Feeds

Hidden DRM code's legitimacy questioned

When bad software happens to good people

SANS - Survey on application security programs

The latest headache for security professionals has become a secret weapon in the battle between copyright owners and their customers.

This week, two research groups independently and separately reported that music giant Sony BMG has used software hiding techniques more commonly found in rootkits to prevent removal of the company's copy protection software. A rootkit is software that hides its presence on a computer while controlling critical system functions, and security professionals have lately warned that the addition of the technology to a variety of Internet threats - from bots to spyware - makes the malicious code more difficult to find and remove.

Both antivirus firm F-Secure and security information site SysInternals.com identified the copy protection scheme deployed by Sony BMG as essentially a rootkit. The tactic abuses the trust of the computer user, said Mikko Hippönen, chief research officer for F-Secure.

"No one reads the licensing agreements, and even if you do, (the Sony BMG agreement) does not make it obvious what is happening," he said. "It's also not obvious that it is almost impossible to uninstall the program." The concerns are the latest backlash against music and movie companies over what many critics call heavy-handed tactics designed to maintain the status quo in the face of innovative technologies that are disrupting the copyright holders' traditional business models. The industries' tactics have varied from frequent lawsuits against consumers to lobbying Congress for harsher penalties against those who use file-sharing technologies. Meanwhile, some vigilantes have poisoned peer-to-peer file sharing systems with Trojan horse programs that report the user.

The latest tactic, however, hews much closer than past actions to the definition of a malicious threat to a user's computer system, said Edward Felten, a professor of computer science and public affairs at Princeton University and an expert in digital-rights management technology. "It is not legitimate to undermine the user's desire to secure their own computer," Felten said. "I don't think they should be hiding files and programs and registry entries from the system administrator, ever." Answering critics, Sony BMG released on Wednesday a limited statement on its site and also posted a patch that Windows users can run using Internet Explorer to remove the copy-protection software from their system. Neither First 4 Internet or Sony BMG returned requests for comment on the issue.

"The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution," Sony BMG said in a statement posted on its site. "It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system."

Both F-Secure and SysInternals discovered the software after detecting the presence of a rootkit on a system that had played a content protected CD. After investigating, researchers at both organizations found that the root cause of the problem was the software installed by U.K.-based First 4 Internet. The software, known as XCP, also indiscriminately hides registry keys - the values used by the Windows operating system to run, configure and maintain software on the system - allowing malicious code to use the copy-protection software to hide itself.

Moreover, mimicking a tactic used by spyware and adware, the copy-protection software cannot be uninstalled under Windows XP except by contacting Sony BMG through a special Web site. For SysInternals.com's Mark Russinovich, the software is taking copy protection to an unpalatable extreme.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.