Sony installs hidden utilities when you play CDs

November 1st, 2005

Print this article
PC Doctor - E-mail this article

EMail this article

*******************************

UPDATE!

Sony XCP DRM - What does it mean to YOU?

*******************************

EDIT
-------------------------------------
A lot of people have asked me how to disable AutoPlay in Windows - details on this are at the bottom of the post.
-------------------------------------
Response to the announcement by Sony is here.
-------------------------------------

It would seem that the music industry is now sinking to new depths to keep the gear they install of people's PC secret - and all of this is done without the user's knowledge or consent. These techniques are more spyware tricks that how a legitimate company is supposed to operate. External Link

I have no reason to doubt Mark Russinovich of Sysinternals so I'm forced to conclude that these nasty techniques are in use by at least Sony and that users are seeing some major tinkering done to their system when they play these CDs on their PCs. What's worse is that if you try to undo this tinkering, things stop working!

The article is well worth reading and goes into some detail about detecting and removing these hidden tools using some powerful utilities.

I'm going to have to do some looking into this myself later ...

(via TechBlog External Link )

Here's some more information on rootkits for you:

Wikipedia External Link

WhatIs

Combatting rootkits

Remove rootkits

RookitRevealer

Picked up by Bruce Schneier External Link and The Washington Post and Ed Bott .

EDIT
-------------------------------------
Edited to add that this Sony DRM system is very dangerous to Windows Vista systems and seems to break the OS badly. Be careful!

To get this malware uninstalled you can fill in this form External Link on the Sony site, after which someone will call you and demand loads of answers to questions!

Also, if you want to be protected against CD installers the best way if to disable AutoPlay for the optical drives (AutoPlay is the feature that allows applications to be run when the disc is placed in the drive). Disabling AutoPlay is easy and prevents any program running automatically when you insert a disc in the CD or DVD drive. Details on how to do this are posted in the page "Disabling AutoPlay in Windows XP".

Secunia External Link now picks up on this:

Description:
A security issue has been reported in First4Internet XCP DRM software used to playback Sony copy-protected music CDs, which can be exploited by malicious, local users to hide certain actions on a vulnerable system from the Administrator.

The security issue is caused due to the "aries.sys" device driver hiding all files, registry keys and processes on the system that have names that start with "$sys$", regardless of whether the file is part of the XCP software. This can be exploited by malicious users and malware to hide files and processes from the Administrator by prefixing their names with "$sys$".

Solution:
Use another product.

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.

It’s not just Windows - Sony are installing junk on the Mac too!

Bot uses Sony DRM to hide on PCs

Removing the Sony DRM rootkit (and some good news from Microsoft)

Sony just keeps on digging deeper

SonyBMG DRM Customer Survival Kit

This entry was posted by the PC Doctor on Tuesday, November 1st, 2005 at 16:10 and is filed under Stay Secure, PC Doctor's Thoughts, Cartoons. Responses are currently closed, but you can trackback from your own site.

Comments are closed.

Translate:

Sony installs hidden utilities when you play CDs

Related Posts

A Member of the

Pages

Links

Tools