[Marxism] (fwd from Joaquin Bustelo) The SONY-BMG rootkit: Whom the Gods would destroy...

Les Schaffer schaffer at optonline.net
Tue Nov 15 08:30:48 MST 2005


	The Music Monopoly Mafia has given yet another demonstration of
its deep-seated hostility to its customers by turning millions of music
CD's into trojan horse carriers for malware (what most people call
computer viruses).

	The current example is SONY-BMG allegedly anticopying software
included on at least 20 CD titles that installs (without user
authorization) a black-hat hacker tool known as a "rootkit" on customer
computers. The installed programs prevent copying or playing the CD
using normal programs, only a SONY-blessed media player that, among
other crippleware defects, doesn't support MP3 files. It sends data back
to SONY-BMG without the users knowledge or authorization, corrupts all
MP3 rips made with the infected computer, and cannot be uninstalled with
publicly available software. 

	A "rootkit" is a hacker tool designed to hide the presence of
software (usually malware) from the computer's Operating System and
therefore the end user and products such as antivirus or antispyware
programs.

	These program use a variety of techniques, but the basic idea is
to intercept very low-level "calls" (requests for information) by or to
the Operating System (the basic "housekeeping" software that runs all
the time underneath programs) so as to filter the information. This is
where the name "rootkit" comes from, as this sort of access in a
computer is called "root" access.

	In the case of the SONY-BMG infection, files whose names start
with $sys$ are hidden: as far as Windows and programs that run on top of
it are concerned, they don't exist. This creates a huge umbrella under
which pretty much anything can be shoved into the computer.

	The normal Windows uninstaller can't remove the SONY-BMG program
and there is no uninstallation program that comes with the original
software. SONY claims they will give you an uninstaller, but first you
have to register with them and to get access to the download you have to
install something called an "Active X" control on your computer. 

	"Active X" controls are a Microsoft monopoly-reinforcing
invention that makes it possible for web pages to do all kinds of things
that otherwise would be more difficult or impossible to do. Basically,
it can allow a web page to take over your computer. The SONY-BMG Active
X control has been reported to install backdoors into the computer, and
includes the capacity to reboot the machine, and also has a module that
apparently allows code --programs-- from a web page to be executed on
the machine.
	
	SONY-BMG has been trying real hard to get you not to uninstall
the software, first by hiding the information that an uninstaller is
available, then by offering what seems to be described as a different
"DRM" (Digital Rights Management) package in exchange but is in reality
the same one, the  only difference being that the hiding function is
turned off. Then it takes a couple of registrations and emails until you
finally get a downloadable file usable only on that one computer and
that MUST be used within a few days. 

	Mark Russinovich, a Windows kernel guru, first discovered the
rootkit and documented it at the beginning of November on his blog here:
http://www.sysinternals.com/Blog/. 

	It was a lucky accident that he discovered it. As one of the
leading authorities on rootkits and the developer of a tool to detect
them, RootkitRevealer, he was testing a new release on one of his own
computers and found to his shock that the computer was infected with a
rootkit.

	The detective story of how he tracked down the rootkit and
linked it to a SONY-BMG CD, and eventually was able to neutralize it is
a fun read if you have at least some familiarity (not necessarily a lot)
with windows' internals and a general idea of how it works. It also
shows how maliciously the program was written, because manual
uninstallation of the software (removing the files and registry keys)
breaks the computer by disabling the CD drive and audio system. The blog
has a description of how to fix this but it seems to involve Windows
kernel hacking even more advanced than messing with the registry
manually. 

	This alteration of core operating system functions is typical
rootkit behavior, which is why the usual recommendation to fix a rootkit
infection is to back up your data and then "nuke" the hard drive, doing
a complete format to wipe out everything on it and then reinstalling
everything from scratch. This is beyond the normal skill and comfort
level of many or most computer users especially if the person doesn't
have from the manufacturer a "restore" set of disks that will put the
computer's software back the way it was configured when it came from the
store. 

	From the point of view of computer security, what SONY-BMG has
done in surreptitiously installing rootkits by the hundreds of thousands
or millions is stark raving madness. It only took about a week for new
versions of trojans to begin circulating on the Internet. One that is
being spread by email establishes a backdoor link to an IRC channel, and
is probably meant to turn end user computers into spambots or zombies
for staging denial of service attacks. Another sabotages a computer
gaming network that has pissed off a lot of users.

	And it was dumb luck that this rootkit was discovered by the
good guys first. 

	The SONY-BMG rootkit infection got a LOT of play, first in the
computer-oriented internet news and commentary sites, then in the
mainstream printed and online media, so much so that SONY offered the
patch to turn off the hiding function (this patch should NOT be lightly
used; according to Russinovich it was incompetently written and can
cause a computer to crash). 

	Further negative publicity came on Wednesday in the form of a
class action lawsuit in California, and apparently others are being
prepared in other states. Formal complaints were also filed against
SONY-BMG in some European countries. Then on Thursday at a conference on
"piracy", Assistant Secretary of Homeland Security Stewart Baker didn't
cite SONY-BMG by name but criticized what the company had done: 

	"It's very important to remember that it's your intellectual
property, it's not your computer," Baker said. "And in the pursuit of
protection of intellectual property, it's important not to defeat or
undermine the security measures that people need to adopt in these
days."

	In response, on Friday SONY-BMG reacted by announcing it was
suspending the incorporation of this root kit in audio CD's. But it
still has not come clean: it is refusing to disclose what titles infect
computers with the root kit, it is refusing to recall disks in consumer
distribution channels, it is refusing to replace infectious CD's already
in consumer hands, and it is refusing to make generally available a
program to uninstall it. 

	SONY-BMG is doing itself no favors, since now that virus
exploits have appeared for the rootkits, antivirus companies, which had
gingerly been dancing around treating this as an infection, which it
clearly is, have no choice about it. Some have already announced that
their current updates will detect, remove and prevent reinfection by
this malware. 

	More broadly, what the record companies are doing seems to be an
illustration of the ancient Greek saying, "Whom the Gods would destroy
they first drive mad."

	The ostensible purpose of SONY's tool is to "protect" the audio
tracks from "piracy," but its only real effect is to limit consumer fair
use rights far beyond the specific privileges the law reserves to
copyright owners. For example, the rootkit malware prevents you from
making a copy of the music to the generic MP3 format that all portable
media players support, or to Apple's proprietary format which is used in
the Ipod. SONY wants you to use only players that support SONY's own
proprietary format or Microsoft's proprietary format, which are a small
minority of the players out there.

	This is a technological attempt to overturn to the "first sale"
doctrine of U.S. copyright law which says the only restrictions on what
the buyer of a copyrighted item has are those privileges the law
reserves to copyright owners, everything else is fair use.

	The claim that it is an effort to protect against "piracy" is
pure poppycock. The audio content of the albums is on the discs in a
completely unprotected form. Because audio CD technology predates
personal computers, there's not even anything like a file structure to
an audio CD, nor any sort of metadata (=data about the data, for example
the names of songs). An audio CD consists of a special pattern to
indicate the beginning and end of the music, and between them the raw
output of an analog-to-digital converter, with "tracks" separated by
silence, i.e., what an analog to digital converter would give you with
no input. This is what's on the audio part of the disk along with a
bunch of error correction features to make the disks more resilient.
When you put that disk into the CD drive of a computer and Windows tells
you it has 12 files on it called track 1, 2 and so on, it is Windows
that is creating that metaphorical representation of the audio CD
content. An audio CD in and of itself is pretty much ONLY raw data.

	Once you've put that out, you've basically put out a digital
master of the music. Even very primitive CD readers, which understand
nothing about files or formats, will read the disk flawlessly and the
output of the digital reading part of the machine is a series of ones
and zeros that when put into a digital-to-analog converter will give you
the music. There is, quite simply, NO WAY to prevent someone with the
right tools and knowledge from reading the raw audio data from an audio
CD. Which means there is no way to prevent what the music monopoly mafia
calls "piracy," which is people copying the songs to more convenient
formats and sharing them with others, nor real piracy, which is people
creating replicas of the CD and selling them for a profit.

	The SONY-BMG and other "copy protection" schemes are based on
the fact that computer CD units are way more sophisticated than
primitive audio DC players. They can read all sorts of CD formats that
were invented much later, including data (computer) CD's, and even just
the raw stream of ones and zeroes. 

	These record label anti-copying schemes usually rely on the fact
that Windoze systems are default configured to automatically act in
certain ways upon seeing a CD of a certain type in their drives. 

	The record companies use this to create a CD that is both
computer programs and audio, and those programs auotmatically cause the
computer to malfunction in reading the normal audio tracks. All such
tricks are bound to fail, however, against a computer that has been
properly configured and equipped with the right software. Audio CD's, to
be able to play in a CD player, have to be completely open books written
in what cryptographers call "plaintext" and there is no way to prevent
their being copied.

	That's why each successive generation of "digital rights
management" software for CD's is more perverse and malicious than the
previous one. As each trick used to prevent the music from being played
is discovered, countermeasures are devised, and the new "copy
protection" measures need to be even more strident and devious. But it
is all to no avail: the digitalized music is there, in plain sight.

	Music Monopoly Mafia execs, the very few of them who actually
know something about their product, will admit this but say they mean to
prevent some 95, 98 or 99 percent, of end users from "misusing" or
"pirating" their product.

	But here's the rub. Once *one* rip of the audio content of a CD
has been made and shared on the P2P networks, there's no need for my
11-year-old-son, to take a purely hypothetical example, to rip the album
himself. He can simply have his daddy download the songs from the file
sharing networks.

	In this way, what is supposedly meant by the record companies to
LIMIT what is in reality consumer fair use copying (copying which is
protected by a law, the 1992 Audio Home Recording Act) actually PROMOTES
the most viral and aggressive form of this copying, internet file
sharing, which arguably goes beyond a narrow interpretation of that Act.


	By only providing computer file versions of the music that
aren't playable by the huge majority of portable players or computer
music programs, the SONY-BMG rootkit becomes even more effective in
promoting precisely that which the record companies say they're trying
to stop.

	And the record companies complement their good deeds in this
regard by mounting big publicity and legal offensives against businesses
that have developed file sharing networks and suing individual
end-users, more often than not the parents of clueless kids. This has
multiple effects:  it publicizes just where people can get the
downloaded songs; it forces a hothoused Darwinian evolution of the file
sharing technology; it pushes the creation and maintenance of file
sharing programs and networks increasingly into the open source/free
software camp, preventing the "proprietarization" of file sharing; and
it educates people on the rapacious nature of these Music Monopoly Mafia
labels and the conglomerates that stand behind them.

	The plain fact is that what made *possible* traditional
copyright protection was the industrial production of copies, and the
fact that there was a monopoly in the means of producing copies in the
hands of publishers. 

	Computers and the Internet have destroyed that monopoly, and the
business models predicated on it are doomed: these music companies have
to evolve or die. As things are going, they are going to have to make a
space for SONY-BMG and the rest of these dinosaurs at the Smithsonian,
right next to the player piano.

Joaquín

	
	










More information about the Marxism mailing list