Here's a warning to anyone who buys CDs;

Sony are using a technology that is essentially a root kit - a collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.

This root kit enables virus writers to insert their own code, well and truly hidden and virtually unremovable, on your computer (if you're using a PC) - and there's already a virus that takes advantage of this hole.

Sony's EULA for this software basically says "Tough luck if your computer breaks - we're not responsible and don't care. Your call. Listen to the music and take the risk, or simply enjoy looking at the pretty patterns on the CD".

This is a top-level link from the BBC;

http://news.bbc.co.uk/1/hi/technology/4413856.stm - http://news.bbc.co.uk/1/hi/technology/4413856.stm

This is a slightly more technical link from The Register - with links to loads of related articles

http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/ - http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/

This link is part of a blog by highly respected Windows wizard Dr Mark Russinovich, who found it, and is highly technical in nature;

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html - http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-d igital-rights.html

...and this has JUST appeared on the BBC about the virus:

http://news.bbc.co.uk/1/hi/technology/4427606.stm - http://news.bbc.co.uk/1/hi/technology/4427606.stm

As far as I know this technique is not yet used for european CDs ... but I very well might be using some U.S. import CDs.

This proves how important a good Firewall is these days. I surely will avoid these CDs ... Firewall or not, I will not have someone take control of my PC just so that I can listen to the music.

cobb wrote: This silent installer has not much to do with a firewall Mike, it's already on the wrong side of the wall.

I know that. But the Firewall alerts me if the software tries to communicate with the internet ... and if a trojan installs a "backdoor", the firewall blocks other computers from opening connections to my computer (portscan etc.).

I know that there are ways to avoid detecting outgoing communication ... but most of the time trojans are not as cleverly written as one might think.

BTW: I guess running Windows with restricted rights would prevent this software from installing ... but it also means that you won't be able to listen to it, naturally.

cobb wrote: Not the point, Mike. Sony should not be allowed to do this, full stop. You bought the right to play the CD, now they want to take control of your computer as well. Sounds slightly illegal to me.

Sure. What I'm trying to say here is that with a proper firewall and anti virus software installed, the risk of this software becoming a security risk is marginal.

Of course I agree that it's not ok for them to do this ... ANY software installer should ask the user prior to installing, and give the user a chance to disagree.

^ Once the anti virus software is aware of that installer, it can be blocked. If the software is already installed prior to the anti virus software (or an update of it), it won't be detected.

If you look at the dissection by Mark Russinovich, you'll notice that the Rootkit installs itself at a level just beneath the Windows CD Drivers.

Sony did not originally ship the software with a means of uninstallation (something that fails Windows Certification tests, by the way), but have since released a patch that is supposed to uninstall it.

Dr Russinovich discovered that any method of uninstalling the patch carries a high risk of causing a Windows system to blue screen, and the Sony driver is even used in Safe Mode, so restoring a system that it crashes carries a risk of losing data.

Although the Anti Virus companies are already on the case, Dr Russinovich discovered this hole on 31st October, and a Virus only needs a few seconds to wreak havoc. The virus was discovered yesterday.

A few tips from a paranoid computer user;

If you turn Autoplay off, no software cannot install itself unbidden from a CD.

Log in as a non Administrative User for your main activities, and make sure that the Administrator password is strong.

Always keep your Anti-virus software up to date.

Windows Firewall should be switched on if you have it - it's much better than nothing, although it can be circumvented by clever virus writers - all it does is block ports at a software level on the computer.

I use a hardware router with built in firewall that blocks ports at the network layer - no Windows software will ever circumvent that.

Even better, install Linux, and use that for Internet-related activites, switching to Windows only when you need to run Windows software. There are very, very few viruses that affect Linux - and absolutely no Windows DRM

Sony has abandoned it!

http://news.bbc.co.uk/1/hi/technology/4430608.stm - http://news.bbc.co.uk/1/hi/technology/4430608.stm

Yay!!

Let's hope this is the beginning of the end of Media companies treating customers as if they're pirates before proven innocent.

Sony DRM Rootkit

I've been getting a lot of questions in the last week about Microsoft's position on the Sony DRM and rootkit discussions, so I thought I'd share a little info on what we're doing here. We are concerned about any malware and its impact on our customers' machines. Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems.

We use a set of objective criteria for both Windows Defender and the http://www.microsoft.com/security/malwareremove - Malicious Software Removal Tool to determine what software will be classified for detection and removal by our anti-malware technology. We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the http://www.microsoft.com/athome/security/spyware/software - Windows AntiSpyware beta , which is currently used by millions of users. This signature will be available to current beta users through the normal Windows AntiSpyware beta signature update process, which has been providing weekly signature updates for almost a year now. Detection and removal of this rootkit component will also appear in Windows Defender when its first public beta is available. We also plan to include this signature in the December monthly update to the http://www.microsoft.com/security/malwareremove - Malicious Software Removal Tool . It will also be included in the signature set for the online scanner on http://safety.live.com/ - Windows Live Safety Center .

Read more;

http://www.pcpro.co.uk/news/79781/microsoft-declares-war-on-sony-drm.html - Microsoft declare war on SONY DRM

http://news.bbc.co.uk/1/hi/technology/4434852.stm - Microsoft to remove SONY Code

*Gulp* Well done, Microsoft...

For anyone still interested in where this is going;

Sony have pulled the offending titles - but seem to think there are rather less than there appear to be, and that the effects are less widespread than they are;

http://www.theregister.co.uk/2005/11/15/sony_bmg_bodycount/ - http://www.theregister.co.uk/2005/11/15/sony_bmg_bodycount/

http://www.theregister.co.uk/2005/11/16/sony_withdraws_xcp_cds/ - http://www.theregister.co.uk/2005/11/16/sony_withdraws_xcp_c ds/

And Virus writers have begun exploiting code in the REMOVAL patch...

http://news.bbc.co.uk/1/hi/technology/4445550.stm - http://news.bbc.co.uk/1/hi/technology/4445550.stm

Poor old SONY - they also got caught in the recent Internet price-rigging row;

http://www.channelregister.co.uk/2005/11/15/sony_variable_pricing/ - http://www.channelregister.co.uk/2005/11/15/sony_variable_pr icing/

...and then there was this rather tempting USB cable offer...

http://www.theregister.co.uk/2005/11/17/sony_usb_offer/ - http://www.theregister.co.uk/2005/11/17/sony_usb_offer/

Gosh

UPDATE:

Sony are in trouble over a vulnerabilty in other software it surruptiteously installs on computers - not only that, but other companies use this particular software too.

The software not only contains a newly exposed vulnerability to viruses and hackers, but also communicates stuff back to base about your music (and presumably browsing) habits, and it's next to impossible to uninstall...

http://www.theregister.co.uk/2005/12/07/sony_cd_security/ - http://www.theregister.co.uk/2005/12/07/sony_cd_security/

Remember, it's YOUR computer, and YOUR copy of the music that you paid for!!!