Ed Felten has put together a SonyBMG DRM Customer Survival Kit. It includes command-line instructions to determine if you have the Aries.sys driver installed on your computer, along with instructions on how to disable the service.

Professor Felten also notes that Sony will actually tell you how to work around its copy protection if you ask:

How to get songs from these discs into iTunes, an iPod, or anywhere else you can legally put them: SonyBMG will send instructions on how to do this to anyone who asks. Note that their instructions direct you to agree to their End User License Agreement; be sure to read the agreement and think about whether you want to accept it.

Or you could just read the instructions at his site.

Unfortunately, the workaround involves making inferior (128K) WMA copies of the tracks, burning them to a CD, then reripping them in any format you like. There’s no way to get a decent copy, much less a perfect digital copy.

Sophos is the first security software vendor to make available a removal tool for the Sony rootkit. Get it here:

Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.

This version of the tool detects and disables the Sony DRM cloaking copy protection technology (which Sophos refers to as Troj/RKProc-Fam). It also detects and disables other Trojans, including Troj/Stinx variants, which are stealthed by Troj/RKProc-Fam.

I just ran it. Pretty much painless (and as expected I didn’t find a trace of it here).

F-Secure says “I told you so”:

We have just analyzed the first malware (Breplibot.b) that is trying to hide on machines that have Sony DRM software installed.

I’ve seen reports that Pest Patrol and some Norton products are now detecting the Sony rootkit.

And in the comments to a previous post in which I asked for Microsoft’s help (Dear Microsoft: Please clean up the Sony mess), my old friend Giesbert Damaschke points out an encouraging new article:

Microsoft ‘Concerned’ by Sony DRM

The Redmond, Wash., software maker said that the security of its customers’ information is a “top priority” and that the company is concerned by software like that deployed by Sony to block illegal CD copying.

However, unlike other security software vendors, Microsoft hasn’t decided whether to take more aggressive action against the product, such as detecting and removing it from systems, the spokesperson said.

Hmmm. Maybe someone could write a little tweak that causes your computer to make a loud retching sound whenever a rootkit-infected CD is inserted?

Update: Brian Krebs of the Washington Post passes along this five-year-old quote from Sony’s CEO, which discloses how the company really feels about its customers:

Sony CEO Howard Stringer, who kept the audience laughing throughout the night with a battery of quips, said, “Right now it would be possible for us, and I’ve often thought it would cheer me up to do it, you could dispatch a virus to anybody whose files contain us or Columbia records, and make them listen to four hours of Yanni … but in the end we’re going to have to get serious about encryption and digital-rights management and watermarking.”

Something tells me the tape of that conference will be played at a future trial.

And somewhere in Sony HQ, a PR person is banging her head against a desk realizing that the spin is just not working.

Dwight Silverman shrugs off the plague and publishes a list of Sony/BMG titles with rootkits.

I only recognize two of them. And I don’t think the list is complete. Unless I’m mistaken, the latest CD from Leo Kottke and Mike Gordon installs this crap.

The irony to me is that Trey Anastasio and Mike Gordon are both on this short list. Ironic, because these two are members of the disbanded Phish, which built up a community of tapers who traded noncommercial copies of concerts with the band’s imprimatur.

So far, no really big artists on this list. No Dylan, no Springsteen…

(PS: Go back to bed, Dwight!)

Most of the coverage I’ve seen so far of the Sony rootkit disaster mentions that this software has been used for about six months. That must refer to the latest batch of copy-protected CDs, which use the First 4 Internet XPC code. But Sony’s been wreaking havoc with Windows for much longer than that. In fact, I’ve found evidence of problems dating back at least three years.

I started with this Google search, which turned up 29,000 links at Amazon.com that contained the words content AND enhanced AND protected. That doesn’t translate to 29,000 CDs, because the search results turns up multiple links to each CD. But it’s a starting point.

And then I started clicking and reading reviews. Early on, I found a comment from an Amazon customer who bought the soundtrack to Brown Sugar. The CD was released in September 2002, and this comment was posted in May 2003:

I knew I wouldn’t be able to copy selected songs to my PDA for my own private use when I purchased this CD so I have no complaints about that aspect of the copy-protection. I didn’t expect to have a hard time playing it on a computer, however. The ‘player’ that’s supposed to launch when you insert the CD into your drive is adequate *when* it plays. It took awhile to get the player and CD to do their thing the first time but it did eventually play. I had to restart my computer in order to use my standard player for other CDs and no CD is worth that much trouble. When I tried a second time the CD just plain wasn’t recognized so I tried it on another computer and that CD drive completely disappeared from ‘My Computer’, the CD never loaded and now I’m wondering what kind of re-configuring I have to do there. And, guess what – it also proves occasionally problematic on my new CD player which supports mp3s. I’m not a computer newbie and it’s not a matter of my not understanding. This is way beyond a minor inconvenience.

Sound familiar?

A comment attached to Healthy In Paranoid Times (Sony, August 2005) described similar problems and pointed me back to this dire warning at Sony’s Web site:

Sony Global – Urgent Message Regarding Problems Caused by Microsoft Windows Security Update Program MS04-032 (KB840987):

It has been confirmed that some of Sony’s application software(*) for managing music files on the PC may not work as originally intended, if a user installs Microsoft Windows Security Update Program MS04-032 (KB840987) on his/her PC. Sony has been investigating the cause of this problem as well as working on countermeasures in collaboration with Microsoft Corporation. A countermeasure program (KB887811) to remedy this situation is now available at Microsoft’s website as shown below.

Sure enough, Microsoft issued Critical Update for Windows XP (KB887811) in October 2004, more than one year ago, to fix the problem identified here.

After you install the MS04-032 (KB840987) Security Update for Windows on a computer running either Windows XP or Windows XP with Service Pack 1 and then try to run an OpenMG compliant music software, the OpenMG compliant music software may not run as expected or respond. Install this update to help resolve this issue. After you install this item, you may have to restart your computer.

OpenMG? What the hell is that? The KB article for that Critical Update has a long list of “OpenMG-compliant music software that includes the OpenMG Secure Module.” And not surprisingly, almost all of it is from Sony.

In response to an earlier post of mine, a commenter wrote:

Ed, Sony’s response is ignorant –but that’s because they don’t understand what a rootkit is and how damaging they can be. In fact, when NPR introduced the concept on the radio this morning, I was hardly surpised to hear a very garbled and oversimplified description of rootkit technology.

If Sony’s to blame, it’s because they tried to play with the computer equivilant of a sharp stick and accidentally hurt themselves. Now they’re bleeding and they don’t know what to do.

They’ll learn. Most of us are still learning about this. Only people like Russinovich really have a handle on this situation. I’m not trying to whitewash what Sony BMG is doing, but you have to allow time for the managers in suits to wrap their minds around this topic.

I place the blame squarely on First4Internet. These idiots should have known better. Their programming effort can only be described as a hack of the first order. It was sloppy to the point of carelessness.

The bottom line is that if DRM technology is going to include rootkits, then we need reasonable assurances that such rootkits are narrowly targeted, stable, and well written.

Sorry, no. Sony’s DRM has been causing major consumer headaches for years, and they don’t seem to care. In fact, they have graduated from sharp sticks to Ginsu knives to chainsaws.

And the notion that any software developer should be allowed to cloak its technology using rootkits is wrong, wrong, wrong.

I have a feeling that Windows Vista will block this sort of crude hack. Has anyone tried using one of these Sony CDs on a current beta of Windows Vista yet?