All the latest UK technology news, reviews and analysis
|
|
|
07 Nov 2005
Sony's latest digital rights management technology being rolled out on some of its audio CDs could cause user systems to malfunction if other record labels begin deploying similar protection, according to Jarno Niemela, a researcher at F-Secure's laboratory.
"I think that record companies should stop playing with rootkits and other 'black hat' techniques [before they] cause major grief to the customers," Niemela warned on F-Secure's blog.
Sony BMG has equipped some of its music CDs with rootkit and DRM technology developed by First 4 Internet.
The software limits the number of copies that a user can make, and regulates which file formats can be used when ripping the music. The rootkit renders the DRM technology invisible to the user and the system, including to antivirus tools.
While F-Secure and other security vendors have argued that Sony's technology poses a security risk, Niemela pointed to another danger.
When users first put the audio CDs in their computer, an application is installed that promises to play the files and includes the DRM and rootkit.
This will actually change the plumbing of the system, rerouting all data coming from the CD drive to run past the DRM technology.
Users who have tried to change the settings and remove the software have rendered the CD drive useless because data streams inside the system are interrupted.
The same is likely to happen if other record labels take a approach similar to Sony's, warned Niemela.
"Imagine a situation where a user buys a CD from Label A and another CD from Label B. Label A uses third-party DRM from Company X and Label B uses third-party DRM from company Y," he explained.
"Then the user first plays one of the CDs in his PC, and everything works fine. But after he starts playing the second CD, his computer crashes and won't boot again. This is something I would not like to associate with buying legal CDs."
"In order to hide from the system a rootkit must interface with the operating system on a very low level where there is no room for error.
"It is hard enough to program something on that level, without having to worry about any other programs trying to do something with the same parts of the operating system."
Latest stories from Privacy
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
PHP Developers - Fixed Term Contracts (initially 6 months...
Junior Ruby on Rails Developer - London - Permanent...
A Project Manager is required to join a leading Insurance...
CCIE Network Engineer required with fluent Hungarian...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Who else?
Sony are possibibly the only company to have been caught! Who else is using legal software to piggy back unknown and hidden software onto our computers?
Posted by: Paul Vine 21 Dec 2006
Rootkit on new Sony PCs??
I have been considering a Sony desktop system but now the disturbing thought that Sony may also have loaded the rookit on every system they sell is making me reconsider. Has there been any indication that this might be the case?
Posted by: Larry Ryan 22 Nov 2005
idiots will not last long
The latest DRM embedded on Sony Music CD's is yet another example of short sighted control vs long range enlightenment for improving the EXPERIENCE of consuming music in a modern world....as Jimmy and Robert foretold back in the day: (in so many words) (their) time is gonna come
Posted by: Deliightful 11 Nov 2005
Sony CDs Forbidden on Our Network As Well
Like the individual in the previous post we have forbidden the use of ANY Sony music CD on our network. While it is clear at this point that not all Sony CDs contain the rootkit and DRM software it is easier (and safer) to ban all of them. I've also spent time educating our users about the threat posed by Sony music CDs to their home systems.
Posted by: Joe M 09 Nov 2005
Network Security
I administer a corporate network. I let my users know that that Sony label music CDs are now forbidden here. They may not all understand the exact technical reasons, but I suppose they are getting the message that Sony CDs do some kind of bad thing to computers. That will surely affect their buying patterns and that of their families. An unintended, but predicatble, consequence.
Posted by: Jim Noble 08 Nov 2005
Complete Boycott of All Sony Products
Since Sony treats its clients like criminals, why patronize them at all? There are enough alternatives and competition out there, nobody ever needs to buy ANYTHING EVER again from Sony. That is the only way for consumers to fight back, with their wallets! Sony obviously does not care about potentially causing troubles for the end-users and does not feel sorry for us, why should we extend them any courtesy? As far as I am concerned, what is Sony? They are blacklisted FOREVER from my patronage. It's a matter of self-respect.
Posted by: Shannon Crites 07 Nov 2005
Sony and Rootkits
All I have to say is "yeah right Sony" Just another way to screw the consumer. Just calling us theives and liars. Great customer relations coup.
Posted by: Peter 07 Nov 2005
Greed wins again
This just proves that given the choice of allowing individual freedom or making a buck, greed wins every time. As all who dnld music know, the true cost of a c.d. is far less than what the retail price is. The music labels hide behind declining sales and depriving the artists their just due; however, the roalty paid to the artist pales in comparison to the profits of the label maker. When detroit had problems selling cars they lowered the price. perhaps the music industry should follow suit.
Posted by: bobby tracy 07 Nov 2005