November 9, 2005 11:54 AM PST
Antivirus firms target Sony 'rootkit'
- Related Stories
Sony's antipiracy may end up on antivirus hit listsNovember 4, 2005
Sony to patch copy-protected CDNovember 2, 2005
Sony CD protection sparks security concernsNovember 1, 2005
The Sony software, found on several of the company's recent albums, is triggered by playing one of the CDs in a PC. From the CD drive, the software installs itself deeply inside a hard drive and hides itself from view. This cloaking technique could be used by virus writers to hide their own malicious software, security experts have said.
There is a range of opinion among security companies about how much risk the software poses, from those who consider it no worse than an adware pest to those who view it as potentially dangerous spyware.
Symantec said Wednesday that its antivirus software would identify the Sony software, but would not remove it. Instead, it will point to Sony's own Web site, where users can get instructions for uninstalling the software or download a patch that will expose the hidden components.
"We're trying to reinforce here that we're not talking about a virus, or malicious code, we're talking about technology that could be misused," Symantec Senior Director Vincent Weafer said. "We're trying to work co-operatively."
However, Computer Associates, which has a security division, said on Monday it had found further security risks in the Sony software and was releasing a tool to uninstall it directly.
According to Computer Associates, the Sony software makes itself a default media player on a computer after it is installed. The software then reports back the user's Internet address and identifies which CDs are played on that computer. Intentionally or not, the software also seems to damage a computer's ability to "rip" clean copies of MP3s from non-copy protected CDs, the security company said.
"It will effectively insert pseudo-random noise into a file so that it becomes less listenable," said Sam Curry, a Computer Associates vice president. "What's disturbing about this is the lack of notice, the lack of consent, and the lack of an easy removal tool."
A Sony representative said the company's technical staff was looking into the issues identified by Computer Associates, but had no immediate comment.
The furor over the Sony software comes nearly eight months after the copy protection technique, created by British company First 4 Internet, was first released on a commercial disc in the United States.
Computer developer and author Mark Russinovich sparked debate over the software last week by posting on his blog an account of how he had discovered the First 4 Internet software hiding deep in his hard drive. The software used a tool called a "rootkit" to hide its presence, a technique more typically used by virus writers to hide traces of their work.
Sony and First 4 Internet quickly released on their Web site a patch that would uncloak the copy protection software. But CD buyers must go through a more elaborate process--e-mailing the company's customer service department--to get instructions for uninstalling the software.
20 commentsJoin the conversation! Add your comment