Rootkit Viruses and Sony DRM
Since the inception of the Internet, we've been told time and time again to be careful what we view online, what we download, and to be wary of suspect email attachments. We've also been told many times to make sure our firewalls are turned on, and to have our anti-virus programs installed and up to date.
However, there are new threats that are coming out of the woodwork, dubbed "rootkits" that cannot be stopped, removed or detected by conventional methods. In fact, a majority of these rootkits slip by undetected by major anti-virus programs and even Windows itself. This is because the malware installs deep into the core (kernel) of the Windows operating system (all versions, including 2000 and XP), and effectively conceals the processes and related files from the user.
Ironically, it wasn't a stereotypical hacker that brought this technological threat to the limelight. Rather, it was a large, well known commercial entity, namely Sony BMG.
Sony was among many members of the recording industry interested in the technology, but was the first to actually implement it. Their restrictive copy protection software, often referred to as XCP (Extensible Copy Protection), uses rootkit software to conceal its presence from the consumer, major anti-virus vendors and Windows itself.
Sony adopted the technology to protect its audio-related assets from piracy, and made it a part of its DRM (Digital Rights Management) strategy. XCP, which installs silently without the user's knowledge or consent, attempts to thwart illegal copies of BMG audio CDs. If the software thinks the consumer is trying to illegally copy a Sony audio disc, it will block communication to stop the copy from being made.
Once installed, XCP prevents popular media players (including Windows Media Player) from playing the disc. Instead, a custom media player (included with the XCP software) is required to play the CD. Because the XCP runs continuously (whether or not an audio disc is being played), it has the potential to decrease PC performance, but this has been largely unconfirmed.
Additionally, the XCP software also reportedly creates a concealed back door that allows Sony to make remote modifications or changes to XCP installations. Sadly, this "hole" has opened up infected computers to a host of new viruses which use the same rootkit software to access and conceal their malicious activity.
Unfortunately, the XCP software does not include an uninstaller. If the XCP software is manually deleted, it will make CD/DVD drive(s) entirely dis-functional. At the time of this writing, the only way the software can be completely removed is to reinstall Windows.
Sony has reportedly distributed the elusive copy protection software on about 20 different albums which have been distributed all over the world, but unconfirmed reports from various consumers indicate it could have been distributed on many other CDs as well. Some reports claim nearly a half million PCs are infected as a result. A large majority of those users appear to be in the United States.
In light of multiple lawsuits and major public outcry, Sony has offered a CD exchange program (for unprotected discs), temporarily suspended the distribution of their XCP software, and have provided software patches (which claim to uninstall) that deactivate XCP to alleviate some of the CD/DVD problems that the software has caused.
The threat isn't limited to audio CDs, however. Copies of the popular DVD movie "Mr. and Mrs. Smith" distributed in Germany also reportedly contained similar, "silent-installing" anti-piracy software, which cause similar problems.
Moreover, these copy-protected CD/DVDs may not play in standard CD/DVD players. Potential incompatibility has been a big concern among consumers.
At a minimum, these events illustrate how disruptive and destructive rootkit technology can be, especially if the multimedia industry at large decides to pursue it. Fortunately, Microsoft has promised to add rootkit detection support to their upcoming anti-spyware software, and they've promised to make security a bigger priority in their upcoming operating system, Windows Vista, which is slated for release in late 2006.
For the mean time, the best defense you have is common sense. Be aware what you put into your computer, turn off auto-play, and follow traditional security practices (don't open fishy email attachments, don't run questionable programs, run Windows Update frequently and make sure your firewall is on).
Reports have indicated, thankfully, that these copy-protected discs are labeled on the cases as copy protected. If you already own a Sony copy-protected disc, you should contact Sony and ask for a replacement. For now, buyers should beware of buying discs that are marked as copy protected.
If you think your PC might be infected with Sony BMG's XCP software, you should go to your favorite search engine (i.e. "Google," "Yahoo," etc) and search for "Sony BMG DRM."
Let's hope for better protection in the future!
Have comments about this article, or suggestions for an additional Tech Tips article? Send an email to firstname.lastname@example.org.