Security threats Toolkit

Rootkits: A sign of things to come

Tags:
Copy-protection,
Rootkits,
Copy-restriction,
Digital Rights Management

Jonathan Yarden Tech Republic

Published: 13 Dec 2005 16:00 GMT

By now, I would bet that most readers are familiar with the recent controversy over Sony BMG's notorious rootkit included on many of its CDs.

When reports of other interesting software showing up on Sony music CDs, such as SunnComm Technologies MediaMax, began to trickle in as well, I sat back and watched.

It's not that I didn't consider the recent Sony DRM fiasco to be worthy of writing about, but it's important to remember that there's a far larger security issue at stake.

Commercial media and software companies seem to believe that they can do whatever they want with DRM technologies — and that users must accept it if they intend to use their products. These vendors apparently feel that protecting their digital assets is more important than consumers' rights to use their computers — or to keep them secure.

Many companies install software on users' computers without either their knowledge or consent. While only a few of these incidents make the headlines, the problem is far more common than you might think.

The irony of the Sony situation is that few mainstream users are intentional music thieves — most just want to listen to CDs on their computers. Sony were likely to have paid millions to license this DRM technology, installing it to prevent ordinary users from stealing, who probably weren't interested in copying the music anyway.

But let's not forget the larger issue at hand. Sony apparently felt entitled to subvert users' rights in favour of its own. The average user doesn't know what installs or runs on his or her computer, and companies like Sony know it.

Personally, I didn't encounter any of the Sony copy-restricted CDs, but they wouldn't have affected me even if I had. I disabled the ability of Windows to automatically run software from a CD shortly after I bought my laptop. By doing so, I prevented Sony and other like-minded companies from getting their hooks into my system.

Incidentally, DRM software wouldn't work on my Linux workstation either, since it's not a Windows or Mac and I can play music CDs all I want. In addition, you can also disable the feature known as Autostart on Apple systems and achieve similar results.

And some reports claim that a black marker or tape is also effective for stopping such copy restriction. Of course, I may have just violated the DMCA, by explaining how to circumvent the Sony DRM system.

So, in my opinion, the Sony debacle itself wasn't clearly an Internet security issue — until news surfaced of the botched rootkit-remover program that opened up Windows systems to other exploits.

The key point to remember is that this issue is larger than Sony. It's the fact that many companies feel free, even entitled, to change how computers work because they know few people will realise it.

Sony's fiasco aside, hidden software presents a huge amount of Internet security risks. Vendors that use these practices are taking advantage of the fact that most users believe companies wouldn't install software on their systems without prior consent — a very naïve assumption.

But the Sony rootkit is unfortunately just the tip of the iceberg. How much software on your system decides to automatically run at startup and take it upon itself to "phone home"?

While many of these programs are innocuous, they can still represent quite a risk. How much longer until some black hat decides to hijack one of these programs and subvert it for his or her own nefarious use?