Sony BMG Releasing Rootkit-Revealing Patch

Published November 03, 2005

| Associated Press

After a chorus of criticism, Sony Corp.'s music division said Wednesday it is distributing a free software patch to reveal hidden files that automatically installed to hard drives when some of its music CDs were played on personal computers.

The offending technology was designed to thwart music piracy.

Sony BMG Music Entertainment and its partner, UK-based First 4 Internet, said they decided to offer the patch as a precaution, not because of any security vulnerability, which some critics had alleged.

"What we decided to do is take extra precautionary steps to allay any fears," said Mathew Gilliat-Smith (search), First 4 Internet's CEO. "There should be no concern here."

The controversy started Monday after Windows expert Mark Russinovich (search) posted a Web log report on how he found hidden files on his PC after playing a Van Zant CD. He also said it disabled his CD drive after he tried to manually remove it.

Russinovich made the discovery while running a program he had written for uncovering file-cloaking "RootKits."

In this case, the Sony program hid the antipiracy software from view. Similar technology also has been used by virus and worm writers to conceal their code.

A firestorm quickly erupted over what appeared to be an attempt by the music company to retain control over its intellectual property by secretly installing hidden software on the PCs of unsuspecting customers.

Making matters worse, Sony did not disclose exactly what it was doing in its license agreement, Russinovich said. It only mentions that proprietary software to enable copy protection would be installed. The software affects only PCs running the Windows operating system.

"The [license] makes no mention that it's going to install something that's going to be hidden from view, that will constantly consume CPU resources even if I'm not listening to music and it will have no uninstall capability," he said.

Because the technology looks for a specific prefix in the filename, it also could be used by malware authors to mask their programs, Russinovich said. There's also the question of how a PC user is supposed to maintain a system that runs hidden programs.

"If you've got software on your computer that you can't see, there's no way for you to manage it from a security point of view," he said. "You don't know if you need updates for it. You don't know if you should uninstall it because you don't know it's even there."

Though there are no known problems with software, that could change and leave millions of unsuspecting PC users at risk of having their machines taken over by malware, said Ero Carrera (search), a researcher at F-Secure, a computer security firm.

"The code of the application is not exactly well done," he said. "I would tend to believe there are people already working on finding exploits."

The copy protection technology, which limits how many times a CD can be copied, was included on about 20 titles, including discs from The Bad Plus and Vivian Green, among others.

Gilliat-Smith and Sony BMG spokesman John McKay said the technology had been on the market for about eight months and there had been no major complaints prior to Russinovich's blog post. Still, a newer, similar technology was in the process of rolling out before the latest controversy erupted.

The patches that reveal the hidden files are being made available to antivirus companies as well as customers who visit the Sony BMG site. They do not remove the copy protection software, however.

McKay said customers can request a program to safely uninstall everything by visiting the Sony BMG Web site at http://cp.sonybmg.com. That site, however, requires a form to be filled out and submitted.

In a test of the form late Wednesday, an e-mail confirming receipt was quickly returned by Sony BMG customer service, but it included no instructions on how to remove the software. The message promised another reply "shortly."

The process is unlike the vast majority of Windows software, which can be easily uninstalled — by the user, without permission of the software writer — through the "Add or Remove Programs" tool in the operating system's control panel.

The controversy highlights the need for rules as to what content providers can and can't install on PCs to protect their property, said Russinovich, who is co-founder and chief software architect at Winternals Software, which specializes in advanced systems software for Microsoft Windows.

"We need to get some formality about what's legal, what's ethical and what's fair — and what level of disclosure there needs to be," he said. "It's fine for Sony to say we're not going to do that now. What kind of guarantee do we have they're not going to do it at a future date or that other companies are not going to do this?"

URL

http://www.foxnews.com/story/2005/11/03/sony-bmg-releasing-rootkit-revealing-patch