[JPL] "New Protection Software from Sony"

Dr. Jazz drjazz at drjazz.com
Thu Nov 10 17:11:00 EST 2005

Related article from c/net.com:

Antivirus companies are releasing tools this week to identify, and in some 
cases remove, copy protection software contained on recent Sony BMG Music 
Entertainment CDs. The software has been identified as a potential security 

The Sony software, found on several of the company's recent albums, is 
triggered by playing one of the CDs in a PC. 
the CD drive, the software installs itself deeply inside a hard drive and 
hides itself from view. This cloaking technique could be used by virus 
writers to hide their own malicious software, security experts have said.

There is a range of opinion among security companies about how much risk 
the software poses, from those who consider it no worse than an adware pest 
to those who view it as potentially dangerous spyware.

Symantec said Wednesday that its antivirus software would identify the Sony 
software, but would not remove it. Instead, it will point to Sony's own Web 
site, where users can get instructions for uninstalling the software or 
download a patch that will expose the hidden components.

"We're trying to reinforce here that we're not talking about a virus, or 
malicious code, we're talking about technology that could be misused," 
Symantec Senior Director Vincent Weafer said. "We're trying to work 

However, Computer Associates, which has a security division, said on Monday 
it had found further security risks in the Sony software and was releasing 
a tool to uninstall it directly.

According to Computer Associates, the Sony software makes itself a default 
media player on a computer after it is installed. The software then reports 
back the user's Internet address and identifies which CDs are played on 
that computer. Intentionally or not, the software also seems to damage a 
computer's ability to "rip" clean copies of MP3s from non-copy protected 
CDs, the security company said.

"It will effectively insert pseudo-random noise into a file so that it 
becomes less listenable," said Sam Curry, a Computer Associates vice 
president. "What's disturbing about this is the lack of notice, the lack of 
consent, and the lack of an easy removal tool."

A Sony representative said the company's technical staff was looking into 
the issues identified by Computer Associates, but had no immediate comment.

The furor over the Sony software comes nearly eight months after the copy 
protection technique, created by British company First 4 Internet, was 
first released on a commercial disc in the United States.

Computer developer and author Mark Russinovich sparked debate over the 
software last week by posting on his blog an account of how he had 
discovered the First 4 Internet software hiding deep in his hard drive. The 
software used a tool called a "rootkit" to hide its presence, a technique 
more typically used by virus writers to hide traces of their work.

and First 4 Internet quickly released on their Web site a patch that would 
uncloak the copy protection software. But CD buyers must go through a more 
elaborate process--e-mailing the company's customer service department--to 
get instructions for uninstalling the software.

At 04:29 PM 11/10/2005, you wrote:
>This week's sponsor is: JazzWeek Magazine, with new complimentary 
>subscriptions available
>The Jazz Programmers Mailing List is a free service provided by JazzWeek.
>For more information visit us at  http://www.jazzweek.com/jpl
>To become a sponsor contact Ed Trefzger
>at ed.trefzger at jazzweek.com or 866-453-6401.
>Jeff Turton wrote...
>If you bought one of the 20 affected CD's, you can uncloak the software,
>and Sony won't be using this scheme anymore.
>Question:  Is there a list of the 20 affected CD's that contain this
>cloaking software available?  I would like to avoid them.
>Bobby Jackson
>-----Original Message-----
>From: jazzproglist-bounces at jazzweek.com
>[mailto:jazzproglist-bounces at jazzweek.com] On Behalf Of Jeff Turton
>Sent: Thursday, November 10, 2005 3:12 PM
>To: Jazz Programmers Mailing List
>Subject: Re: [JPL] "New Protection Software from Sony"
>This week's sponsor is: JazzWeek Magazine, with new complimentary
>subscriptions available
>The Jazz Programmers Mailing List is a free service provided by
>For more information visit us at  http://www.jazzweek.com/jpl To become
>a sponsor contact Ed Trefzger at ed.trefzger at jazzweek.com or
>This is also the focus of David Pogue's Tech column in the Times today.
>If you are a Mac user it appears as though this is a non-issue
>1. From the Desk of David Pogue: Sony BMG's Copy-Protecting Watchdog
>My In box usually bursts to the seams with reader reaction to stuff I've
>written. What was unusual this week, though, was the amount of mail that
>came in on a topic that I've never even mentioned: the Sony BMG rootkit
>The story goes like this. Starting in June 2004, Sony BMG records began
>copy-protecting its pop-music CD's. Over the months, the company has
>used several software schemes for preventing you, the customer, from
>making illegal copies of its discs. But 20 albums are protected by a
>scheme devised by a company called First 4 Internet-and it's caused an
>incredible online furor.
>These CD's, all bearing "Content Protected" labels on the packaging
>(meaning "copy protected"), do something very sneaky if you try to play
>them on a Windows PC: they install a proprietary watchdog program that
>prevents you from copying the CD more than twice. (On a Macintosh or
>Linux machine, these CD's play just fine, without any copy protection.)
>Last week, a programmer and blogger named Mark Russinovich dug a little
>deeper, and found out something disturbing: the Sony watchdog program
>not only installs itself deep in the core of Windows-it's what's called
>a rootkit-but it also makes itself invisible.
>The record company doesn't dispute Russinovich's findings.
>"The cloaking is an additional level of protection to hide the
>protection files themselves," Mathew Gilliat-Smith, CEO of First 4
>Internet, told me. "It's an extra speedbump to make it that much more
>difficult [for prospective music pirates] to circumvent the protection."
>But Sony BMG didn't seem to be prepared for the outcry from privacy
>advocates and ordinary citizens who felt violated.
>To them, Sony BMG's tactic was dangerous, sneaky, intrusive and maybe
>even illegal. Some of the problems:
>* The hidden-rootkit trick has been used by virus writers to conceal
>their tracks. It doesn't give you such a rosy feeling to know that Sony
>BMG is treating you the same way.
>* Once hidden, the copy-protection software is invisible to antivirus
>programs, too. So the baddies of the Internet could, in theory, use
>Sony's software as a backdoor to infect your machine, and your virus
>checker would miss it.
>* If you try to remove the software manually, you risk disabling your CD
>player completely. (Instead you should use the Uninstall link on Sony
>BMG's customer-service Web site, whose link appears on the Help screens
>of Windows Media Player. Of course, then you can't play the CD on your
>* When you insert one of these music discs into your PC, one of those
>software license agreements appears. It says explicitly what's about to
>occur: "This CD will automatically install a small proprietary software
>onto your computer. The software is intended to protect the audio files
>on this CD.
>It will reside on your computer until it is removed or deleted."
>But this note does not say that the software hides itself.
>And, even more damning, you don't see this note until you've scrolled
>down to the third page of legalese in the license agreement. Let's not
>kid ourselves: NOBODY ever reads those license agreements. They're too
>long, too opaquely written and generally of little use to anyone except
>the lawyers.
>* Sony's copy-protection software prevents you from playing the music
>you've bought on your iPod, which happens to be the world's most popular
>music player.
>Once the true nature of the Sony BMG software tactic became public, the
>company wasted no time in attempting to defuse the issue. Within 48
>hours, it released a patch that makes its software visible again; you
>can download it from http://cp.sonybmg.com/xcp. (Click the Software
>button.) Sony also provided the rootkit-cloaking information to
>antivirus-software companies, so that the software will no longer be a
>potential virus magnet.
>At that same Web site, you'll find, incredibly, a link to a
>Sony-sanctioned workaround that lets you copy the protected songs to the
>iPod. (Sony says it will send you the workaround by e-mail once you
>supply the name of the CD and other
>Finally, Sony has abandoned the rootkit protection method.
>(It says, in fact, that it had planned to do so even before the trick
>became public.) It still intends to install copy- protection software on
>every audio CD-but it will use other methods.
>For now, then, it seems that the cloaked-rootkit issue is dead. If you
>bought one of the 20 affected CD's, you can uncloak the software, and
>Sony won't be using this scheme anymore.
>My take? Audio CD's that install software onto your PC are just creepy.
>I believe that distributing copies of a CD to the Internet at large is
>wrong, so I understand the record companies' concern. But installing
>secret, self-masking code onto customers' computers seems just as wrong.
>It's an "any means necessary" approach to the problem, like dealing
>drugs to raise money for charity.
>Personally, I can't understand why any music fan would buy one of these
>discs. If you really want a song from Sony BMG, why not just buy it from
>one of the online music stores and avoid the whole issue? Sony BMG would
>soon get the message that customers don't like being treated like
>I was also surprised at how dismissive Sony BMG and First 4 Internet
>seem to be. "It's a tempest in a teapot," Mr.
>Gilliat-Smith says. "It's benign content protection. It's not malware,
>it's not spyware-it's innocent.
>Consumers, for eight months, have been using these discs with positive
>feedback. When the issue arose, we addressed it very quickly."
>I wondered if he could even understand why consumers might feel a bit
>violated. I pointed out that the usual damage- control plan for
>public-relations disasters (see also Tylenol; Perrier; Pentium bug) is
>not to haughtily dismiss customer fears, but to apologize profusely.
>But the closest thing Mr. Gilliat-Smith would say is, "We understand
>what the concern was, but there was no intent. We reacted as quickly as
>we could, took responsive issues. And now, hopefully, we move on."
>On Nov 10, 2005, at 2:22 PM, Ed Trefzger wrote:
> >
> > On Nov 10, 2005, at 2:11 PM, Jackson, Bobby wrote:
> >
> >> My engineer is up in arms over new protection software on Sony CD's.
> >> The story goes if they are played in your PC they install software
> >> which harms the computer and we also got a release today that said
> >> the software opens your computer up for some new viruses.  Anyone
> >> have more information on this?
> >
> > Here's an article on the subject from Computerworld:
> >
> > http://www.computerworld.com/securitytopics/security/story/
> > 0,10801,106072,00.html
> >
> > And one on the security risks that have been found:
> >
> > http://searchsecurity.techtarget.com/originalContent/
> > 0,289142,sid14_gci1144441,00.html
> >
>This week's sponsor is: JazzWeek Magazine, with new complimentary
>subscriptions available
>Complimentary subscriptions to JazzWeek are now available to qualified
>applicants in fields related to jazz, including musicians, educators,
>broadcasters, promoters, retailers, and more. Sign up now at
>&lt;http://www.jazzweek.com/&gt;. Subscribe before November 21 and
>receive a free copy of our post-Katrina special issue.
>This week's sponsor is: JazzWeek Magazine, with new complimentary 
>subscriptions available
>Complimentary subscriptions to JazzWeek are now available to qualified 
>applicants in fields related to jazz, including musicians, educators, 
>broadcasters, promoters, retailers, and more. Sign up now at 
>&lt;http://www.jazzweek.com/&gt;. Subscribe before November 21 and receive 
>a free copy of our post-Katrina special issue.

Dr. Jazz
Dr. Jazz Operations
24270 Eastwood
Oak Park, MI  48237
(248) 542-7888

More information about the jazzproglist mailing list