Sony installs hidden utilities when you play CDs
Posted By The PC Doctor On 1st November 2005 @ 16:10 In Stay Secure, PC Doctor's Thoughts, Cartoons | No Comments
*******************************
UPDATE!
[1] Sony XCP DRM - What does it mean to YOU?
*******************************
EDIT
-------------------------------------
A lot of people have asked me how to disable AutoPlay in Windows - details on this are at the bottom of the post.
-------------------------------------
Response to the announcement by Sony is [2] here.
-------------------------------------
It would seem that the [3] music industry is now sinking to new depths to keep the gear they install of people's PC secret - and all of this is done without the user's knowledge or consent. These techniques are more spyware tricks that how a legitimate company is supposed to operate. 
I have no reason to doubt Mark Russinovich of Sysinternals so I'm forced to conclude that these nasty techniques are in use by at least Sony and that users are seeing some major tinkering done to their system when they play these CDs on their PCs. What's worse is that if you try to undo this tinkering, things stop working!
The article is well worth reading and goes into some detail about detecting and removing these hidden tools using some powerful utilities.
I'm going to have to do some looking into this myself later ...
(via [4] TechBlog )
Here's some more information on rootkits for you:
[5] Wikipedia
[6] WhatIs
[7] Combatting rootkits
[8] Remove rootkits
[9] RookitRevealer
Picked up by [10] Bruce Schneier and [11] The Washington Post and [12] Ed Bott .
EDIT
-------------------------------------
Edited to add that this Sony DRM system is very dangerous to Windows Vista systems and seems to break the OS badly. Be careful!
To get this malware uninstalled you can fill in [13] this form on the Sony site, after which someone will call you and demand loads of answers to questions!
Also, if you want to be protected against CD installers the best way if to disable AutoPlay for the optical drives (AutoPlay is the feature that allows applications to be run when the disc is placed in the drive). Disabling AutoPlay is easy and prevents any program running automatically when you insert a disc in the CD or DVD drive. Details on how to do this are posted in the page "[14] Disabling AutoPlay in Windows XP".
[15] 
[16] Secunia now picks up on this:
Description:
A security issue has been reported in First4Internet XCP DRM software used to playback Sony copy-protected music CDs, which can be exploited by malicious, local users to hide certain actions on a vulnerable system from the Administrator.The security issue is caused due to the "aries.sys" device driver hiding all files, registry keys and processes on the system that have names that start with "$sys$", regardless of whether the file is part of the XCP software. This can be exploited by malicious users and malware to hide files and processes from the Administrator by prefixing their names with "$sys$".
Solution:
Use another product.
- [17] Immunization against the Sony uninstaller
- [18] Removing the Sony rootkit without using the installer (PDF download)
- [19] XCP/First 4 Internet information
- [20] Secunia - Sony CD First4Internet XCP CodeSupport uninstallation ActiveX control vulnerability
- [21] You can no longer uninstall Sony XCP DRM
- [22] Sony DRM on 500,000 networks (oh, and another flaw discovered)
- [23] Sony DRM code violates open source LGPL license and uninstaller opens a big security hole!
- [24] Don't like the Sony rootkit? Don't run the uninstaller!
- [25] December - Freak-out month for Sony music customers
- [26] Removing the Sony DRM rootkit (and some good news from Microsoft)
- [27] It’s MY PC!
- [28] Second variant of the Sony DRM trojan detected by BitDefender
- [29] SonyBMG DRM Customer Survival Kit
- [30] Sophos releases tool to “detect and disable” cloaking for Sony’s DRM copy-protection
- [31] Sophos to unmask Sony DRM
- [32] Bot uses Sony DRM to hide on PCs
- [33] The EFF on Sony-BMG XCP copy protection
- [34] Sony installs hidden utilities when you play CDs
- [35] It’s not just Sony that use rootkits …
- [36] Sony patching copy-protected CDs … kinda
- [37] BBC News picks up on Sony’s bad behavior
- [38] Sony and CD standards
- [39] Sony replaces rootkit DRM technology with non-rootkit technology
- [40] Another thing that Sony needs to do
- [49]
- [50]
- [51]
- [52]
- [53]
- [54]
- [55]
- [56]
Article printed from The PC Doctor's blog: https://pcdoctor-guide.com/wordpress
URL to article: https://pcdoctor-guide.com/wordpress/?p=1535
URLs in this post:
[1] Sony XCP DRM - What does it mean to YOU?: https://pcdoctor-guide.com/wordpress/?p=1673
[2] here: https://pcdoctor-guide.com/wordpress/?p=1552
[3] music industry is now sinking to new depths to keep the gear they install of people's PC secret - and all of this is done without the user's knowledge or consent. These techniques are more spyware tricks that how a legitimate company is supposed to operate.: http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
[4] TechBlog: http://blogs.chron.com/techblog/archives/2005/11/sony_takes_a_pa.html
[5] Wikipedia: http://en.wikipedia.org/wiki/Rootkit
[6] WhatIs: http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci547279,00.html
[7] Combatting rootkits: http://www.viruslist.com/en/analysis?pubid=168740859
[8] Remove rootkits: http://safecomputing.umn.edu/guides/scan_unhackme.html
[9] RookitRevealer: http://www.sysinternals.com/Utilities/RootkitRevealer.html
[10] Bruce Schneier: http://www.schneier.com/blog/archives/2005/11/sony_secretly_i.html
[11] The Washington Post: http://blogs.washingtonpost.com/securityfix/2005/11/sony_raids_hack.html
[12] Ed Bott: http://www.edbott.com/weblog/?p=1114
[13] this form: http://cp.sonybmg.com/xcp/english/form8.html
[14] Disabling AutoPlay in Windows XP: https://pcdoctor-guide.com/wordpress/?page_id=1546
[15] Image: https://pcdoctor-guide.com/wordpress/?page_id=611
[16] Secunia: http://secunia.com/advisories/17408/
[17] Immunization against the Sony uninstaller: https://pcdoctor-guide.com/wordpress/?p=1671
[18] Removing the Sony rootkit without using the installer (PDF download): https://pcdoctor-guide.com/wordpress/?p=1663
[19] XCP/First 4 Internet information: https://pcdoctor-guide.com/wordpress/?p=1662
[20] Secunia - Sony CD First4Internet XCP CodeSupport uninstallation ActiveX control vulnerability: https://pcdoctor-guide.com/wordpress/?p=1661
[21] You can no longer uninstall Sony XCP DRM: https://pcdoctor-guide.com/wordpress/?p=1655
[22] Sony DRM on 500,000 networks (oh, and another flaw discovered): https://pcdoctor-guide.com/wordpress/?p=1653
[23] Sony DRM code violates open source LGPL license and uninstaller opens a big security hole!: https://pcdoctor-guide.com/wordpress/?p=1652
[24] Don't like the Sony rootkit? Don't run the uninstaller!: https://pcdoctor-guide.com/wordpress/?p=1650
[25] December - Freak-out month for Sony music customers: https://pcdoctor-guide.com/wordpress/?p=1648
[26] Removing the Sony DRM rootkit (and some good news from Microsoft): https://pcdoctor-guide.com/wordpress/?p=1633
[27] It’s MY PC!: https://pcdoctor-guide.com/wordpress/?p=1624
[28] Second variant of the Sony DRM trojan detected by BitDefender: https://pcdoctor-guide.com/wordpress/?p=1617
[29] SonyBMG DRM Customer Survival Kit: https://pcdoctor-guide.com/wordpress/?p=1615
[30] Sophos releases tool to “detect and disable” cloaking for Sony’s DRM copy-protection: https://pcdoctor-guide.com/wordpress/?p=1612
[31] Sophos to unmask Sony DRM: https://pcdoctor-guide.com/wordpress/?p=1607
[32] Bot uses Sony DRM to hide on PCs: https://pcdoctor-guide.com/wordpress/?p=1606
[33] The EFF on Sony-BMG XCP copy protection: https://pcdoctor-guide.com/wordpress/?p=1602
[34] Sony installs hidden utilities when you play CDs: https://pcdoctor-guide.com/wordpress/?p=1535
[35] It’s not just Sony that use rootkits …: https://pcdoctor-guide.com/wordpress/?p=1547
[36] Sony patching copy-protected CDs … kinda: https://pcdoctor-guide.com/wordpress/?p=1552
[37] BBC News picks up on Sony’s bad behavior: https://pcdoctor-guide.com/wordpress/?p=1553
[38] Sony and CD standards: https://pcdoctor-guide.com/wordpress/?p=1555
[39] Sony replaces rootkit DRM technology with non-rootkit technology: https://pcdoctor-guide.com/wordpress/?p=1558
[40] Another thing that Sony needs to do: https://pcdoctor-guide.com/wordpress/?p=1570
[41] PC: http://technorati.com/tag/PC
[42] Sysinternals: http://technorati.com/tag/Sysinternals
[43] Sony: http://technorati.com/tag/Sony
[44] CD: http://technorati.com/tag/CD
[45] AutoPlay: http://technorati.com/tag/AutoPlay
[46] Disabling AutoPlay: http://technorati.com/tag/Disabling+AutoPlay
[47] Windows XP: http://technorati.com/tag/Windows+XP
[48] XCP: http://technorati.com/tag/XCP
[49] Image: http://digg.com/submit?phase=2&url=https://pcdoctor-guide.com/wordpress/?p=1535&title=Sony+installs+hidden+utilities+when+you+play+CDs
[50] Image: http://cgi.fark.com/cgi/fark/edit.pl?new_url=https://pcdoctor-guide.com/wordpress/?p=1535&new_comment=Sony+installs+hidden+utilities+when+you+play+CDs&new_comment=http%3A%2F%2Fwww.pcdoctor-guide.com%2Fwordpress&linktype=Misc
[51] Image: http://www.furl.net/storeIt.jsp?u=https://pcdoctor-guide.com/wordpress/?p=1535&t=Sony+installs+hidden+utilities+when+you+play+CDs
[52] Image: http://del.icio.us/post?url=https://pcdoctor-guide.com/wordpress/?p=1535&title=Sony+installs+hidden+utilities+when+you+play+CDs
[53] Image: http://www.newsvine.com/_tools/seed&save?u=https://pcdoctor-guide.com/wordpress/?p=1535&h=Sony+installs+hidden+utilities+when+you+play+CDs
[54] Image: http://reddit.com/submit?url=https://pcdoctor-guide.com/wordpress/?p=1535&title=Sony+installs+hidden+utilities+when+you+play+CDs
[55] Image: http://www.spurl.net/spurl.php?url=https://pcdoctor-guide.com/wordpress/?p=1535&title=Sony+installs+hidden+utilities+when+you+play+CDs
[56] Image: http://tailrank.com/share/?text=&link_href=https://pcdoctor-guide.com/wordpress/?p=1535&title=Sony+installs+hidden+utilities+when+you+play+CDs
Click here to print.