Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Page 1 of 3 1 2 3 >
Topic Options
#268481 - 01/11/2005 12:16 Fun DRM Software
Tim
veteran

Registered: 25/04/2000
Posts: 1525
Loc: Arizona
Guess its time to really start paying attention to what CDs you buy and use on the computer. Short story, Sony installs a rootkit that is hard to uninstall and really good at masking itself.

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

Top
#268482 - 01/11/2005 13:44 Re: Fun DRM Software [Re: Tim]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
um . . . wow. They are sinking pretty low these days aren't they? I am rapidly considering if I really need to buy any more music from the RIAA.
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#268483 - 01/11/2005 14:20 Re: Fun DRM Software [Re: Tim]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
I guess that means my decision never to insert an audio CD without starting up EAC and disabling Autorun first now seems a little less paranoid.
_________________________
Bitt Faulk

Top
#268484 - 01/11/2005 14:40 Re: Fun DRM Software [Re: wfaulk]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
Quote:
...disabling Autorun...


Yeah, I have always left autorun enabled because it is so useful. I think it might be time to disable it now.
_________________________
Remind me to change my signature to something more interesting someday

Top
#268485 - 01/11/2005 14:47 Re: Fun DRM Software [Re: andy]
pgrzelak
carpal tunnel

Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
If you haven't already done so, I recommend installing TweakUI, a Microsoft PowerToy that makes setting this kind of thing much easier.
_________________________
Paul Grzelak
200GB with 48MB RAM, Illuminated Buttons and Digital Outputs

Top
#268486 - 01/11/2005 15:40 Re: Fun DRM Software [Re: andy]
Tim
veteran

Registered: 25/04/2000
Posts: 1525
Loc: Arizona
Quote:
Quote:
...disabling Autorun...


Yeah, I have always left autorun enabled because it is so useful. I think it might be time to disable it now.


Disabling autorun is one of the first things I do on any new system or reinstall. It never picked the right application to play what media was on the CD (even if the defaults were set), etc. I always found it less of a pain to do it manually. That doesn't make me feel any better about this, though.

- Tim

Top
#268487 - 01/11/2005 16:29 Re: Fun DRM Software [Re: Tim]
Ezekiel
pooh-bah

Registered: 25/08/2000
Posts: 2413
Loc: NH USA
And, for all you system administrators out there, you can disable it enterprise-wide via a group policy setting in Active Directory.

-Zeke
_________________________
WWFSMD?

Top
#268488 - 01/11/2005 16:38 Re: Fun DRM Software [Re: JeffS]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
Quote:
um . . . wow. They are sinking pretty low these days aren't they? I am rapidly considering if I really need to buy any more music from the RIAA.

I've been wondering this recently, but how do I go about finding out who isn't an RIAA artist? Do they have a logo on their CDs or something?
_________________________
Matt

Top
#268489 - 01/11/2005 17:24 Re: Fun DRM Software [Re: Dignan]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Quote:
I've been wondering this recently, but how do I go about finding out who isn't an RIAA artist? Do they have a logo on their CDs or something?
I don't know- it'd be good if there were a resource to find out exactly that. I'm pretty sure that noone on CD Baby is RIAA, but that's only because they are all independent artists hint, hint. Truth be told, I bought far more independent CDs last year than major artists. Even if I don't quit cold-turkey, I still feel good that I'm supporting the indie artists more than the record companies.
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#268490 - 01/11/2005 17:53 Re: Fun DRM Software [Re: Dignan]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Quote:
how do I go about finding out who isn't an RIAA artist?

RIAA Radar
_________________________
Bitt Faulk

Top
#268491 - 01/11/2005 18:25 Re: Fun DRM Software [Re: wfaulk]
jondle
new poster

Registered: 19/08/2005
Posts: 38
Loc: San Diego, CA, USA
Sweet. Thanks for the link. A little keyword search in Firefox and bam, I know if I can buy the album or not.
_________________________
Mark IIa -- #30103119 -- 70 gig w/ ext3 fs-- Eutronix Light Kit -- Greenlight buttons

Top
#268492 - 01/11/2005 19:27 Re: Fun DRM Software [Re: wfaulk]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
You're the man, Bitt. And a big "WOOHOO!" for my favorite artist of all time, Mark Lanegan. Every one of his albums is safe.

That's an excellent resource. I think I'll be using that often.

Quote:
Truth be told, I bought far more independent CDs last year than major artists.

That's pretty much the case with my own listening habits. I'm rarely buying something from a big act anymore (except for the White Stripes).
_________________________
Matt

Top
#268493 - 01/11/2005 20:30 Re: Fun DRM Software [Re: Dignan]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Quote:
You're the man, Bitt.
Agree, thanks for the link.
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#268494 - 03/11/2005 01:13 Re: Fun DRM Software [Re: wfaulk]
FireFox31
pooh-bah

Registered: 19/09/2002
Posts: 2494
Loc: East Coast, USA
That's a great link; thanks.

I will never buy another Sony/BMG CD after this incident. There is nothing lower than a rootkit on an audio CD (unless they made a hack to fool the firmware of your harddrive into not seeing the malicious code).

Yes, I disable Autorun during my install process. And thanks for the reminder to disable it enterprise-wide using AD. I'm sick of seeing proprietary media players and band fan links installed all over my work computers from Audio CDs.

So often, technology is the worst thing that has happened to technology.
_________________________
-
FireFox31
110gig MKIIa (30+80), Eutronix lights, 32 meg stacked RAM, Filener orange gel lens, Greenlights Lit Buttons green set

Top
#268495 - 03/11/2005 12:22 Re: Fun DRM Software [Re: FireFox31]
Ezekiel
pooh-bah

Registered: 25/08/2000
Posts: 2413
Loc: NH USA
Quote:

So often, technology is the worst thing that has happened to technology.


I'd say that scumbags are the worst thing that's happened to technology.

-Zeke
_________________________
WWFSMD?

Top
#268496 - 03/11/2005 21:03 Re: Fun DRM Software [Re: Tim]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
I still refuse to call these things CDs. Instead, shiny discs with music. Guess I'll have to go out and look for this one and do another round of buying, opening, and returning.

While the consumer voice might be tiny to the major labels, the voice of the retailers is much larger. If they see a flood of returns, the retailers aren't going to be happy and make noise about it.

Top
#268497 - 04/11/2005 11:31 Re: Fun DRM Software [Re: drakino]
Tim
veteran

Registered: 25/04/2000
Posts: 1525
Loc: Arizona
Well, they did release an uninstall program for it. I guess thats a start. The problem is that they did it in the first place, and those without the knowledge to fix the problem would just blame it on Windows slowing down or their computer going bad. All in all, really irresponsible of them.

- Tim

Top
#268498 - 04/11/2005 13:24 Re: Fun DRM Software [Re: Tim]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
Quote:
...and those without the knowledge to fix the problem would just blame it on Windows slowing down or their computer going bad.


Make that "will just blame it...". How many man-in-street-type people affected by this have actually even noticed the furore over this? They've still got it on their PC, and won't even realise.

Oh, and someone's already started using this to hide World of Warcraft hack programs.
_________________________
-- roger

Top
#268499 - 04/11/2005 14:49 Re: Fun DRM Software [Re: Roger]
petteri
addict

Registered: 02/08/2004
Posts: 434
Loc: Helsinki, Finland
F-secure has released a rootkit scanner kit (beta) to get rid of these things for non-technical people. Right now it is a free beta trial program but there are planning to add it to their Internet Secutiry suite for 2006.

They have some commentary about this episode on their blog also.

On a related note the RIAA is also trying to make devices like the XM MyFi illegal now... XMFan.com discussion

Top
#268500 - 05/11/2005 00:10 Re: Fun DRM Software [Re: Ezekiel]
StigOE
addict

Registered: 27/10/2002
Posts: 568
Quote:
And, for all you system administrators out there, you can disable it enterprise-wide via a group policy setting in Active Directory.

-Zeke

Would you mind telling me where I do that and how I do that? I tried a search on Microsoft, but didn't find anything clear about it. Found something about NoDriveTypeAutoRun with a REG_DWORD of 0x20 to disable CDROM, but I didn't understand much of it...

Stig

Top
#268501 - 05/11/2005 03:04 Re: Fun DRM Software [Re: StigOE]
Ezekiel
pooh-bah

Registered: 25/08/2000
Posts: 2413
Loc: NH USA
I'll poke around when I get back to the office Monday & let you know. It sounds like you're looking at a registry entry. What I'm talking about is a network Domain, where a group policy is applied to a set of users. If you don't have a windows Domain, then using TweakUI is the way to go.

-Zeke
_________________________
WWFSMD?

Top
#268502 - 05/11/2005 05:43 Re: Fun DRM Software [Re: Ezekiel]
StigOE
addict

Registered: 27/10/2002
Posts: 568
Quote:
What I'm talking about is a network Domain, where a group policy is applied to a set of users.

Yes, so was I... I didn't see anywhere obvious to change it when I looked in Group Policy Editor in Windows Server 2003, but I thought I would have to set a registry value under the Registry "settings" there...

Hmm, seems like I might have found out how to do it. I had another look on the Microsoft site and had some more luck when searching... Time to see if I'm correct...

Stig

Top
#268503 - 05/11/2005 14:03 Re: Fun DRM Software [Re: Tim]
frog51
pooh-bah

Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
And the uninstall program isn't really an uninstall program - seems to be replacements for lots of the original files, plus a whole heap of other stuff.

Who knows what it now does? They are still denying the original software is a security risk, even though we have already seen exploits which take advantage of the $sys$ invisibility trick!
_________________________
Rory
MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi
MkII, 240Gb in Mark Lord dock
MkII, 80Gb SSD in dock

Top
#268504 - 05/11/2005 18:12 Re: Fun DRM Software [Re: Roger]
Tim
veteran

Registered: 25/04/2000
Posts: 1525
Loc: Arizona
Quote:
Quote:
...and those without the knowledge to fix the problem would just blame it on Windows slowing down or their computer going bad.


Make that "will just blame it...". How many man-in-street-type people affected by this have actually even noticed the furore over this? They've still got it on their PC, and won't even realise.


Thats what I meant, but worded it horribly. Depending on how much crap starts to piggy back off the $sys$, it might end in a lot of people taking their machines to techs to get flattened or maybe just buy a new one outright...

<paranoid>I wonder if it is a conspiracy between the record label and the computer divisions of Sony to increase their profits </paranoid>

- Tim

Top
#268505 - 05/11/2005 19:49 Re: Fun DRM Software [Re: Roger]
FireFox31
pooh-bah

Registered: 19/09/2002
Posts: 2494
Loc: East Coast, USA
I hate to see rootkits begin to elevate to "kiddie" status. First the overlong registry key name invisibility trick, now $sys$. Soon, anyone will be able to hide code from Windows.

Yet, no patches from Microsoft to fix this. They don't think its a problem. (someone please prove me wrong and show a link at least to the reg key name hack.)

I swear, the only hope for high security lies in hardware which monitors the hard drive, ram, and processor. If those components do something the hardware monitor doesn't expect (based on rule sets describing what the user expects), it logs and/or blocks the action.
_________________________
-
FireFox31
110gig MKIIa (30+80), Eutronix lights, 32 meg stacked RAM, Filener orange gel lens, Greenlights Lit Buttons green set

Top
#268506 - 05/11/2005 20:56 Re: Fun DRM Software [Re: FireFox31]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Quote:
Yet, no patches from Microsoft to fix this. They don't think its a problem.

It isn't their problem. The user is the one that is installing stuff and in this case, it contains some drivers which affect how you see things. Go talk to Sony as it is nothing to do with Microsoft. If you think that Microsoft should prevent this from happening then you'll have to get them to ban all hardware manufacturers from releasing drivers.

Quote:
I swear, the only hope for high security lies in hardware which monitors the hard drive, ram, and processor. If those components do something the hardware monitor doesn't expect (based on rule sets describing what the user expects), it logs and/or blocks the action.

Uh huh... Are you sure you know what you're asking for? That's called Trusted Computing/Palladium and new equipment is beginning to have Trusted Platform Modules installed. They're aiming it for DRM however. If you don't have a totally legit PC with a totally stock installation of Windows with approved hardware and driverss then you're not going to be able to play your game, watch your film, use your word processor or whatever else they decide to "protect". The TPM can even prevent the OS from accessing certain parts of the disk and memory. Give it a few years and you won't be able to run any nonapproved applications at all and you as the owner won't have the ability to override it. Forget about trying to install any third party OS as well. Fun...

Top
#268507 - 06/11/2005 00:33 Re: Fun DRM Software [Re: tman]
gbeer
carpal tunnel

Registered: 17/12/2000
Posts: 2665
Loc: Manteca, California
See this for a complete rundown on how to remove sony's rootkit including how to restore the CD to function.

edit: Ok I'd forgotten this whole thread started here.


Edited by gbeer (06/11/2005 00:49)
_________________________
Glenn

Top
#268508 - 06/11/2005 06:01 Re: Fun DRM Software [Re: tman]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Quote:
Quote:
Yet, no patches from Microsoft to fix this. They don't think its a problem.

It isn't their problem. The user is the one that is installing stuff and in this case, it contains some drivers which affect how you see things.


Well, there is one problem I can see here. Users are going to the store, buying what they think is a CD Audio disc, putting it into a stock Windows PC, and a few moments later they have a rootkit installed. Beyond putting in the CD, the user didn't do anything manually to install it. All thanks to technologies Microsoft built into the OS without thinking about the security implications. True, fault lies here with Sony, but it also does indeed also have some fault with Microsoft. As a counter example, my Mac doesn't auto run CDs put into it. And if a CD did try to install something like this, I'd at least see a warning sign in the form of an Administrator password prompt that something wasn't right.

Trying to make Microsoft seem innocent when they have a very long list of problems like this is silly. Should they be free of blame for the blatent holes in IE and Active X? I will admit I am glad to see Microsoft adopting a strong security stance now, but I cringe every time they make the same mistakes some variant of Unix did 10-20 years back. They don't learn from others histories. It took until Windows 2003 SP1 to decide that having full network connectivity and things like IIS running during the install was a bad idea. Even better, they still run things like printer drivers in the kernel level, allowing some bad code from some 3rd party printer driver to enable the entire system to come tumbling down. Imagine if your a small business running a single server as both a print and file server. One minor glitch in the print subsystem, and blam, the file server is down. Thankfully Vista is addressing this, but that means we all get to pad Microsoft's bottom line a little more to have security we should already have. It's a shame they are doing this, but at least they backed away from the idea of charging for spware protection, when it was the fault of their own browser and OS integration that spyware came to be.

Anyhow, to answer FireFox a bit, Microsoft does know of the issue, and does actually have a research project on it that had led to the release of software. The Strider Ghostbuster project was started in 2004 to help address the potential problems of rootkits. Hopefully they will learn the lessons of Unix here quicker, as rootkits have been a problem in the Unix world for nearly 15 years now. Quite a bit has been done in that world to help combat them, and hopefully soon the same can be said for Microsoft.

Top
#268509 - 06/11/2005 23:33 Re: Fun DRM Software [Re: drakino]
FireFox31
pooh-bah

Registered: 19/09/2002
Posts: 2494
Loc: East Coast, USA
Quote:
Beyond putting in the CD, the user didn't do anything manually to install it.

The user clicked "Accept" at the License Agreement.... which apparently stated nothing about the rootkit. Again, blame squarely on Sony.

Thanks for the rootkit research link.
_________________________
-
FireFox31
110gig MKIIa (30+80), Eutronix lights, 32 meg stacked RAM, Filener orange gel lens, Greenlights Lit Buttons green set

Top
#268510 - 07/11/2005 18:20 Re: Fun DRM Software [Re: Tim]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
_________________________
Bitt Faulk

Top
Page 1 of 3 1 2 3 >