'Mr. & Mrs. Smith' DVD Ships With Rootkit-Like DRM

Sony BMG is not the only company to dabble in using copy-protection technology that resembles rootkits.

According to anti-virus vendor F-Secure, based in Helsinki, Finland, the German DVD release of "Mr. & Mrs. Smith" — a recent movie starring Brad Pitt and Angelina Jolie — contains a DRM (digital rights management) protection scheme that uses rootkit-like cloaking technology.

Rootkits are typically used to maintain a persistent and undetectable presence on a computer.

Because malicious hackers can piggyback on the technology to hide offensive files, the use of such cloaking technology is seen as a serious security risk.

In a blog post, F-Secure vice president Antti Vihavainen said the DVD ships in Germany with Settec Alpha-DISC copy protection.

"The system will hide its own process, but does not appear to hide any files or registry entries. This makes the feature a bit less dangerous, as anti-virus products will still be able to scan all files on the disk," Vihavainen said.

However, Vihavainen said it's not uncommon for real malware to only hide processes.

The discovery of the cloaking mechanism is credited to Heise Online, a German news outfit.

Although Settec provides an uninstaller for its DRM mechanism, Vihavainen said commercial software vendors should "always avoid hiding anything" from the user, and especially from the administrator responsible for managing the machine.

"It rarely serves the needs of the user, and in many cases, it's very easy to create a security vulnerability this way," he warned.

The use of stealthy rootkit-type techniques by commercial software makers triggered widespread condemnation recently when Sony BMG admitted to using the technology to cloak its DRM scheme.

After hackers used the Sony DRM rootkit as a hiding place for Trojans, the music company suspended the use of the technology and recalled CDs with the offending copy protection mechanism.

Earlier this year, security vendor Symantec also admitted to using a rootkit-type feature in its Norton SystemWorks software that presented a perfect hiding place for attackers to place malicious files on computers.

Symantec acknowledged that it was hiding a directory from Windows APIs as a feature intended to stop customers from accidentally deleting files, but, prompted by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

Copyright © 2006 Ziff Davis Media Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.