Sony installs hidden utilities when you play CDs

November 1st, 2005



Sony XCP DRM - What does it mean to YOU?


A lot of people have asked me how to disable AutoPlay in Windows - details on this are at the bottom of the post.
Response to the announcement by Sony is here.

It would seem that the music industry is now sinking to new depths to keep the gear they install of people's [tag]PC[/tag] secret - and all of this is done without the user's knowledge or consent. These techniques are more spyware tricks that how a legitimate company is supposed to operate.

I have no reason to doubt Mark Russinovich of [tag]Sysinternals[/tag] so I'm forced to conclude that these nasty techniques are in use by at least [tag]Sony[/tag] and that users are seeing some major tinkering done to their system when they play these [tag]CD[/tag]s on their PCs. What's worse is that if you try to undo this tinkering, things stop working!

The article is well worth reading and goes into some detail about detecting and removing these hidden tools using some powerful utilities.

I'm going to have to do some looking into this myself later ...

(via TechBlog)

Here's some more information on rootkits for you:



Combatting rootkits

Remove rootkits


Picked up by Bruce Schneier and The Washington Post and Ed Bott.

Edited to add that this Sony DRM system is very dangerous to Windows Vista systems and seems to break the OS badly. Be careful!

To get this malware uninstalled you can fill in this form on the Sony site, after which someone will call you and demand loads of answers to questions!

Also, if you want to be protected against CD installers the best way if to disable [tag]AutoPlay[/tag] for the optical drives (AutoPlay is the feature that allows applications to be run when the disc is placed in the drive). Disabling AutoPlay is easy and prevents any program running automatically when you insert a disc in the CD or DVD drive. Details on how to do this are posted in the page "[tag]Disabling AutoPlay[/tag] in [tag]Windows XP[/tag]".

PC Doctor cartoon - Sorny - Making life easier!

Secunia now picks up on this:

A security issue has been reported in First4Internet XCP DRM software used to playback Sony copy-protected music CDs, which can be exploited by malicious, local users to hide certain actions on a vulnerable system from the Administrator.

The security issue is caused due to the "aries.sys" device driver hiding all files, registry keys and processes on the system that have names that start with "$sys$", regardless of whether the file is part of the XCP software. This can be exploited by malicious users and malware to hide files and processes from the Administrator by prefixing their names with "$sys$".

Use another product.

This entry was posted on Tuesday, November 1st, 2005 at 16:10 and is filed under Cartoons, PC Doctor's Thoughts, Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.