Or One More Reason to Get Pissed at the Music Industry. A geek read, but very interesting.
The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.
The DRM not only installs itself sneakily and hides from you once it does, but heaven help you if you try to uninstall it.
Posted by binky at November 1, 2005 02:59 PM | TrackBack | Posted to MusicAt that point I knew conclusively that the rootkit and its associated files were related to the First 4 Internet DRM software Sony ships on its CDs. Not happy having underhanded and sloppily written software on my system I looked for a way to uninstall it. However, I didn’t find any reference to it in the Control Panel’s Add or Remove Programs list, nor did I find any uninstall utility or directions on the CD or on First 4 Internet’s site. I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall. Now I was mad.
I deleted the driver files and their Registry keys, stopped the $sys$DRMServer service and deleted its image, and rebooted. As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.
When I logged in again I discovered that the CD drive was missing from Explorer. Deleting the drivers had disabled the CD. Now I was really mad.
UPDATE: There is more on the SONY rootkit situation:
A few days after I posted my first blog entry on Sony’s rootkit, Sony and Rootkits: Digital Rights Management Gone Too Far, Sony announced to the press that it was making available a decloaking patch and uninstall capability through its support site. Note that I said press and not customer. The uninstall process Sony has put in place is on par with mainstream spyware and adware and is the topic of this blog post....
snip
Sony has left us to speculate, but under the circumstances the answer to all these questions seems obvious: Sony doesn’t want customers to know that there’s DRM software installed on their computers and doesn’t want them to uninstall it if they somehow discover it. Without exaggeration I can say that I’ve analyzed virulent forms of spyware/adware that provide more straightforward means of uninstall.
Read it all here from the original source.
Posted by: binky at November 10, 2005 06:28 PM | PERMALINK