Hazard's stuff

16 Nov, 2005

Sony's DRM rootkit

— Posted by hazard @ 2005-11-16 01:20
Just in case you didn't know... Sony is in such despair to stop their customers from ripping audio CDs that they included a rootkit as part of bundled DRM software. You see, as soon as Sony's customer installs the player software from his legitimately purchased CD, he would not only have a player on his system, but also a rootkit hidden deeply inside Windows! Fantastic.

Everything was fine and dandy until Sysinternals discovered and blogged about it.

Following a public outcry, Sony released an "uninstaller" for the rootkit. However, as Sysinternals found, what it does is installation of an updated copy of DRM... Moreover, you have to fill in a couple of forms to get the uninstaller...

Already a few trojans have appeared that utilize cloaking capabilities provided by the rootkit. Obviously writers of these trojans didn't read Sony's press release, in which they would have learned that Sony DRM software does not present any security risk for customer's PC.

So, that's it? Nah. The player software is nice enough to access Sony's website each time you run it. Sure, having some extra information about your customers wouldn't hurt.

Now, imagine that rootkit was developed/distributed not by Sony, but by some teenage guy. Would he still be around?


  1. :)

    Excellent reading here and Mark's Sysinternals Blog.

    Already many years Sony behaves like MS and it's pity I used to like its hardware but unfortunately it must die 2.

    Posted by lev — 16 Nov 2005, 11:57

Add comment