.
http://www.***.com/ #tips.2005.11.16

"More than half a million networks, including military and government
sites, were likely infected by copy-restriction software distributed by
Sony on a handful of its CDs"

Dave Schroeder offered more perspective on Sony's dirty trick of
secretly installing a "rootkit" from its music CDs (a more urgent issue
for Windows PCs than for Macs):

In response to Rob Poole's comments: Rob is correct in noting that there
is no autorun feature on Mac OS X. The software must be manually and
explicitly run by the user, and the user is also prompted for
administrative access during the installation. iTunes and Mac OS X
itself do not recognize anything, and Apple is in no way complicit in
this mechanism. iTunes (or any other software) is also fully able to rip
the unencrypted audio tracks from the CD at will. The reason it's so
insidious on Windows is that it is executed and installed without any
meaningful knowledge about what's happening on the part of the user.
Further, it is the existence of this software that disables ripping in
non-approved ways, and so on. On the Mac, this is not the case.
? But in order for the disc to function at all as an audio CD, it *must*
have unencrypted digital audio present on the disc. Thus, if there is no
rights management software designed to intercept a user's actions, the
songs can still be ripped as normal.
? Of course, this is moot, since Sony has subsequently said it would
stop distributing this software. That is not to say that content owners
will not continue to attempt to assert control with further DRM
technologies in the future, and, indeed, to attempt to convince computer
and electronics makers to include only "approved" playback mechanisms
(e.g., those that respect the DRM) along the lines of DVD players that
play standard CSS-protected DVDs. But that isn't yet the case with Apple
or Mac OS X.

[Recent articles on this hot issue include the following. -MacInTouch]
Sony DRM Rootkit [Microsoft Anti-Malware Engineering Team]
We use a set of objective criteria for both Windows Defender and the
Malicious Software Removal Tool to determine what software will be
classified for detection and removal by our anti-malware technology. We
have analyzed this software, and have determined that in order to help
protect our customers we will add a detection and removal signature for
the rootkit component of the XCP software to the Windows AntiSpyware
beta, which is currently used by millions of users. This signature will
be available to current beta users through the normal Windows
AntiSpyware beta signature update process, which has been providing
weekly signature updates for almost a year now. Detection and removal of
this rootkit component will also appear in Windows Defender when its
first public beta is available. We also plan to include this signature
in the December monthly update to the Malicious Software Removal Tool.
It will also be included in the signature set for the online scanner on
Windows Live Safety Center.

Sony Numbers Add Up to Trouble [Wired]
More than half a million networks, including military and government
sites, were likely infected by copy-restriction software distributed by
Sony on a handful of its CDs, according to a statistical analysis of
domain servers conducted by a well-respected security researcher and
confirmed by independent experts Tuesday.
? Sony BMG has been on the run for almost two weeks with the public
relations debacle of its XCP copy-restriction software, which has
installed an exploit-vulnerable rootkit with at least 20 popular music
titles on PCs all over the world.
? While the company has committed to withdrawing the CDs from
production, and is said to be pulling them from the shelves, the biggest
problem remaining for the company, and perhaps the internet as well, is
how many Sony-compromised machines are still out there.
? That's a number only Sony knows for sure -- and isn't releasing. One
person, however, is getting closer to a global figure: Dan Kaminsky, an
independent internet security researcher based in Seattle.
? Using statistical sampling methods and a secret feature of XCP that
notifies Sony when its CDs are placed in a computer, Kaminsky was able
to trace evidence of infections in a sample that points to the probable
existence of at least one compromised machine in roughly 568,200
networks worldwide. This does not reflect a tally of actual infections,
however, and the real number could be much higher.

CD's Recalled for Posing Risk to PC's [NY Times (reg. req'd.)]
The global music giant Sony BMG yesterday announced plans to recall
millions of CD's by at least 20 artists - from the crooners Celine Dion
and Neil Diamond to the country-rock act Van Zant - because they contain
copy restriction software that poses risks to the computers of
consumers.

? The move, more commonly associated with collapsing baby strollers,
exploding batteries, or cars with faulty brakes, is expected to cost the
company tens of millions of dollars. Sony BMG said that all CD's
containing the software would be removed from retail outlets and that
exchanges would be offered to consumers who had bought any of them.
? A toll-free number and e-mail message inquiry system will also be set
up on the Sony BMG Web site, sonybmg.com.
? ... Sony BMG estimated last week that about five million discs - some
49 different titles - had been shipped with the problematic software,
and about two million had been sold.

--
 Garden Shade Zone 5 S Jersey USA in a Japanese Jungle Manner.39.6376 -75.0208
This article is posted under fair use rules in accordance with
Title 17 U.S.C. Section 107, and is strictly for the educational
 and informative purposes. This material is distributed without profit.
"Peace is not an absence of war, it is a virtue, a state of mind, a
disposition for benevolence, confidence, justice."
-Baruch Spinoza



Mon, 05 May 2008 03:21:01 GMT
 
 [ 1 post ] 

 Relevant Pages 

1. I am sorry for the off topic post

2. Notice that all the topics are off topic topics

3. Off topic: Exercise may increase testicular cancer

4. For John Garst: ED may = heart disease (off topic)

5. Off topic but a nice topic

6. Goldenberg's and cavities OFF TOPIC / ON TOPIC

7. WORLD OFF TOPIC, JAN ON TOPIC: Re: Mercury Toxicity

8. OT/OT Military Dentistry (off topic/ on topic)

9. F*CK OFF WITH YOUR OFF TOPIC CRAP, THIS IS A LYME DISEASE NEWSGROUP


 
Powered by phpBB® Forum Software