November 9, 2005 11:54 AM PST

Antivirus firms target Sony 'rootkit'

Antivirus companies are releasing tools this week to identify, and in some cases remove, copy protection software contained on recent Sony BMG Music Entertainment CDs. The software has been identified as a potential security risk.

The Sony software, found on several of the company's recent albums, is triggered by playing one of the CDs in a PC. From the CD drive, the software installs itself deeply inside a hard drive and hides itself from view. This cloaking technique could be used by virus writers to hide their own malicious software, security experts have said.

There is a range of opinion among security companies about how much risk the software poses, from those who consider it no worse than an adware pest to those who view it as potentially dangerous spyware.

Symantec said Wednesday that its antivirus software would identify the Sony software, but would not remove it. Instead, it will point to Sony's own Web site, where users can get instructions for uninstalling the software or download a patch that will expose the hidden components.

"We're trying to reinforce here that we're not talking about a virus, or malicious code, we're talking about technology that could be misused," Symantec Senior Director Vincent Weafer said. "We're trying to work co-operatively."

However, Computer Associates, which has a security division, said on Monday it had found further security risks in the Sony software and was releasing a tool to uninstall it directly.

According to Computer Associates, the Sony software makes itself a default media player on a computer after it is installed. The software then reports back the user's Internet address and identifies which CDs are played on that computer. Intentionally or not, the software also seems to damage a computer's ability to "rip" clean copies of MP3s from non-copy protected CDs, the security company said.

"It will effectively insert pseudo-random noise into a file so that it becomes less listenable," said Sam Curry, a Computer Associates vice president. "What's disturbing about this is the lack of notice, the lack of consent, and the lack of an easy removal tool."

A Sony representative said the company's technical staff was looking into the issues identified by Computer Associates, but had no immediate comment.

The furor over the Sony software comes nearly eight months after the copy protection technique, created by British company First 4 Internet, was first released on a commercial disc in the United States.

Computer developer and author Mark Russinovich sparked debate over the software last week by posting on his blog an account of how he had discovered the First 4 Internet software hiding deep in his hard drive. The software used a tool called a "rootkit" to hide its presence, a technique more typically used by virus writers to hide traces of their work.

Sony and First 4 Internet quickly released on their Web site a patch that would uncloak the copy protection software. But CD buyers must go through a more elaborate process--e-mailing the company's customer service department--to get instructions for uninstalling the software.


Join the conversation!
Add your comment
Boycott 'em
boycott 'em. not just sony, but the whole riaa bunch. don't even listen to their music on the radio--none of these artists are that good. there are plenty of fine musicians without having to put up with this nonsense:

for indy music from indy artists and a player that learns what you like.

mark d.
Posted by markdoiron (1138 comments )
Reply Link Flag
Have a new SONY DVD player with DRM Problems too
Not only has Sony messed up my PC but my new SONY CD / DVD player with DVD+ and DVD- R and R/W capabilities has problems playing other copy protected CD's - a new CD under the Sugar Hill label sounds distorted on the player while it sounds fine in other brand players. DRM is a mess
Posted by coisa (5 comments )
Reply Link Flag
Motive revealed: hurt competition!
So now they secretly install on your PC software that damages your audio files!

My brother is a musician and he records at home. He also uses his computer to listen to music. If he used any of those "copy protected" disks from Sony it means are they now damaging the music he creates himself!

The real motive behind this digital "rights" management is avoiding competition. (And copyright doesn't mean the copyright holder may prevent copying of her work. It only means the copyright holder can take the infringer to court. That's the only right granted by copyright!
Posted by hadaso (468 comments )
Reply Link Flag
How dare they...
How dare Sony attempt to do something like this. At first, I could understand their desire to protect their copyrighted material. As much as the "everything free!" set hates it, people need to be paid for music.

However, I KNOW FOR A FACT that Sony intentionally screwed up the ability to legally RIP music from CDs. They unilaterally decided what was best for the world. And THAT is unacceptable. Testing for the issues that are hampering legal ripping are a standard part of any testing regime. They KNEW what they were doing. I am personally going to download (illegally) every Sony artist I can find and blast it to every P2P network I can find. I urge you all to do the same. Sony will NOT be allowed to get away with this.
Posted by thenet411 (415 comments )
Reply Link Flag
Not the way to respond!
That can get you and anyone else who does it into serious trouble! The way to respond is to BOYCOTT SONY!!!! Hit em in the wallet! Believe it or not, it matters when consumers get pissed off and stop buying from a vendor (Sony) because of it.
Posted by ray08 (64 comments )
Link Flag
Like these comments matter
You want your coments to matter? If your in the U.S.A., write your U.S. congressman and senator about it. If enough people do so, then they may actually do what is right on this issue and get out of the RIAA's pocket.
Posted by techguy83 (295 comments )
Reply Link Flag
Class action....
Class action, class action...
Stop these hackers before its too late!
Posted by Vetter83 (50 comments )
Reply Link Flag
class action? Why?
so that lawyers can get more money? Think about it. In class action lawsuits this big, how much does a person listed on the suit actually get? My dad was in some class action lawsuit one time, and I think after the thing was said and done, he got $1.12(American dollars). The lawyers? Millions.

Nuff said.

Class action is not the answer. It will hurt the company and make lawyers rich, but thats about it. The laws need to be changed.
Posted by techguy83 (295 comments )
Link Flag
It's more harmful than it looks
My concern is that the Sony rootkit could be tampered with and used to hide malicious software. Once you start concealing things, how can you be sure you've only concealed what you intended?

I'd like to see Microsoft claim the high ground by making sure every Windows update from now on will stomp on this and any other rootkit.
Posted by mcugaedu (75 comments )
Reply Link Flag
I'm in retail...
I'm getting really sick of all of the limitations being placed on software to ensure that Hollywood and the distribution companies don't feel as though they're being "ripped off." If they want to stop piracy, they should send agents to China, where the "damage" is being done on a much wider basis. Personally, I won't degrade or disparage Sony, nor will I their products; but that doesn't mean I have to recommend them, either. Sooner or later, these people will get the hint. As to the artists getting their fair share, I don't believe for a minute that they are losing out on US piracy, as they get paid squat by their recording reps. Additionally, I have a ton of vinyl in my attic and, gee, when CDs came out, I went and bought the same recordings in the new format, so the powers that be, were they worthy of a listen, got my money twice (or sometimes, thrice, in the case of cassettes.) Hollywood, GROW UP!
Posted by raxador (3 comments )
Reply Link Flag
catalog reissues
In fact, there a lot of times that they reissue the same album on CD again and again, adding bonus tracks, liner notes and the other frills, while not necessarily improving the sound quality. In my opinion and that of the majority of true audiophiles, a situation where an early CD era CD sounds better than some of the comps issued later on in spite of the labeling hyping that the later CD is "Digitally Remastered For Improved Sound Quality" is the 1985 "From The Original Master Tapes" CD by Buddy Holly actually sounding better than the compilations that came out in the mid 1990s. In fact, Erick Labson did a 2 CD "Buddy Holly Collection" in 1993, the mastering is so compressed and limited it actually sounds like crap while "From The Original Master Tapes" sounds very clear and lifelike due to the excellent remastering done by Steve Hoffman, who would later become known for remastering the DCC gold discs, at MCA in 1985. Erick Labson did the more recent remasters of "The Chirping Crickets" and the self-titled Buddy Holly album and those reissues actually sound better than "Collection," and the 2 CD "Gold" collection" which is a retitled reissue of "The Buddy Holly Collection" actually was remastered from scratch and is reported by many, including audiophiles, to actually sound better than the previous version of the 2 CD set and it's cheaper as well.

There are some original albums that do get reissued over and over and over again on nearly every format that gets introduced even several times on the same format in both standard and audiophile pressings, even many with bonus tracks, liner notes, due to them being cash cows of the labels and/or are audiophile favorites including many Pink Floyd albums, especially Dark Side of The Moon, The Wall and Wish You Were Here, Time Out by Dave Brubeck, Jazz Impressions of Black Orpheus by Vince Guaraldi, Charlie Brown Christmas by Vince Guaraldi, the CCR catalog, many Miles Davis albums, Hank Williams' catalog, Patsy Cline's catalog, Johnny Cash's catalog, many Bob Dylan albums, The Moody Blues' classic 7 albums, Harry Belafonte At Carnegie Hall, the Steely Dan catalog, The Doors catalog, The Who catalog, and others while there are some artists who's catalog for the most part hasn't gotten remastered since the 1980s including the Beatles (with some exceptions), the majority of the ELO catalog in the US, etc. and others get issued by every budget label in the world due to the recordings constantly being licensed, other albums having never been on CD or they have came and went on CD and at times do sell for huge sums on eBay, others get limited edition reissue on Rhino Handmade and Hip-O Select where they press a limited number of usually 2,00-5,000 copies and once they are sold, they usually don't get reissued again, unless companies such as import labels, Collectors' Choice Music, Collectables, Varese Vintage, Wounded Bird, etc. license the albums and reissue them. Others get their first time on CD appearances on these 3rd party licensed labels and in the case of 50 years old and older recordings, they are often imported from the UK illegally unless they sign some distribution deal with a company such as KOCH, as if the recording is 50 years old or older, then it is in the public domain. As of 2005, the key Cameo-Parkway recordings got reissued on CD legally for the first time in a boxed set on ABKCO and best of comps of 7 of the most notable artists on Cameo-Parkway which are ? and The Mysterians, Chubby Checker, Dee Dee Sharp, The Orlons, The Tymes, Bobby Rydell, and the Dovells. The Dave Clark Five catalog is also not available on CD due to Dave's extremely high licensing fees of his catalog although EMI UK issued the single disc best of "Glad All Over Again" and Hollywood Records issued the 2 CD "History of Dave Clark Five" but these are out of print and end up selling for high sums on eBay. All CDs of the original albums are pirates dubbed from vinyl. Before the recent ABKCO reissues of Cameo-Parkway, all CDs were pirates dubbed from vinyl.
Posted by cbsolson (3 comments )
Link Flag
Gotta love Sony
If this isn't a call for a Congresional hearing about consumer protection, I don't know what is. This is a complete attact to the Fair Use rights of consumers. To make one unable to properly rip their older cd's is beyond "hacker" practices. I'm glad I don't buy cd's anymore. They better not start putting this garbage onto DVD's.

See, this is a clear example of abuses by big businesses. You want to protect your product from being pirated, that's fine with me. But, don't install your garbage on my system that could potentially cripple it. Is Sony going to pay for repairs, data loss, and labor???
I don't see the RIAA saying, oops !!! Instead, they announce more lawsuits.
Posted by Dead Soulman (245 comments )
Reply Link Flag
order 66?
to jest a little, we could make a parallel to sony and, say, the galatic empire. wasn't it a hidden order 66 embedded into clones that made them turn? would this little backdoor-ish mentality go south for all of us?

it's all about control. "those who have power fear of losing power" (darth sidious). you put the riaa and sony together and you get some rather nasty evil.

"we must destroy the sith."
Posted by mock (7 comments )
Reply Link Flag
How about exact pratical device, please?
I see this morning that chicken firms like Symantec, whose loyal customer I've been since the late '90's and won't be again, have opted not to help the consumer. Thanks for not doing the job I've paid you for for years, Norton AV. Your reward will be a customer loss to Computer Associates, who is taking this matter seriously.

I've used RootkitRevealer and Blacklight, both of which say I don't have any hidden files. Am I safe? Come on, CNET. Publish a complete and thorough guide on how to eject this unacceptable piece of software, please!

Where does mighty Microsoft sit on this issue? If they don't come down on the consumer side, thanks for the course on Linux, CNET.

This is outrageous. No more Sony products, CDS, DVDs (is somebody looking into that to see what's on there?), monitors, players, or computers. That's the only response Sony will understand.
Posted by qquirks (13 comments )
Reply Link Flag
Symantec is in bed with Sony...
Symantec's line of products is installed on all Sony VAIO computers from the factory. Is it any wonder why they have taken the stance they have?
Posted by thenet411 (415 comments )
Link Flag
Sad day for sony
I agree with everyone on this, Sony did a really bad thing, first to secreatly install the app, then cloak it, have it damage non sony files, report home on its finding without your knownlage or concent.
Then as insult to injury you have to ask them to help you remove thier program when you find out about it.

As a Tech, and systems admin I can nolonger recommend a sony products for fear of more reckless behavior on sonys part.
Posted by reustle (37 comments )
Reply Link Flag
sonys rootkit software....i had problems
here in canada we are alowed under canadian copyright law to make one legal back up of our purchased dvd , cd, lp's, and video tapes.... i was backing up my bewitched i had no idea of the new software and the protenchal damage it would cause when making my back up....i found out the hard way that it would blow the read and rewrit head in the hard drive....i lost a brand new 250 gig sata hard sony has taking my canadian right away as well as caused me personnel loss and in my opinion sony should be shut down when a corporation such as sony has cause me and other consumers money time and time again this goes all the way back to records(lp's) when cd and cassettes also 8 tracks we have been forced time and time again to buy the same recoreding over and over to keep up with the companys who are all about screwing the consumer ...presently i own 400 8 tracks 200 cassettes and 1737 records (lp's) including 78 rpm 45 rpm and 33rpm and have a hard time enjoying them do to the lack of equipment why should i have to line there pockets over and over.....i want my hard disk reoplaced its the least sony could do
Posted by chevelleboy70 (1 comment )
Link Flag
First Molly Wood and her beef. Now antivirus firms and their beef!
First Molly Wood had expressed outrage as well as every CNET member and employee over the the rootkit software Sony BMG Music Entertainment had put on certain album titles. Now the antivirus firms including Symantec are targeting this Sony rootkit as a security risk!

Well, that got things off to a good start.

While I have no qualms with Sony BMG Music Entertainment and other companies in the music industry trying to protect their profits, I am very cautious security-wise regarding purchasing of album titles.
Posted by swgoldwire36 (3 comments )
Reply Link Flag
Can you say "trojan"?
What is there about this trash that Sony installs that isn't a trojan? And why isn't anybody saying so?

Visible, not visible, is irrelevant. "In order to access this content you must agree to allow us to install a trojan horse on your computer" doesn't change anything.
Posted by dvthex (18 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.