Enterprise applications Toolkit

Sony CD protection sparks spyware row

Tags:
Copy Protection,
Malware,
Rootkit,
Cloaking

John Borland CNET News

Published: 02 Nov 2005 13:15 GMT

...for digging deep into a computer’s operating system to hide the fact that certain software files exist or that the computer is performing certain functions.

Unlike other, less-powerful means of hiding files on a hard drive, rootkits are created to be extraordinarily difficult to uninstall without specific instructions, rooting themselves in an operating systems’ deepest recesses in order to prevent their deletion.

In the case of the SonyBMG software, trying to remove it manually could shut off access to the computer’s CD player, researchers said.

Security researchers note that simply hiding something doesn’t make it a threat, and the SonyBMG software is designed to hide the digital rights management tools that prevent unauthorised copies of the CD from being made.

However, it does remain active in the background of a computer, taking up a small amount of memory, even when the CD is not being played. Thus the rootkit software does have the potential to be misused by others, according to some researchers. The First 4 Internet software’s technique for hiding files is broad enough that it could be adopted by virus writers, allowing them to hide their own tools on computers that have run the software from the CD, say some security experts.

That’s an "academic" concern, but a real one, said F-Secure Chief Research Officer Mikko Hypponen, who wrote a warning on the issue on Tuesday.

"Right now if you have this on your system, there is no real-world risk just because of this," Hypponen said. "But it would not be too far-fetched that some virus writer would try to take advantage of this."

Gilliat-Smith said his company is working with major antivirus software companies to help their software recognise the copy-restriction tools and help guard against misuse.

The criticism over the protection technology highlights the careful balance record labels are trying to strike as they seek ways to guard their discs against copying.

Label executives have increasingly shifted their public piracy concerns from Internet file-swapping to the effect of widespread CD burning. The Recording Industry Association of America cites recent research from marketing specialist NPD Group showing that 29 percent of consumers’ new music is acquired through ripping or burning a copy of a CD.

The CD copy restriction tools now on the market do let consumers make copies of the music, both in the form of digital files on their computer and a limited number of backup CDs. Labels say they support both these activities, as long as they’re for personal use.

The files that can be ripped to computers from these discs cannot be played on iPod MP3 players, however. The labels say they have not yet been able to persuade Apple to include this capability.

Several earlier versions of copy restriction were widely mocked online for being trivially easy to circumvent, by using techniques that included holding the computer’s "shift" key down while starting, and colouring the rim of a CD with a magic marker.

Later versions of the technology, such as that produced by First 4 Internet, have made it more difficult to disable while still allowing the discs to be played on most computers.

"Obviously there are a lot of people who don’t like the technology, and we will take note if we need to," Gilliat-Smith said. "Our approach is to make the balance between protection and the consumer experience the best that we can make it for our customers."