Home Page

 


EARLIER FEATURES

 


FEATURES CONTENTS

 


LATER FEATURES

 

Features Contents


27th November 2005

SONY AND DIGITAL RIGHTS MANAGEMENT

Brian Grainger

email.gif (183 bytes)
brian@grainger1.freeserve.co.uk


 

Who are the most hated people on the Internet? I guess, once you are hit by piece of malware, the writers of such items come pretty high up the most wanted list. Probably, second on the list is the Recording Industry of America and their equivalents around the world. With their systematic witch hunt against people who dare to download 'pirate' copies of their overpriced products and against the technology that enables such action, they have made a lot of enemies. Within the last few weeks we have seen the coming together of both parties, as Sony BMG, (hereafter referred to as Sony), become a conduit for the transmission of malware.

It is relatively common knowledge amongst the technically savvy that music companies have tried more than once to stop people copying their product. Especially annoying to these companies is that people want to play their CDs on a PC. The argument is that if they can play on a PC they can be copied, which is a big no-no. Those of us who purchase their product believe we have the right to play them where we like - not where they tell us. Would the record industry have flourished if we have to buy one CD player to play Sony records and a different player to play EMI records? I think not.

Some time ago, Sony came out with a copy protection scheme which stopped some of their CDs playing on a PC. Well, it would have if it had worked! A workaround was quickly made available.

Sony was undeterred by this setback. Quietly, they tried to find another solution. They thought they had found it when they took some technology developed by a UK company, First4Internet Ltd., to produce their XCP copy protection program.

When a CD protected by XCP is placed in a PC it automatically installs its own music player. However, it hides itself from view using what has come to be known as a 'rootkit'. This technique was first used by malware writers to hide their trojan programs from view. A root kit also has the capability to hide registry entries, so that even the most technically competent individuals will not see them. You might have thought you had not given Sony permission to install programs on your PC. Wrong - protected CDs have a licence agreement which you automatically agree to when you buy a Sony CD. Apparently , this allows Sony to install any software they like on your computer. Also, any copies of the CD kept on a PC or music player must be deleted if the original CD is stolen or lost. If you move countries you must delete all songs covered by the license. Oh, and any CD buyer who fails to keep up-to-date with the hidden software is in breach of the licence agreement! Finally, the license limits Sony's liability for any damages the software might cause to just $5 per CD - or slightly less than you paid for it in the first place. Apparently these protected CDs have not been sold in the UK - hence the $ price - but more of that later.

If the program is hidden you might wonder how anybody found out about it. Well, an item in the armoury against the crackers is a rootkit scanner, e.g. RootkitRevealer. Just as you periodically run an anti-virus scanner, some people periodically run a rootkit scanner. When the Sony program popped up on the radar the next obvious step was to remove it. Using the normal techniques for rootkit removal people suddenly found their Windows system no longer worked and apparently the system was irretrievable. It was at this point that the story broke about the Sony rootkit.

Sony's position as the story broke was to be very defensive. They said it had only been released in the US and then only on 20 CDs - Celine Dion was apparently one artist whose CD had been protected.

Unfortunately, US citizens do not like their PCs to be broken and lawsuits have been filed against Sony in California and New York.

This was only the beginning of Sony's problems. Once the news broke then it was fairly clear that the cracker community could take advantage of machines infected with Sony's XCP program by forming files that conformed to Sony's protection scheme. Apparently, file names that started $sys$ were hidden by XCP. On the 10th November it was reported that a well known trojan had been modified to drop a file named $sys$drv.exe in the Windows system directory. So, not only had Sony installed software on your computer that made the computer break if you removed it, but it also opened up the computer to attack by other malware.

Just in case anybody believes Sony when they say the protected CDs are only sold in the US it is well to remember that small products such as CDs can travel. XCP will 'phone home' when an internet connection is opened and Don Kaminsky queried DNS servers with the 'phone home' address. He found traces on over half a million servers, of which over 44,000 were in the UK. This is likely to be an underestimate because many people who use the same ISP will only be counted once.

A fortnight after the lawsuits were lodged Sony announced that they are to withdraw the XCP technology and exchange the over 2 million already sold CDs. Unfortunately, that does not help the numerous PCs that are now infected with the program which cannot be removed.

This last week it was revealed that you can stop the rootkit program being transferred to your CD by placing some opaque tape on the edge of the disk. That is if you know about it of course. Millions of consumers won't.

It will be interesting to see how the lawsuits develop. We have not heard the end of this story. I wonder how many corporate desktop PCs are infected. Where I work, engineers will listen to CDs through headphones while working. How long will it be before company security procedures will ban the listening of CDs in this way.

If any good is to come out of this saga, hopefully it will be that we can get back to just worrying about the black hats compromising our PCs and legitimate business will leave us alone and stop trying to control what we do and what we buy. Sadly, Sony are still committed to somehow protecting their CDs.


The following news items from 'The Register' were consulted in the creation of this feature.
http://www.theregister.com/2005/11/10/sony_sued_for_rootkit/
http://www.theregister.com/2005/11/10/sony_drm_trojan/
http://www.theregister.com/2005/11/16/sony_withdraws_xcp_cds/
http://www.theregister.com/2005/11/21/gaffer_tape_trips_up_sony_drm/


3rd January 2006

The news just in is that Sony appears to have lost their case against the class action in New York. It has yet to be confirmed but the agreements reached mean that Sony have to replace the affected CDs with non DRM protected copies, mend any PCs affected and provide some monetary compensation to affected users as well as give some free music downloads. In addition, Sony agree not to use the technology for at least 2 years.

Full details of the proposed settlement can be found at:
http://www.sunbelt-software.com/ihs/alex/sonysettleme23423423434nt.pdf


 

 

 

 


TOP