Microsoft Treating Sony BMG Rootkit as Malicious Software

Published November 15, 2005

| Reuters

Microsoft said it would remove controversial copy-protection software that CDs from music publisher Sony BMG install on personal computers, deeming it a security risk to PCs running on Windows.

The XCP program, developed by First4Internet in Britain and used on music CDs by Sony BMG to restrict copying and sharing, has generated concern amongst computer users because it acts like virus software and hides deep inside a computer, where it leaves the backdoor open for other viruses.

"We have analyzed this software and have determined that in order to help protect our customers, we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta, which is currently used by millions of users," Jason Garms, group program manager of the Anti-Malware Technology Team, said on Microsoft (MSFT)'s Technet blog.

"Detection and removal of this rootkit component will also appear in Windows Defender when its first public beta is available. We also plan to include this signature in the December monthly update to the Malicious Software Removal Tool," Garms added.

Other computer virus fighters such as Sophos in Britain have offered a removal kit since Thursday, but have stressed it was a tricky operation resembling open-heart surgery.

Sony BMG last week provided a patch to make the program more visible after the discovery that hackers had taken advantage of the weakness to install viruses on PCs.

Responding to public outcry, the music publishing venture of Japanese electronics conglomerate Sony Corp. (SNE) and Germany's Bertelsmann AG also said on Friday it would temporarily suspend the manufacture of music CDs containing XCP technology.

Asked to comment, the music publisher referred to its Friday statement.

Last week, Sony BMG was targeted in a class action lawsuit complaining it had not disclosed the true nature of its copy-protection software.

Sony BMG's patch does not remove the program, which installs itself on a Windows-operated personal computer when consumers want to play certain Sony BMG music CDs. According to programmers it still leaves a security hole.

That was after the U.S. government had weighed in.

A representative of the United States government last week warned entertainment publishers against using CD and DVD copy protection software that hides inside computers.

"It's very important to remember that it's your intellectual property; it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days," said Stewart Baker, the assistant secretary of the Department of Homeland Security, at a conference.

The Sony copy-protection software does not install itself on Macintosh computers or ordinary CD and DVD players.

URL

http://www.foxnews.com/story/2005/11/15/microsoft-treating-sony-bmg-rootkit-as-malicious-software