While Sony's use of rootkits and all its publicity may seem as bad as it is, apparently its DRM software is encountering further concerns including being classed as Spyware by Kaspersky Lab. It has also been found to introduce a security vulnerability as well as potentially crash Windows during the installation of Sony's recent patch to 'decloak it'. Once the user agrees to the EULA when the CD is loaded, the rootkit is installed, which makes files, directories and registry keys beginning with '$sys$' invisible to the system, such as those used by the CD's DRM software.
As Sony's rootkit can hide files and registry keys, this introduces quite a serious security risk, since hackers, viruses or other unwanted software can make themselves invisible also on any system with this rootkit installed just by adding a $sys$ to the beginning of its file/directory names or registry keys. This is what makes it such a concern for the companies behind antivirus software since it cannot detect these type of files. Also, up until now, rootkits have only ever been used by malicious software and viruses, so tools that check for rootkits would need to be designed to recognise the difference between this and those used maliciously.
Finally, even though Kaspersky classes Sony's DRM software as Spyware, apparently the software has also been found to call home by connecting to Sony's website. While it appears like it only looks for updated lyrics or images each time one of its copy-protected CDs is loaded, there is a potential for the remote server to log the IP addresses and how often the disc is played. However, according to a company spokesman, no information is ever collected.
|
"The Sony rootkit can be used to hide any files from the operating system, so we think the way that Sony has implemented this is somewhat flawed," said Graham Cluley, the senior technology consultant at Sophos. "The danger is that other malware (malicious hardware) may come along which exploits the Sony rootkit." The full article can be read here. Some further info can be read on this PC World article. |
This has been a bad week for Sony, particularly when it comes to its policy to have all its CDs protected with anti-piracy measures. At least they have agreed to move away from its use of rootkits, however as they have 20 CD titles already on market using this version of DRM, they have done quite a bad mistake when it comes to loyal customers who have chosen to purchase these particular CDs.
As audio CDs were not designed to have copy protection measures on them in the first place, it would be better for the record labels to just do away with risky anti-piracy measures altogether on CDs, since in the end, the only people these anti-piracy measures affect are those who buy the CDs! Those who choose to download music freely from P2P networks will never be affected, regardless of how sophisticated CD copy protection gets. CD anti-piracy measures may stop the casual user from making their music available online, however all it takes is for one person to successfully rip the contents in order for it to spread like a virus over P2P.
Source: c|net news - Threats
Next: Is it time for Sony to recall their rootkit DRM music Cd's?
Previous: CD Freaks presents: SONY DRU-810A DVD burner review