Syniks
02-11-2005, 16:16
http://blogs.zdnet.com/BTL/?p=2092&tag=nl.e589
Sony Music CDs surreptitiously install DRM Trojan horses on PCs Posted by David Berlind @ 8:56 am
Reports are beginning to turn up around the Web that discuss how certain CDs from Sony Music come with a Trojan horse-based digital restrictions management (DRM) technology that surreptitiously installs itself as a rootkit on Windows PCs. When software surreptitiously installs a rootkit, it's usually doing so to cover its tracks — a technique commonly associated with malware such as viruses and Trojan horses. Rootkits generally latch themselves onto the foundation or "roots" of an operating system in a variety of ways that not only prevent their detection, but also their extraction. According to the Wikipedia's definition," a rootkit is often used to hide utilities used to abuse a compromised system."... (read article)
Also: http://www.zdnet.com/5208-10532-0.html?forumID=1&threadID=14743&messageID=294843&start=-1
But wait, it gets worse
Have you seen the Halloween Document the MPAA are trying to push through Congress in an attempt to close the analog hole? Seriously, this is getting insane:
http://www.eff.org/deeplinks/archives/004106.php
And what might these MPAA-specified, government-mandated technologies do?
They prescribe how many times (if at all) the analog video signal might be copied - and enforce it. This is the future world that was accidentally triggered for TiVo users a few months ago, when viewers found themselves lectured by their own PVR that their recorded programs would be deleted after a few days.
But it won't just be your TiVo: anything that brings analog video into the digital world will be shackled. Forget about buying a VCR with an un-DRMed digital output. Forget about getting a TV card for your computer that will willingly spit out an open, clear format.
Forget, realistically, that your computer will ever be under your control again. To allow any high-res digitization to take place at all, a new graveyard of digital content will have to built within your PC.
Freshly minted digital video from authorised video analog-to-digital converters will be marshalled here and here only, where they will be forced to comply with the battery of restrictions dictated by Hollywood. ... (go read it)
A possible avenue of resistance: http://www.zdnet.com/5208-10532-0.html?forumID=1&threadID=14743&messageID=295181&start=-1
DMCA + Other laws anyone? Read for list: Class action lawsuit
Very VERY Interesting.
This action violates many local and international laws. Lets look at some of the ones mentioned.
DMCA anyone? Whos's the one NOW circumventing security? Wouldn't be grand if the DMCA was used AGAINST the RIAA and associates for the very same thing they are sueing other people for?
By sony installing rootkits they are effectly bypassing any security put in place and IF someone uninstalls it, they can completely screw up their computer.
I know someone in fact has installed this on a government computer that has TIGHT security. How do you think they will feel knowing SONY has willingly put on and changed a ROOTKIT.
Great news for computer repair's across the country. Is SONY going to pick up the tab because THEIR DRM software screwed up the computer?
Also if buy a CD and it doesnt work, fraud anyone? It's very clear if you buy something and it doesnt work, you are entitled to get your money back else it IS considered fraud regardless of any EULAs or store rules.
What is really ironic, I know a senators child who just happened to buy a number of SONY cd's with the DRM. Won't it be interesting when they install it on DADDY's computer.
SONY did you consider what happens when you piss of a senator? You think he is going to be happy to find out about Trojans on his computer, and heaven forbid his kid try and remove it. Then he'll REALLY be mad. Then he'll have to get his computer fixed.
--------------------------------------------------
This software will be considered spyware under the ASC definition,
The ASC's most recent definition of spyware is:
Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:
* Material changes that affect their user experience, privacy, or system security;
* Use of their system resources, including what programs are installed on their computers; and/or
* Collection, use, and distribution of their personal or other sensitive information.
--------------------------------------------------
"The Securely Protect Yourself Against Cyber Trespass Act, or SPY ACT, makes spyware illegal, but it is unclear if the SPY ACT defines spyware the same way as the ASC.... "
--------------------------------------------------
INAL, but this appears to be illegal in the State of California, punishable by a $1000 fine per computer affected.
California Business & Protections Code Section 22947.3, Paragraph C:
A person or entity that is not an authorized user, as defined in Section 22947.1, shall not, with actual knowledge, with conscious avoidance of actual knowledge, or willfully, cause computer software to be copied onto the computer of a consumer in this state and use the software to do any of the following:
...
(c) Prevent, without the authorization of an authorized user, an authorized user's reasonable efforts to block the installation of, or to disable, software, by doing any of the following:
(1) Presenting the authorized user with an option to decline
installation of software with knowledge that, when the option is
selected by the authorized user, the installation nevertheless proceeds.
(2) Falsely representing that software has been disabled.
--------------------------------------------------
Computer Misuse Act - UK
Ever think of this one? It may be old but it's broad, however it does cover what is mentioned that they do.
"3.-(1) A person is guilty of an offence if-
he does any act which causes an unauthorised modification of the contents of any computer; and
at the time when he does the act he has the requisite intent and the requisite knowledge.
(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing-
to impair the operation of any computer;
to prevent or hinder access to any program or data held in any computer; or
to impair the operation of any such program or the reliability of any such data.
(3) The intent need not be directed at-
any particular computer;
any particular program or data or a program or data of any particular kind; or
any particular modification or a modification of any particular kind.
(4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised.
(5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.
--------------------------------------------------
There are at least three sections of the Australian Cybercrime act this software contravenes.
http://www.austlii.edu.au/au/legis/cth/consol_act/ca2001112/sch1.html
Section 477.2 is quite explicit:
"477.2 Unauthorised modification of data to cause impairment
(1) A person is guilty of an offence if:
(a) the person causes any unauthorised modification of data held in a computer; and
(b) the person knows the modification is unauthorised; and
(c) the person is reckless as to whether the modification impairs or will impair:
(i) access to that or any other data held in any computer; or
(ii) the reliability, security or operation, of any such data; "
--------------------------------------------------
Even if they changed the EULA, it's been proven that the DMCA OVERULES THEM. After all the RIAA has used the DMCA to overrule EULA's before theyby setting a precendence for others to use against them AND thier associates.
I love how they shoot themselves in the foot.
Also as previously stated the rootkit and can used by other programs to future exploit the system. So SONY has thereby placed a method to where others can hack the machine.
--------------------------------------------------
I look forward to a class action suit. If nothing else, bad publicity will hurt them more then anything.
Remember the embarassing bypass with a marker anyone?
Sic 'em Cat Tribe!
Sony Music CDs surreptitiously install DRM Trojan horses on PCs Posted by David Berlind @ 8:56 am
Reports are beginning to turn up around the Web that discuss how certain CDs from Sony Music come with a Trojan horse-based digital restrictions management (DRM) technology that surreptitiously installs itself as a rootkit on Windows PCs. When software surreptitiously installs a rootkit, it's usually doing so to cover its tracks — a technique commonly associated with malware such as viruses and Trojan horses. Rootkits generally latch themselves onto the foundation or "roots" of an operating system in a variety of ways that not only prevent their detection, but also their extraction. According to the Wikipedia's definition," a rootkit is often used to hide utilities used to abuse a compromised system."... (read article)
Also: http://www.zdnet.com/5208-10532-0.html?forumID=1&threadID=14743&messageID=294843&start=-1
But wait, it gets worse
Have you seen the Halloween Document the MPAA are trying to push through Congress in an attempt to close the analog hole? Seriously, this is getting insane:
http://www.eff.org/deeplinks/archives/004106.php
And what might these MPAA-specified, government-mandated technologies do?
They prescribe how many times (if at all) the analog video signal might be copied - and enforce it. This is the future world that was accidentally triggered for TiVo users a few months ago, when viewers found themselves lectured by their own PVR that their recorded programs would be deleted after a few days.
But it won't just be your TiVo: anything that brings analog video into the digital world will be shackled. Forget about buying a VCR with an un-DRMed digital output. Forget about getting a TV card for your computer that will willingly spit out an open, clear format.
Forget, realistically, that your computer will ever be under your control again. To allow any high-res digitization to take place at all, a new graveyard of digital content will have to built within your PC.
Freshly minted digital video from authorised video analog-to-digital converters will be marshalled here and here only, where they will be forced to comply with the battery of restrictions dictated by Hollywood. ... (go read it)
A possible avenue of resistance: http://www.zdnet.com/5208-10532-0.html?forumID=1&threadID=14743&messageID=295181&start=-1
DMCA + Other laws anyone? Read for list: Class action lawsuit
Very VERY Interesting.
This action violates many local and international laws. Lets look at some of the ones mentioned.
DMCA anyone? Whos's the one NOW circumventing security? Wouldn't be grand if the DMCA was used AGAINST the RIAA and associates for the very same thing they are sueing other people for?
By sony installing rootkits they are effectly bypassing any security put in place and IF someone uninstalls it, they can completely screw up their computer.
I know someone in fact has installed this on a government computer that has TIGHT security. How do you think they will feel knowing SONY has willingly put on and changed a ROOTKIT.
Great news for computer repair's across the country. Is SONY going to pick up the tab because THEIR DRM software screwed up the computer?
Also if buy a CD and it doesnt work, fraud anyone? It's very clear if you buy something and it doesnt work, you are entitled to get your money back else it IS considered fraud regardless of any EULAs or store rules.
What is really ironic, I know a senators child who just happened to buy a number of SONY cd's with the DRM. Won't it be interesting when they install it on DADDY's computer.
SONY did you consider what happens when you piss of a senator? You think he is going to be happy to find out about Trojans on his computer, and heaven forbid his kid try and remove it. Then he'll REALLY be mad. Then he'll have to get his computer fixed.
--------------------------------------------------
This software will be considered spyware under the ASC definition,
The ASC's most recent definition of spyware is:
Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:
* Material changes that affect their user experience, privacy, or system security;
* Use of their system resources, including what programs are installed on their computers; and/or
* Collection, use, and distribution of their personal or other sensitive information.
--------------------------------------------------
"The Securely Protect Yourself Against Cyber Trespass Act, or SPY ACT, makes spyware illegal, but it is unclear if the SPY ACT defines spyware the same way as the ASC.... "
--------------------------------------------------
INAL, but this appears to be illegal in the State of California, punishable by a $1000 fine per computer affected.
California Business & Protections Code Section 22947.3, Paragraph C:
A person or entity that is not an authorized user, as defined in Section 22947.1, shall not, with actual knowledge, with conscious avoidance of actual knowledge, or willfully, cause computer software to be copied onto the computer of a consumer in this state and use the software to do any of the following:
...
(c) Prevent, without the authorization of an authorized user, an authorized user's reasonable efforts to block the installation of, or to disable, software, by doing any of the following:
(1) Presenting the authorized user with an option to decline
installation of software with knowledge that, when the option is
selected by the authorized user, the installation nevertheless proceeds.
(2) Falsely representing that software has been disabled.
--------------------------------------------------
Computer Misuse Act - UK
Ever think of this one? It may be old but it's broad, however it does cover what is mentioned that they do.
"3.-(1) A person is guilty of an offence if-
he does any act which causes an unauthorised modification of the contents of any computer; and
at the time when he does the act he has the requisite intent and the requisite knowledge.
(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing-
to impair the operation of any computer;
to prevent or hinder access to any program or data held in any computer; or
to impair the operation of any such program or the reliability of any such data.
(3) The intent need not be directed at-
any particular computer;
any particular program or data or a program or data of any particular kind; or
any particular modification or a modification of any particular kind.
(4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised.
(5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.
--------------------------------------------------
There are at least three sections of the Australian Cybercrime act this software contravenes.
http://www.austlii.edu.au/au/legis/cth/consol_act/ca2001112/sch1.html
Section 477.2 is quite explicit:
"477.2 Unauthorised modification of data to cause impairment
(1) A person is guilty of an offence if:
(a) the person causes any unauthorised modification of data held in a computer; and
(b) the person knows the modification is unauthorised; and
(c) the person is reckless as to whether the modification impairs or will impair:
(i) access to that or any other data held in any computer; or
(ii) the reliability, security or operation, of any such data; "
--------------------------------------------------
Even if they changed the EULA, it's been proven that the DMCA OVERULES THEM. After all the RIAA has used the DMCA to overrule EULA's before theyby setting a precendence for others to use against them AND thier associates.
I love how they shoot themselves in the foot.
Also as previously stated the rootkit and can used by other programs to future exploit the system. So SONY has thereby placed a method to where others can hack the machine.
--------------------------------------------------
I look forward to a class action suit. If nothing else, bad publicity will hurt them more then anything.
Remember the embarassing bypass with a marker anyone?
Sic 'em Cat Tribe!