decoration decoration
Stories

GROKLAW
When you want to know more... 		decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.

You won't find me on Facebook

Donate

Donate Paypal

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments

Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
MS' Reaction to Sony's Rootkit Raises Some Questions
Sunday, November 13 2005 @ 07:10 PM EST

When the news first broke in the mainstream press that Windows expert and blogger Mark Russinovich (he wrote a book about Windows for Microsoft) had found that Sony's anti-piracy efforts had gone too far and that Sony's DRM was installing an undetectable rootkit on customers' computers which they couldn't safely remove, the first reaction from Microsoft was guarded. They were concerned, they said, and were evaluating what, if anything, to do:
Microsoft, which also ships an anti-spyware program, recently renamed "Windows Defender," hasn't yet decided whether it will also flag the Sony DRM software as malicious code, the spokesperson said.

"Microsoft's Windows Defender and the Malicious Software Removal Tool [MSRT] have established objective criteria to determine what code will be classified for removal. We are evaluating the current situation to determine if any action from Microsoft is necessary," the spokesperson wrote in an e-mail statement.

Computer Associates and Symantec had already announced they would add detection of the Sony rootkit to their security software, but Microsoft needed time to think. Now, they've decided to zap the rootkit also:

The software giant's Windows AntiSpyware application will be updated to add a detection and removal signature for the rootkit features used in the XCP digital rights management technology. . . .

Detection and removal of the XCP rootkit will also appear in Windows Defender, the next version of Windows AntiSpyware when that makeover ships.

Meanwhile, antivirus firms are already warning about a new trojan in the wild taking advantage of the rootkit. This story raisess some questions. These CDs with rootkits have been sold for 8 months. Where was Microsoft? Why didn't they and antivirus companies notice this rootkit themselves long ago?

When the story first hit, here's the explanation given by First 4 Internet, the company that wrote the rootkit for Sony1 :

The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk, and that its team worked closely with big antivirus companies such as Symantec to ensure that was the case. The cloaking function was aimed at making it difficult, though not impossible, to hack the content protection in ways that have been simple in similar products, the company said.

So, Symantec and "the big antivirus companies" already knew about the rootkit? According to this statement, it seems they did. Are they then liable as well as Sony?

Groklaw member alangmead asked another valid question in a comment to an earlier article: Does that mean that Microsoft knew also and was complicit, deliberately ignoring the rootkit? Alternatively, if not, might one not legitimately ask if Microsoft's anti-spyware is "sophisticated enough to detect the system changes" made by Sony's DRM? Which explanation is worse?

I can't help but wonder about a third possibility. Charlie Demerjian recently wrote about what he views as the new Microsoft PR technique. He says because Microsoft lacks credibility, they don't put out press releases on certain stories. Instead they leak it to the press or to blogs. I'll let him describe it for you:

MS has taken to 'slips', 'admissions' and 'leaks' in ways that it 'really should not have' done. The reporter pounces, and the Microsoft spokesperson gets all defensive and asks that it not be published, blah blah blah. Memos leaked to the right people have a similar effect, as do blog entries as a first line of press knowledge. Few things work better than a grass roots spreading of 'facts' that the mainstream press 'notices'.

Few PR efforts or change of direction come in press releases any more, they all come from blogs and leaked memos. The people who pick the stories up and grassroots spread them tend not to mock as much as the real press. Those that do can be easily laughed off by real PR as the lunatic fringe. Basically, Microsoft is using the boggosphere to do its PR for them, and we are supposed to be the pawns.

Is that what happened here? I have no idea, but I know it's the right question. I'm not in love with Sony at the moment, but fair is fair.

I thought it was important to mention all this, because of the litigation. Just how deep does this betrayal of customers go? F-Secure, who was not part of the complicit agreement apparently and discovered the rootkit independently, according to Russinovich, explained on November 4 on their blog why rootkits are a security problem:

A member of our IT security team pointed out quite chilling thought about what might happen if record companies continue adding rootkit based copy protection into their CDs.

In order to hide from the system a rootkit must interface with the OS on very low level and in those areas theres no room for error.

It is hard enough to program something on that level, without having to worry about any other programs trying to do something with same parts of the OS.

Thus if there would be two DRM rootkits on the same system trying to hook same APIs, the results would be highly unpredictable. Or actually, a system crash is quite predictable result in such situation.

So imagine a situation where Joe Customer buys CD from label A and another CD from label B. Label A uses third party DRM from company X and Label B uses from company Y.

Then our user first plays one of the CDs in his PC, and everything works fine. But after he starts playing the second CD, his computer crashes and wont boot again. This is something I would not like to associate with buying legal CDs.

The Department of Homeland Security agrees. This IP protection is now threatening our security. How did everyone lose their sense of proportion? I earlier put a link to the audio of Stewart Baker, Department of Homeland Security Assistant Secretary for Policy, in News Picks, but what he said is so important, I wish to repeat it here:

"It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days.

"If we have an avian flu outbreak here and it is even half as bad as the 1918 flu, we will be enormously dependent on being able to get remote access for a large number of people, and keeping the infrastructure functioning is going to be a matter of life and death and we take it very seriously as well." - DHS Ass't Sec'y on Policy Stewart Baker

Copyright infringement is important to companies like Sony, of course, but if, when enforcing their rights, they end up exceeding their actual rights and endanger our lives in their quest to protect mere money, something is seriously out of balance. I also most sincerely hope that the DHS realizes the security value of the GNU/Linux operating system, as well as MacOSX. If the Department is relying exclusively on Windows, I am frankly terrified.

By the way, if you'd like to hear the immortal words from Sony about rootkits and how customers don't know what they are and so needn't care about them, here you go. Your choices to listen to the audio are Windows Media Player or RealPlayer. Is it time, folks, for websites to broaden the choices they offer people? Some of us are afraid to use Windows, you know.

And for any of you who are staring at your Windows computer and wondering just how bad it is in your personal case, may I encourage you to think about GNU/Linux systems as a remedy? It's one advantage of FOSS software that there is no code you are not allowed to examine. That's part of what the Free means in Free Sofware and the Open in Open Source, that you are free to look at the code and are free from secret corporate dirty tricks and private gentlemen's agreements that put your security at risk.

1Note that the article referenced was later [at least by November 23, 2005] changed to read: "The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk. The company's team has worked regularly with big antivirus companies to ensure the safety of its software, and to make sure it is not picked up as a virus, he said."


  


MS' Reaction to Sony's Rootkit Raises Some Questions | 376 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
smell
Authored by: Anonymous on Sunday, November 13 2005 @ 07:16 PM EST
Microsoft lifted their heads up and started to sniff around and felt that this
was the way to go.

Thanks for Symantec and CA for leading the way.

[ Reply to This | # ]

Looks like Sony's Rootkit violates the LPGL license
Authored by: Anonymous on Sunday, November 13 2005 @ 07:29 PM EST
Check out de winter.com for more information. I don't think we've heard the last about this.

[ Reply to This | # ]

Corrections please
Authored by: Chris Lingard on Sunday, November 13 2005 @ 07:30 PM EST
Here

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: dyfet on Sunday, November 13 2005 @ 07:41 PM EST
they end up exceeding their actual rights and endanger our lives in their quest to protect mere money

Does that sound like terminalogy which may be compatible with existing federal case law related to "misuse of copyright"?

[ Reply to This | # ]

Off topic here please
Authored by: Chris Lingard on Sunday, November 13 2005 @ 07:45 PM EST
With links if possible

[ Reply to This | # ]

So, where is law enforcement?
Authored by: Jude on Sunday, November 13 2005 @ 07:52 PM EST
Sony has admitted that they intentionally put this malware on their CD's, and
the U.S. Dept. of Homeland Security has acknowledged that it is a security
problem. So where is the FBI?

If the Sony rootkit had been written and distributed by J. Random Hacker, and
the feds knew who did it, J.R. Hacker would probably be in custody right about
now.

[ Reply to This | # ]

Charlie Demerjian's security alliegency test.
Authored by: Anonymous on Sunday, November 13 2005 @ 08:11 PM EST

... But enough ranting. Let me end this with a couple of up notes. If you want to find a trustworthy security vendor, I would recommend looking for ones that stood up on the Sony malware DRM infection issue and said 'this is bad' early and loudly. F-Secure comes to mind, but there are others. The ones that said 'grumble, mumble, maybe, sorta' a week later are not what you want to have protecting your machines.

The other happy note is this gives us a really nice test of who is looking out for your best interests. Does the removal tool remove all the infection, or just the cloak? To me, that is the best current test of who is actually looking out for you, not their chequebook. The Inq.

Brian S.

[ Reply to This | # ]

Equal under the Law
Authored by: TomWiles on Sunday, November 13 2005 @ 08:12 PM EST
It appears to me that there is definitely an unequal treatment of criminal acts
here. From Mr. Steve Barkers comments, it appears that he fully believes that
SONY has infact violated one or more federal criminal statutes. It also appears
that he is giving SONY a warning not to do it again, not even a slap on the
wrist.

Judging from recent prosicutions, if the offender had been a sixteen year old
high school student (messing around), the student would very likely be spending
this evening in jail.

One has to wonder if the justice system has been bought?? A company like SONY
seems to have sufficient political clout that they can commit a felony crime (at
least probably felonous) without fear of prosicution.

So who is ultimately responsible, I pulled this off of another site.

Quote:

There are two salient points about the Sony scandal you will only read at
Mooreslore. (Or at least you'll read them here first.)

The first point you've already gotten. Who's behind the scandal? It's not a
Japanese.

It's a U.S.-based executive, Howard Stringer. He became chairman and CEO in
March, after heading up the company's film and TV units. (He was pictured in my
previous note on this topic.) Before joining Sony Stringer was at another
American company, CBS.

Stringer is the key to the motive. Go back to that first link again.

Stringer reached his position of eminence by cutting budgets and cutting deals.
Previous Sony chairmen were Japanese gadget heads. Stringer is a card carrying
member of the American Copyright Autocracy.

End Quote.


My position is that powerful arrogant individuals whithin the entertainment
industry are of the opinion that they are above the law, and it appears that
they may be correct in that opinion.

The Justice Department is presently pushing for harsher Copyright laws to please
the entertainment industry while covering for their illegal unilateral attempt
to police the consumer.

Am I wrong???

Tom

[ Reply to This | # ]

Sony/BMG violates LGPL with their rootkit
Authored by: bcjanes on Sunday, November 13 2005 @ 08:27 PM EST
Apparently the only copyrights Sony/BMG cares about are their own - according to t his [dewinter.com] their rootkit includes parts of lame, the opensource lgpl mp3 encoder/decoder.

Isn't it nice to know that large companies apparently don't care about anyone but themselves?

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: Anonymous on Sunday, November 13 2005 @ 08:31 PM EST
I would suspect the timing of this "disclosure" had a lot more to do
with Microsoft's release of the new XBox. Dumping some dirt Sony's direction is
meant to hurt its reputation prior to Sony's release of the new Plat Station
slated for later. I have no doubt that ALL of the record and movie companies are
engaged in the very same behavior and Microsoft is at the head of the dirty pack
when its comes to slipping DRM spyware into their products. Nothing more than a
"Rovian" scheme in my opinion.

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: Anonymous on Sunday, November 13 2005 @ 08:42 PM EST
Does this case bolster Microsoft's arguments for OS and/or hardware based DRM?

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: Anonymous on Sunday, November 13 2005 @ 08:55 PM EST
Short answer: DMCA

Just trying to understand the Sony rootkit is *illegal* thanks to the DMCA. It
took an individual to sound the alarm, because any company putting forth that
info would have gotten sued by Sony.

What a fantastic country this is at the moment. Thanks government!

[ Reply to This | # ]

NPR interview as mp3..
Authored by: zcat on Sunday, November 13 2005 @ 09:26 PM EST
The whole clip and "most people I think don't even know what a rootkit is so why should they care about it?"
It's damn frustrating that so many websites feel the need to wrap their audio clips in pop-up windows and javascript when a simple mp3 link would work for 99.9% of browsers on every platform!!

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: joef on Sunday, November 13 2005 @ 09:42 PM EST
Anybody in New York who has been hit with this thing want to contact AG Eliot
Spitzer?

[ Reply to This | # ]

Symantec
Authored by: Anonymous on Sunday, November 13 2005 @ 09:48 PM EST
I find them really interesting in that they are know for their false positives.
They often trigger on anything that looks like a crack or hacking program
whether or not it is legitimate. Tools to change or recover lost passwords
come to mind but I have seen enough other hits. The net result is that I do not
use or recommend their products.

[ Reply to This | # ]

Microsoft is not exactly friends with Sony
Authored by: Anonymous on Sunday, November 13 2005 @ 09:50 PM EST
Microsoft has an ongoing battle against Sony in the High Definition video discs
arena.

Microsoft, Intel and others support Toshiba's HD-DVD format whilst Apple, Dell,
HP and others support Sony's BluRay format, and it's a multi-billion dollar
business that's at stake.

Microsoft bashing Sony for anything they might do only makes sense in this
context.

[ Reply to This | # ]

Think locally, act globally
Authored by: bmcmahon on Sunday, November 13 2005 @ 10:17 PM EST
Losing the vital distinction between $MEGACORP's "preciouss" intellectual property rights and $CUSTOMER's personal computer reminds me, once again, of why an open development process is so important. You get feedback before it's too late about what works and what doesn't.

To take an example from Ethernet's Dark Ages: Traditional shared Ethernet used CS MA/CD to handle and recover from collisions (the result of more than one system on a shared segment trying to transmit at once). Basically, all the contending stations "rolled dice", generated random numbers to determine when they'd try again. If you collided again, you rolled more dice, making it statistically less likely that any two contenders would come up with the same number.

There were a few companies that thought they'd get "clever" and sell high priority devices (a concept that didn't exist in the Ethernet spec, essentially by cheating on the dice roll and always coming up with a zero, i.e., no wait at all before trying again.

Worked great, until you got two such devices on your network, at which point the whole thing fell apart! "High priority" suddenly became "guaranteed collision, every time": transmit, collide, cheat, both cheaters immediately retransmit, collide, repeat ad infinitum.

Folks who think they are more "clever" than the open engineering process are almost always wrong. This goes for network standards, cryptography, operating systems, and the list just goes on.

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: blacklight on Sunday, November 13 2005 @ 10:25 PM EST
"Microsoft, which also ships an anti-spyware program, recently renamed
"Windows Defender," hasn't yet decided whether it will also flag the
Sony DRM software as malicious code, the spokesperson said."

Microsoft's timorous and subsequently belated reaction to the Sony rootkit
business illustrates exactly why MA's move to ODF is a good idea: Microsoft can
be trusted to be Microsoft, and to look and tend to its own interests - nothing
else. Moreover, the MA process generated two results: (1) a decision to move to
ODF, and far more importantly; (2) the development of the minimum standards that
a proprietary format must meet in order to be considered to be fit for use in
storing government documents.

Government simply cannot afford to store its documents in a format provided by a
vendor whose specified constraints clearly show that business considerations
take clear priority over any considerations of openness. Nor for that matter can
government trust the security of its systems to a vendor who designs its
so-called security products to turn a blind eye to the misbehavior of said
vendor's business partners.


---
Know your enemies well, because that's the only way you are going to defeat
them. And know your friends even better, just in case they become your enemies.

[ Reply to This | # ]

Approved by default, is the real problem.
Authored by: rusty0101 on Sunday, November 13 2005 @ 10:38 PM EST
The real problem is not the rootkit that Sony is installing, it's the fact that
Windows, as well as MacOS, and even Linux are running pretty much every
application as Approved by Default.

In windows, do a Ctrl-Alt-Del and kick off Task Manager. Now go through the list
of running applications. Do you know what each one is? Why is it running? Go to
the second tab and walk through the list of processes rumming. How many can you
associate with a running application? For processes you don't recognize, can you
find any information about the process?

MacOS X, and Linux is only marginally better. Open a shell and run 'ps -ef >
RunningProcesses.txt; gedit RunningProcesses.txt&' and go through the
resulting text file. How many of the running processes do you recognize? How
many that you don't recognize are being run by root? How many that you don't
recognize are in your own name? How many of the proceses come back with a 'no
manual entry for...' when you try 'man "processname"' (without the
spare quotes.)

If you are not running a firewall application on your pc, how many of the
processes you find from the above have internet access? How many are actively
connected to something on the internet right now? 'netstat | find
"CONNECTED"' in a windows command line, or 'netstat | grep CONNECTED'
under Linux and MacOS X may surprise you with the number of active connections
you have right now. (If someone can verify that that is the correct Windows
command I would appreciate it. I do not have a handy Windows PC available.)

The fact is that most of what is running on your PC right now is stuff you don't
understand why it is running or taking up memory. I think there is a very small
number of people for which this is not the case. Most people do not know what
the applications that are connecting to stuff on the internet are connecting to,
or why. In a lot of cases it does not take long to find out, but there are
exceptions, such as most of the processes under Windows for most people.

When it comes down to it though, even switching to an 'authorized only' system,
where before anything runs you have to approve it, is not going to help much.
Look at the number of applications that pop up a EULA, that pretty much no one
bothers to read, which get approved pretty much automatically. Sure there are
people who carefully read the EULA, and decide that they will not agree to it,
and elect not to use an application as a result, but they are very much the
exception, not the rule.

-Rusty

[ Reply to This | # ]

Symantec has just lost all credibility
Authored by: Anonymous on Sunday, November 13 2005 @ 10:47 PM EST
I had trust in Symantec up until this point.
When I had set up Windows machinese for people before, I always chose Symantec
security systems because I trusted them to help protect my machine, but no
longer.

Symantec was aware of this rogue and illegal (against the owners knowledge and
wishes) modification to the Windows security system and yet looked aside.
Why? I am very disappointed in Symantec and am now no longer going to use their
products. I had trusted them and they took my for a fool.

I intend to write to Symantec about this. If you are disappointed with
Symantec, please write to them to let them know how you feel.

It is the owner / Admin of the machine who should have control of it, and not a
nefarious company inserting rogue code against their knowledge or wishes.

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: cmc on Sunday, November 13 2005 @ 11:45 PM EST
Well, reading what I've read about the DHS in general, I'm quite fearful.
Please forgive me for not having the links, but government auditors have found
in the past that DHS (and other government agencies) have pitiful computer
security. One audit/report showed that a large percentage of FBI agents (I
thought it was almost 50%, but I could be wrong) were tricked into telling a
person on the phone their computer password, because the person claimed to be
tech support. This just goes to show that even the folks in the government who
are supposed to protect us don't know what they're doing and are susceptible to
the simplest social engineering.

But one of PJ's comments strikes me as odd. PJ said "I also most sincerely
hope that the DHS realizes the security value of the GNU/Linux operating system,
as well as MacOSX". Why? Isn't it possible to install a rootkit under
UNIX or Linux (hence the name ROOTkit)? Anyone serious about security, and
running Windows, should restrict the users to limited-access (though I admit
that I don't know what the differences are between guest, limited, power user,
and administrator level). Either way, I think we have a long way to go before
we can really blame computers and operating systems for things like this Sony
matter. Viruses, spyware, etc, you've got my full support to dump Windows. But
it is my understanding that a rootkit can be designed to take over any operating
system.

Just my two cents.

cmc

[ Reply to This | # ]

Just "this" rootkit?
Authored by: pallmall on Monday, November 14 2005 @ 12:01 AM EST
Where was Microsoft? Why didn't they and antivirus companies notice this rootkit themselves long ago? --bold added.
This rootkit and countless others. Suppose I give MS the benefit of the doubt here and believe they really weren't informed previously of Sony's intentions to infect the computers of scrupulously law-abiding, paying customers with malware.

If that is the case, then Microsoft's new antivirus security system works like this:

1. Wait for an outside security firm or qualified individual to identify malicious code.

2. Patch together a way to remove it and update the list of malicious code the "defending" program looks for.

MS says it's committed to improving users' security, a-la "Defender." But my question is, considering how long it took MS to deal with this highly publicized rootkit, how is this any different or "better" than MS's current policy of monthly patches?

Microsoft just keeps proving it can't be relied upon for security, or honesty. Maybe it's not that they don't want to be, maybe they just don't know how.

---
Groklaw! -- If I had better things to do, I'd still be doing this.

[ Reply to This | # ]

If this is MS's idea of trustworthy computing
Authored by: Anonymous on Monday, November 14 2005 @ 12:10 AM EST
I would rather take my chances in the savana with a pride of lionesses. At least
I can trust them to be predictable.

Tufty

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: rm6990 on Monday, November 14 2005 @ 12:22 AM EST
Is it time, folks, for websites to broaden the choices they offer people? Some of us are afraid to use Windows, you know.

Here ya go :-P. And here ya go again.

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: Hygrocybe on Monday, November 14 2005 @ 12:23 AM EST
It's really a simple, hypothetical equation in my latest fictional work called
"A mathematical treatise of substandard business ethics and morality at
high levels of IT while in pursuit of money" and it is summarised as
follows:

Symantec + Microsoft + Sony = collusion over root-kit


Mind you, Sherlock Holmes and Dr Watson probably couldn't prove it..and neither
can I....but I sure as heck don't like the stench that is beginning to surround
that hypothesis.



---
Blackbutt, Australia

[ Reply to This | # ]

How did they not notice?
Authored by: dtfinch on Monday, November 14 2005 @ 12:25 AM EST
The entire goal of a rootkit is to go unnoticed.

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Stumbles to More Control
Authored by: webster on Monday, November 14 2005 @ 12:29 AM EST
It is amazing to consider that M$ would have ceded "root" access to
Sony for the purpose of copyright protection. There must have been a price to
pay by Sony.

The furor arising from everyone's feeling rooted by Sony now plays into M$
hands. If the OS is to be sacrosanct, then M$ will have to handle copyright
security for everyone. So content producers and malware vendors may as well get
their money, line up, and get ready to pay.

So the challenge now is to create copyright protection without having it
labelled as malware and having it all not run afoul of MOSS {the M$ OS, now
W*nd#ws, soon to be V%st@}. The challenge is to innovate around M$. Given the
power they have, this may be almost impossible. But wait! Something has been
done that threatens the need for all this! No wonder the iPods and iTunes gall
them.

---
webster
>>>>>>> LN 3.0 >>>>>>>>>

[ Reply to This | # ]

Why isn't the Sony Rootkit Illegal Under the DMCA?
Authored by: Anonymous on Monday, November 14 2005 @ 12:59 AM EST
It changes your system without authorization, so why isn't it illegal?

[ Reply to This | # ]

Malice?
Authored by: Anonymous on Monday, November 14 2005 @ 01:19 AM EST
Conspiracy theories are popular here, but is it really that hard to imagine that
MS just took some time to decide what to do with this?

While Symantec and the lot are purely in this business, and have several
released products, the MS anti-spyware is still in beta, their anti-virus not
even in the public arena yet. It's quite possible they simply don't have the
massive infrastructure and deployment set up yet to have received a copy of a
rootkit that would be present prevalently on machines of a small number of
rather trusting home users. Once they did have it, it is just one of what must
be a near limitless supply of threats to analyse, with whatever manpower they
have pre-release.

And in the end, they're detecting it. So the right decision was made, if slowly.
Keep in mind, since MS does support certain DRM, the decision probably had to be
approved a ways up the bureaucracy.

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: Anonymous on Monday, November 14 2005 @ 02:01 AM EST
Why the established anti-virus program makers did not respond?

1) At the root of the answer to that question lies the one issue that these same
guys hope you do not realise: Anti-virus software does protects your computer
against the members of the list of well-known and officially acknowledged
viruses and malware; *not* from an 'unkown' piece of malware. Until a niew virus
is officially acknowledged, anti-virus programs are essentially blind to it.
They are an ineffective cure to a disease that should not have been permitted to
fester in the first place. I propose to ask the OS-maker why the backdoors to
their OS that permit this abuse have not been long hammered shut.

2) This specific DRM piece of abuse was to be installed from an
administrator-privileged user account. No OS i know of is resistant to blind
installation of untrusted material from that kind of privilege level. In this
case (again..) the user of the machine was seduced into compromising the
integrety of his/her own machine. That is way beyond the scope of anti-virus
software.

[ Reply to This | # ]

Illiad picked it up again
Authored by: bstone on Monday, November 14 2005 @ 03:05 AM EST
Sony's up on User Friendly again.

[ Reply to This | # ]

MS decide for detection and removal of Sony Root kit
Authored by: Leccy on Monday, November 14 2005 @ 03:12 AM EST
From Microsoft's AntiMalware - Team Blog

Sony DRM Rootkit

I've been getting a lot of questions in the last week about Microsoft's position on the Sony DRM and rootkit discussions, so I thought I'd share a little info on what we're doing here. We are concerned about any malware and its impact on our customers' machines. Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems.

We use a set of objective criteria for both Windows Defender and the Malicious Software Removal Tool to determine what software will be classified for detection and removal by our anti-malware technology. We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta, which is currently used by millions of users. This signature will be available to current beta users through the normal Windows AntiSpyware beta signature update process, which has been providing weekly signature updates for almost a year now. Detection and removal of this rootkit component will also appear in Windows Defender when its first public beta is available. We also plan to include this signature in the December monthly update to the Malicious Software Removal Tool. It will also be included in the signature set for the online scanner on Windows Live Safety Center.

I'll update you if any more information comes up.


best,
-jasong
----------------------------------------- -------------------
Jason Garms
Architect & Group PM
Anti-Malware Technology Team
Microsoft Corporation

Team Blog: http://blogs.technet.com/antimalware

---
To err is human.
To really mess it up takes a software patent

[ Reply to This | # ]

Machiavellian?
Authored by: Anonymous on Monday, November 14 2005 @ 04:34 AM EST
I'll just put two and two together and see what I get.

1. Microsoft is now using blogs for marketting.

2. Sony's DRM software gets discovered by a blogger and is discreditted.

Who's DRM software is Sony now going to use for Windows, given that conflicting
DRM schemes may crash a Windows box... hmmm who produces DRM that Sony can
license without future risk. Ah, I know Microsoft.

2+2=[3,4,5]

[ Reply to This | # ]

"98% of sysadmins say Sony DRM copy protection is a security threat, Sophos poll reveals"
Authored by: Anonymous on Monday, November 14 2005 @ 05:29 AM EST

A web poll of more than 1500 business PC users, conducted by Sophos*, has revealed that 98% believe that Sony's controversial digital rights management software, which can introduce a "cloaking" vulnerability onto PCs which play some of its music CDs, is a security threat.... Sophos

Brian S.

[ Reply to This | # ]

Where's the code for my Nvidia display driver?
Authored by: Anonymous on Monday, November 14 2005 @ 06:33 AM EST
You can run binary only code on a FOSS system. Sometimes you have very little
choice if you want full functionality.

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: Anonymous on Monday, November 14 2005 @ 07:46 AM EST
"That's part of what the Free means in Free Sofware and the Open in Open
Source, that you are free to look at the code and are free from secret corporate
dirty tricks and private gentlemen's agreements that put your security at
risk."

ya that is the exact reason I believe that corporations aren't taking linux up
on the desktop and why they are so strick on what software you can install on
your laptop/desktop (at least my work anyway) - they want to install this crap
on your computer so they can spy/control your pc and make sure you are doing
what you are suppose to be doing.

call me paranoid but I see it first hand everyday. I will be very interested to
see if congress gets involved (which they should) and gets sony up on capital
hill.

to me they need to be made an example of and everyone who had anything to do
with writing of that software.

I am sick of corporations invading my life just in the name of protecting their
IP. I buy my stuff legitmately and I am not a crook. so knock it off you
knuckleheads before I totally stop buying your crap.

one last thing is don't count on microsoft or any of the other
anti-virus/spwyare sellers on the market to help you.
they'll just tell you to reinstall your os.

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: Anonymous on Monday, November 14 2005 @ 08:01 AM EST
I would still like to see some of these senators come out and talk about this.


what does orin hatch have to say?

maybe the government wants rootkits on everyone's pc's so that way they know who
is doing what. you know we are fighting terroism and we are all guilty until
proven innocent.

our government is bought and sold by these corporations.

the governments reaction to this fiasco and the adoption of odf will speak
volumes.

wouldn't our founding fathers be proud of our government.

[ Reply to This | # ]

Why MS Hesitated to Respond
Authored by: Prototrm on Monday, November 14 2005 @ 09:17 AM EST
Microsoft is understandably worried that this firestorm over the Sony DRM will
influence customers' opinions of the Trusted Computing technology in Vista.

That DRM won't need to be stealthed, it will be built right into the CD and DVD
drivers, no root kits needed. Microsoft knows that a lot of customers don't
trust them. Now, they might get painted with the same brush as Sony if they're
not careful.

They can't come out vehemently against Sony, or it might look bad when Vista
comes out with the same ability (crippled CD playing) next year, yet they can't
ignore the matter, either, or it will look like they agree with what Sony did
(they probably *do* agree, but can't admit it in public).

Y'know, MS wouldn't be in this mess if they themselves were "Trusted".
Oh well, that's what happens when you build up too much bad karma. It's their
own fault.

But there is a bright spot in all this for MS. They could use this Sony fiasco
as an excuse to release heavy-handed, driver-level DRM for XP that "would
have prevented the Sony root kit from being installed in the first place".
And this time, holding down the shift-key won't protect you!

[ Reply to This | # ]

Why are we focusing on MS?
Authored by: Anonymous on Monday, November 14 2005 @ 09:56 AM EST
Sure, MS has an anti-virus product. It's free, so by definition, it is zero
percent of their revenue, and a beta product at that. Everyone here at Groklaw
will readily admit MS has little-to-no cred on security and anti-virus anyway.

My question is, what about Symantec and friends? If there is a hidden rootkit
out there, who do you EXPECT to find it, notify the world, and do something
about it - a low-credibility company with a minor product in that space, or a
company who stakes its whole reputation and business on being world-class at
exactly that task, such as Symantec?

In our rush to condemn MS for global warming, sunspots, and carribean
hurricanes, let's save our righteous wrath for what we can reasonably expect
them to deliver on.

[ Reply to This | # ]

It just seems Sony should have asked MS for permission first.
Authored by: jsoulejr on Monday, November 14 2005 @ 10:05 AM EST
What can't be done on a windows computer with MS
permission?

[ Reply to This | # ]

Excellent OSS point missed! (maybe)
Authored by: Anonymous on Monday, November 14 2005 @ 10:10 AM EST
Everyone seems to have missed this very important, very excellent point-

HOW do you play these CDs on Linux? or any other OSS? Like Mac OSX, etc?

HOW?

The articles all say you can't play them without the "software" (ie:
rootkit) installed... But those won't work on Linux (some say they will on Mac
though). but not linux.

some articles say they will play, but introduce random noise, and be low
quality.

And what about regular CD players, like portable units, sony walkman, the old
school stuff?

if the analog hole is there, there's no protection. Which I know is precisely
what this is all about. they want that hole closed.

But what about OSes like Linux? Can we just pop their CD and rip them without
ever minding their stupid nonsense?

[ Reply to This | # ]

Sony's endangering our lifes? Gimme a break!
Authored by: Moon on Monday, November 14 2005 @ 10:24 AM EST
> Copyright infringement is important to companies like Sony,
> of course, but if, when enforcing their rights, they end up
> exceeding their actual rights and endanger our lives in
> their quest to protect mere money, something is seriously
> out of balance.

I'm astonished to see PJ apparently thinking along the lines of the Department
of Homeland Security?! Well, it's their job to care about "safety" and
diminish your freedom in return. But the thing with Sony starts on a much lower
level: Sony has no right nor reason to install ANYTHING on my machine let alone
tamper with it. Easy as that.

[ Reply to This | # ]

DRM should only be implemented in hardware and should be down to choice.
Authored by: Anonymous on Monday, November 14 2005 @ 10:52 AM EST
I hope Sony, RIAA and the Hollywood studios are
listening.

DRM should be implemented in hardware because any software
solution can be broken. You would have thunk the dumbasses
Sony, RIAA and the Hollywood studios would have learned
from DeCSS, viruses etc, but it seems not.

DRM should be made optional because attempts to force
people who don't need to play music or watch movies to pay
for unnecessary DRM hardware that will make hard drives
cost more and also jeopardise data recovery will get the
thumbs down by consumers. Again the dumbasses at Sony,
RIAA and the Hollywood studios haven't figured this out
yet.

If Sony is listening, what I would suggest is that an
optional non-compulsory device with DRM built in (a
special hard drive or a special USB device with foolproof
hardware DRM built in) is made available for those who
want to back up movies or music.

For music for example, you could have a special USB device
with flash memory which would allow music and registry
data encrypted by a user key to be loaded onto it or
deleted, but would not allow direct access to it's
registry or unencrypted data. The USB device could allow
serial access in encoded form only for playback. This
would be a much more secure DRM, and a much more
acceptable solution for customers - one that could
actually be imposed (ie. if you want to copy
music/films, buy our device, if you don't then don't buy
it), and one that could more popular with customers (you
could move the USB flash device or USB hard drive to an
MP3 player or car stereo with TV with a USB socket.

Sony/RIAA/Hollywood studios would do better for themselves
if they looked at what their customers want instead of
acting like the Gestapo in trying to mandate what their
customers and everybody else who uses a computer should do
to serve their own narrow interests. They have probably
been watching too many movies to realise that the Gestapo
isn't popular anywhere, and unless they can resurrect the
Third Reich, nobody will listen to them.

[ Reply to This | # ]

Question About the EULA
Authored by: Hobbletoe on Monday, November 14 2005 @ 11:40 AM EST
Looking out at the EFF site, I came across their How To Spot Sony's Rootkit article about how to tell if a "CD" that is from Sony has the rootkit on it or not. Looking at the bottom picture, I see "Use subject to applicable End User License Agreement".

My question is this. If a person without access to a computer, or for some reason doesn't listen to music on a computer were to play such a CD on a regular CD player, are they

a. Agreeing to the terms of the EULA that they have no access to

or

b. Illegally accessing the content as they have not agreed to the EULA

Seems to be a crumby situation for somebody to be in I think. Either entering an agreement that they are not eligable to review be entering, or illegally accessing the content which would be copyright violation I'd think. And with that statement being on the back of the package, I'd think that Sony could hold them to such thing as it is clearly stated on the package that to use the content, they must agree to the EULA.

Or am I just reading it incorrectly, and it only applies to the "enhanced" portion of the disc?

---
Hobbletoe Clubfoot

[ Reply to This | # ]

Is Sony's business model fundamentally flawed?
Authored by: Anonymous on Monday, November 14 2005 @ 11:48 AM EST
One has to wonder if Sony's idea of electronics and media convergence is
fundamentally flawed and if its media division is simply too powerful for the
company's own good. Many years ago, Matsushita (Panasonic) also bought a media
company, Universal/MCA, but sold it only four years later. Sony's stumbles in
the minidisc and MP3 music player market from copyright concerns are well-known.
Now, the rootkit outcry may spark a backlash that could hurt Sony electronics
sales. If Sony's business model is indeed flawed, then its short-term prospects
may not be favorable, considering that its current CEO comes from the media side
of the company. Thoughts?

[ Reply to This | # ]

I have a better command:
Authored by: Benanov on Monday, November 14 2005 @ 01:20 PM EST
top

:P

---
That popping sound you hear is just a paradigm shifting without a clutch.

[ Reply to This | # ]

DMCA and the Removal of Sony's Copy Protection
Authored by: Anonymous on Monday, November 14 2005 @ 01:41 PM EST
Forgive me if I've missed something, but doesn't the DMCA make it against
the law to create a tool to bypass copy protections? If so, isn't the removal
of Sony's Copyright protection software (rightly installed or not) against the
law? I don't believe any provisions were made in the DMCS for copy protections
that wrecked your computer or increased the chance of getting a virus... or
even for spyware.

[ Reply to This | # ]

A choice of masters is not freedom.
Authored by: jbn on Tuesday, November 15 2005 @ 04:31 AM EST

I also most sincerely hope that the DHS realizes the security value of the GNU/Linux operating system, as well as MacOSX.

No, not any non-free OS. The reason GNU/Linux is a better choice has to do with it being free software. The security benefit comes from the software freedom. If you install proprietary software on a GNU/Linux system you are risking any data the program can touch (everything you can write to, typically everything in your home directory) because you don't know what that proprietary program does. The same naturally applies for any proprietary software that comes with the OS (hence MacOS X is not inherently trustworthy because MacOS X is only partially free software). According to freedom-to-tinker.com, Suncomm's anti-copying software also runs on MacOS too.

As is being demonstrated again and again in this story, you can't come away from this and conclude that a choice of masters is better than freedom. Edward Felten and Alex Halderman are now saying that Sony-BMG's web-based uninstaller leaves Microsoft Windows users with a security compromise in their system. Deciding between MacOS X and Microsoft Windows is just a choice of master. Deciding between proprietary so-called "anti-virus" programs is a choice of master. Deciding that one proprietary "uninstaller" is better than another is a choice of master. Perhaps what will really drive this point home is when Microsoft disallows disabling autorun programs.

I've got to admit that I'm troubled by what the EFF is recommending here--a proprietary program to rip CDs instead of pointing to a free software program to do the same job. I'm hoping they'll stop recommending one proprietary program to address problems inherent in proprietary software; problems solved (as well as they can be solved) with free software. Free software operating systems often come with CD rippers (with GUI front-ends like Grip and Sound Juicer, or CLI programs like cdparanoia). My GNU/Linux system came with all of the aforemention free software programs.

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: Anonymous on Thursday, November 17 2005 @ 03:09 PM EST
If Sony's Rootkit is installed, two questions come to mind. How long would it
be before a Microsoft update to the OS would render the cdrom unusable? How
long would it be before a Microsoft update to the OS would render the PC
unusabe?

[ Reply to This | # ]

MS' Reaction to Sony's Rootkit Raises Some Questions
Authored by: Anonymous on Thursday, November 17 2005 @ 05:00 PM EST
maybe it is time to sue the antivirus companies for not delivering on their
promise to protect your computer from new threats when apperently they knew
about this for months and did nothing.

[ Reply to This | # ]

Were was Semantic Mentioned?
Authored by: Anonymous on Thursday, November 17 2005 @ 07:05 PM EST
The article you linked to didn't name Semantic it just states:

"The creator of the copy-protection software, a British company called
First 4 Internet, said the cloaking mechanism was not a risk. The company's team
has worked regularly with big antivirus companies to ensure the safety of its
software, and to make sure it is not picked up as a virus, he said."

Yet your quote says:

"The creator of the copy-protection software, a British company called
First 4 Internet, said the cloaking mechanism was not a risk, and that its team
worked closely with big antivirus companies such as Symantec to ensure that was
the case. The cloaking function was aimed at making it difficult, though not
impossible, to hack the content protection in ways that have been simple in
similar products, the company said."

Please provide a better link otherwise this looks like you are now putting words
into First 4 Internet.

--The Master

[ Reply to This | # ]

Clean hands doctrine
Authored by: Anonymous on Thursday, November 17 2005 @ 08:08 PM EST
Does this mean that Sony cannot sue for copyright infringement for these cd's
due to their own abuses?

[ Reply to This | # ]
Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details ) 		Site layout based on Woodlands theme by Bryan Bell.
Groklaw logo by John Crowley.
News Picks logo by Ted Thompson.
Powered By GeekLog
Created this page in 0.06 seconds