Microsoft 'Concerned' by Sony DRM

Microsoft Corp. is concerned about rootkit features in CDs from Sony BMG artists and is evaluating the situation to see if any action needs to be taken, a spokesperson said.

The Redmond, Wash., software maker said that the security of its customers' information is a "top priority" and that the company is concerned by software like that deployed by Sony BMG to block illegal CD copying.

However, unlike other security software vendors, Microsoft hasn't decided whether to take more aggressive action against the product, such as detecting and removing it from systems, the spokesperson said.

Sony BMG's rights management technology, which it calls "sterile burning," shipped on CDs by around 20 Sony BMG artists and is installed along with a custom media player that must be used to play the songs on a Windows PC.

Using code written by Sony partner First 4 Internet Ltd. of the United Kingdom, the DRM technology manipulates the Windows core processing center, or "kernel," to make it almost totally undetectable on Windows systems and nearly impossible to remove without fouling Windows, much like malicious programs known as "rootkits."

Sony's efforts to hide the anti-piracy programs erupted into a controversy last week, after Windows analyst Mark Russinovich discovered the cloaked software on his own computer and published a detailed analysis of it on his blog at

Russinovich claimed that Sony provided inadequate disclosure of the rootkit program in its end user license agreement and installed software that could destabilize Windows systems, and even be used by hackers to hide their own malicious programs.

Sony BMG acknowledged that the rootkit-style features are part of DRM technology that began shipping with CDs in 2005, and quickly released a software patch to disable it.

The company also posted instructions for obtaining a program that could remove the DRM technology altogether.

That hasn't stopped security companies, including Computer Associates International Inc. and Symantec Corp., from adding detection for the software to their security products.

Speaking with eWEEK Magazine this week, Sam Curry, Computer Associates' vice president eTrust Security Management, said his company's anti-spyware program, Pest Patrol, would identify the First 4 Internet technology used by Sony BMG and label it a "rootkit," a kind of malicious code.

Microsoft, which also ships an anti-spyware program, recently renamed "Windows Defender," hasn't yet decided whether it will also flag the Sony DRM software as malicious code, the spokesperson said.

"Microsoft's Windows Defender and the Malicious Software Removal Tool [MSRT] have established objective criteria to determine what code will be classified for removal. We are evaluating the current situation to determine if any action from Microsoft is necessary," the spokesperson wrote in an e-mail statement.

However, Sony's actions have caught the attention of staff in Redmond, she said.

"We have invested considerable resources in the security of our products and processes. As such, we are concerned about any malware, including root kits, which targets our customers and negatively impacts the security, reliability and performance of their systems," the spokesperson said.

Check out's Windows Center for Microsoft and Windows news, views and analysis.

Copyright © 2005 Ziff Davis Media Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.