[es] - Sony, DRM, rootkit i virusi

mannex
ovde

Član broj: 18189
Poruke: 81
*.vdial.verat.net.

Sajt: no site

Profil

^{10.11.2005. u 20:41 - pre 224 meseci}

Kao prvo, nisam nigde našao da je neko postavio temu o ovom slučaju, a kao drugo nisam siguran ni gde treba da je stavim (možda najbolje u madzone

)

Slučaj već desetak dana izaziva pažnju nakon što je dr. Mark Russinovich u svom blogu objavio svoje nalaze.

Ovo je siže događaja:

Citat:

The DRM software Sony has been shipping on many CDs since April is cloaked with rootkit technology:

Sony denies that the rootkit poses a security or reliability threat despite the obvious risks of both
Sony claims that users don’t care about rootkits because they don’t know what a rootkit is
The installation provides no way to safely uninstall the software
Without obtaining consent from the user Sony’s player informs Sony every time it plays a “protected” CD
Sony has told the press that they’ve made a decloaking patch and uninstaller available to customers, however this still leaves the following problems:

There is no way for customers to find the patch from Sony BMG’s main web page
The patch decloaks in an unsafe manner that can crash Windows, despite my warning to the First 4 Internet developers
Access to the uninstaller is gated by two forms and an ActiveX control
The uninstaller is locked to a single computer, preventing deployment in a corporation
Consumers and antivirus companies are responding:

F-Secure independently identified the rootkit and provides information on its site
Computer Associates has labeled the Sony software “spyware”
A lawfirm has filed a class action lawsuit on behalf of California consumers against Sony
ALCEI-EFI, an Italian digital-rights advocacy group, has formally asked the Italian government to investigate Sony for possible Italian law violations

Već se pojavio prvi virus koji iskorišćava ovaj rootkit.

Odličan pregled je dat u The Inquirer-u

Sa EFF-a:

Citat:

If you thought XCP "rootkit" copy-protection on Sony-BMG CDs was bad, perhaps you'd better read the 3,000 word (!) end-user license agreement (aka "EULA") that comes with all these CDs.

First, a baseline. When you buy a regular CD, you own it. You do not "license" it. You own it outright. You're allowed to do anything with it you like, so long as you don't violate one of the exclusive rights reserved to the copyright owner. So you can play the CD at your next dinner party (copyright owners get no rights over private performances), you can loan it to a friend (thanks to the "first sale" doctrine), or make a copy for use on your iPod (thanks to "fair use"). Every use that falls outside the limited exclusive rights of the copyright owner belongs to you, the owner of the CD.

Now compare that baseline with the world according to the Sony-BMG EULA, which applies to any digital copies you make of the music on the CD:

1. If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.

2. You can't keep your music on any computers at work. The EULA only gives you the right to put copies on a "personal home computer system owned by you."

3. If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside.

4. You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.

5. Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm.

6. The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD.

7. If you file for bankruptcy, you have to delete all the music on your computer. Seriously.

8. You have no right to transfer the music on your computer, even along with the original CD.

9. Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.

Ono što je još zanimljivo je da je ovu vest praktično nemoguće naći na CNN-u (pitam se zašto

hint)

Zaključiću ovaj post sledećim citatom

Citat:

A cursory check of the file trading networks shows that the Van Zant album is available for download on a whim. The pirates who don't want to pay will have no trouble getting it, but those who abide by the law will get punished.

_{[Ovu poruku je menjao mannex dana 10.11.2005. u 21:46 GMT+1]}

siptoP

Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16687
65.200.109.*

+7177 Profil

Re: Sony, DRM, rootkit i virusi

^{10.11.2005. u 20:44 - pre 224 meseci}

Zato je BBC imao lep coverage o tome - a cela stvar je dobila epilog i po sudovima ;-)

DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey

Odgovor na temu

Goran Mijailovic

Član broj: 12684
Poruke: 6907

+437 Profil

Re: Sony, DRM, rootkit i virusi

^{10.11.2005. u 22:33 - pre 224 meseci}

http://www.grc.com/SecurityNow.htm

Citat:

Security Now! Episode 12:
Sony's Bad "Rootkit"
DRM Technology
Leo and I discuss details and consequences of Sony Corporation's alarming "Rootkit" DRM (digital rights management) copy protection scheme. This poorly written software unnecessarily employs rootkit technology (see episode #9) to hide itself from its users after installation. It can not be uninstalled easily, it can be easily misused for malicious purposes, and it has been implicated in many repeated BSOD "blue screen of death" PC crashes.

I Steve Gibson se oglasio i to na TV-u
Transkript u prilogu

_{[Ovu poruku je menjao Goran Mijailovic dana 10.11.2005. u 23:38 GMT+1]}

Prikačeni fajlovi

SN-012.pdf - 43.48k

Odgovor na temu

Goran Mijailovic

Član broj: 12684
Poruke: 6907

+437 Profil

Re: Sony, DRM, rootkit i virusi

^{15.11.2005. u 02:43 - pre 224 meseci}

A sto ovo u advocacy?

Odgovor na temu

yooyo

Član broj: 4891
Poruke: 1101
195.252.89.*

Profil

Re: Sony, DRM, rootkit i virusi

^{15.11.2005. u 11:39 - pre 224 meseci}

Sada su preterali... Muzicka industrija mora da se promeni u skladu sa novim tehnologijama.

Po mom misljenju, postoje ljudi koji zele kvalitet i koji su spremni da plate za taj kvalitet (tj. da kupe originalni CD/DVD) i ljudi koji muziku slusaju sa radija/internet radija ili mp3. Ova druga grupa nema nameru da kupuje CD ili DVD i nemaju 1000+ eura HiFI zvucni sistem u kuci koji bi reprodukovao muzicki zapis u punom kvalitetu, vec muziku slusaju sa racunara ili mp3 playera i sasvim su zadovljni onim sto mp3 i slicni formati pruzaju. Shodno ovome, trebalo bi formirati dve cene za istu stvar, pa ko hoce neka kupi sta zeli.

Ja licno spadam u drugu grupu i ne zelim da placam mediju na kome se nalazi muzicki zapis, vec samo muziku, a mediju cu ja da obezbedim. Ne zelim da placam ni booklet, ni pakovanje... Mislim da je zbog ovoga iTunes postao veoma popularan, jer tamo mozete da kupite pesmu na komad ili ceo album po mnogo nizoj ceni.

I na kraju, taj rootkit radi samo na Windowsu (32bit), a ostali nemaju tih problema. Mozda da neko tuzi i MS zato sto su omogucili ovakvu (rootkit) tehnologiju u njihovom OS-u?

yooyo

Odgovor na temu

Apatrid
Ottawa, ON

Član broj: 34944
Poruke: 471
*.istop.com.

Profil

Re: Sony, DRM, rootkit i virusi

^{15.11.2005. u 12:19 - pre 224 meseci}

MS niko ne treba da tuži zbog ovoga, to bi baš loš ishod bio.

Sony je taj koji se igra vatrom i koristi hakerskim tehnikama da zaštiti svoj IP. To što oprema dozvoljava da se takva tehnika primijeni nije opravdanje za takvu praksu.

Postojanje mogućnosti da se izvrši moralno/pravno neprihvatljivo (ma što to značilo) ili kriminalno (ako se ovo kao takvo kvalifikuje) djelo nije opravdanje za izvršenje tog djela.

Da MS završi na sudu i ispadne kriv, to bi otvorilo, 'ajde da špekulišemo, vrata tome da neki drugi Sony, sjutra, napravi bootabilni CD koji (ako zaboravim da izvadim CD/DVD iz mašine kad je restartujem) može da zarazi bilo koji operativni sistem? Ko će onda bit kriv, proizvođači CD/DVD uređaja ili matičnih ploča, što softver može da se digne sa CD/DVD-a?

Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16687
*.nero.com.

+7177 Profil

Re: Sony, DRM, rootkit i virusi

^{15.11.2005. u 12:34 - pre 224 meseci}

Citat:

I na kraju, taj rootkit radi samo na Windowsu (32bit), a ostali nemaju tih problema. Mozda da neko tuzi i MS zato sto su omogucili ovakvu (rootkit) tehnologiju u njihovom OS-u?

!?!? pa skoro svaki OS ima tu mogucnost - samo je Sony izabrao MS jer najveci broj musterija njihovih CD-ova po svemu sudeci koriste MS proizvode.

Odgovor na temu

Apatrid
Ottawa, ON

Član broj: 34944
Poruke: 471
*.istop.com.

Profil

Re: Sony, DRM, rootkit i virusi

^{15.11.2005. u 14:24 - pre 224 meseci}

Sudeci po ovom clanku: http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

"ostali nemaju tih problema" jer jednostavno ne mogu da koriste taj CD. Ne znam detalje, nikad kupio takav CD nijesam, ali se tvrdi da ta sema za zastitu sprecava da se CD cita bilo cime sto nije Sony software na tom CD-u.

Rootkit, ako sam ja dobro shvatio, se instalira u procesu instalacije tog parceta softvera.

Odgovor na temu

mannex
ovde

Član broj: 18189
Poruke: 81
*.vdial.verat.net.

Sajt: no site

Profil

Re: Sony, DRM, rootkit i virusi

^{15.11.2005. u 16:16 - pre 224 meseci}

Sony svakako nema pravo da napravi rootkit koji sakriva sve fajlove koji počinju sa $sys$, jer se to vrlo lako zloupotrebljava. Mislim, verovatno im je logika bila: "neće to niko otkriti" što je vrlo loš način rezonovanja. Svako može da promeni ime programu za grebovanje CD-a u $sys$nesto.exe i voilà, evo efikasnog načina "copyright circumvention"-a. Hmmm, može li Sony da bude tužen što pomaže izbegavanje zaštite? :)

edit:typo

_{[Ovu poruku je menjao mannex dana 15.11.2005. u 17:20 GMT+1]}

siptoP

Odgovor na temu

degojs

Član broj: 4716
Poruke: 5096

+51 Profil

Re: Sony, DRM, rootkit i virusi

^{15.11.2005. u 16:31 - pre 224 meseci}

Sony može sigurno da bude tužen kad neko ostane bez podataka zbog tog rootkita: koliko mi je poznato, pojavio se i virus koji koristi baš taj rootkit koji Sony instalira.

Koliko sam čitao blog Russinovicha, nigde ne pominju (EULA) šta tačno će da urade (instaliraju rootkit) niti bilo kako upozoravaju na moguće opasnosti.

Koliko čitam vesti MS Antyspyware će da uklanja pomenuti rootkit, a Sony prestaje sa stavljanjem istog na CD-ove.

Budale.. šta im je to trebalo, a valjalo bi da se javi neko i kaže da je popio virusa zbog tog njihovog rootkita te ih tuži za dobru lovu, čisto da posluže kao primer ostalim :)

Commercial-Free !!!

Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16687
*.nero.com.

+7177 Profil

Re: Sony, DRM, rootkit i virusi

^{15.11.2005. u 17:01 - pre 224 meseci}

Radio taj rootkit nesto ili ne, Sony je zeznuo stvar cinjenicom da za uklanjanje toga traze registraciju - to se zove consumer tracking, i vrlo je ilegalna praksa u prodaji CD-ova... cudo da Sony to nije znao.

Osim toga, njihov rootkit nosi sve odlike klasicnog malware-a, i Sony moze biti tuzen kao i bilo koji drugi autor virusa.

Inace, provaljeno je da taj rootkit ima i LAME MP3 encoder u sebi... bez navodjenja imena autora kako LGPL nalaze - tako da se dolazi do jako pateticne situacije gde se jedna firma busa u grudi zastitom prava - a u isto vreme krsi ta ista prava drugih autora.

Citat:

Budale.. šta im je to trebalo, a valjalo bi da se javi neko i kaže da je popio virusa zbog tog njihovog rootkita te ih tuži za dobru lovu, čisto da posluže kao primer ostalim :)

Jedna rec: RIAA (muzicka industrija), degojs... ti ljudi imaju visedecenijsku istoriju tupavosti... od pokusaja zabrane kasetofona sa rekorderom, preko pokusaja zabrane MP3 playera, trackovanja P2P mreza, lobranja drzava za nakaradne zakone gde svi placaju "osiguranje" protiv kradje ako kupe prazan medij (HDD, CD) - iako im to recimo moze sluziti samo za podatke, pa evo i do krsenja prava svojih korisnika potrosaca pokusajima instalacije virusa...

Klasicna mafijaska taktika, bilo bi jako tesko nabrojati budalastine i blatantna krsenja osnovnih zakona od strane muzicke industrije.

Moze im se...

Odgovor na temu

mannex
ovde

Član broj: 18189
Poruke: 81
*.vdial.verat.net.

Sajt: no site

Profil

Re: Sony, DRM, rootkit i virusi

^{15.11.2005. u 17:05 - pre 224 meseci}

A pazi sad ovo: Pored pomenutog rootkita kompanije First4Internet, Sony koristi još jedan program (MediaMax) druge kompanije koji se ponaša kao spyware :)

Citat:

Like XCP, recent versions of MediaMax engage in spyware-style behavior. They install software without meaningful consent or notification, they include either no means of uninstalling the software or an uninstaller that claims to remove the entire program but doesn’t, and they transmit information about user activities to SunnComm despite statements to the contrary in the end user license agreement and on SunnComm’s web site. I’ll describe each of these problems in detail below.

link

Pretpostavljam da ovo nisu jedini slučajevi, već će se vremenom otkrivati još ovakvih programa koji služe za "zaštitu intelektualne svojine"

siptoP

Odgovor na temu

IcyImpact

Član broj: 64366
Poruke: 939
*.adsl.net.t-com.hr.

Profil

Re: Sony, DRM, rootkit i virusi

^{15.11.2005. u 18:02 - pre 224 meseci}

Kada su taj rootkit izradjivali, u Sony-u sigurno nisu mislili na sigurnosne probleme koji bi zbog toga mogli "izroditi" ili nisu naslucivali kako bi se taj mehanizam mogao zloupotrebiti.

Knowledge is power.

Odgovor na temu

degojs

Član broj: 4716
Poruke: 5096

+51 Profil

Re: Sony, DRM, rootkit i virusi

^{15.11.2005. u 18:17 - pre 224 meseci}

Hehehe.. Sony je u priču, pored Windowsa, uključio i Mac :)

Citat:

Sony's DRM: It Just Keeps Getting Worse

It turns out that there's even more things that Sony is doing, without permission, to their customers' computers with another DRM system.

...DRM installs itself on Windows systems as well as Mac systems.

A izgleda da su se spremali i za PS :)

Citat:

Sony just got a patent on a method of restricting game software to one copy on one particular machine. They seem to think that this kind of lockdown will be tolerated by its customers. Someone sell these guys a clue.

http://www.security.ithub.com/...ps+Getting+Worse/165201_1.aspx

Izgubili su kompas, načisto :D

Najsmešnije od svega je što su naleteli na Russinovicha :)

_{[Ovu poruku je menjao degojs dana 15.11.2005. u 19:20 GMT+1]}

Commercial-Free !!!

Odgovor na temu