Make no mistake the battle lines have been drawn, Sony Rootkits and its DRM

Sony, Rootkits and Digital Rights Management Gone Too Far. Plain and simple, if you buy a Sony DRM CD like Get Right with the Man by the Van Zant brothers, agree to the EULA and install the DRM on your machine. Sony will also install a rootkit to make sure there XCP DRM is never removed. Is Sony taking this too far? In the words of Miles Money talks, Ian.

What makes this different from the other DRM currently deployed on CD by Macrovision, SunnComm, etc? Well a kernel rootkit will give access to your whole system and is undetectable by Virus killers and Spyware scanners. It will also rewrite the routines of your system, so you, your administrator and even the system can not see the files and/or process. Once installed, its pretty impossible to get rid of without erasing your whole system drive. As Microsoft themselves say, Be afraid, be very afraid.

Slashdotted and Digged. But Miles diggged a little deeper. Its really interesting following Ceri Coburn (a developer from first 4 internet, makers of the XCP DRM) around the internet. I wasnt sure of exact what he was doing but Miles explain some of his postings and where First 4 internet have been hacking stuff up.

Some examples, Trying to write a Snort logfile parser, maybe XCP is Ceri's first windows driver? We wonder if the XCP dll's are dialing home? Dont get us wrong, I'm sure Ceri is a nice guy but the posts and dont suggest a very well thoughout, stable and secure rootkit (if there is such a thing). And even when you read through Mark Russinovich entry, he points out mistakes and things which could have been better thoughtout to avoid detection and deletion. So Instead we're wondering how soon will it be till others exploit XCP, specially if Sony/BMG avoid being sued and other Record labels deploy XCP like have deployed DRM from Macrovision and SunnComm.

This is indeed a worrying trend for digital music lovers and does not look like ending at root access to your machine. As someone said in the comments. Forget ghosts and goblins. This scary Haloween story sent shivers up my spine.

Comments [Comments]
Trackbacks [0]

Author: Ianforrester

Senior firestarter at BBC R&D, emergent technology expert and serial social geek event organiser. Can be found at cubicgarden@mas.to, cubicgarden@twit.social and cubicgarden@blacktwitter.io