So far I’ve only read one account of this, but it seems a number of people are pointing at the news. The articles, “Sony’s DRM now for Macs too” and “Sony Music CD’s Contain Mac DRM Software Too” both point to this URL: http://www.macintouch.com/#tip.2005.11.10.sony, which has this to say:
“I was surprised to find a ‘Start.app’Mac application in addition to the expected Windows-related files. Running this app brings up a long legal agreement, clicking Continue prompts you for your username/password (uh-oh!), and then promptly exits. Digging around a bit, I find that Start.app actually installs 2 files: PhoenixNub1.kext and PhoenixNub12.kext.”
Those kext files are Kernel Extensions… and you do not need kernel extensions to play a music CD ;-) We’ll have to wait until someone does some poking around to find out what exactly those extensions do… and if they’re exploitable rootkits like Sony is using on Windows.
Way to treat your customers Sony!
Oh, I guess I should mention this too.. If you put a music CD into your Mac and it asks for an admin password — cancel, and HIT THE EJECT BUTTON! Take the CD back where you bought it and ask for your money back.
marc 10:27 pm on December 2, 2005 Permalink |
Um, note that there is no analog to window’s autorun “feature” on Mac, so when you put the CD in OS X will _not_ ask for your password. Instead, you have to navigate to the second “enhanced content” disk image, choose to run start.app, read the EULA which states it will install software on your computer, then type your admin password, then carry on with the bullshit.
I think you’re slandering OS X just by implying that you could put a CD in and something would pop up asking for your password. I can’t believe the amount of crap floating around on the net saying “Sony installs rootkit on Macs too” — it’s flat out wrong..
erik 2:20 pm on December 3, 2005 Permalink |
Marc, I’ve been a loyal Mac user since about 1984, so there’s no slander going on (certainly not against Apple.) I do appreciate you posting to explain the steps a user would need to take to be at risk of the Sony code though — that’s very helpful. However, for your latest sentence, unless the article I linked to is incorrect, then Sony _does_ install kernel extensions on Macs (just not automatically on CD-insert), and I did write that we’ll have to wait to find out if these are exploitable like the Windows DRM code. So, while I do appreciate the comment, I don’t believe I have any incorrect information in this post — but I’ll certainly read any counter-evidence you can link to.
Gen Kiyooka 5:02 pm on February 21, 2006 Permalink |
It _is_ possible to have an autorun style CD on OS X. However, the feature was migrated to a QuickTime preference, and in Tiger, appears to have disappeared altogether. Toast 3.5.x had provisions for making these types of autorun Mac CDs.