Nov. 18th, 2005
Ahhh, the Sony Rootkit. You've probably heard of this latest major corporate debacle, but you may not know what is going on. I will explain.
This article on Wired.com does a very good job of summarizing the events surrounding the discovery of Sony's moral lapse and illegal activity, for what Sony has done is nothing short of criminal.
First, what is a root kit? A root kit is malicious code that allows a remote user absolute control over your computer without you knowing it. Typically it is hidden in a "free download screen saver" or similar infected software. You run the program, the root kit installs itself and reports back to whoever launched it that it is in place and ready to do things. It will also generally report back what system resources your PC has, all the better to learn how big of an attack your PC can launch against a web site for a denial of service attack. A root kit is illegal, it is quite specifically against the law as defined as illegal access and tampering with someone else's computer.
Sony owns a major music label, the German BMG music company. They have a major interest in allegedly protecting their artist's intellectual property, i.e. music, so they made the discs copy-protected and if the music cd is inserted in a computer running Windows, the disc will only play by running a program from England called XCP. This program enforces Digital Rights Management (DRM). It also installs a root kit that reports back to Sony. What it reports back, I don't know.
Allegedly it cannot affect a Macintosh or Linux machine.
Now here's the big one, and hold on to your hats – this has been around since mid-2004 and the anti-virus companies either did not detect it or did not report it if they did detect it. It is estimated that a half-million computers are infected.
The root kit does two things (in addition to reporting info back to Sony): first, XCP hides itself and all its programs by naming them $SYS$, this makes them functionally invisible to anti-virus/anti-spyware. Then it installs the root kit and makes it an extreme risk for uninstalling it – it hooks itself into the host operating system in such an extensive and convoluted way that uninstalling it apparently is just asking to reinstalling your OS.
A knowledgeable programmer, and there are plenty out there, can exploit this hook. And this has been done – there have been worms found in the wild that will take control of your computer through Sony's root kit. Because your system now believes that any program that starts with $SYS$ isn't there, ANY program, including malicious programs made by anyone in the world, won't be seen by the operating system or any virus/worm/malware-removal software.
Hopefully you see what the problem is.
Sony has gone through a number of evasions, trying to say that it isn't serious. They've finally withdrawn all CDs on the market that have the XCP system on them, but as far as I've heard, they have not yet released a program that will remove the root kit from your system. Symantec, a major anti-virus provider, has a program that prevents the root kit from hiding, but doesn't remove it. Again, because of the disgusting ways that the program ties itself into your PC, it is nigh impossible to remove it without trashing your operating system.
So basically, if you've run one of these CDs, your computer is screwed.
California has started a class action lawsuit against Sony. New York State is considering it, they might have started it already. Apparently a criminal investigation has also been launched as what Sony did is definitely illegal. And the United States Government is not happy with Sony either after they discovered said root kit on a number of computers within the Department of Homeland Security.
Things are going to be interesting for Sony for a while. There is a boycott going, both against Sony music and Sony products in general. No big whoop for me, I don’t think I own anything by them. I've never been a big fan of Sony products, I much prefer Panasonic/Matsushita.
So there you are. A bunch of information that you may or may not be interested in. Regardless, if you buy music CDs and play them on a Windows computer, it's something that you should be aware of.
This article on Wired.com does a very good job of summarizing the events surrounding the discovery of Sony's moral lapse and illegal activity, for what Sony has done is nothing short of criminal.
First, what is a root kit? A root kit is malicious code that allows a remote user absolute control over your computer without you knowing it. Typically it is hidden in a "free download screen saver" or similar infected software. You run the program, the root kit installs itself and reports back to whoever launched it that it is in place and ready to do things. It will also generally report back what system resources your PC has, all the better to learn how big of an attack your PC can launch against a web site for a denial of service attack. A root kit is illegal, it is quite specifically against the law as defined as illegal access and tampering with someone else's computer.
Sony owns a major music label, the German BMG music company. They have a major interest in allegedly protecting their artist's intellectual property, i.e. music, so they made the discs copy-protected and if the music cd is inserted in a computer running Windows, the disc will only play by running a program from England called XCP. This program enforces Digital Rights Management (DRM). It also installs a root kit that reports back to Sony. What it reports back, I don't know.
Allegedly it cannot affect a Macintosh or Linux machine.
Now here's the big one, and hold on to your hats – this has been around since mid-2004 and the anti-virus companies either did not detect it or did not report it if they did detect it. It is estimated that a half-million computers are infected.
The root kit does two things (in addition to reporting info back to Sony): first, XCP hides itself and all its programs by naming them $SYS$, this makes them functionally invisible to anti-virus/anti-spyware. Then it installs the root kit and makes it an extreme risk for uninstalling it – it hooks itself into the host operating system in such an extensive and convoluted way that uninstalling it apparently is just asking to reinstalling your OS.
A knowledgeable programmer, and there are plenty out there, can exploit this hook. And this has been done – there have been worms found in the wild that will take control of your computer through Sony's root kit. Because your system now believes that any program that starts with $SYS$ isn't there, ANY program, including malicious programs made by anyone in the world, won't be seen by the operating system or any virus/worm/malware-removal software.
Hopefully you see what the problem is.
Sony has gone through a number of evasions, trying to say that it isn't serious. They've finally withdrawn all CDs on the market that have the XCP system on them, but as far as I've heard, they have not yet released a program that will remove the root kit from your system. Symantec, a major anti-virus provider, has a program that prevents the root kit from hiding, but doesn't remove it. Again, because of the disgusting ways that the program ties itself into your PC, it is nigh impossible to remove it without trashing your operating system.
So basically, if you've run one of these CDs, your computer is screwed.
California has started a class action lawsuit against Sony. New York State is considering it, they might have started it already. Apparently a criminal investigation has also been launched as what Sony did is definitely illegal. And the United States Government is not happy with Sony either after they discovered said root kit on a number of computers within the Department of Homeland Security.
Things are going to be interesting for Sony for a while. There is a boycott going, both against Sony music and Sony products in general. No big whoop for me, I don’t think I own anything by them. I've never been a big fan of Sony products, I much prefer Panasonic/Matsushita.
So there you are. A bunch of information that you may or may not be interested in. Regardless, if you buy music CDs and play them on a Windows computer, it's something that you should be aware of.