Psionicist
Explorer
Washington Post about this: http://blogs.washingtonpost.com/securityfix/2005/11/sony_raids_hack.html
Dog_Moon2003 said:If it only works against those trying to pirate it, I have no problems with it. However, if it harms those who play the CD on their computer and do everything completely legally, then I would have a problem with it.
If it harms only those that attempt to misuse the CD illegally, then good for Sony. Screwing up their computers will teach most people a lesson, I hope, except for those determined to bypass the security measures, which someone undoubtedly will. Then Sony will create another way to protect their stuff, etc.
Henry said:OTOH, if anyone would want to bust Sony's chops, it should be MICROSOFT! Something that runs in safe mode, bypassing its purpose? They ought to be trying to sue on the basis of maliciously altering their code, because the number of tech support calls that would be forcibly escalated by a defective driver, thereby tying up their techs, would have an enormous cost to them associated.
Jonny Nexus said:Well the counter-argument to that is that Microsoft are at fault for writing their operating system (Windows) in such a way that an application can install itself at such a low-level without the user having to ask permission.
Indeed. Apparently, some people are already making use of it to cheat in World of Warcraft:Jonny Nexus said:Added to all this, every script kiddy out there can now exploit the hole Sony has opened for them. It’s a timebomb.
From SecurityFocus:
World of Warcraft hackers using Sony BMG rootkit
Robert Lemos 2005-11-03
Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD.
World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software--deemed a "rootkit" by many security experts--is shipped with tens of thousands of the record company's music titles.
Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.
Despite making a patch available on Wednesday to consumers to amend its copy protection software's behavior, Sony BMG and First 4 Internet, the maker of the content protection technology, have both disputed claims that their system could harm the security of a Windows system. Yet, other software makers that rely on the integrity of the operating system are finding that hidden code makes security impossible.
Everything he said is perfectly true. Allowing files that other programs can't see to exist on a computer causes a problem with viruses.Jonny Nexus said:Well there's a comment on John Dvorak's blog which explains why people are getting so angry:
It’s a mess. Even if Sony desists from this appalling behavior now, there are already likely thousands of infected computers out there. And there are thousands of these Trojanized CDs that unsuspecting members of the public have already bought.
Mark Russinovich found the software was very badly written. Just think of all the problems it might cause: there are already reports of it causing blue screen of death on bootup for some people, and F-secure says it will “break the Vista beta spectacularly”. So anyone who’s using that stands to damage their OS and lose their data.
Added to all this, every script kiddy out there can now exploit the hole Sony has opened for them. It’s a timebomb. The government department responsible for trading standards now has a duty to see these CDs are removed from the shelves in all stores before any more people are infected.
I’m boycotting all Sony products now. I wrote them and told them I had, too.
http://www.sonymusic.com/about/feedback.cgi
Comment by Damian — 11/3/2005 @ 1:30 pm
Now I have no way of knowing if what he is saying is true, but it's his opinion that when the CD installs its program at root level, it opens up a security hole that virus writers or hackers could use. That may be bollocks, but certainly people have no business installing such low-level software without the user's permission.
Darkness said:Indeed. Apparently, some people are already making use of it to cheat in World of Warcraft: