Dr. Dobb's Journal, February 2006
You are advised not to allow that installation. If you do install the music player, you will also install a rootkit. The term comes from UNIX, where the primary superuser is known as "root" and if you are the root, you can do anything. A rootkit is a particular kind of spyware that hides from detection by spoofing the operating system into believing no such spyware exists. The directory in which the rootkit files reside is hidden and you'll never find it with any normal operating-system command.
That's what the Sony music CD system installs on your computer in the name of digital rights protection. The Sony rootkit is a serious invasion of your system, and is so successful at hiding that third-party spyware people can use it to hide their own malware, and at least one is reported to have done so. Moreover, savvy World of Warcraft online players used the Sony rootkit software to hide their cheat software.
It gets worse. Not only does the Sony DRM rootkit hide, but if you detect it, you cannot safely remove it. Attempts to remove it have resulted in blue-screen crashes and the requirement to reformat the disk and reinstall the operating system and all applications. Naturally all unsaved data were lost—and this happened to experts.
The Sony rootkit was discovered by former DDJ Contributing Editor Mark Russinovich at Sysinternals. His story (see http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html) makes for fascinating, if horrifying, reading.
But it gets worse. Not only is the Sony DRM rootkit impossible to uninstall, but it "phones home," giving coded information to a server at Sony headquarters. As I write this, no one has any idea of what Sony plans to do with that information. The important point here is that this is stuff you don't want on your computer, and you can't detect it with any normal antispyware programs. It takes a rootkit detector to find it, as a horrified Mark Russinovich discovered during a test of rootkit detection software. The Sony DRM rootkit had been on his computer for some time, and he had never suspected a thing. If that can happen to the system internals guru, it can happen to you.
Now the final horror. Under the DMCA, it is very likely a criminal act for you to remove the Sony rootkit from your system. Worse, it is likely a criminal act if I tell you how to remove the Sony DRM rootkit. And thus my advice: Don't buy Sony music CDs, especially if there is any chance at all that they will be played on a Windows PC.
Of course, by the time you read this Sony may have provided an uninstaller for its rootkit DRM system. Still, Sony's actions do not indicate that the company understands the seriousness of this situation, and at this writing Sony has yet to offer an uninstaller I would trust. Stay tuned.
But even if it is legal to remove it, it is dangerous to do so. In particular, booting in DOS and examining the directories to find the rootkit directory, then deleting that, will almost certainly crash your system. The Sony rootkit alters the registry to redirect certain function calls, and if the OS can't find the instructions it has been redirected to, it can't recover.
Sony does supply a patch to your operating system that lets you see the rootkit directory. However, the procedure for getting a legal copy of this patch is tedious. Of course, no sane person wants application software that requires an operating system patch from a third party. When Microsoft sends you updates and patches, Microsoft knows that code is there. When you patch your OS with software supplied by Sony, how is Microsoft to deal with it? I do not advise you to install a Sony-supplied OS patch.
In response, one reader wrote about a possibly useful program:
I pass along a tool I found to help deal with the Sony disks. http://www.smart-projects .net/ offers a freeware tool to read CDs called ISO Buster that sees the disk layout and allows extraction of the WAV files.
John
Note that this program may be illegal under the DMCA, and thus may not be available for long. I leave all conclusions in this matter as exercises for the reader.
Between the public (and artist) outcry and a bunch of lawsuits, it didn't take Sony long to start backing down: First saying that its XCP DRM scheme applied to 20 titles, then later admitting that it was actually 52, Sony decided to pull CDs from the shelf and give customers the opportunity to exchange for nonXCP versions.
The twice-yearly Demo Conference shows off new technologies and services—up to 70 in two packed days of six-minute demonstrations. Leading off the demo cavalcade at Demo/Fall 2005 was U3 (http://www.u3.com/), makers of embedded technology for "USB smart drives." And the demo was indeed smart: Plug the device into the demo Windows laptop, and the software it contained was available to run there—no installation, no footprint on the host PC. Unplug it (even surprise removals) and it all disappears. There were trialware apps and other bundle deals, which vary depending on the U3 partner.
Smartly demonstrating the technology was ready, I was handed no less than four U3-enabled USB keys from Verbatim, Kingston, SanDisk, and Memorex. U3's trick took some doing; long-time IT veteran and U3 CEO Kate Purmal hinted at a long development cycle, mostly software to fool the OS into working the way they wanted.
U3's software (Windows now, Mac soon) is a real stack, not merely a single-point hack. We're keenly interested in learning how U3 achieves the application redirection (and the other cleverness). U3 promises much of the info on integrating with its capabilities will be public, so developers can make intelligent use of it. There is a freely downloadable SDK at http://u3.com/developers/downloads/default.aspx.
At home, we ripped open the Verbatim 1-GB U3 drive packaging, and plugged it in. As we surmised upon seeing the demo, to Windows, the U3 looks like two devices in one—a CD and a removable disk drive. The CD part autoplays, runs the (not very big) U3 software stack, which in turn, opens an intro clip, and walks you through a demo. From there, you can simply use it as a standard thumb drive, or add your own software, and have it with you no matter what computer you might use, without installing anything on that computer. It does put a new icon in your system tray when a U3 device is installed, which you should use to eject instead of Windows' usual icon.
Astute readers will realize U3's basic strategy is exactly the same method that Sony uses to install its "rootkit" software on your computer, though with far more positive intentions. It could probably silently leave other software behind on your computer, as well, though that's not the intent, and we've never found any signs of that. Instead, it's a pocket-sized Place For Your Stuff, externally indistinguishable from a standard thumb drive.
The Verbatim 1-GB U3 drive we tested comes with McAfee antivirus, ready to run (again, without installation). We used it to check out a computer that had been running without virus protection, then ejected the Verbatim U3 thumb drive. Actually, as a test, we just yanked it loose without notice (a "surprise removal" in Windows parlance), which caused the U3 software to politely remind us we should use the U3 icon to do that in the future. Lecture complete, it then went completely away.
I've done the same test with the Kingston U3 drive, with the same results. It Just Works.
And that is the point of U3's technology: You can have all your favorite software, ready to run, on any Windows-based computer you might use, without installing anything or corrupting the host machine. At Demo/Fall, Kate claimed you can install Microsoft Office right onto a U3 drive. We haven't tried that yet, but what an idea for those willing to rely on the kindness of others.
Prediction: U3-enabled thumb drives are going to become indispensable for road warriors (run your presentation from any available computer!), IT corridor warriors (all your favorite fix-it tools, instantly available), and well, just about anyone else who wants Their Own Stuff no matter what computer they happen to be using. For now, the advanced features only work on Windows, though U3 devices work like any other thumb drive on Macs (without the advanced features, at least for now). We're told U3 will come to Mac, but that's Real Soon Now.
This is Chaos Manor, and our methods are sometimes, well, chaotic. Sometimes things are just so useful, and so ubiquitous here, that we forget to list them.
That almost happened with the Seagate USB drives. These come in many sizes and flavors, and everyone loves them, and because we all use them and they Just Work, we nearly forgot them. They're great gifts, and best of all, just about everyone can use another external storage drive, even if they already have one or two.
The most popular Seagate external drives here are the 5-GB "Cookie," which fits in a shirt pocket and goes with you anywhere and draws its power from the USB connection—it works wonderfully with Lisabetta—my TabletPC. The 100-GB "book" that is small enough to fit in a briefcase, and uses two USB connectors, one for data and one for power; and the 400 GB, which has its own wall brick power supply.
One way to use the 100 is to have a powered USB hub expander (Belkin makes some good ones, and those are what I carry) so you're not draining your laptop.
Whatever size you get, you can be sure a Seagate USB external drive is welcome, and they are recommended.
The computer book of the month is Joli Ballew and Jeff Dunteman's second edition of Degunking Windows (Paraglyph Press), which is better than the first edition. You will certainly profit from the chapters on registry cleaning and the recommended tools for doing that. There's sound advice in every chapter, and I can pretty well guarantee you'll learn a few you didn't know. Recommended.
The second computer book of the month is also from Paraglyph: Jesse M. Torres and Peter Sideris, Surviving PC Disasters, Mishaps, and Blunders. Most of it is just common sense, but if you've just had a disaster, common sense is the one thing you won't have: Just having a book that shows someone else has thought through the situation can help.
DDJ