Web kiloseven.blogspot.com
www.arrl.org www.eham.net

2005-11-05

[Data Security] Digital Pearl Harbor

I've been pondering how to explain the immensity of the evil which Sony Music has done to any Windows user who has bought a CD from any of their record labels (which include Arista, BMG, Columbia, Epic, J, RCA, RCA Victor, SunComm).

Then, Dr. Jerry Pournelle, and authentic Rocket Scientist, former Presidential Advisor and whose work on computing I've trusted for a quarter century, sends me this.

No way I can top it.

Yes. he's serious, and 100% accurate.
---------- Forwarded message ----------
From: Jerry Pournelle
Date: Nov 4, 2005 8:57 PM
Subject: A Chaos Manor Root Kit Warning (1)
To: Jerry Pournelle

This is a Chaos Manor Warning. I would be shouting if I were not concerned that it would trigger your spam filters.

You may or may not be familiar with the Sony Music CD Root Kit problem.

Let me begin with the warning: do not buy or install any Sony Music CD on your PC. The records play just fine on other systems. There's no problem with Mac or Linux or with self contained music players.

But if you try to play that record on your CD, it will tell you that you must install the Sony CD player codec (you can't play the record through Microsoft Media Player or any other stuff you have installed on your system).

DO NOT INSTALL THAT SOFTWARE. If you do you may never be able to get it off there short of scrubbing your system down to bare iron, reformatting, and reinstalling everything. I wish I were spoofing you, but I am not. This is a serious warning.

Moreover, if you have given a Sony Music CD to anyone as a gift, and they have tried to play that music on their PC (not Mac, not a standalone player, not Linux, but Windows PC) then their systems are infected, and it is exceedingly difficult -- exceedingly difficult -- to remove that infection in a way that doesn't blue screen of death the PC.

MY ADVICE IS NOT TO BUY ANY SONY MUSIC CD.

I have heard nothing about Sony movie DVD's having any such infection, but it's possible. So far all my Sony DVD's have played with Power DVD and I have not been asked or required to install any special Sony software to play a Sony movie DVD; if I am asked to do so I will refuse, and so should you.

Understand that the Root Kit on the Sony Music CD is a deliberate
installation by Sony as part of a Digital Rights Management scheme. They will now, if you jump through enough hoops, send you a patch that will make their scheme visible -- like all root kits, their original installation so infects your operating system as to hide in a directory your operating system literally cannot see or access -- but it still does not remove it.

I'll have more on removal in the column and at another time this being column time. I will also have a

DO NOT BUY SONY MUSIC CD

warning in my Christmas Shopping List in the column.

This is a serious infection: the scheme has actually been used by third parties to hide other malware on systems that have the Sony root kit installed, and others have used the Sony root kit to hide cheat software for World of Warcraft. Even if you think you know what you are doing, you should not fool around with this stuff. It's dangerous, it's very difficult to remove, and there is a very real risk that you will have to reformat your disk and reinstall your OS and everything else.

For more information see:

The Register

The Register (redux)

SysInternals

The last reference is to the Sysinternals page where an incredulous Mark Russinovich relates how he found the root kit on his system: the root kit has been out for months, and this is the first indication of its existence. Sony did a splendid job of stealthing this.

I will have more in the column and on the web page. If you have bought and installed a Sony Music CD on your PC, *you need more help than I can give you*. Start with the Sysinternals page, and *proceed with extreme caution*.

And the best of British Luck to you.

Best regards,

Jerry Pournelle
Chaos Manor


I'm not buying any Sony anything until a complete and total repair procedure for Windows users is issued. The current procedure offered users, as per reliable sources, does not completely remove the malware. Since the removal programming is not Open Source, how do we know what else it does?

As a protective measure, I'd suggest you disable autoplay for all optical (CD, DVD) disk drives on every Windows machine you have.



Other information sources include:

The United States Code, Title 18, Section 1030, which to some seems potentially applicable.

The Washington Post

The BBC

The Finnish antivirus company F-Secure

Steve Gibson and Leo Laporte (see or listen to Issue # 12).

C|Net,

And, an explanation (PDF, requires Adobe Acrobat or other PDF reader) of why this DRM malware is irrelevant, which confirms the findings of Eric Flint, a Baen Books author.


To: nobuyuki.idei@jp.sony.com
Subject: Your Digital Pearl Harbor

Dear Chairman Idei:

I regret I shall not purchase any more Sony merchandise of any kind, including from any subsidiary, until the practice of installing rootkit software by your company's products ends. The security and integrity of my computing equipment, and the data I entrust it to, is worth far more to me than your products.

I regret having to say this, for I have been a lifelong Sony customer and consistant advocate of the quality of your merchandise. However, beginning Monday, I shall search for a replacement for every piece of Sony equipment, as well as advising every other professional I know to consider doing the same.

Sincerely yours,