| Extended Copy Protection |
Article Index for Extended |
Website Links For Extended |
Information AboutExtended Copy Protection |
| CATEGORIES ABOUT EXTENDED COPY PROTECTION | |
| digital rights management | |
| sony | |
| malware | |
| rootkits | |
| trojan horses | |
| windows software | |
|
Extended Copy Protection (XCP) is a Software package developed by the British company First 4 Internet and sold as a Copy Protection or Digital Rights Management (DRM) scheme for Compact Disc s. It was used on some CDs distributed by Sony BMG and sparked the 2005 Sony CD Copy Protection Controversy ; in that context it is also known as the '''Sony rootkit'''. Security researchers beginning with Mark Russinovich in October 2005 have described the program as functionally identical to a Rootkit : a software program used by computer criminals to conceal unauthorised activities on a computer system. Russinovich broke the story on his Sysinternals blog , where it gained attention from the media and other researchers. The publicity, which grew to include a civil lawsuit and criminal investigations, soon forced Sony to discontinue use of the copy protection system. While Sony eventually recalled the CDs that contained the XCP system, the web-based uninstaller was investigated by noted security researchers component used for removing the software exposed users to far more significant security risks, including arbitrary code execution from any site on the internet. DESCRIPTION The version of this software used in Sony CDs is the one marketed as "XCP-Aurora". The first time a user attempts to play such a CD on a Windows system, a program will be installed after a dialog box prompts the user to agree to a license agreement. It will then remain resident in the user's system, intercepting all accesses of the CD drive to prevent any media player or ripper software other than the one included with XCP-Aurora from accessing the music tracks of the Sony CD. No obvious way to uninstall the program is provided. Attempting to remove the software by deleting the associated files manually will render the CD drive inoperable due to registry settings that the program has altered. The included player software will play the songs and allow only a limited degree of other actions such as burning the music onto a certain number of other CDs or loading it onto certain supported devices such as a few portable music players. The popular IPod , sold by Sony competitor Apple Computer , is not supported. XCP conceals itself from the user by installing a patch to the Windows operating system. This patch stops ordinary system tools from displaying processes, registry entries, or files whose names begin with $. Other XCP components include "Plug and Play Device Manager", which continuously monitors all other programs being run on the computer. SECURITY RESEARCH In the short period that XCP has been publicly known, security researchers have been quick to analyze it and publish their findings. Many of these findings have been highly critical of Sony and First 4 Internet. Specifically, the software has been found to conceal its activity in the manner of a Rootkit (a common computer criminal's toolkit for hiding evidence); and moreover has been found to expose users to follow-on harm from viruses and trojans. XCP's cloaking technique, which makes all processes with names starting with $ invisible, can be used by other malware " antivirus company.Follow-up research by component which allows any Web site to run software on the user's computer without restriction. This component is used by First 4 Internet's Web site to download and run the uninstaller, but it remains active afterward -- allowing any Web site the user visits to take over the computer. Since it is specific to Microsoft Windows, XCP has no effect on all other operating systems such as Linux , BSD , Solaris , SkyOS or Mac OS X , meaning that users of those systems do not suffer the potential harm of this software, and they also are not impeded from " Ripping " (or copying) the normal music tracks on the CD. However, at least some XCP-bearing discs have also contained a program, MediaMax from SunnComm , which attempts to install a Kernel extension on Mac OS X. Antivirus industry response
Root Kit {Link without Title} :
will identify the Sony XCP product's cloaking component as Malware and remove it. The somewhat slow and incomplete response of some antivirus companies has, however, been questioned by Bruce Schneier "information security expert" at Counterpane and author of security bible Secrets And Lies . In an article for Wired News , Mr Schneier asks, "What happens when the creators of malware collude with the very companies we hire to protect us from that malware?" His answer is to use Linux and know what you are doing. {Link without Title} IMPACT OF XCP Beginning as early as August 2005 , Windows users reported crashes related to a program called ''aries.sys'', while inexplicably being unable to find the file on their computers. {Link without Title} Said file is now known to be part of XCP. Call For Help host Leo Laporte said that he had experienced a rise in reports of "missing" CD-ROM drives, a symptom of unsuccessful attempts to remove XCP. {Link without Title} Security researcher Dan Kaminsky used DNS cache analysis to determine that 568,000 networks worldwide may contain at least one XCP-infected computer. Kaminsky's technique uses the fact that DNS nameservers cache recently-fetched results, and that XCP "phones home" to a specific Hostname . By finding DNS servers that carry that hostname in cache, Kaminsky was able to approximate the number of networks affected. {Link without Title} After the release of the data, Kaminsky learned that an as-yet undetermined number of "Enhanced CD's" without the rootkit also phone home to the same address that rootkit-affected discs use, so infection rates are still under active investigation. XCP FLAW According to analyst firm Gartner, XCP suffers from the same flaw in implementing DRM as any DRM technology current or future that tries to apply DRM to audio CDs designed to be played on stand-alone CD players. According to Gartner because the installation of XCP or any DRM software relies on the CD being multi-session the application of a piece of opaque tape to the outer edge of the disk renders the data track of the CD unreadable, the PC then treats the disc as an ordinary single-session music CD. LEGAL CONCERNS There is much speculation to what extent the actions taken by this software are a violation of various laws against unauthorized tampering with computers, or laws regarding invasion of privacy by " Spyware ", and how they subject Sony and First 4 Internet to legal liability. The States of California, New York, and Texas, as well as Italy have already taken legal action against both companies and more class action lawsuits are likely. However, the mere act of attempting to view or remove this software in order to determine or prevent its alteration of Windows would hypothetically constitute a civil or criminal offense under certain anti-circumvention legislation such as the controversial Digital Millennium Copyright Act in the USA . EFF's Fred von Lohmann also heavvily criticised {Link without Title} the XCD EULA , is shown for acceptance before the software installation, naming it the legalese rootkit. GPL and LGPL violations Researcher Sebastian Porst Matti Nikki[http://hack.fi/~muzzy/sony-drm/ and a number of software experts have published evidence that the XCP software infringes on the copyright of the LAME Mp3 encoder, Mpglib [http://www.the-interweb.com/serendipity/index.php?/archives/54-Breakthrough-after-breakthrough-in-the-F4I-case.html], FAAC {Link without Title} tag reading and writing), Mpg123 and the VLC Media Player {Link without Title} . Princeton researcher Alex Halderman discovered {Link without Title} that on nearly every XCP CD, code which uses a modified version from Jon Johansen 's DRMS software which allows to open Apple Computer 's Fairplay DRM is included. He found the code to be inactive, but fully functional as he could use it to insert songs into Fairplay. DRMS and mpg123 are licensed under the GNU General Public License (GPL). The other software found, like LAME is licensed under the Lesser General Public License (LGPL), also as Free Software . If the claims are correct, then Sony/BMG was distributing copyrighted material in violation of the author's rights. Jon Johansen wrote in his blog after talking with a lawyer, he thinks that he cannot sue. However, there are opinions that the legal adivce that he has got is wrong[http://www.techdirt.com/articles/20060201/0313222_F.shtml . The LAME developers have put an open letter {Link without Title} to Sony/BMG online. Copyright violations which Sony could be accused {Link without Title} of include:
Sony already provides {Link without Title} a version of id3lib's source code on it's web site, but unrelated to XCP. Assuming the above is right, if Sony refuses to provide the program source code under the GPL and LGPL, anybody who received such CD and therefore has the right to get the full source under GPL should be able to bring legal action and demand that they do so. SONY'S RESPONSE On a ." Sony also contends that the "component is not malicious and does not compromise security," but "to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove root kit component from their computers." A patch {Link without Title} to remove the cloaking of the software has been released; this patch does not completely remove XCP, but disables its technique of hiding itself from view. First 4 Internet reports that any upcoming versions of XCP will not use the same techniques. An uninstaller for XCP-Aurora is now available from the Sony-BMG web site An analysis of this uninstaller has been published by Mark Russinovich - who initially uncovered XCP - entitled "More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home" [http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html . Obtaining the uninstaller requires one to use a specific browser (Microsoft Internet Explorer ) and to fill out an online form with their email address, receive an email, install the patch, fill out a second online form, and then they will receive a link to the uninstaller. The link is personalized, and will not work for multiple uninstalls. Furthermore, Sony's Privacy Policy[http://www.sonybmg.com/privacypolicy.html] states that this address can be used for promotions, or given to affiliates or "reputable third-parties who may contact you directly". It has also been reported that the uninstaller might have security problems which would allow remote code execution {Link without Title} . Sony's uninstall page will attempt to install an ActiveX control when it is displayed in Internet Explorer. This ActiveX control is marked "Safe for scripting," which means that any web page can utilize the control and its methods. Some of the methods provided by this control are dangerous, as they may allow an attacker to download and execute arbitrary code. As of November 11 , 2005 , Sony has announced they will suspend manufacturing CDs using the XCP system:
This followed comments by Stewart Baker , the Department Of Homeland Security 's assistant secretary for policy, in which he took DRM manufacturers to task, as reported in the Washington Post :
According to the New York Times Sony BMG said "about 4.7 million CDs containing the software had been shipped, and about 2.1 million had been sold." About 50 albums distributed by Sony-BMG contained XCP.[http://www.bloomberg.com/apps/news?pid=10000101&sid=aVhY_TwrFjQI&refer=japan On November 14 , 2005 , Sony announced it is recalling the affected CDs and plans to offer exchanges to consumers who purchased the discs. {Link without Title} Exchange your XCP CDs free of charge. SonyBMG is providing a free UPS service for consumers who have XCP titles to return the CDs to SonyBMG in exchange for a new CD that is DRM-free and does not contain XCP. Go to: http://www.upsrow.com/sonybmg/ ALBUMS WITH XCP Full article: List Of Compact Discs Sold With XCP :''See also: http://cp.sonybmg.com/xcp/english/titles.html The Electronic Frontier Foundation published its original list of 19 titles on November 9 2005 {Link without Title} . On November 15 2005 The Register published an article saying there may be as many as 47 titles. Sony BMG says there are 52 XCP CDs. {Link without Title} Amazon says it's treating the XCP CDs as defective merchandise and will offer a refund with shipping, as long as the customer specifies the request. {Link without Title} SEE ALSO
REFERENCES Krebs, Brian. " Calif. Lawsuit Targets Sony ". Washington Post; November 8, 2005. EXTERNAL LINKS
|
|
|