Sony CD protection sparks spyware row
Published: 02 Nov 2005 13:15 GMT
Mark Russinovich was doing a routine test this week of computer security software he’d co-written, when he made a surprising discovery: Something new was hiding itself deep inside his PC’s guts.
It took some time for Russinovich, an experienced programmer who has written a book on the Windows operating system for Microsoft, to track down exactly what was happening, but he ultimately traced it to code left behind by a recent CD he’d bought and played on his computer.
The SonyBMG-produced Van Zant album had been advertised as copy-restricted when he’d bought it on Amazon.com, and he’d clicked through an installation agreement when he put the disc in his computer. What he later found is that the software had used a sophisticated cloaking technique that involves a "rootkit" — something not dangerous in itself, but a tool often used by virus writers to hide all traces of their work on a computer.
"We’re still trying to find a line between fair use and digital rights management, and it is going to take issues like this, with discussions between lawmakers and industry, to come up with what’s fair and honest," Russinovich said. "But I think this has gone too far."
Russinovich posted a detailed step-by-step account of his findings on his blog, drawing immediate criticism of SonyBMG’s technology from some inside the security software community. The passionate response underlines the power copy restriction retains to inflame emotions and spark bitter debate, despite the growing string of chart-topping albums that have been released over the past year with the restrictions included.
A handful of security companies weighed in on the issue, saying the rootkit could present a possible — if still theoretical — risk to computers.
The creator of the copy-restriction software, a British company called First 4 Internet, said the cloaking mechanism was not a risk, and that its team worked closely with big antivirus companies such as Symantec to ensure that was the case. The cloaking function was aimed at making it difficult, though not impossible, to hack the content restriction in ways that have been simple in similar products, the company said.
In any case, First 4 has moved away from the techniques used on the Van Zant album to new ways of cloaking files on a hard drive, said Mathew Gilliat-Smith, the company’s chief executive.
"I think this is slightly old news," Gilliat-Smith said. "For the eight months that these CDs have been out, we haven’t had any comments about malware (malicious software) at all."
A SonyBMG representative said the software could be easily uninstalled, by contacting the company’s customer support service for instructions. Those instructions are not specifically available on the Web site that answers questions about the company’s copy restriction tools.
Rootkit software has been around for over a decade but has recently come to increased prominence as more writers of viruses and the like adopt it for their purposes. Essentially, rootkits are tools...
For more, click here...
Previous
Did you find this article useful?
145 out of 289 people found this useful
- Share this article:
Full Talkback thread
4 comments
