Mark Russinovich couldn't understand how the rootkit had sneaked onto his system. An expert on the internals of the Windows operating system, he was careful when it came to computer security and generally had a pretty good idea of what was running on his PC at any given time. And yet the security tool he was using to check his PC was pretty clear: It had found the "rootkit" cloaking software typically used by virus and spyware writers.
After a bit of detective work, Russinovich eventually tracked down the source: a Sony BMG Music Entertainment CD entitled "Get Right with the Man," performed by country music duo Donnie and Johnny Van Zant.It turns out that Sony is using techniques normally only seen in spyware and computer viruses in order to restrict the unauthorized copying of some of its music CDs. Sony's software, licensed by Sony from a Banbury, UK, company called First 4 Internet, has become the basis of a dispute that once again pits computer advocates against an entertainment company experimenting with new ways to prevent unauthorized copying of its products.
When I read this, I remembered reading about a year or so ago, that Sony was going to imbed its CDs with some kind of tracking device and/or spyware that would limit how many times you could copy the CD, and put a bot out on the internet should you try to share it. That pretty much made me swear off buying any new CDs. What was of concern to me was that you could not remove all the files on your computer that this program installed without first contacting Sony direct and requesting the necessary uninstall program.
Then I read this.
Sony BMG said today it will offer a patch for one of its own exploits - one that comes bundled with its music CDs.
The code cloaks itself and by intercepting and redirecting low level windows system calls, forces the audio through a custom player, and restricts the number of CD burns that can be made.
As Sys Internals' Mark Russinovich discovered this week, removing the Sony code using standard anti-malware tools leaves the user with an inoperable CD drive.
So, now they would provide the patch without having to directly request it, on an individual basis.
Then, gosh darn it, those awful little worm guys figured out that they could use this rootkit to hide worms, since the Sony guys perfected a hidden file system.
Finally, Sony had to discontinue using the rootkit.
Sony BMG said today it will offer a patch for one of its own exploits - one that comes bundled with its music CDs.
The code cloaks itself and by intercepting and redirecting low level windows system calls, forces the audio through a custom player, and restricts the number of CD burns that can be made.
As Sys Internals' Mark Russinovich discovered this week, removing the Sony code using standard anti-malware tools leaves the user with an inoperable CD drive.
Now Microsoft has gone and created an update that will completely uninstall and remove the Sony rootkit from all Windows operating systems. Take that, ya baaastaards!
Security tools within Windows will soon seek out and destroy the rootkit-like component of Sony's CD copy-restriction software.
Microsoft will update its security tools to detect and remove part of the copy protection tools installed on PCs when some Sony music CDs are played.
The software maker has determined that the "rootkit" piece of the XCP software on some Sony BMG Music Entertainment CDs can pose a security risk to Windows PCs, according to a posting on Saturday to a Microsoft corporate Web log.
No comments:
Post a Comment