Parrot Posted November 4, 2005 Share Posted November 4, 2005 After Criticism, Sony Issues Fix for Hidden Rootkits Walaika K. Haskins, newsfactor.com Thu Nov 3, 5:35 PM ET Sony (NYSE: SNE - news) has admitted that it included a stealth rootkit on some music CDs shipped in 2005 and has issued an update to remove the hidden software one day after it was discovered. The company had drawn criticism from security experts who warned that the technology could serve as a tool for hackers. The nearly undetectable monitoring utility, part of the company's digital-rights management (DRM) technology, was aimed at preventing consumers from producing illegal copies of CDs. The software installed itself automatically in Windows systems whenever a CD was inserted. Any files contained in the rootkit are invisible and almost impossible to remove. Security expert Mark Russinovich of Sysinternals discovered the hidden rootkit and posted his findings on the company blog on November 1st. Russinovich wrote that although he checked in his system's Add or Remove Programs list, as well as on the vendor's site and on the CD itself, he could not find uninstall instructions. Nor, he says, could he find any mention of it in the End User License Agreement (EULA). Stealth Tactics A rootkit is a set of tools commonly used by hackers to circumvent antivirus software and control a computer system. Most rootkits are engineered so that common PC monitoring mechanisms cannot detect them. The rootkits are designed to tuck themselves in to the most basic level of the operating system and remain hidden from users. A Finnish antivirus company, F-Secure, reported that it had spent several weeks recently trying to find the cause of some unknown files reported by a user who suspected an audio CD as the cause. Mikko Hyppnen, chief research officer at F-Secure, said hackers could use the rootkit to insert their own files by inserting a simple command at the beginning of the file name that would render them undetectable by most antivirus software. On the F-Secure blog, Hyppnen wrote that he heard rumors that Universal is using the same DRM system on its audio CDs. Privacy? What Privacy? Although industry analysts said they cannot fault Sony's motives, some saw the company's initial failure to disclose the hidden technology as a violation of U.S. copyright laws. According to Jared Carleton, an analyst at Frost & Sullivan, Sony is overstepping the fair-use clause that gives consumers the right to make backup copies. "[sony] is saying, 'No, we are not going to pay attention to U.S. copyright law that's been generally accepted for the past 30 years,' " he said. Carleton likened the hidden DRM to malware, and said it was no different than adware and spyware. He said that if Sony was shipping DRM-protected CDs, the company needed to put a notice on its packaging. Consumers understand that artists should be paid for their music, he said, but he added that consumers don't like this type of secrecy. Andrew Jaquith, senior security analyst at Yankee Group, said the company behaved badly and that there could be a backlash. He said that the desire to protect intellectual property is understandable, but that Sony should have been upfront about its DRM technology, and would have been better off using industry-standard software. "I haven't seen a single positive comment about this and it makes them look at little slimy," Jaquith said. "They should have been above-board and should have used software that they hadn't cobbled together themselves." On the Web page containing the update, which enables users to detect and remove the rootkit, Sony said its technology did not pose a security risk. "This component is not malicious and does not compromise security," the company's post said. "However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers." The fix can be downloaded at [cp.sonybmg.com]. Quote Link to comment Share on other sites More sharing options...
dragonfyr Posted November 4, 2005 Share Posted November 4, 2005 So, in the spirit of paranoia, how do we know that with everyone rushing to download a fix for a problem they may not have, that they aren't actually installing the insidious malware!? As how many will read the privacy policy prior to downloading and installing the 'fix'? Hmmmmm!!! [][6] Quote Link to comment Share on other sites More sharing options...
Parrot Posted November 4, 2005 Author Share Posted November 4, 2005 True. There have been famous cases of computer viruses being downloaded by people who have been warned that they have a computer virus they need to eradicate. In reality they did not have the virus before, but it was in the "fix." Quote Link to comment Share on other sites More sharing options...
dragonfyr Posted November 4, 2005 Share Posted November 4, 2005 In what was intended as an 'automatic innoculant' generated by a 'white hat' source, a worm that was variously labeled by security vendors as Welchia, Blaster-D and Nachi, exploited the same DCOM RPC vulnerability that enabled the Blaster worm. But instead of doing damage, it's intent was to automatically download the Microsoft patch and remove the Blaster worm if it was present. In other words, to automatically innoculate all the machines it reached... Aditionally, the worm causesd system instability due to an RPC call on Windows 2000 machines and compromised system security by installing a Trivial File Transfer Protocol (TFTP) server on all infected machines. But the main problem it caused was that it generated SO MUCH excess network traffic with the 'phone home' aspect that it effectively spawned Denial of Service (DOS) 'attacks' on servers preventing other network requests from getting through! And the cure in effect became as bad as the disease it was trying to prevent![]But, why do I not see Sony providing anything remotely intended as a cure? Quote Link to comment Share on other sites More sharing options...
AnalOg Posted November 4, 2005 Share Posted November 4, 2005 "Sony is overstepping the fair-use clause that gives consumers the right to make backup copies. " And how about the fact that they are "infecting" consumers computers for their paranoid benefits. Tom Quote Link to comment Share on other sites More sharing options...
dragonfyr Posted November 4, 2005 Share Posted November 4, 2005 "Sony is overstepping the fair-use clause that gives consumers the right to make backup copies. " And how about the fact that they are "infecting" consumers computers for their paranoid benefits. Tom All well and good from your point of view (and I am not saying I necessarily disagree!!), but this is not a hard and fast statement of fact, but simply one side of the ongoing debate![] And thus far, fair use has been the LOSER in the courts! So quoting past precedent does not change the redefining of the law as it is currently being redefined! Ultimately, it is a hard case to make that the owner/producer/agent of the material cannot define how it can or cannot be used. And I really don't think many are aware of the incredible degree of control the new DRM laws and the new technologies seek to control the use of the material! In other words, if this very small issue inflames you, you are going to be one incensed fellow as the technology continues to develop! And it is not getting better from your user point of view! I suspect we have already passed the high-point of user friendliness. These are the good old days! Enjoy them while you can! Quote Link to comment Share on other sites More sharing options...
Parrot Posted November 4, 2005 Author Share Posted November 4, 2005 The ultimate scenario for the owner of a work would be for the consumer not to own a physical copy with unlimited plays at all, but to have to access it with a fee each and every time he listens/views it. If you like a CD a lot, and play it 100 times, the owner of the work's reasoning is that you should have to pay more than if you listened to it only a couple of times. Quote Link to comment Share on other sites More sharing options...
intotubes Posted November 4, 2005 Share Posted November 4, 2005 Is there a way to tell if your PC is infected? Quote Link to comment Share on other sites More sharing options...
dragonfyr Posted November 4, 2005 Share Posted November 4, 2005 From the description there doesn't seem to be an easy way that I can see. On this one, the only thing to do may simply be to download the removal tool and run it if you happen to have used, or will use any of the Sony media. Maybe someone will find and post more info if and when it becomes available... Thanks Paul for digging up the details and the fix! Quote Link to comment Share on other sites More sharing options...
maxg Posted November 4, 2005 Share Posted November 4, 2005 Cant resist this: Another Benefit of vinyl!!!!Sorry - couldnt help it. I have checked my TT many times - thus far:No viruses.No adware.No DRM. Quote Link to comment Share on other sites More sharing options...
thebes Posted November 4, 2005 Share Posted November 4, 2005 There's also more on this in the Technical Section. Here's what I posted yesterday: Sony has caved and put up a patch that will show the hidden files. Supposedly they also have an uninstaller for it. It affects about 20 titles inlcuding discs from The Bad Plus and Vivian Green. Here's the link for the software removal: http://cp.sonybmg.com Quote Link to comment Share on other sites More sharing options...
Parrot Posted November 4, 2005 Author Share Posted November 4, 2005 I didn't realize there was a thread over in Technical. I don't venture over there as often--there's just entirely too much arguing. Quote Link to comment Share on other sites More sharing options...
joshnich Posted November 4, 2005 Share Posted November 4, 2005 Looks like another reason to use Mcintosh! Josh Quote Link to comment Share on other sites More sharing options...
Audio Flynn Posted November 4, 2005 Share Posted November 4, 2005 I have just barely tolerated SOny for the last 10 years. ...and the most abysmal amplification produced on the planet. YUCK! Quote Link to comment Share on other sites More sharing options...
GeorgeV Posted November 5, 2005 Share Posted November 5, 2005 Is there a way to tell if your PC is infected? Yes, click on the following link and download the RootkitRevealer application. Just scoll to the bottom of the page and you will see the download link. http://www.sysinternals.com/Utilities/RootkitRevealer.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.