AT&T Tech Support 360
- Related Stories
-
FAQ: Sony's 'rootkit' CDs
November 11, 2005 -
'Bots' for Sony CD software spotted online
November 10, 2005 -
Are these the Sony rootkit CDs?
November 10, 2005 -
Sony CD protection sparks security concerns
November 1, 2005
Anyone who has purchased one of the CDs, which include southern rockers Van Zant, Neil Diamond's latest album, and more than 18 others, can exchange the purchase, Sony said. The company added that it would release details of its CD exchange program "shortly."
Sony reported that over the past eight months it shipped more than 4.7 million CDs with the so-called XCP copy protection. More than 2.1 million of those discs have been sold.
"We share the concerns of consumers regarding discs with XCP content-protected software, and, for this reason, we are instituting a consumer exchange program and removing all unsold CDs with this software from retail outlets," the company said in a statement. "We deeply regret any inconvenience this may cause our customers."
The company made the announcement--its second public apology since the CDs' risks came to light last week--just as security researchers found several other potentially dangerous flaws in the software.
Princeton University computer science professor Ed Felten wrote on his blog Tuesday that he and a fellow researcher had confirmed that Sony's initial Web-based uninstall tool--designed to uninstall the copy-protection software deposited by Sony's CDs--actually exposed a critical vulnerability on computers.
The tool downloaded a program that causes a user's hard drive to accept instructions from Web sites. But the program remained active on the user's hard drive after it had been instructed to uninstall the Sony software. The program could then be triggered by almost any code from any Web site, including malicious instructions, the Princeton researchers said.
"Any Web page can seize control of your computer; then it can do anything it likes," Felton and fellow researcher J. Alex Halderman wrote on their blog. "That's about as serious as a security flaw can get."
Sony later replaced that Web-based uninstall tool with one that downloads a program with its own instructions, as opposed to one that accepts instructions from Web sites. The researchers said the new program appeared to be safe.
For anyone who did use the earlier tool, the researchers' blog has instructions for removing the Sony component.
Separately on Tuesday, security company Internet Security Systems released its own new advisory on Sony's software. It warned that flaws in the copy-protection software--not just in the early uninstall tool--could allow an attacker to take control of a user's machine.
FAQ: Sony's 'rootkit' CDs
Previously, security researchers had spotlighted the online release of several Trojan horse viruses that piggybacked on the Sony software to hide their presence on hard drives.
The Trojan horse software, once installed, automatically connects to an Internet chat network and allows an attacker to take remote control of an infected computer.
Half a million people at risk?
Although more than 2 million of the Sony discs have been sold, it's still unclear how many of those were actually played in a Windows-based computer, thus triggering the security risks. Sony notes that the copy-protection software is not activated on an ordinary CD or DVD player, or on a Macintosh computer.
Security researcher Dan Kaminsky said he estimated that at least 500,000 computers had installed the Sony software.
Once installed, the Sony software can relay data, which indicates what CDs are being played, to an outside server. To relay the information, the software has to find its destination by contacting the Internet's domain name system address servers, where a publicly available record of that request is left behind.
Kaminsky said he counted more than 568,000 separate requests. The method counts any request coming from the same network, but only once. So it might not include repeated requests coming from offices or schools, where numerous computers use the same network, he said.
"The thing that's proved here is not the upper bound," Kaminsky said. "This is a lower bound. This is a pandemic."
Sony's copy-protection software was created by British company First 4 Internet. The software is installed on a computer's hard drive when certain Sony compact discs are put in the CD player and the listener accepts a license agreement.
The software then hides itself using a controversial programming tool called a "rootkit," which takes over high-level access to some computing functions. The rootkit blocks all but the most technically savvy users from being able to detect its presence.
Sony has worked with antivirus companies to help their products pierce this veil of invisibility, and has posted a patch on its Web site that will uncloak the hidden software. It also said it would temporarily stop manufacturing discs using the First 4 Internet tools.
Lawsuits have been filed against the record label in California and New York, and others are expected.
See more CNET content tagged:
copy protection,
researcher,
security risk,
rootkit,
Sony Corp.
gets 20 years, but Sony distributes malicious code and everything's
groovy? Double standard?
Now, Sony decides to install software that can be easily exploited to install and propagate viruses and other malicious garbage; possibly permanently damaging someone's computer.
Where's the outcry??? Where's the "Congressional Hearings."??? Where are the politicians and elected representatives coming to the rescue of the working folk??? Nowhere !!!! Why ??? Because the RIAA has them by (fill the blank) and we all know it.
Shame, shame, shame.
That's why I don't buy cd's anymore.
Read below for what it does. The Rootkit makers website is here
http://www.star-force.com
" haven't studied StarForce particularly, but I *am* a programmer, so I can tell you roughly how it works and why people dislike it.
In order to be effective, it has to install as a device driver, which means for WinXP, it has ring-0 privileges, something normally only Windows and "real" device drivers have. With this greatest of privileges comes the greatest of responsibilities - a bug can do almost unlimited damage to your system integrity, because it's operating as close to the OS itself as 3rd-party code can (in the Windows World). This is one reason why people dislike it - writing software that operates in this ring is demanding and easy to get wrong. This is why you see a low percentage of true horror stories - some relatively corner-case bug can very easily result in filesystem corruption.
Next, in order to prevent various circumvention techniques - mostly, debuggers - copy protection schemes like Star Force do NOT just start up when the game starts. That's BS, pure and simple. The drivers are loaded when the OS boots, and block various tools like debuggers, drive emulators, and the like from operating in the way they're intended to work. This is a wonderful way to do what Star Force wants to do, but it is NOT something the computer owner wants. This is the next reason people dislike it - Star Force is asserting, on the game's behalf, that the game's owners' rights are more important than the users's rights to know, and control, what happens on their system. Arguments that the OS and other apps do the same kind of thing are misleading - some games try lesser approaches to the same thing (always running full screen, attempting to find debuggers already in memory and not loading if so, etc.), but Star Force's approach is taking it to the next level - directly interfering with OTHER user-space software to enforce its copy protection.
Finally, it's apparent that not all programs that bundle Star Force uninstall them correctly (I haven't tested to see whether the demo cleans up properly or not). I suspect few if ANY do - because otherwise uninstalling the demo would break StarForce for other programs on the system. Maybe the program loader re-installs the drivers if they're missing? I dunno. Either way, this is the third reason people dislike Star Force. It's interfering behavior - blocking debuggers, drive emulators, etc. - often remains even when the protected program is removed.
In short, the arguments FOR such protections are valid in some ways: There are known techniques for copying games, and Star Force goes farther than most in thwarting those techniques.
However, the consumer's points are also valid, and in my opinion, more telling. The user should be presented with clear notice of what Star Force wants to do to their system and possible side effects - they shouldn't be left to wonder why some of their other software/hardware suddenly doesn't work correctly.
Also, as has been pointed out, it is a LOSING proposition that publishers (and some developers) still fail to grasp. You simply cannot thwart an intelligent cracker because you're installing software on his machine, and the first rule of hacking is that a hacker is the lord of his own machine. Tools like Star Force simply cannot work in the long term.
They can reduce piracy - somewhat - by making it harder to crack a game immediately. But, when you add up the benefits there, and weigh them against the hassles to, and the ill-will from, your LEGAL users - and the relative numbers of each - I just don't see how a software vendor can justify the former at the expense of the latter."
Couple of links to ongoing battles with Ubisoft and Codemasters.
http://forums.ubi.com/groupee/forums/a/tpc/f/1851065692/m/8121095173/p/2
http://community.codemasters.com/forum/showthread.php?t=41307
Dear Sir, calling StarForce ?nefarious Rootkit/Virus? is a good enough cause to press charges.
How do you like that for a start?
Allow me to continue. If you ?haven?t studied StarForce particularly?, why don?t you mind you own business and talk about things that you understand?
Basically, there is no need to further continue with your offensive comment on news.com.com. However, it would be healthy to refresh the minds of those who might have thought that you knew what you were talking about. When you talk about copy protection, why do you mention StarForce alone? That can make one think that you have personal interest in undermining our good name.
The pirates are strong, to be stronger is what we get paid for. Therefore we use every possible LEGAL tool to protect the product. The StarForce driver is not a bug and StarForce installs zero rootkits or Trojans and it harms the system?s integrity no more than any other software.
It is true, that the SF drivers are loaded with the OS, but it is not true that they immediately start blocking debuggers, emulators and etc. Read one of the user?s comments, for instance. The man has 4 emulators running on his PC: http://www.star-force.com/forum/index.php?showtopic=242&st=0&p=1138&#entry1138
Such things are only blocked when the protected software is run. Now, let me ask you a question. If you are not a pirate, why would you need a debugger simultaneously running with the protected software? It is in the interest of the developer to keep the debuggers and emulators out of business when the protected application is run.
Again, if you haven?t tested how the drivers are installed/uninstalled why even talk about it?
The drivers are installed with the protected software and it is up to the software developer how they will be uninstalled. StarForce offers many ways to make the integration of protection flexible and user friendly. And if some developers choose to select the option of manual drivers uninstall, it is their sole right. Please study http://www.star-force.com/protection/users/
There you will find the SF drivers removal tool as well.
We invite those who would like to ask questions and learn more about copy protection to our forum which has some truly unique posts.
As for the people who dislike us ? we know them ? they are the legions of pirates around the world. As for law-obedient users ? they haven?t even heard about StarForce ?problem? The percent of users that had compatibility problems with StarForce is 0.3%.:
http://www.star-force.com/forum/index.php?showtopic=194
You say that ?tools like StarForce cannot work in the long term?. You are absolutely correct. And we are not even meant to. Our job is to protect the product during the peak of sales, which is usually one to three months. So that the developer and the publisher could get their revenue and invest the money into their new projects which we all so much anticipate every time. And believe me, we do our job well, some of the games we protected stayed secure for 6 months and longer.
I want to close with advice to read page one of the UBI forum that you refer to. For some reason you started reading on page 2.
http://forums.ubi.com/groupee/forums/a/tpc/f/1851065692/m/8121095173/p/1
"PC Gamers have been fighting for the last year with multiple different publishers about an even more nefarious Rootkit/Virus known as Starforce. Read below for what it does. The Rootkit makers website is here http://www.star-force.com"
I would like to comment on this baltant slander against a good product such as StarForce.
1) StarForce is NOT a root kit. Root kits are used in a bad and deceptive manner, they hide particular files, registry
keys, processes, etcetera from the user and any other software which is installed on the given computer. A root kit
usually achieves this task using a ring0 driver system.
The StarForce drivers are a legitimate way to gain all the required previledges from the Operating System in order for the protection to work correctly. StarForce hides absolutely nothing from the end-user, as all the drivers are
clearly visible and removable at will.
2) There's also no ground to call StarFarce a Virus. StarForce's aim is to protect Intellectual Property. To achieve
this task, it employs a multilevel guard module. Viruses are meant to be hidden from the user, provide no means
for uninstallation, and cause direct harm.
"It's interfering behavior - blocking debuggers, drive emulators, etc. - often remains even when the protected program is removed."
This is a very illiterate statement. StarForce does not block any debuggers. StarForce protected applications can
not run with system-level debuggers since they require the same system resources as debuggers do, and thus, the StarForce protected detect debuggers and refuse to run. StarForce tempers with no debuggers. Concerning the Virtual
Drive claim; StarForce is a copy protection system. The main goal of a copy protection system is to ensure that
the user has rights to run the protected application. StarForces merely requires the presence of the original
media in the drive for authentication purposes ONLY.
"Also, as has been pointed out, it is a LOSING proposition that publishers (and some developers) still fail to grasp. You simply cannot thwart an intelligent cracker because you're installing software on his machine, and the first rule of hacking is that a hacker is the lord of his own machine. Tools like Star Force simply cannot work in the long term."
Some of the StarForce protected titles remain secure (not-cracked), months after their release. Some of them include
Splinter Cell: Chaos Theory, Worms 4, Beyond Divinity, and many more. This statement of just points at the illiteracy
of the author in regarding to Copy Protection. Moreover, if a title gets cracked 4 months after its debut, it is insignificant, as the protection did well in securing the title's shelf release.
To sum thing up, this post is very misleading. Clearly, the author tries to spin his personal frustrations with StarForce to a very saddening magnitude. I would at least expect from a respectable web site such as CNet to review posts and remove such blatant misconceptions. As, at the end of the day, these are the end-users they mislead, not to speak about the way they obnoxiously disrepute a good product.
In short:
1) It install DRM software before EULA pops up
2) It does not uninstall properly
3) It phone home
Sony apparently has moved to recall the discs in question, but music fans who have listened to them on their computers or tried to remove the dangerous software they deposited could still be vulnerable.
?This is a surprisingly bad design from a security standpoint,? said Ed Felten, a Princeton University computer science professor who explored the removal program with a graduate student, J. Alex Halderman. ?It endangers users in several ways.?
http://www.msnbc.msn.com/id/10053831/
I own over fifteen thousands of dollars worth of Sony hardware, software, and music however I'll never purchase a Sony product again.
I was going to purchase a Sony surround sound system to hook up to my Sony widescreen TV in the living room this christmas. It's an older system who's main claim to fame is it can't be stolen because it would take four burly men to cart it off. It took four people just to lift it out of it's container and put it on a Sony stand. Now I've got to hire four burly men to cart it off.
What's next, when I insert a Sony CD into my Sony Xplod CDX-MP450X 50WX4 Mp3 car stereo system is it going to foul up the firmware so only Sony DRM'd content will play on it. With the next Sony firmware upgrade will my Sony VIA PCG-GRZ660 laptop quit ripping DVD's that I own so my son who has Autism and constantly scratches his movies won't be screaming at me because his movies won't play. This is what happens when hardware companies hop in bed with content providers.
Dump your Sony stock and buy Panasonic, Toshiba or even overhyped Google.
"Do no evil" sound like a better mantra to me.
Sony CEO admits violation of others and gives discounts to those he's violated. Lawsuits have destroyed me, due to my dishonest behavior.
*** violate me.
The entire minimum wage world tunes into see whether one $lut is bangin what other media Wh0?E.
Divorce to follow soon.
I dare him to call me one!
I have been involved ever since May of 2005 posting on the Ubi forums under Soulcommander. And even helped Ubi conduct an Investigation into Starforce as the Ubi techs had no clue what was happening. This investigation not only proved how Starforce treated their customers through email support, but also how Starforce treated customers on their very own forums...Closing threads and deleting them.
Starforce continues to do things to make us hate them! Just this weekend they post a bit torrent link on their web site by their very own Forum employee to a Stardock game known to have NO copy protection, this game is called Galactic Civ II by Stardock....
You can read how well it was doing selling out in North America on the Stardock web site, as well as see what Starforce posted on their forums (the bit torrent link).
http://www.galciv2.com/
You can also read how myself Lart44 and 13thHouR responded to Gamespot here explaining to them whats really happening with Starforce: http://www.gamespot.com/pages/forums/show_msgs.php?topic_id=24330650&page=6
And the resulting interview with Stardocks head here to the incident that Starforce did on their forums posting the bit torrent link:
http://www.gamespot.com/news/6145864.html
As you can see Starforce is not only bad for your computer their employees very devious and unprofessional.
What copy protection company would post a Bit Torrent link to download a game with out paying for it just to prove a point that the game needed Copy Protection and thus see look people are getting it with out paying for it.
If Stardock wants to put a game out with out copy protection and can out sell any game with copy protection what is the problem?
I spoke to Strdocks Larry Kuperman about the sucess of Galactic Civ II several weeks ago you can see my commnet here on our web site:
(Soulcommander's 3rds)
http://www.r-force.org/modules.php?name=Forums&file=viewtopic&t=25
Larry tells me that Starforce kept calling them asking them to use their copy protection. And Larry told them not to call anymore and some otehr choice words....
Well as you can see then Starforce the weekend of 3/11 3/12 posts the bit torrent link to hurt Stardocks Galactic Civ II sales.
What would you call a company that does that?
EVIL, Comes to mind.
For those of you wondering if JM is an employee of Starforce? Yes he is. He is the one that posted the Bit Torrent link.
Enough said!
If you want to hear more about the Starforce controversy as some like to call
it.
You can here it in a recorded interview here:
http://downloads.cybershack.com/CyberShack-Features/StarForce-Feature-full-US-112k.mp3 Cyber Shack U.S. Interview
http://stream.cybershack.com/CyberShack/ep317/Cybershack_Ep317.mp3 Cyber shack Part 1 Interview
http://stream.cybershack.com/CyberShack/ep318/Cybershack_Ep318.mp3 Part 2 Cyber Shack
In the Inerview,
Dennis Zhidkov (StarForce Technologies)
Steven Levy (Newsweek magazine)
Dan Mattia (Game-Overdrive.com)
And myself
Larry Freese (Consumer Rights Activist)
- You sir are deluded
-
by Plamdi
May 23, 2007 2:42 AM PDT
- "calling StarForce 'nefarious Rootkit/Virus' is a good enough cause to press charges."
-
Reply to this comment
-
See all 38 Comments >>Utter rubbish, if you don't like the way your product is being described by users then the problem is on YOUR END.
"why don't you mind you own business and talk about things that you understand?"
Why don't YOU mind YOUR business and keep your malicious drivers away from MY computer?
"Basically, there is no need to further continue with your offensive comment on news.com.com"
Then why is it you said that and then went on for another 11 paragraphs ranting about his comment?
"Now, let me ask you a question. If you are not a pirate, why would you need a debugger simultaneously running with the protected software?"
Firstly, if I decide to purchase $1000 debugging software, then I'd expect to be able to do whatever the heck I want with it, secondly there are many, many legitimate reasons to have a debugger running. Perhaps they're monitoring another piece of software running in the background. Maybe there's a bug in a program I purchased, and I'd like to patch it, and re-compile it? You can always put internal CRC-checks in to make the software more difficult to modify, if that's what you're worried about.
"And if some developers choose to select the option of manual drivers uninstall, it is their sole right."
Amazingly, it's also the consumer's right to criticize.