Friday, November 04, 2005

Sony distributes malicious software; cheaters rejoice

It was all over the tech news sites yesterday and Wednesday. Sony has distributed malicious software, known as malware, on some of its CDs.
The software involved is something called a rootkit. It's a program that hides files from the computer's operating system. In order to listen to Sony's copy protected CDs on a computer (the one that started this was Get Right by the Man by the Van Zant brothers) you have to use the media player that comes on the CD. If you load the CD into your CD-ROM drive, it installs the player, the rootkit, and several other files on your computer. The rootkit hides the files, and any associated directories, from your operating system. The files and the player prevent you from copying the CD more than 3 times. They are hidden so people can't simply disable the player and copy the CD.

A lot of people are upset about this, and not just folk who want to copy CDs. The security expert that found the rootkit discovered two important facts:
  1. The rootkit ate up between 1% and 2% of his CPU usage, mostly due to poor programming. The program will impair your computer's performance.
  2. It's almost impossible for the average user to uninstall the rootkit. The above average user who makes use of standard deletion techniques could cripple their computer!
So, in order to play Sony's music from a copy protected CD, you have to install poorly written software that could wreck your set up if you tried to uninstall it!

Mark's Sysinternals Blog has the technical details of how he discovered the rootkit program at http://www.sysinternals.com/blog/.

The software is similar to that used by hackers to hide viruses and spyware. If it was distributed widely, Sony would have put a hacker tool on every computer playing their CDs. The tool has already been used for malicious deeds. There's a game called World of Warcraft. You can play it online. To prevent players from cheating the game with cheating programs, Bungie
— the company that runs the game — scans players' computers for cheat files. This is, itself, controversial. Anyway, some players are using the rootkit distributed by Sony to hide cheat programs while playing World of Warcraft!

The Security Focus website has an article on the World of Warcraft issue at http://www.securityfocus.com/brief/34.

Sony is apparently "fixing" the issue with a version of copy protection that doesn't use rootkit, and they have delete instructions on their web site. That's little consolation for the havoc this could cause.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)