November 4, 2005 11:03 AM PST

Sony's antipiracy may end up on antivirus hit lists

Related Stories

Sony to patch copy-protected CD

November 2, 2005

Sony CD protection sparks security concerns

November 1, 2005

AIM worm plays nasty new trick

October 28, 2005
Antivirus companies are considering protecting their customers from the digital rights management software used by Sony on some CDs.

Kaspersky Lab has classed Sony's DRM software as spyware because, among other things, it can cause crashes and loss of data, and it can compromise system integrity and security.

Explaining its decision, Kaspersky said it used the definition of spyware provided by the Anti-Spyware Coalition. Sophos, another security company, is similarly scathing of Sony and is calling the software "ineptware."

The issue reaches much further than the individual PCs of those users who buy particular Sony CDs, the antivirus companies say. The DRM software uses what is known as a "rootkit," which means that it is invisible to the operating system, to most antivirus and security software and to IT departments trying to cope with security on desktop and notebook computers.

Furthermore, say the antivirus companies, the rootkit software can be exploited by hackers and viruses and used to cloak any file from the operating system. A rootkit takes partial control of a computer's operating system at a very deep level in order to hide the presence of files or ongoing processes.

"The Sony rootkit can be used to hide any files from the operating system, so we think the way that Sony has implemented this is somewhat flawed," said Graham Cluley, the senior technology consultant at Sophos. "The danger is that other malware (malicious hardware) may come along which exploits the Sony rootkit."

Due to what Cluley said is a lack of malicious intent on Sony's part, Sophos is not defining the rootkit itself as malicious software, preferring instead to refer to it as "ineptware."

"We don't really believe this is malware, and so we don't currently detect it," Cluley said. However, he said detection for rootkits like that used by Sony will be built into Sophos Antivirus version 6, due out in 2006.

"This is potentially unwanted software, and we will add the capability to detect the bad stuff and give the enterprise more control over what is on their PCs," he said. "This software is the sort of thing we will consider adding."

David Emm, a senior technology consultant at Kaspersky Lab, said he was also dismayed to see Sony using rootkits. "We don't have an issue with Sony taking steps to protect its legal rights and licensing," he said. "But given that over the past 12 to 18 months we have seen an increasing use of rootkits (by criminals), to see similar technology being implemented from someone supposedly on the good side is particularly worrying."

Use of techniques that are usually the preserve of criminals by companies such as Sony are causing problems to antivirus and security companies. "Previously it has been possible to say a rootkit equals a bad thing, but now we're having to deal with things that are not so clear cut," he said.

Kaspersky uses the term "riskware" to define programs that behave like malicious software but may not have malicious intent behind them. Although it attempts to detect riskware, so that users can be asked what they would like to do with it and so that policies can be created, it does not currently detect the rootkit used by Sony's DRM. "At the moment this is still under discussion and no final decision has been made," Emm added.

Sony's use of techniques usually employed by hackers and virus writers makes it much more difficult to differentiate between malicious and benign software, said Kaspersky on its viruslist.com blog. "Rootkits are rapidly becoming one of the biggest issues in cybersecurity. Vendors are making more and more of an effort to detect this kind of threat. So why is Sony opting to use this dubious technology?" the Kaspersky posting said.

"Naturally, we're strongly against this development," it continued. "We can only hope that this message comes across loud and clear to the people who have a say in this at Sony and elsewhere. We'd hate to see the use of rootkits becoming a habit among mainstream software manufacturers when there are so many security and ethical arguments against such use."

6 comments

Join the conversation!
Add your comment
Sony's ineptware
When powerful companies behave like criminals, they should be taken to court and made to pay the heaviest possible price. Their software should be banned and their products boycotted until they give the world an example of integrity. Otherwise, how could we fight hackers and pirates?
Posted by Piercan (10 comments )
Reply Link Flag
Sony had a malicious intent!
It is important to remember that DRM doesn't stop people from infringing copyright as the DRM is always trivial for a technical person to remove. This harmful rootkit only infects the computers of law abiding citizens, not copyright infringers. I disagree with some of the security professionals that suggested that Sony's intent is not malicious intent, given the intent of Sony's software and other malware is to take control of a personal computer away from its owner.

If you can't trust the owner of a computer to be in control of that computer to the point you will infect them with malware, then there is something wrong with what *YOU* are doing, not the computer owner.
Posted by Russell McOrmond (63 comments )
Reply Link Flag
Sony is Appalling!
Read this: <a class="jive-link-external" href="http://www.grc.com/sn/SN-012.htm" target="_newWindow">http://www.grc.com/sn/SN-012.htm</a>. Or listen to the podcast linked in the same page. Sony is agreeably appalling! They should've been more responsible.
Posted by Mendz (519 comments )
Reply Link Flag
Providing a Method for Criminals
From what I can deduce from this whole thing...

Sony has laid the ground work for criminals discover a point to gain access to your computer or to use your computer as a zombie. So in escence, Sony has given criminals a tool that may be used for criminal activity. While Sony may not have intended for it to be used for criminal activity... that may become one of the uses. Since customers were not aware that it was there in the first place they might not be aware that their computer has become a tool of criminals.

Hmmmm does that sound anything like what Sony, RIAA, MPAA, and the like, said about Napster, Grokster, Morpheous, etc? The only difference is that the P2P community had at that time been used for illegal activity... now we just have to wait for someone to get hacked using Sony's rootkit.

But unlike the lawsuits by RIAASONYMPAA, where they received millions in damages, and threatened citizens with jail, I am sure that the people that were affected by the rootkit will end up with a 75 cent coupon for a Sony music CD.
Posted by arluthier (112 comments )
Reply Link Flag
Sony's rootkit removal tool is not sufficient
Sony has supplied a utility to help us deal with the cloaked rootkit software that its CDs install, however at this point I'd prefer to take my chances of being infected by the new viruses that the Sony software enables than run the new utility from Sony.

At this point I just don't trust them, and in addition I've read in the Register that the Sony utility appears to be hastily and poorly written, and can cause system instability and possibly system damage, so now I definitely won't run it.

If Sony is sincere about undoing the damage that it has done it must work with anti-virus vendors to help them create updates that will safely and effectively remove the cloaked software and any viruses that it has hidden.

I'll trust Norton or McAffee to handle the problem if this is done, but I'll never trust software from Sony again.

Tony Rogers
Posted by tony7896 (3 comments )
Reply Link Flag
Linux Friendly?
Will Sony's DRM copyright software be Linux compatible? And if it is not, will a listener be able to use a Sony cd on their computers? There are too many flaws in the theory of copy protection. In essence, most of the software on the market that works on a mac/win platform will not work with linux systems. If there is no availability for linux then there are going to be political problems. Besides, if it is available on a linux system, everyone knows that linux users are VERY security conscious. No one will stand for it!
But that is just my opinion --Eric
Posted by XcentricGT (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.