Filed under: Analysis / Opinion, Audio, Software, Odds and ends, Security
Sony's DRM now for Macs too
Looks like Sony's DRM rootkit, loved by all, has been ported to the Mac. Sort of. Seems Sony has put a little installer which, upon entering your username and password, will happily install a couple of kernel extensions into your OS. Remember the names PhoenixNub1.kext and PhoenixNub12.kext, because those two naughty boys will be under the microscope over the next few days. They are made by the good folks at SunnComm, who can apparently hear the future... I'd agree with Darren Dittrich's concern over kernel extensions in general. But just because a EULA says they're going to install them, doesn't make it right. If I tell you I'm going to mug you, that doesn't go too far in court either. So I'm never going to complain about an app not being developed for the Mac again. Apparently there's always time for the DRM. Just remember folks, never give your username and password to strangers.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
mungler said 7:18AM on 11-11-2005
I looked at their site, and there's a link which says 'Click here to spend an hour with SunnComm'. I daren't click it in case it hijacks my computer and renders me powerless to look at anything else for 60 minutes.
I wouldnt put it past them. Bastards.
Oh, and apparently Sony's windows rootkit has now been exploited by three known viruses (so far). Its actually quite heartening to see DRM getting bad press... hopefully it'll stop this kind of invasive crap from occouring in the future. I mean.. its almost like Sony BMG are *trying* to encourage us to pirate their music instead. (Maybe they're secretly in league with the RIAA trying to create more people to sue... tinfoil hats at the ready!).
Hmm.. a rather meandering comment. I'll stop now.
Reply
mungler said 7:20AM on 11-11-2005
Interesting.. SunnComm's brochure on their DRM software carries the 'Compact Disc Digital Audio' logo :
http://www.sunncomm.com/Brochure/SunncommPage2.htm
Thats funny... I thought Philips refused to allow the CD-DA logo to be used on content-protected CDs (because of the data tracks, the error-correction on the actual music is reduced, thus not meeting Philips stringent quality control).
Wonder what Philips would have to say about that...
Reply
Cyberwhore said 7:33AM on 11-11-2005
Sony BMG, you won't get anymore money from me.
Reply
Mike said 7:54AM on 11-11-2005
Mungler:
Philips will only not allow the logo when the copy protection scheme violates the CD audio standard by messing with the CD's TOC, etc. These schemes are entirely passive in their nature, not requiring that any additional software be installed.
The DRM schemes at issue here are solely on the data track, which do not violate the CD audio standard in any way to my knowledge. Instead, they generally seem to rely on the autoplay feature of the OS, which allows them to install software on the host machine that enforces the DRM. At least in the Mac OS X case, it can't surrepticiously install software without your knowledge, hence the username/password request, unlike Windows, where not only are you basically running as the equivalent of root, but with just about everything enabled.
Reply
mungler said 8:58AM on 11-11-2005
Mike:
I thought the issue was that the data track took up so much space that the error correction had to be reduced, thus breaking the red book format. I'm unsure whether this is strictly accurate, but AFAIK Philips refuse to certify ANY disc which breaks the Red Book (CD-DA) or Blue Book (Red Book CD-DA session plus Yellow Book data session) standards.
I guess if these discs were standard Blue Book format (ie a combination of a Red Book-compliant music session, and Yellow Book-compliant data session), and the music session is fully Red-Book compliant, then Philips would certify the disk and allow the CD-DA logo. As this logo is NOT present on the Sony discs, I can only assume that the CD audio session is NOT Red Book compliant.
Reply
mungler said 9:11AM on 11-11-2005
Anyone noticed the 'customer reviews' on amazon for the CD which broke the sysintenals dude's machine?
http://www.amazon.com/exec/obidos/tg/detail/-/B00092ZM02/qid=1131718136/sr=2-1/ref=pd_bbs_b_2_1/002-3885593-5148029?v=glance&s=music
quite amusing...
Reply
mdavey said 9:53AM on 11-11-2005
I like the bit by one reviewre "this CD contains a DRM virus" :D
Reply
David Chartier said 11:34AM on 11-11-2005
This is infuriating! I can't believe these companies are stooping so low! I agree with Leo Laporte in one of his TWiT/Security Now podcasts: we should all hold a Sony CD burning party. We dont really know what these extensions can do to OS X, but the rootkits they're using on Windows literally open the door for hackers of ANY skill level to EASILY install malicious software on your machine. It's unbelievably irresponsible and a ridiculous way of *attempting* to handle the *problem* of file sharing. This is not a solution, and consumers aren't going to stand for it - suing Sony is just the beginning. These companies need to learn a lesson, and they need to join the rest of us in the 21st century.
Reply
David C. said 11:13AM on 11-11-2005
this is bad...very bad
Reply
Chris K said 11:34AM on 11-11-2005
So the era of "no viruses/trojans on the Mac" has come to an end, eh? And it was SONY that did it!?
Crazy stuff. I suggest anyone who wants Sony music check out P2P networks. You're less likely to a computer-breaking stealth app that way. :)
Reply
Victor Agreda, Jr. said 12:23PM on 11-11-2005
Yeah, I don't think this is what Steve meant when he told the ex-Sony CEO "we look forward to working together on other projects"
Can't wait to see if or how those Mac spyware apps behave with it... Has anyone installed and used something like Snitch to see what it's doing?
Reply
shrimp said 5:30PM on 11-11-2005
From The Register:
"It is not believed that the two extensions incorporate the rootkit that is causing such controversy becuase of its effect on Windows machines."
Technically, it's not a port of the same Windows version, it's different.
I don't think this will open up virii and spyware for the Mac. Apple will be damned if they would just let Sony open the door for the virii.
Reply
fra said 2:08PM on 11-11-2005
Sony can go f*** them selves.
Reply
Nevermind the DRM said 2:25PM on 11-11-2005
allofmp3.com with no regrets! Also, these cds can be ripped on an 0S 9 machine (not "classic", but booting into 9) presumably... Similarly Linux can probably be used as a workaround. I can imagine setting up an mp3 ripping partition. BUT I can't imagine giving these idiots a cent of my money to get their cds in the 1st place.
Reply
John Sibley said 6:10PM on 11-11-2005
I'm encouraging acts of civil disobedience on my site - please look. I think everyone with a website should host a non-DRM .mp3 from one of Sony's DRMed CDs until they make some sort of meaningful reparations.
Reply
?nthony Sigalas said 5:53AM on 11-12-2005
Sign this petition to stop Sony:
http://www.petitiononline.com/bcsony/petition.html
Reply
Fabulo said 7:17PM on 11-16-2005
Mungler, the audio data on CDs do not have ECC. Audio data fill 2352 bytes sectors. At 44khz, that 1/75th of a second. if a sector has read errors, chances are, you won't hear it.
Data tracks have 2048 byte of data, and use the remaining 2352-2048 for ECC, since it's quite important that the bits read are what they are meant to be.
VCD, which contain MPEGI video data do have a filesystem, contain files, but don't have ECC (it's a space vs reliability choice)
On related note, Sony sucks. They have completely lost it. It's just like they spent the last 10 years under a rock and suddenly wonder why the uproar with their ciminal-like behavior.
Reply
Anonymous said 11:42AM on 11-17-2005
Sony didn't employ SunnComm, BMG did. Since the merger over a year ago, the two have continued to use the various copy protection schemes... in some cases former Sony-only labels are using SunnComm, opposed to F4i. While, conversely, some former BMG-only lables are using the new F4i copy protection, which is PC only, at the moment. SunnComm makes copy protection for both Mac and PC platforms.
Before making err comments, do some research... just my opinion.
Reply