Sony BMG Music Entertainment and a technology partner are working with antivirus companies on a fix for a potential security problem in some copy-restricted CDs.
Earlier in the week, security experts said that anticopying technology used by Sony BMG could be adapted by virus writers to hide malicious software on the hard drives of computers that have played one of the CDs. The antipiracy tool is included on many of Sony BMG's latest music releases, from Van Zant to My Morning Jacket.
Sony BMG's technology partner First 4 Internet, a British company, said on Wednesday that it has released a patch to antivirus companies that will eliminate the copy-restricted software's ability to hide. In consequence, it will also prevent virus writers from cloaking their work using the copy-restriction tools.
The record label and First 4 Internet will post a similar patch on Sony BMG's Web site for consumers to download directly, the companies said.
"We want to make sure we allay any unnecessary concerns," said Mathew Gilliat-Smith, chief executive of First 4 Internet. "We think this is a pro-active step and common sense."
The issue erupted into the public consciousness late on Monday, when computer developer and author Mark Russinovich published a blog detailing how he had found the First 4 Internet software hiding deep in his computer, after he had listened to a copy-restricted CD distributed by Sony BMG.
The anticopying technology included a tool called a "rootkit", often used by virus writers. A rootkit takes partial control of a computer's operating system at a very deep level in order to hide the presence of files or ongoing processes.
Rootkits, while not intrinsically malicious, are viewed with deep suspicion by many in the software development community. They are extraordinarily difficult to find and remove without specific instructions, and attempts to modify the way they act can even damage the normal functioning of a computer.
In the case of the First 4 Internet software, attempts to remove it manually rendered the CD drive of the computer inoperable, Russinovich found.
Several antivirus companies followed Russinovich's news with warnings that the First 4 Internet tools could let virus writers hide malicious software on computers, if the coders piggybacked on the file-cloaking functions.
[? /*CMS poll(20003927) */ ?]"For now it is theoretical, or academic, but it is concerning," said Mikko Hypponen, chief research officer at antivirus company F-Secure. "There's no risk right now that we know of, but I wouldn't keep this on my machine."
The patch that First 4 Internet is providing to antivirus companies will eliminate the rootkit's ability to hide itself and the copy-restriction software in a computer's recesses. The patch will be automatically distributed to people who use tools such as Norton Antivirus and other similar programs, Gilliat-Smith said.
The patch that will be distributed through Sony BMG's Web site will work the same way, Gilliat-Smith said. In both cases, the antipiracy software itself will not be removed, only exposed to view.
Consumers who want to remove the copy- restriction software altogether from their machine can contact the company's customer support service for instructions, a Sony BMG representative said.
Talkback
"We want to make sure we allay any unnecessary concerns"
Who is this clown? I'd have thought a rootkit was a very necessary concern.
After this, I will no longer buy ANYTHING with the Sony name attached. I should hope they have a plan to bring back loyal customers. They've lost one.....
Sony can forget about me ever knowingly buying a product of their's ever again
Sony have just shot themselves in the foot!
I run a small network and have imposed a system wide ban on Sony products as they can no longer be considered as a trusted source. I have sold off the Sony Minidisc units and reformatted all machines that had Sony SonicStage software on them opting for other safer alternatives, after all if they are hiding DRM rootkit software on audio CDs we can hardly trust their software.
Have they missed the simple fact that a cheap stand alone CD or DVD player can be connected to any PC with audio in and be very easily used to re-recorded the audio? or is this far too obvious? They have gone too far and simply will not stop the pirates by illegally modifying all Windows based machines, it has lost consumers trust in them and will lose them a lot of sales.
They got caught sneaking this in, who knows what else they will try to sneak in and hope to not get caught again.
Pretty products, pretty crap business ethics.
I thought unauthorised modification of a computer system was now strictly against the law. What are Sony doing sifferent here to what a benign virus writer does. If any one has played one of these in the UK, get Sony prosecuted under the computer misuse act.
Sony's offer to let you download a patch to their "rootkit" really is totally unacceptable. Those CDs are still out there and still virulent.
Years or decades from now (I've got lots of CDs over 10 years old) your grandchild is going to pop one of these carriers of the "Sony Flu" into their new computer running a still-to-come version of Windows and what do you think is going to happen?
Well, Mikko Hypponen of F-Secure found out when he popped it into a machine running Windows Vista that the Sony CD "breaks the operating system spectacularly." Who's going to know how to fix it in 2020? Already most of the "weblinks" on my so-called "Enhanced CDs" (provided by these same recording studios) get "404 Not Found" errors only a year or two after release.
Keeping these still-infectious CDs around on your shelf is like keeping a live hand-grenade as a WW2 souvenir. Just hope your kids don't play with it.
The only acceptable solution would be for Sony to recall every one of these virulent CDs out there and take them out of circulation.
I actually had this problem with my computer.. actually even now it dosent work... after telling them (Sony BMG) that their software on the CD caused my computer to crash.. they wrote back in an email and im quoting this here that "From what I am reading here, it sounds like our CD is working correctly".. i will NOT be buying anymore Sony CDs and have warned all my friends not to put them in there computers.. a few of them are boycotting as well...
It is hard to understand how Sony can manufacture minidisc recorders, CD and DVD burners and the media to use in them on the one hand and then expect to prevent you from using them for making compilations or convenience copies of the music you have paid them for on the other hand. I may not own the copyright, but I own the discs I buy and I damnwell expect to be able to organise the music I bought, the way I want it, when I want it. I hope Sony's shares plummet for being so cynical to think that they can have their cake and eat it. Personally, I'm not inclined to buy anything else marked "Sony" until they show some respect for the people who have supported them over the years. In the meantime, ALL the CD's with this malware rootkit should be marked with a huge sticker "Warning - this CD may damage your computer".
One must ponder if it is not time to force First 4 Internet to cease trading they are a British company behaving in a most bloshie and almost liabous fashion i wonder if anyone here in the UK has been infected with the crud these life forms (i won't call them people cus they aint) are producing to help and already over powerful and rich company get even worse .
I read the whole blog. I will never buy sony again.
So is everything hidden via $sys$ or is there SOMETHING that we (as network admins) can identify on a PC to point out that a machine is infected (and I don't use that word lightly)?
For instance, does Sony install a media player along with the rootkit malware? if so, what is the name of the player program's executable?
Basically, I want to see if an SMS software inventory of our environment shows a single machine with this rootkit. If it does, I'll take it straight to The Man at the top of my organization. He listens, our company has major financial dealings with Sony, and I'm sure he can get some pressure on them.
I've got the non-functioning CD problem. I've spent 11+ hours with HP customer support trying to fix it. Now I just want to sue the Sony bastards.
I will not buy any thing with sony name on it