Microsoft will update its security tools to detect and remove part of the copy protection tools installed on PCs when some Sony music CDs are played.
The software maker has determined that the "rootkit" piece of the XCP software on some Sony BMG Music Entertainment CDs can pose a security risk to Windows PCs, according to a posting on Saturday to a Microsoft corporate Web log.
The Sony BMG software installs itself deeply inside a hard drive when a CD is played on a PC. The technology uses rootkit techniques to hide itself. Experts blasted the cloaking mechanism, saying it could be abused by virus writers. The first remote-control Trojan horses that take advantage of the veil provided by Sony BMG have surfaced.
[? /*CMS poll(20003927) */ ?]
To protect Windows users, Microsoft plans to update Windows AntiSpyware and the Malicious Software Removal Tool as well as the online scanner on Windows Live Safety Center to detect and remove the Sony BMG software, the software maker said in its blog.
Windows AntiSpyware is Microsoft's spyware-fighting software that is currently available as a test version and used by millions of people worldwide. Microsoft provides weekly updates for Windows AntiSpyware. The Windows Malicious Software Removal Tool is updated monthly and is part of Microsoft's monthly patch releases.
Detection and removal of the rootkit component will also be in Windows Defender, the forthcoming update to Windows AntiSpyware that will also be part of Windows XP successor Windows Vista, Microsoft said.
In its move to detect and remove the Sony BMG rootkit, Microsoft follows other makers of security software. Symantec and Computer Associates are among those that offer at minimum detection capabilities in their products. Sony BMG itself has also provided a patch to fix the security problem and still allow CDs to be played on PCs.
On Friday, Sony said it had halted production of CDs with the controversial technology, which is designed to limit the number of copies that can be made of the CD and to prevent a computer user from making unprotected MP3s of the music. Sony does still produce CDs that use a different copy protection scheme.
Representatives of Microsoft UK privately expressed concern last week that the storm of protest over Sony's actions was damaging the public image of digital rights management.
Talkback
This sounds a bit strange and I can only imagine that Microsoft will be working with Sony on more devious methods of copy protection.
But then again maybe their just really concerned about users?
Alistair - http://www.0gravity.co.uk/
It appears that Apple iTunes is also inadvertently doing this sort of thing resulting in the unusability of the CD drive. Only removing an obscure registry setting can restore this.
There is a long thread of dicussion on this at :
http://www.hardwareanalysis.com/content/topic/35761/?o=40
Users of iTunes beware !
I think we should [I know I am] boycott ALL Sony products until the matter is resolved to The Consumers' satisfaction.
Boycott Sony NOW!
The sony root kit problem should be a wake up call to all who own computers to become aware and involved with DRM, and the issues of who controls your computer. While I believe that content providers need to be compensated, where to draw the line on control of content needs an open political discussion and laws and rules need to be in place before DRM goes further. It should be we the people, and not entrenched interests, like Sony who decide what is fair play in DRM. There should be criminal penalties for failing to disclose completely what additions or modifications a DRM system does to your computer, and if you decline it your should have an absolute right to a complete refund. There also should be a requirement that any DRM scheme be removable in a simple and transparent manner. If the DRM system contacts the content provider as part of the system in any fashion also needs to be disclosed. This contract should be available before you open the package. There may be a problem with DRM in Microsoft's rumored plans for implementing DRM. If you do not have a current license for say Office, you can not read your own files because they will be encrypted as a security feature. While this is not confirmed news, it could be very bad for consumers.
You know what Microsoft should fix the OS to not allow root kit access period and this would never of happened in the first place.
as for Sony protection I don't need it for one simple reason. I don't,won't use any Sony product/service/multimedia ever again. It took me 3 days to reformat and re install my windows xp because of them. I had ordered a full multimedia center made by them. including a PC desktop and laptop a 42" LCD TV sound system DVD burner/player when the delivery came I sent them back and asked for my refund. they would not give me one at first till I told them what one Sony CD did to me. the company gave me back my money and even gave me a $20 gift card for hmv so I could buy a new CD (Not by Sony/BGM) to replace the one that I had bought and broke in half
Sony you just lost $10,567.67 in sales my whole family will never buy anything from you ever again either after they heard what damage you caused to my system (I have 4 sisters and 3 brothers btw)
All I can suggest to others here Is completely boycott Sony and all company's it owns so that finally the big multimedia get the picture that they can not take the law in their own hands we bought these products for full retail price from Sony. if they want us to treat it as a rental they should sell it for less than what they do.
whats next go to a baker and buy a cake yes but you can only share 4 pieces with someone else LOL
I think the whole epidemic of digital rights protection has gone overboard. It's bad enough that you don't even have full rights to the music you buy, but that in turn, it can put your personal information and security at risk. No matter what type of limitations they try to put on our music, there will always be those out there that will work endlessly to find ways around them. In the end, they will only further promote piracy leaving the average consumer with the burden of restriction and higher cd prices.
First thing is to get off a Microsoft Operating system, get a Linux box which runs more stable and will not be prone to this sort of garbage being placed on the hard drive.
There is no way SonyBMG can explain this away. Their actions are more than unethical! Imbedding self-cloaking malware on CD's is worse than a hacker trying to gain access to a pc with an email. Hackers rely on your ignorance to gain access to your world; SonyBMG s taking payment for it. I look forward to Microsofts security tools, and hope they continue to help police idiots like Sony.
Now i know i will buy an x-box 360 and not wait for the new Playstation to come out. Sony wonders why they continue to struggle and lose market share to other electronic companies. I own numerous sony products but after this latest bad plublicity stunt you can bet i'm just one of thousands of people who will look at other brands and avoid purchasing sony products and music. Sony you can Kiss more and more customers goodbye.
I find the actions of Sony deplorable and would like to thank Microsoft for putting an end to this nonsense.
Firstly, artists and record companies need to be fairly compensated for the work they produce. I think Sony et al would have a hard time showing that their current compensation schemes are anywhere near fair. Unless you are a hugely successful artist, you do not have any negotiating power, so drop the high moral act and admit how little of the amount we pay for a CD actually makes it to the artist.
Secondly, piracy is wrong. I am a software developer, so I understand the cost of this, and I accept that companies need to take action to prevent unlawful use of their property, but there is a line, and there can be little doubt that F4I crossed it.
Thirdly, installing a rootkit is wrong. Microsoft has an open operating system that allows different hardware manufacturers to write device drivers that interact with windows. Most malware needs to trick the user into executing it, or find a security flaw in some common program that lets it execute. Surely any developer with half a brain should have seen how questionable this cloaking technique is, and how some with even worse intentions may exploit any vulnerability you introduce.
Fourthly, it is a poorly written driver. Mark Russinovich has written a program to prove it crashes severely (BSOD) when receiving a poorly formed input data. Normally, windows is pretty graceful and would just provide a normal error message.
Fifthly, you can't uninstall without breaking your CD drive access - not good enough.
Sixthly, the "patch" provided by Sony does not remove the DRM, but rather "upgrades it". The upgrade does not remove it, but simply unhides it.
Seventhly, there is no easy way of associating the problems you may encounter with the DRM to Sony support, so users may have no option but to reformat to get their system working again.
Eightly, it phones home when you play the CD, although only to get a next banner. ***cough cough bull ....
Ninethly, you have to accept an ActiveX control to uninstall, plus provide an email address, but they wont use that in their marketing. *** cough ***
Tenthly, the uninstaller is signed so it only works on the machine that accepted the ActiveX. Not good enough where you are maintaining a large network of machines.
Eleventhly, depending on the age of the person and the country they are in, you may have no legal right to enforce the terms of a contract.
Twelthly, it doesn't prevent copying from Linux or Mac, so what is the point. Why is it easier to transfer music to a mp3 player from some P2P system then to legitimately buy the CD and convert it?
It might be time to re-investigate the whole process of Auto-run. I am considering writing a custom tool to disable auto-run and ask permission whenever a new CD is inserted with autorun. I suppose if I had more time, I could link it to an online database. Where is DVD Jon when you need him ;)
But I can't believe a company as large as Sony would attempt this. It is only that it is Sony that different virus scanners have not given it the classification it would get if I wrote it.
This goes beyond a simple copy protection. Several companies in the 80's went out of business as a result of punitive copy protction schemes. With a company that would engages in such paranoid activity the consumer needs to consider the management that approved those practices. I think we should no longer consider Sony a trusted name. If information can be gathered I assume that it will be. In fact once consumer information is harvested those engaged always want more detailed information. If Sony had the capability to gather information they probably at least experimented with that capability.
This offense by Sony is as bad as that by the Hollywood moguls whjo demanded, and sadly got, regionalisation of DVDs. I have relatives living in UK and USA but we can't watch each other's DVDs bought as gifts as my drive is region 2 and theirs is region 1. What's worse is trhat they automatically 'lock' your drive, note it's YOUR drive, so you can't play any DVDs other than ones from the same region as that causing the fifth region change.
My DVD drive is MINE - not Sony's, not Hollywood's. I decide what I want to watch and if my family buy me a gift (birthday, Christmas, Divali, WHY) that is a DVD then I want to watch it. And why not?
The bottomline is that when a consumer purchase a music CD, what he/she pays for is not a polycarbonate disc, but the music on it. And the way how to playback the music belongs to the consumer's choice. If CD vendors' DRM schemes, including current SONY BMG's notorious one, prohibit this consumer's right, we should boycott all CDs come with some kind of DRM scheme. I think DRM is not the appropriate naming. CRB, or Consumer's Rights Blockade, is more suitable one to describe the reality.
People. Sony is but one of the big players pushing for this DRM thing. So don't go Boo Sony and Yeah Microsoft on me (And no, it's not just Microsoft pushing for DRM. Think Hollywood and others with well funded socially networked lobby groups as well.) because you're not better or worser of with just one (or even both) out of the loop with regards to DRM. DRM is in my opinion a big (consumer and customer) issue and it's basicly being quitely pushed down our throats by means of well funded lobbying and politicians that seem unable to turn the issues at stake into an open public discussion first before giving approval (or not intervene) for reasons unknown to me.
Really, the whole Sony DRM 'rootkit' thing is just the tip of the iceberg. Do some research and find out how old DRM plans actually are and what's at stake for who here. Or put differently: once you find out how much money has already been invested in DRM worldwide ask yourself: with what purpose in mind would huge commercial companies invest huge amounts of time, money and effort?
The problem with people slagging of DRM is, are they pirates themselves?.
If the the people complaining are law abiding citizens fair enough , but I suspect they are just moaning because it makes theft harder.
Remember there is zero difference between copying a cd and giving it to a mate and walking into a shop and shoplifting it.
You do not and will never 'own' the music on a cd you buy merely the right to play it
Jon, the people promoting DRM are not telling the truth, the whole truth and nothing but the truth. But they have no problem taking your money and not giving but licensing you limited use of some DRM protected content in restricted ways under their own terms and definitions and by means of technology that's not optional. If that somehow leads to problems then you're on your own. Some progress. Less for more.
Did you know that people, at least in the Netherlands but I wouldn't be surprised if in other countries as well, are legally entitled to download, copy, burn whatever music they want as long as it is for personal use only? In return some form of "tax" has been put on every blank medium such as CD-R's.
But sure enough, standing up for the legal rights one already has is ofcourse labelled as criminal behaviour in the eyes of the less informed. As if sales talk is the one and only truth.
Maybe I'm being a little paranoid and conspiracy-theorist here, but....
Isn't it strange that Sony do this, just as/before (depending on your location) the X-Box 360 is released?
If this hadn't been picked up as being done by Sony CDs, many "normal" users would have assumed that it was a bug in MS operating systems. Result? Less confidence in Microsoft products, just as the big war between the 360 and PS3, where Sony are likely to lose a big chunk of market share in the console market again.
Hmmmm.... though if this is the case, how they thought they might have got away with it shows a very immature policy. But from the company that said "most users don't know what they are, so why should they care?", I can actually believe it!
Boycott Sony Products: hit 'em where it hurts...the pocketbook!
20 lashings to Sony, 40 lashings to Microsoft for allowing Windows PC's to be ivaded in such a way. 40 lashings to the artists as well; they complain about pirating but ruining our PCs will not endear us to them.
I work indirectly for sony in an engineering
capacity and i can tell you people out there
what a bunch of paranoid so and so's they
really are, there is so much politics involved
in all that they say and do you would not believe.
I think the bottom line is that they are losing
so much money and market share that they
are completly eaten up that in order to save
what's left that they are treating their customers and sub contractors very cynicaly
and like dirt.