Friday, November 11, 2005


Free Software from Sony

Lucky Windows(tm) users receive free software on Sony audio CDs! But sorry, it does not run on Mac or *nix. As if Windows Media Player, RealPlayer, Quicktime were not enough, Sony provides a player which limits the number of copies one can make. It also hides itself using "rootkit" technology, does not have an uninstall procedure, and may cause problems such as CD/DVD drives "disappearing", locking up, blue screen of death, and "false" positive alerts from

Mark Russinovich's Sysinternals Blog has the most complete reporting on what the software does, what Sony and their supplier, First 4 Internet, say about the software, and the problems it poses. He also notes that legal action has been initiated in California and Italy.

F-Secure includes the XCD DRM software in "Rootkit Information", concluding

Although the software isn't itself malicious, the hiding techniques used are exactly the same that malicious software known as rootkits use to hide themselves. The DRM software will cause many similar false alarms with all AV software that detect rootkits.

Symantec classifies First4DRM a "medium" risk, and provides a removal tool. They note

Manual Removal
WARNING: Removing this security risk manually may damage the compromised computer's operating system and may violate the manufacturer's end-user license agreement.

McAfee says
With the latest DATs, McAfee detects, removes, and prevents reinstallation of XCP. Please note that removal will not impair the copyright protection mechanisms installed from the CD. There have been reports of system crashes possibly resulting from uninstalling XCP ( ). System crashes may also occur during repair using McAfee products due to issues in the First4Internet code itself.

Computer Associates classifies this DRM as a Trojan, with behavior they characterize as not very legal:
XCP.Sony.Rootkit.Patch updates XCP.Sony.Rootkit to XCP.Sony.SP2. This change removes rootkit functionality and addresses the vulnerability associated with the XCP.Sony.Rootkit rootkit. It also reduces hard drive scans on the part of the falsely named "Plug and Play Device Manager" service. Despite these benefits, XCP.Sony.Rootkit.Patch displayes no notice of what it will do, offers no opt-out once invoked, and removes the rootkit in a manner which can cause system crashes. The aries.sys driver file installed by XCP.Sony.Rootkit is called when one of several hooked functions are called by any program. If a program has just initiated such a call when it is removed by this patch, what used to be a pointer to aries.sys is now a pointer to unallocated memory, which can cause a blue screen of death.

"reduces hard drive scans on the part of the falsely named "Plug and Play Device Manager" service? Does the EULA notify the computer owner that her disk will be searched, presumably for digital media files that were not yet "managed"? And the patch only "reduces" them? Never mind that it displays no notice of what it will do, or the dangers involved.

  • Installs without user permission.
  • Updates programs on the system without user permission or notice at time of update.
  • Interferes with the regular operation of the operating system without user permission.
  • Cannot be uninstalled by Windows Add/Remove Programs and no uninstaller is provided with application.

  • A few drawbacks, but hey, it is free!

Maybe only on CDs sold in the USA.

Tags :

StumbleUpon Toolbar Stumble It!
There is software named as Digeus I use it when system chashes, doesn't boot up or freezes. I also recommend Tune Up Suite. It tweaks windows to perform better.
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?