Sony Rootkit
November 21, 2005 4:26 PM   Subscribe

What are you doing to remove the Sony Rootkit that was so surreptitiously installed when you played that new Alan Jackson or Celine Dion CD?
posted by gnz2001 to Computers & Internet (8 answers total)
The Windows Malicious Software Removal Kit will be adding the Sony Rootkit to its list of malicious software to remove. link
posted by clarahamster at 4:59 PM on November 21, 2005

I hadn't bought/played any of the infected CDs, so I only needed to take preventitive measures for the future - the Sony rootkit, like a lot of other DRM on CDs takes advantage of autoplay (the setting that tells your computer to load a CD when you insert it in the drive, on the once-safe assumption that you wouldn't be putting a CD in the drive unless you wanted to use it).

So, Google search for "disable autoplay", follow the instructions, and the computer is now immune. While I'm sure I could manually launch the rootkit from the file manager if I wanted, the process can't secretly start when I simply pop it in to play as a music CD, or if I want to rip the tracks to MP3.

This isn't the first, and isn't going to be the last DRM infection that uses autoplay, so disabling autoplay seems a good policy in general.
posted by -harlequin- at 5:51 PM on November 21, 2005

I stopped purchasing CDs. :-)

AllofMP3 is my hero now. See also: iTunes.
posted by disillusioned at 6:45 PM on November 21, 2005

Meanwhile, and this belongs in my first post, Sony is supposed to be releasing their own brand of software to take out the malware, with something along the likes available here.

A thorough reading of this Inquirer article should answer all your questions. And convince you to never, EVER purchase a CD from Sony again.
posted by disillusioned at 6:52 PM on November 21, 2005

I just don't buy anything except ringtones.
posted by moift at 7:42 PM on November 21, 2005

Neither Sony's removal tool (as it currently exists) nor Microsoft's Malicious Software Removal Tool actually, fully remove the Sony DRM software.

They do remove the "rootkit" component -- which is to say, the part that hides any files beginning with $sys$. However, the bulk of the program stays behind (albeit visibly now), and it is this part that can render your CD drive unusable if not removed properly.

Do not use Sony's tool to remove this rootkit -- it installs an ActiveX control that will allow any website -- any site at all -- to have full control of your computer. It also (as mentioned) only removes the cloak, and in fact also [i]updates[/i] the rest of the DRM to a newer version. Instead, follow the instructions posted by Mark Russinovich (the person who discovered the rootkit):

1) Open the Run dialog from the Start menu
2) Enter “cmd /k sc delete $sys$aries”
3) Reboot

That will remove the cloaking, but I still do not know of a safe way for the casual user to remove the rest of the DRM software. Sony/First4 made it difficult for even experienced users. If you're daring, you can try to follow the steps that Mark outlined in his first blog entry on the subject, but if you aren't 100% comfortable working in the Registry Editor and on the command line, I wouldn't.

On a more personal and totally non-objective note: Sony has made it clear that they have no qualms about modifying the internal workings of your computer, without making clear their intentions or exactly what was done, and without explicitly asking permission. They have publicly stated that, since most users will not know what happened, they should not care that their property has been tampered with. Their actions could be construed as felonies under many laws regarding unauthorized access to computer systems (and I hope the upcoming lawsuits against them address this).

For these reasons, I personally believe that it is not only morally acceptable to download MP3/Ogg/etc copies of Sony-distributed CDs, but that doing so is preferable to purchasing them.
posted by CrayDrygu at 9:03 PM on November 21, 2005

For these reasons, I personally believe that it is not only morally acceptable to download MP3/Ogg/etc copies of Sony-distributed CDs, but that doing so is preferable to purchasing them.

Actually Sony will replace any CD with the DRM on it, but you'll have to mail in the original copy. Not only that, they'll also email you a link to download completely DRM free mp3 files of the originals (ironicaly enough)
posted by Paris Hilton at 11:13 PM on November 21, 2005

Freedom to Tinker (the weblog of CS professor Ed Felten and other active DRM experts) has done a good job of tracking this. Here are the posts that directly answer your question:
posted by mbrubeck at 5:32 PM on November 22, 2005

« Older How Can I Run An Open Access Point Without...   |   converting Pages docs without having Pages? Newer »
This thread is closed to new comments.