FAQ: Sony's 'rootkit' CDs

On Thursday, a wave of malicious software appeared in the wild that piggybacked on copy-protection technology installed on hard drives by Sony BMG Music Entertainment CDs.

Computer security companies had been predicting such exploit code in the wild for weeks, since an independent developer had exposed the presence of a "rootkit" tool on the Sony CDs. The rootkit technology hid the copy protection from view, but also left open a hole that could hide other software.

Virus writers quickly took advantage of that hole, modifying an old Trojan horse to take advantage of the powerful inadvertent shielding provided by the Sony software.

On Friday, Sony responded to the furor and announced that it will suspend production of CDs that contain this particular copy-protection technology and take a second look at its digital rights management strategy.

Antivirus companies are now offering a range of advice, and confusion remains about exactly what the software does and how dangerous it can be to a PC. Here are the basics that everyone should know about this potentially dangerous issue:

What is on the Sony CDs?

The CDs involved are loaded with a relatively new kind of content protection created by British company First 4 Internet. When a listener puts the album into a computer's CD drive, it pops up a license agreement. If the listener accepts, it installs the copy protection rootkit onto the hard drive.

The rootkit element of the software is used to hide virtually all traces of the copy protection software's presence on a PC, so that an ordinary computer user would have no way to find it. The software acts to limit the number of copies that can be made of the CD and prevents a computer user from making unprotected MP3s from the music.

What is a rootkit? Isn't that something that virus writers use?

A rootkit is a powerful piece of software that takes over control of a computer at the most fundamental level. In computer terms, it establishes "root" access, which is similar to administrative access, instead of access for just an ordinary user. It can potentially prevent a computer user from detecting its presence or from performing certain tasks on their own PC.

Like most computing tools, this is not intrinsically a bad thing, but can be abused. Virus writers use these tools to help take over computers and hide the presence of their work.

Is Sony's software a virus or a Trojan horse?

Some aggrieved users may see little difference. Computer security companies do make a distinction between Sony's software and a virus, noting that this was distributed by a legitimate company with a legitimate business interest (even if many people disagree with that business interest).

However, they are deeply critical of Sony's techniques and say that the amount of information

[thedreaming]

ROTFL

I've been reading about this story since it hit the net and one of the fears that people had with sony's method of installing DRM using a rootkit was that it could be used by virus/trojan/malware writers to hide their programs. They said it couldn't happen.

About two days later, someone used their software to hide a cheat program for the warcraft mmorg. Now, someone wrote a trojan that uses it.

On top of that, california is organizing a class action suit against them, not to mention that their protection only works under windows. Using linux or a mac allows you to rip the music cds anyways, so what was the whole point to it all?

[n3td3v]

Your Faq's are silly

Who wrote those FAQ answers or where did you paste them from? I feel sorry for the readers who actually believe it. Plus, these security experts are just basing information on whats known to them, than whats actually going on. Got to love the "security experts".

[Dwaine]

Can the Sony rootkit really be uninstalled?

I keep reading, over and over, that to fully uninstall this rootkit, you need the "official" Sony instructions, which you have to jump through many hoops to obtain. What is totally unclear to me is whether such instructions really exist, and whether anyone has sucessfully removed the rootkit following them. Why is no one talking about this? I would think if there really were such instructions, people would have posted them all over the Internet by now. And that news organizations would be commenting on them. What's up with this???

[heystoopid]

ONCE BITTEN TWICE SHY!

Mark Russinovich, at systernals.com successfully unintalled this trojan malware, most normal user(s), are going for the good old hard way, via the old harddrive wipe and clean, and system reinstall from uninfected backups. As for F4i,the creators of this malware, the alleged uninstaller, was in reality a decloaking device, and merely reinstalled a vissible updated form of this infamous DRM and created more system instability problems. The old saying "once bitten twice shy" should always be applied in the case of SONY, in view of the total lack of ethics and morals in supplying this junk windows malware on an audio cd! What next for the user of the upcoming SONY Bluray user, play once then pay per view in perpetuity?

Here's what you need to know to protect yourself.

You've gone round and round without telling people what they need to do to protect themselves so I will, quit purchasing Sony products.
Everything you should know about rootkits, including Sony's.
http://en.wikipedia.org/wiki/Root_kit

[hadaso]

Someone from Sony should end up in jail!

What Sony did is clearly criminal, and someone from Sony has to pay the price and go to jail! Being rich doesn't give them the right to damge other people's property. What they did is not diifferent from what others do by inviting you to a website that installs a trojan horse when you click a link. In both cases you want to get something, you implicitly agree to something by clicking a link or a button, and something is installed on your computer that is different from what you agreed to, changes your system internals in a way that may cause unpredictable failure, and in both cases info about your activity is sent to a third party that hopes to financially benefit from using that info. If it were a teenager script kiddie he would go to jail. If it were a spammer using your computer to send spam and not damaging your computer in any way he would go to jail. But if it's a rich Sony exacutive that decided it's OK to use this technique because Sony is a "respectable/legitimate" company, are the same laws not applicable? What makes them more "legitimate" than any other cracker? An example should be set in this case by making sure whoever was in charge of this operation goes to jail! It is unacceptable that just because a company is rich it would be allowed to deliberately cause damage without being punished like any other criminal!

[Hobo453567]

re: Someone from Sony should end up in jail!

I still hate the fact that Sony has taken Microsoft's place as the jerks of the tech community. Just think about how much M$ knows about us. Nobody knows how their software works but them, and we are expected to trust them. Personally, I don't care about a little program attempting to prevent piracy. I do agree that they shouldn't obtain any personal info, and a security threat due to the program isn't good either. I'm just saying that we need to stop blaming individuals for this stuff. Every company that tries to protect their software probably has done or does something of this nature. We need to be arguing about not knowing how Windows and other major pieces of software actually work, and if they contain anything of this nature. My guess is absolutely, positively, YES they do contain software that we aren't paying for...Although, I am sure they are well hidden, and until stuff like Windows is open source we will never know, because Microsoft has money. As far as someone getting fired...I doubt it. Not for this anyways. This wasn't one person's choice I'm sure. Plus, another company made it and didn't research it enough. Sony is guilty of that too, but they didn't make it...

[LC612]

Sony RootKit Ridiculous

I have a hard time believing that Sony has not come up with a way, for all of us who are infected by the TROJAN, to fix the problem! I have been a life long customer of Sony and now that they have proven to be a lackluster Conglomerate in the field of Technology. I may just have to find someother manufacturer to buy from. Thanks for screwing up my computer!