INDEPTH: TECH
Sony and the rootkit
How a programmer's blog turned into a PR and legal nightmare for Sony
CBC News Online | Nov. 10, 2005
CBC does not endorse and is not responsible for the content of external sites. Links will open in new window.
A week before Halloween 2005, programmer Mark Russinovich got a nasty surprise that had nothing to do with vampires or ghouls.
Russinovich was running a new version of one his company's security programs and found that his computer was covertly handling programs he didn't know were there. For an expert on the internal workings of Microsoft Windows, that was unusual.
He continued digging and found the programs were cloaking themselves using a "rootkit," a technique that isn't dangerous by itself, but is most often used in computer viruses to prevent their detection.
The hidden programs were written by the company First 4 Internet. After a bit of Googling, Russinovich found that First 4 Internet had licensed software to Sony BMG to protect the company's CDs from being copied.
And so he found the source of the program that was sneaking around inside his computer: a CD he had just bought, Get Right with the Man by the band Van Kant, released by Sony BMG.
The CD was advertised as copyright-protected on Amazon.com, where Russinovich had bought it, and he had clicked on an installation agreement when he had put it in his computer's CD-ROM.
But Russinovich wasn't happy about this CD installing software on his computer and then masking it using techniques normally used by viruses and worms.
His first attempt at deleting the offending software disabled his CD-ROM drive.
"Now I was really mad," wrote Russinovich.
After Russinovich got his computer cleaned up, using techniques far beyond a typical Windows user, he wrote about his findings on his blog on Oct. 31:
"Not only had Sony put software on my system that uses techniques commonly used by malware [malicious software] to mask its presence, the software is poorly written and provides no means for uninstall.
"Worse, most users that stumble across the cloaked files … will cripple their computer if they attempt the obvious step of deleting the cloaked files."
Almost immediately, blogs concerned with technology and copyright issues started buzzing about Russinovich's findings. Other tech blogs chimed in with their own takes on the rootkit.
It didn't take long for the tech news websites to notice. The next day, Nov. 1, News.com ran a story about the security concerns over Sony's protection scheme. The CEO of First 4 Internet told them the cloaking mechanism they used wasn't a risk to computers and CDs using this program had been out for eight months without complaints from customers.
SonyBMG told News.com the hidden files could be "easily" uninstalled by contacting their costumer support, but those instructions where not on the Sony website at the time.
Security experts interviewed for the story said the fact that the Sony program was hidden wasn't itself harmful. It did remain active on the computer even when the CD isn't being played, so the cloak could be abused by a computer virus.
(As if to fulfil the prophecy, a Finnish antivirus research team found on Nov. 10 the first malicious software that attempts to hide itself using the Sony cloaking software.)
Two days after Russinovich's first blog post on the topic, Sony released a free update to its software that "removes the cloaking technology component." Again, blogs started buzzing about whether Sony's software could be trusted. Security experts found that the software patch removes the rootkit, but causes new programs of its own and can cause computers to crash.
The mainstream media, including the Associated Press and BBC, then got a hold of the story. Lawyers interviewed in the stories questioned the legality of Sony installing hidden files that resist being deleted. Representatives for Sony and First 4 Interest countered that the CDs were clearly labelled as copy-protected.
On NPR, Thomas Hesse, president of SonyBMG's global digital business division, lashed back at the blogs for causing such a fuss over software that he said was installed on just 20 CDs.
"Most people don't even know what a rootkit is, so why should they care about it?" said Hesse.
The firestorm on the blogs continued, with some Sony customers claiming the copy-protected CDs had caused their computers to crash. Websites published lists of CDs that incorporated the cloaked copy-protection scheme, warning consumers not to buy them.
Computer software companies that produce antivirus programs began to openly wonder whether they should include Sony BMG's CDs on their list of malicious software. Eventually, Computer Associates did just that, adding the copy-protection software to the virus definitions of their PestPatrol program. And Microsoft itself added Sony's rootkit to the malware definitions in its Windows AntiSpyware program.
On Nov. 10, Reuters reported that a lawyer for a group of consumers filed a class-action lawsuit against Sony BMG claiming their computers have been harmed by the CDs' anti-piracy software.
In response to all of the negative publicity it received over the copy-protection scheme, Sony BMG suspended its use as a "precautionary measure."
^TOP
|
|
 |
 MENU |
|
|
| Tech news this week |
From Arts:
Lennon's solo catalogue set for online sale (Nov. 10, 2005)
U.S. purchase extends Abebooks' reach (Nov. 9, 2005)
U.S. networks to offer hit shows for 99 cents (Nov. 8, 2005)
Microsoft joins race to digitize books (Nov. 4, 2005)
Amazon to serve up books by the page (Nov. 3, 2005)
EA signs multi-game deal for Simpsons (Nov. 3, 2005)
'Mindless killfest' image worries gaming industry leader (Nov. 3, 2005)
From Business:
Telus Q3 earnings up on stronger wireless results (Nov. 10, 2005)
Judge to review RIM-NTP settlement (Nov. 9, 2005)
Videotron sues Bell ExpressVu for $374.2 million (Nov. 7, 2005)
Telus, union reach 2nd tentative deal (Nov. 7, 2005)
From Health & Science
Europe launches probe to Venus (Nov. 9, 2005)
Astronauts take spacewalk to install camera, hurl away sensor (Nov. 7, 2005)
|
|
| CBC ARCHIVES: |
|
|
| MORE: |
|
|
|
