Feeds

Hidden DRM code's legitimacy questioned

When bad software happens to good people

The essential guide to IT transformation

The latest headache for security professionals has become a secret weapon in the battle between copyright owners and their customers.

This week, two research groups independently and separately reported that music giant Sony BMG has used software hiding techniques more commonly found in rootkits to prevent removal of the company's copy protection software. A rootkit is software that hides its presence on a computer while controlling critical system functions, and security professionals have lately warned that the addition of the technology to a variety of Internet threats - from bots to spyware - makes the malicious code more difficult to find and remove.

Both antivirus firm F-Secure and security information site SysInternals.com identified the copy protection scheme deployed by Sony BMG as essentially a rootkit. The tactic abuses the trust of the computer user, said Mikko Hippönen, chief research officer for F-Secure.

"No one reads the licensing agreements, and even if you do, (the Sony BMG agreement) does not make it obvious what is happening," he said. "It's also not obvious that it is almost impossible to uninstall the program." The concerns are the latest backlash against music and movie companies over what many critics call heavy-handed tactics designed to maintain the status quo in the face of innovative technologies that are disrupting the copyright holders' traditional business models. The industries' tactics have varied from frequent lawsuits against consumers to lobbying Congress for harsher penalties against those who use file-sharing technologies. Meanwhile, some vigilantes have poisoned peer-to-peer file sharing systems with Trojan horse programs that report the user.

The latest tactic, however, hews much closer than past actions to the definition of a malicious threat to a user's computer system, said Edward Felten, a professor of computer science and public affairs at Princeton University and an expert in digital-rights management technology. "It is not legitimate to undermine the user's desire to secure their own computer," Felten said. "I don't think they should be hiding files and programs and registry entries from the system administrator, ever." Answering critics, Sony BMG released on Wednesday a limited statement on its site and also posted a patch that Windows users can run using Internet Explorer to remove the copy-protection software from their system. Neither First 4 Internet or Sony BMG returned requests for comment on the issue.

"The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution," Sony BMG said in a statement posted on its site. "It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system."

Both F-Secure and SysInternals discovered the software after detecting the presence of a rootkit on a system that had played a content protected CD. After investigating, researchers at both organizations found that the root cause of the problem was the software installed by U.K.-based First 4 Internet. The software, known as XCP, also indiscriminately hides registry keys - the values used by the Windows operating system to run, configure and maintain software on the system - allowing malicious code to use the copy-protection software to hide itself.

Moreover, mimicking a tactic used by spyware and adware, the copy-protection software cannot be uninstalled under Windows XP except by contacting Sony BMG through a special Web site. For SysInternals.com's Mark Russinovich, the software is taking copy protection to an unpalatable extreme.

5 things you didn’t know about cloud backup

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.