[Morryjg]

Just read this blog about the Sony digital rights management software that they are putting on their CDs. The DRM software hides itself similar to what malware does. And, there is no way to uninstall it via add/remove in Windows. Granted that statement will start a whole rash of "Glad I'm running Mac, or *nix" but that horse is dead already.

So, beware of dropping a CD into your computer from Sony.

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

 

[Jou]

you can still rip it though, just don't click anything when they ask to install, and rip it like you normally would.

 

[N8 v2.0]

UPDATE: http://news.yahoo.com/s/nf/20051103/tc_nf/39083

 

[Tenchiro]

Just disable autorun and you will be good. But it is a pretty asshat thing for Sony to do.

 

[Sandwich]

and this is supposed to discourage piracy?

yargh!

 

[berkshire_rider]

I have been following this on the Register, F-Secure, and Sysinternals this week. Pretty slimey move.

Nothing like pissing off people who are PAYING for your music instead of pirating it off of .torrents or p2p. Anytime you are *forced* to install a third party app or software just to use whatever it is you have, should be warning enough to take the crap back to the store and get a refund.

I guess it's too much to ask for the Sony and First 4 Internet to be upfront about what is happening, and to provide an easy way to uninstall that an "average" person can do, without having to delete registry entries.

 

[McGRP01]

I just bought a CD from an artist on Columbia Records and went to listen to it on my computer at work and it wanted me to install some sort of special software to do so. I almost threw the CD in the focking garbage I was so pissed!! :mumble:

 

[stosh]

Why would anybody buy their CD's then?

I'm getting out of the CD market thats for sure!!!

 

[Tenchiro]

.!. :angry: .!. @ Sony

Sony's spyware "remover" creates huge security hole

Princeton's Ed Felten and Alex Halderman have published new research into a grave security vulnerability opened up if you run the "uninstaller" that Sony supplies to rid your PC of its malicious rootkit software, which it installs when you insert an audio CD into your PC, as a means of restricting your use of the music on the CD.
The new vulnerability is as grave as a security vulnerability can be. If you run the uninstaller, your computer can be utterly compromised by an attacker who can reach it via the Web. Your computer can be made to run any code and surrender your data. It can be enlisted to act as a "zombie" for sending spam or attacking sites that are being shaken down in protection rackets.

Ed and Alex have written a demo to show that this danger is real. They've also supplied instructions for removing this dangerous software from your PC.

The music industry often warns against the use of P2P systems because they claim that P2P software can contain sneaky, malicious software that compromises your PC. Well, it appears that legitimately purchased CDs are deliberately corrupted with the same dangerous software.

If you buy CDs, you risk your PC, you risk having your personal information stolen by crooks, and you risk having your equipment used to break the law.

The consequences of the flaw are severe. It allows any web page you visit to download, install, and run any code it likes on your computer. Any web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get.

The root of the problem is a serious design flaw in Sony's web-based uninstaller. When you first fill out Sony's form to request a copy of the uninstaller, the request form downloads and installs a program - an ActiveX control created by the DRM vendor, First4Internet - called CodeSupport. CodeSupport remains on your system after you leave Sony's site, and it is marked as safe for scripting, so any web page can ask CodeSupport to do things. One thing CodeSupport can be told to do is download and install code from an Internet site. Unfortunately, CodeSupport doesn't verify that the downloaded code actually came from Sony or First4Internet. This means any web page can make CodeSupport download and install code from any URL without asking the user's permission.

 

[N8 v2.0]

Update:

http://www.breitbart.com/news/2005/11/21/051121193222.z2c7g6tk.html

 

[robdamanii]

Well then, somebody finally stepped up.