| Welcome to Shield Of Islam. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| Hidden Drm Code's Legitimacy Questioned | |
|---|---|
| Tweet Topic Started: Nov 3 2005, 06:10 PM (302 Views) | |
| abuturab82 | Nov 3 2005, 06:10 PM Post #1 |
![]()
Administrator
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
Hidden DRM code's legitimacy questioned When bad software happens to good people http://www.channelregister.co.uk/2005/11/03/secfocus_drm/ The latest headache for security professionals has become a secret weapon in the battle between copyright owners and their customers. This week, two research groups independently and separately reported that music giant Sony BMG has used software hiding techniques more commonly found in rootkits to prevent removal of the company's copy protection software. A rootkit is software that hides its presence on a computer while controlling critical system functions, and security professionals have lately warned that the addition of the technology to a variety of Internet threats - from bots to spyware - makes the malicious code more difficult to find and remove. Both antivirus firm F-Secure and security information site SysInternals.com identified the copy protection scheme deployed by Sony BMG as essentially a rootkit. The tactic abuses the trust of the computer user, said Mikko Hippönen, chief research officer for F-Secure. "No one reads the licensing agreements, and even if you do, (the Sony BMG agreement) does not make it obvious what is happening," he said. "It's also not obvious that it is almost impossible to uninstall the program." The concerns are the latest backlash against music and movie companies over what many critics call heavy-handed tactics designed to maintain the status quo in the face of innovative technologies that are disrupting the copyright holders' traditional business models. The industries' tactics have varied from frequent lawsuits against consumers to lobbying Congress for harsher penalties against those who use file-sharing technologies. Meanwhile, some vigilantes have poisoned peer-to-peer file sharing systems with Trojan horse programs that report the user. The latest tactic, however, hews much closer than past actions to the definition of a malicious threat to a user's computer system, said Edward Felten, a professor of computer science and public affairs at Princeton University and an expert in digital-rights management technology. "It is not legitimate to undermine the user's desire to secure their own computer," Felten said. "I don't think they should be hiding files and programs and registry entries from the system administrator, ever." Answering critics, Sony BMG released on Wednesday a limited statement on its site and also posted a patch that Windows users can run using Internet Explorer to remove the copy-protection software from their system. Neither First 4 Internet or Sony BMG returned requests for comment on the issue. "The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution," Sony BMG said in a statement posted on its site. "It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system." Both F-Secure and SysInternals discovered the software after detecting the presence of a rootkit on a system that had played a content protected CD. After investigating, researchers at both organizations found that the root cause of the problem was the software installed by U.K.-based First 4 Internet. The software, known as XCP, also indiscriminately hides registry keys - the values used by the Windows operating system to run, configure and maintain software on the system - allowing malicious code to use the copy-protection software to hide itself. Moreover, mimicking a tactic used by spyware and adware, the copy-protection software cannot be uninstalled under Windows XP except by contacting Sony BMG through a special Web site. For SysInternals.com's Mark Russinovich, the software is taking copy protection to an unpalatable extreme. "Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall," he wrote after describing his investigation. "Worse, most users that stumble across the cloaked files with a (rootkit detector) scan will cripple their computer if they attempt the obvious step of deleting the cloaked files. While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet." However, the surreptitious software has had a broad effect. The content protection scheme has been included with tens of thousands of CDs. Using Google, a search of Amazon.com for "CONTENT/COPY-PROTECTED CD"--the site's label for music CDs that include the First 4 Internet or similar protections--turns up 32,800 hits. Consumers that have encountered the digital-content protection technologies have railed against the record companies. The comments on Amazon.com for the Van Zant disc bought by F-Secure to investigate the problem are almost entirely made up of complaints regarding the disk's copy protection and not reviews of the content of the CD. One reviewer complained that the copy protection breaks any backwards compatibility with older CD players and CD-ROM drives. "All of this was bad enough but this new method takes the copy protection madness to a whole new level," wrote the reviewer. "You'd never pay anyone to install malware on your computer system, would you? But that's exactly what happens when you buy this CD." One blogger described his frustration, but ultimate success, in getting music from a protected CD ripped into his iTunes library. Record label ATO has disavowed the copy protection placed on its CDs by Sony BMG in a press statement. "Neither we nor our artists ever gave permission for the use of this technology, nor is it our distributor's opinion that they need our permission," the company said. "Wherever it is our decision, we will forego use of copy-protection, just as we have in the past." Perhaps the strongest condemnation for the technology is that it punishes the wrong people, F-Secure's Hyppönen said. "In some way, I can understand why they are doing this - to protect their content and make sure their content protection system does not get hacked," he said. "But you are only alienating your buying customers - the people that are illegally downloading the music are not affected." In the end, that may be the technology's worst limitation. Copyright © 2005, SecurityFocus |
![]() |
|
| abuturab82 | Nov 11 2005, 02:00 PM Post #2 |
![]()
Administrator
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
Sony gets an earful over CD software Program to block music piracy prompts privacy, security worries Carrie Kirby, Chronicle Staff Writer Friday, November 11, 2005 * Printable Version * Email This Article Sony, in an attempt to thwart music piracy, is selling CDs containing software that quietly downloads itself onto consumers' hard drives, raising privacy concerns and inviting virus attacks, critics warn. The CDs feature music by artists as diverse as Van Zant and Celine Dion. Sony intended to keep its customers from copying the CDs more than three times; instead, it has touched off a firestorm of criticism, including a class-action lawsuit. "It's extremely disturbing and unsettling that Sony has taken digital rights management to this level of deceit," said Mark Russinovich, a software developer who discovered the program and posted information about it on his blog on Halloween. Sony BMG Music Entertainment, which did not return calls from The Chronicle, has made changes to the software to eliminate the security risk. But many users remain unsatisfied because they feel the company has been sneaky about what the software is and what it does. Here's how the program works: When a disc is put into a Windows computer's CD drive, it won't play unless the user installs a special music player. The CD then installs a protection program that limits the number of times the disc can be copied, an action most users are unaware of. The program creates a number of headaches for the user, including opening the door to potential Internet viruses, slowing down some computers and preventing the songs from being transferred to an Apple iPod, critics say. By limiting the ways and number of times the songs can be copied, the software interferes with a buyer's right to make full use of the music, said Electronic Frontier Foundation staff attorney Jason Schultz. The software also may be collecting information about what the computer user does, or at least how often he or she plays the CD, and reporting it back to the company, Schultz said. However, Sony BMG says on its Web site that the software does not collect personal information. Attempting to remove the program can lead to even more problems: The CD drive can be disabled, or the whole computer can end up crashing. The software can be safely removed only with help from Sony BMG customer service or by using certain antivirus software programs. Sony BMG's Web site maintains that users are giving permission for the program's installation when they click through a license agreement upon loading discs. But some consumers are angry because the user agreement does not inform them of the program's nature and limitations. Russinovich has received hundreds of comments on his blog reflecting that indignation. "They're not saying music should be free, they're saying companies should not be able to install something on your computer that you're unaware of and that you have no way of uninstalling," Russinovich said. The security threat, according to antivirus softwaremaker F-Secure of Finland, is caused by the software technology the program uses to hide itself deep inside Microsoft's Windows operating system. Called a rootkit, this technology is commonly used by writers of Internet viruses to embed hidden programs that then wreak havoc with infected systems. "(Sony BMG) is installing tools that other malicious programs can use," said J. Alex Halderman, a Ph.D. student at Princeton University who is studying digital rights management. "They're doing all the hard work for the malicious programs." On Thursday, both F-Secure and security firm Computer Associates announced they had found viruses that take advantage of the Sony program. However, F-Secure said the virus found was not well written and did not pose a major threat. On Tuesday, a week after the program was made public on Russinovich's Weblog, the company released a new version of the software that does not hide on the user's computer and therefore does not pose the threat of hiding Internet viruses. The new version can be downloaded from Sony's Web site. However, CDs in the store still have the old, dangerous program, said Travis Witteveen, a vice president at F-Secure. The discs, which are marked as copy-protected, started appearing as early as April of this year, said Halderman. They represent the latest in a number of copy-protection schemes music companies, especially Sony, have tried, he said. The problem with transferring files to an iPod is a common one in copy-protection schemes, because, as Sony says on its Web site, "Apple's proprietary technology doesn't support secure music formats other than their own." Apple has been unwilling to cooperate in making Sony's program work with its equipment, the Web site said. An Apple spokeswoman did not return a phone call from The Chronicle. Copy protection on CDs is becoming increasingly common as music companies fight declining sales. Sony BMG has copy protection on 60 percent of CDs released in the United States and aims to hit 100 percent by early 2006, company executive Thomas Hesse told The Chronicle for a recent story. But there is a risk that putting more restrictions on CD use at a time when songs can still be found for free online may turn some consumers away from buying CDs altogether. "I would never buy a CD with those restrictions," Liz Raymer of Berkeley wrote in an e-mail to The Chronicle. One anonymous poster on Amazon.com was more blunt: "I might as well DOWNLOAD it, break the law ANYWAY and pay nothing!" the poster wrote. It was one of 198 reviews of Van Zant's copy-protected album "Get Right With the Man" -- nearly all of which focused on the copy-protection program, without a word about whether they had liked the album. The hidden program Sony is selling CDs with software that prevents users from copying the music more than three times. Why? Sony wants to prevent widespread CD copying from cutting into music sales. What's the problem? The software can open up computers to virus risks or other problems, and attempting to remove it could damage the PC. What CDs? Sony BMG releases with the software include Trey Anastasio's "Shine," Celine Dion's "On ne Change Pas," Neil Diamond's "12 Songs" and Van Zant's "Get Right With the Man." What can you do? -- Sony answers questions about the software and offers a security patch: cp.sonybmg.com -- Mark's Sysinternals Blog explains the problems with the software: www.sysinternals.com/blog/ Source: Chronicle research E-mail Carrie Kirby at ckirby@sfchronicle.com. Page A - 1 http://www.sfgate.com/cgi-bin/article.cgi?...MNGFMFMNV61.DTL |
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · Current Events · Next Topic » |






![]](http://z2.ifrm.com/static/1/pip_r.png)



2:08 PM Jul 11