Search this site:


Categories:

November 16, 2005 09:07 AM

Broken: Infected Sony music CDs

Sony recent sold millions of CDs infected with a "root kit", essentially a computer virus that quietly installs itself on the customer's computer to monitor any copying or sharing they do. It also opens a number of dangerous security holes, leaving all of the customer's PC at risk. Sony did this intentionally, was slow to admit it, and is finding it hard to say "sorry."

Link: Boing Boing: Sony anti-customer technology roundup and time-line.

Also see the New York Times article on the matter and the latest on Boing Boing here and here.

Comments:

but... the smiling japanese men... how?

Posted by: gmangw at November 16, 2005 09:36 AM

Oh crap... i have one of these cds... what do i do?

Posted by: Bob at November 16, 2005 10:32 AM

Of course we don't know if it automatically deletes the "offending" files. I have a friend who had this problem with Service Pack 2. He had recorded himself singing songs that he had written. He installed SP2 and magically most of them disappeared, and quick check of the machine found that they had been fully erased with the data areas zeroed. When he tried to load his backup data on the computer the system overwrote the backups with zeros. After some investigations we found that the "digital rights protection system" had erased them because the "signatures" on them matched those of copyrighted songs. I guess that country songs all do sound the same even to a computer ;-)

Posted by: Ray Stevens at November 16, 2005 10:33 AM

That just plain sucks.

I'm never buying anything from sony again!

Posted by: Phill at November 16, 2005 11:11 AM

One small step backward for Sony, one giant leap forward for downloading MP3's illegally. Way to go Sony!

Posted by: Manni at November 16, 2005 11:43 AM

ah, on a computer, the only way to play the cd is through the media player from macromedia which needs to be installed and is found on the cd.

if u didnt install the software your fine.

If u did install the software...

http://blogs.technet.com/antimalware

that is the URL to the Microsoft Anti-Malware Technology Team, for some further reading.

Microsoft Anti-Spyware will remove the software correctly.

The problem is, is that its not making your system insecure, but it contributes to a more unreliable experience.

And when the software is removed forcefully, ones CD ROM drive will disapear from explorer.

To read more about that, go here:

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

Later

Posted by: Roger at November 16, 2005 11:50 AM

Roger,

A rootkit designed like this one was certainly does make your system insecure. It very effectively cloaks any virus, worm, or malware that simply change their name from myProg.exe to $sys$myProg.exe . It does not (as far as we know) install any other software besides their own crappy blue-screen inducing trash, but considering how many people have problems with viruses and malware already, imagine a virus or malware that cannot be seen nor scanned, but can run completely unnoticed right under your nose.

Not insecure? Lets blindfold you and make you drive down an already dangerous road and see how secure *you* feel.

As for Sony, I am pleased to see that they are (finally) recalling the CDs, but they have lost all faith and trust of the consumers because of their callous attitude toward the users that actually paid for their products. A recall doesn't change the fact that they are willing to do it in the first place, nor prevent them from doing something similar again. Even now, they aren't sorry they did it, they're just sorry they got caught. Next time, they'll just try harder to hide their tracks.

Posted by: Jo-Pete Nelson at November 16, 2005 02:54 PM

yes- just one more reason why mac is supperior to all operating systems! macs arent affected by this problem, or by viruses in general, not to mention having the most elegant housing designs. Sony sucks- and just for that Im going out and buying five cds on the street by sony recording artists! take that @#%!*. I do however send my sincerest regards to those who have completely screwed their computers from listening to Celine Dion on them, oh the horror!

Posted by: smartypants at November 16, 2005 03:31 PM

So, Sony is putting this crap on the computers of people who actually BUY the CD's.... Smart

Just one more reason to download music and not pay for it....

Looks like they just shot themselves in the foot.

Posted by: TimK at November 16, 2005 03:40 PM

_@_v - and this from the company that went all the way to the supreme court so that people could tape tv shows on their betamax vcrs - which by the way are immune to macrovision...

_@_v - and while this rootkit thing didn't work on maccys sony's previous copy-protect scheme did lock up i-macs so that you hadda take em in for repair... if you didn't mark out the data track with a sharpie first...

Posted by: she-snailie_@_v__/ at November 16, 2005 06:59 PM

"Oh crap... i have one of these cds... what do i do??"

Get a regular, analog, portable CD player and connect the line ot on that to the line in on your sound card. Use software like Goldwave (free trial, no DRM) (http://www.goldwave.com/) and use it to record the actual audio. Then you can split it up into tracks and save them as MP3s.

Posted by: dhg at November 16, 2005 08:36 PM

The best option to combat rootkit is to disable AutoPlay and AutoRun in Windows. Doing so will prevent the hidden installer from installing the malware on your computer (it won't help if rootkit is already installed, it's only a preventative measure). Because explaining how to disable it would be too long for this post, I suggest Googling "disable autoplay" or "disable autorun" for the instructions.

Posted by: Chris B at November 17, 2005 12:13 AM

HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

Eat that mac users, you are not secure, and because you dont protect yourselves because "apple is perfect" now you are S-C-R-E-W-E-D, what can you do now, you cant download updates for your antispyware programs, or for antivirus, because you belived that you were safe. The day has come when people are unleashing their hate for apples and will hack them.

"yes- just one more reason why mac is supperior to all operating systems! macs arent affected by this problem, or by viruses in general, not to mention having the most elegant housing designs. Sony sucks- and just for that Im going out and buying five cds on the street by sony recording artists! take that @#%!*. I do however send my sincerest regards to those who have completely screwed their computers from listening to Celine Dion on them, oh the horror!"

"Sony Music CDs infect Macs, too

Mac users shouldn't be smug -- Sony's audio CDs also contain an app that patches OS X's kernel with unspecified restriction-software; though Mac users have to take a few more steps before their computers are compromised"

You out there, with the fruits, get ready because now you have to put up with the things windows users do.

Posted by: Kip HT at November 17, 2005 09:13 AM

Sony has created a poor customer experience in so many ways, but the worst is that it is the honest customer who has paid for the CD that is getting hurt.

The installation of the copy-protection software only occurs for people who have paid for the music. What it boils down to is that large scale pirating operations are unaffected. MP3 music swappers on P2P networks are unaffected. The only person with a poor experience is the paying customer.

Posted by: Carlos Gomez at November 17, 2005 09:47 AM

Kip: At least on the Mac, you actually have to enter a root password for the driver to install itself, and can cancel out of it. No such luck on Windows; if you forget to turn off autorun, you're automatically screwed.

Posted by: codeman38 at November 17, 2005 10:14 AM

No, DHQ. I already downloaded it. I meant 'what do i do *now*?'

Posted by: Bob at November 17, 2005 05:11 PM

Nvm. I went to the MS Safety Blog and ran their MS Live scanner which deleted the rootkit. Yay!

----

What is Sony's reasoning behind this? Why, in the name of all that is capitalism, would a company like Sony install a virus on the computers of their customers?

----

Even without the virus, this CD was hell to import. It required me to either run it in Windows Media Player or burn a copy then import that into iTunes. There was no other way. It took my computer 15 minutes just to rip the CD, (unthinkably longer than normal) much less the time it took to burn another one and import that. It was absolutely terrible. If it had been a normal audio CD i would have been listening to it in five minutes. It was the worst experience i've ever had with computer audio.

Posted by: Bob at November 17, 2005 05:26 PM

"It was the worst experience i've ever had with computer audio."

And computers were supposed to uncomplicate all this. Ugh.

Posted by: Trent Chernecki at November 19, 2005 01:25 PM

All you have to do to keep the software from running is press "No" on the EULA that pops up, or just hold shift while you insert the CD to stop the EULA from running in the first place.

Posted by: Lukesed at November 19, 2005 07:45 PM

Lukesed, Actually, the installer runs in the background BEFORE the EULA pops up.

Posted by: Anon32 at November 21, 2005 02:19 PM

I saw a brief tease before the local news about the Texas Attorney General filing suit against Sony because of spyware attached to or embedded in their CDs.

I think it is the same deal.

I missed the story though.

puff

Posted by: Mark "Puff" Anderson at November 22, 2005 12:06 AM

How did Sony think they would get away with this? Seriously, all it takes is one marginally computer literate individual or one bored hacker to make the whole thing burst into flames.

How does the recall work? Have all the discs been pulled from shelves, or do consumers have to mail them in?

Posted by: Wooble at November 28, 2005 02:05 AM

Comments on this entry are closed



Previous Posts: