Sony began experimenting in November 2005 with new
Digital
Rights Management (DRM) software on their music CDs. While created
to prevent pirating of the music they sell, the software appears to
have unintended negative consequences for those whose computers it
is installed in. Sony installs a system-level
application that effectively
hides all file names from the user with specific filenames. These
files are still present on the system and can be run normally,
however any mention of their presence on the system is hidden from
the user. This could allow authors of malicious software to use
Sony's DRM software to hide their trojan horses on your computer.
- Disable Autorun on
your Windows PC. This way the software cannot be automatically
loaded onto your computer when you insert a Sony DRM enabled audio
disc or application.
- When you insert a Sony CD into your computer, do not accept the Sony End
User License Agreement (EULA). Accepting this long document in
legalese effectively means you give permission for Sony to install
software on your computer. Don't.
- Copy the music tracks to your computer if you so desire. Since
these discs are designed to intentionally hide files from Windows,
you may need specialized ripping software. Ripping programs such as
Exact Audio Copy (see external links) can read these files if you
have turned off autorun and disabled the spyware install.
- If you're already experiencing problems, read How
to Remove Cloaked Malicious Programs Associated with Sony
DRM
- Sony has released a patch in response to criticism. In theory,
the patch removes the cloaking-rootkit aspects of their software,
though leaves the DRM (which prevents copying the music) in place
but now unhidden. See Warnings for concerns regarding the patch,
and External Links (below) to download it if you choose.
- Technical novices can ensure safety by not placing any new CDs
distributed by Sony or BMG into your PC until this issue is
resolved.
- Discs with Sony's DRM cannot be officially called Compact
Discs, as they violate the original "Red Book" standard devised by
Sony and Philips in June 1980. They can be easily spotted as the
cases will not feature the familiar 'Compact Disc' logo.
- Create a file with the name $sys$ on your computer, if the file
disappears you are most likely already infected with the
Rootkit.
- Microsoft is also coming out with a Rootkit fix in their
Microsoft Antispyware Beta (Windows Defender). You can also
download this program to fix this issue. (Ref: http://blogs.technet.com/antimalware/archive/2005/11/12/414299.aspx
).
[edit]
Warnings
- Extensive concerns have been voiced about the patch Sony has
released in response to criticism of their DRM. While it does
remove the cloaking and theoretically reduces the risk of trojan
horses hiding on your PC, it does not remove the DRM, and some
believe it installs other new files on your PC. Ideally avoid
getting the DRM software installed on your PC in the first place,
however, if you already have it, you will have to decide whether it
is worth the risk of installing more bad Sony software. Read
How
to Remove Cloaked Malicious Programs Associated with Sony DRM
for more info.
- Since this article was written, Sony has announced that they
will be recalling CDs with the XCP software. Details on this recall
have not yet been announced.
[edit]
Sources and Citations
Was this article accurate?
Yes
No
Thanks to all authors for creating a page that has been read 34,238 times.
