Feeds

Hidden DRM code's legitimacy questioned

When bad software happens to good people

Beginner's guide to SSL certificates

The latest headache for security professionals has become a secret weapon in the battle between copyright owners and their customers.

This week, two research groups independently and separately reported that music giant Sony BMG has used software hiding techniques more commonly found in rootkits to prevent removal of the company's copy protection software. A rootkit is software that hides its presence on a computer while controlling critical system functions, and security professionals have lately warned that the addition of the technology to a variety of Internet threats - from bots to spyware - makes the malicious code more difficult to find and remove.

Both antivirus firm F-Secure and security information site SysInternals.com identified the copy protection scheme deployed by Sony BMG as essentially a rootkit. The tactic abuses the trust of the computer user, said Mikko Hippönen, chief research officer for F-Secure.

"No one reads the licensing agreements, and even if you do, (the Sony BMG agreement) does not make it obvious what is happening," he said. "It's also not obvious that it is almost impossible to uninstall the program." The concerns are the latest backlash against music and movie companies over what many critics call heavy-handed tactics designed to maintain the status quo in the face of innovative technologies that are disrupting the copyright holders' traditional business models. The industries' tactics have varied from frequent lawsuits against consumers to lobbying Congress for harsher penalties against those who use file-sharing technologies. Meanwhile, some vigilantes have poisoned peer-to-peer file sharing systems with Trojan horse programs that report the user.

The latest tactic, however, hews much closer than past actions to the definition of a malicious threat to a user's computer system, said Edward Felten, a professor of computer science and public affairs at Princeton University and an expert in digital-rights management technology. "It is not legitimate to undermine the user's desire to secure their own computer," Felten said. "I don't think they should be hiding files and programs and registry entries from the system administrator, ever." Answering critics, Sony BMG released on Wednesday a limited statement on its site and also posted a patch that Windows users can run using Internet Explorer to remove the copy-protection software from their system. Neither First 4 Internet or Sony BMG returned requests for comment on the issue.

"The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution," Sony BMG said in a statement posted on its site. "It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system."

Both F-Secure and SysInternals discovered the software after detecting the presence of a rootkit on a system that had played a content protected CD. After investigating, researchers at both organizations found that the root cause of the problem was the software installed by U.K.-based First 4 Internet. The software, known as XCP, also indiscriminately hides registry keys - the values used by the Windows operating system to run, configure and maintain software on the system - allowing malicious code to use the copy-protection software to hide itself.

Moreover, mimicking a tactic used by spyware and adware, the copy-protection software cannot be uninstalled under Windows XP except by contacting Sony BMG through a special Web site. For SysInternals.com's Mark Russinovich, the software is taking copy protection to an unpalatable extreme.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.