Yes, Again. Another Vulnerability In A Sony BMG Offering
from the make-it-stop dept
How much do you think Sony BMG dislikes Alex Halderman? Halderman, a graduate student working under Ed Felten at Princeton, became quite well known to the recording industry two years ago after publicizing how the copy protection scheme being used by what was then just BMG, supplied by SunnComm, could be defeated by holding down the shift key as you inserted the disc. This wasn’t a high tech solution. The software needed to run to be installed, and it would run automatically if you had autorun enabled, which most people do. Holding down the shift key just overrides autorun. Nothing special — but Halderman made sure that blocked the copy protection and (more importantly) got that information out. That eventually meant that SunnComm even thought about suing Halderman for publishing a way to circumvent copyright protection, in violation of the DMCA. After realizing how stupid this idea was, SunnComm backed down on the lawsuit threats, leaving Halderman and Felten (who has been threatened with plenty of lawsuits himself) to continue their work. And, in the last couple of weeks, the two of them have been pretty damn busy investigating the whole Sony rootkit thing. Their big find, earlier this week, was how the uninstaller for the rootkit opened up new security holes. The rootkit, though, comes from First4Internet, not SunnComm. Sony BMG still does use SunnComm’s copy protection on other CDs, and over the weekend Halderman pointed out why SunnComm’s technology might not be a rootkit, but certainly fit the definition of spyware. To make things even better, Halderman has just published another post noting that SunnComm’s uninstaller is just as bad as the XCP uninstaller for the rootkit. In other words, if you’ve used SunnComm’s uninstaller to get rid of their copy protection, you’ve left your computer incredibly vulnerable to malicious attacks. Yes, the saga continues…
Comments on “Yes, Again. Another Vulnerability In A Sony BMG Offering”
Appreciate
Hi Mike,
Your columns are great, thanks!
Steve
No Subject Given
Agreed. Keep it coming.
.
(Next to last sentence: “incredibly” for “incredible”?)
Re: No Subject Given
(Next to last sentence: “incredibly” for “incredible”?)
Whoops. Sorry. Thanks for pointing that out. Fixed now.
Re: Re: No Subject Given
I’m much agreed with the above replies — thanks for all the great postings Mike!
One good thing did arise from this mess...
>>> The saga continues
[…]
>>> Yes, Again.
Second all the above posts – ongoing coverage much appreciated. This is one of those stories where even the tiniest new detail changes who is vulnerable to what, and that makes every last bit important to know.
Meanwhile, some good news. Thanks to Mark Russinovich’s original post at sysinternals.com, I now know what a filter driver is, how to find them on your PC and how to remove one safely (it wasn’t a Sony thing in my case, I think pxhelp20.sys came with WinAmp). My ancient CD-writer drive now burns CD’s again.
BTW, if you find pxhelp20.sys on your system, don’t just delete the file, your CD drive will probably become unusable in Windows.
Sony
The sad part of this story is us techies are all a flutter and in an uproar about this story, but sadly, I think the general public doesn’t have a clue.
I have talked to clerks at local retail stores and students on the college campus I work on and there is no idea about the seriousness of this transgression. No outrage, no…nothing. Out of six people I have talked with 5 didn’t even know about the story.
My point is. How do we really send a strong message to Sony and big companies if the majority of consumers stay oblivious?
No Subject Given
Mike, do you or any of your readers know of a site that has a comprehensive list of CD copy-protection-related malware? I know all eyes are on Sony right now, but I doubt they are the only company that First4Internet deals with. I would bet that all the other major labels include similar software… in which case, they ought to get a share of the scorn. There’s plenty to go around.
Re: No Subject Given
I haven’t seen a compensive listing. We mentioned that Universal Music uses it too. The other report I saw said that Universal and EMI ran tests with it, but only Sony BMG went into fully supporting it.