November 11, 2005 11:55 AM PST
FAQ: Sony's 'rootkit' CDs
- Related Stories
'Bots' for Sony CD software spotted onlineNovember 10, 2005
Are these the Sony rootkit CDs?November 10, 2005
Antivirus firms target Sony 'rootkit'November 9, 2005
EMI: We don't use rootkitsNovember 7, 2005
Sony's antipiracy may end up on antivirus hit listsNovember 4, 2005
Sony to patch copy-protected CDNovember 2, 2005
Computer security companies had been predicting such exploit code in the wild for weeks, since an independent developer had exposed the presence of a "rootkit" tool on the Sony CDs. The rootkit technology hid the copy protection from view, but also left open a hole that could hide other software.
Virus writers quickly took advantage of that hole, modifying an old Trojan horse to take advantage of the powerful inadvertent shielding provided by the Sony software.
On Friday, Sony responded to the furor and announced that it will suspend production of CDs that contain this particular copy-protection technology and take a second look at its digital rights management strategy.
Antivirus companies are now offering a range of advice, and confusion remains about exactly what the software does and how dangerous it can be to a PC. Here are the basics that everyone should know about this potentially dangerous issue:What is on the Sony CDs?
The CDs involved are loaded with a relatively new kind of content protection created by British company First 4 Internet. When a listener puts the album into a computer's CD drive, it pops up a license agreement. If the listener accepts, it installs the copy protection rootkit onto the hard drive.
The rootkit element of the software is used to hide virtually all traces of the copy protection software's presence on a PC, so that an ordinary computer user would have no way to find it. The software acts to limit the number of copies that can be made of the CD and prevents a computer user from making unprotected MP3s from the music.What is a rootkit? Isn't that something that virus writers use?
A rootkit is a powerful piece of software that takes over control of a computer at the most fundamental level. In computer terms, it establishes "root" access, which is similar to administrative access, instead of access for just an ordinary user. It can potentially prevent a computer user from detecting its presence or from performing certain tasks on their own PC.
Like most computing tools, this is not intrinsically a bad thing, but can be abused. Virus writers use these tools to help take over computers and hide the presence of their work.Is Sony's software a virus or a Trojan horse?
Some aggrieved users may see little difference. Computer security companies do make a distinction between Sony's software and a virus, noting that this was distributed by a legitimate company with a legitimate business interest (even if many people disagree with that business interest).
However, they are deeply critical of Sony's techniques and say that the amount of information
12 commentsJoin the conversation! Add your comment