http://news.com.com/Antivirus+firms+target+Sony+rootkit/2100-1029_3-5942265.html By John Borland Staff Writer, CNET News.com November 9, 2005 Antivirus companies are releasing tools this week to identify, and in some cases remove, copy protection software contained on recent Sony BMG Music Entertainment CDs. The software has been identified as a potential security risk. The Sony software, found on several of the company's recent albums, is triggered by playing one of the CDs in a PC. From the CD drive, the software installs itself deeply inside a hard drive and hides itself from view. This cloaking technique could be used by virus writers to hide their own malicious software, security experts have said. There is a range of opinion among security companies about how much risk the software poses, from those who consider it no worse than an adware pest to those who view it as potentially dangerous spyware. Symantec said Wednesday that its antivirus software would identify the Sony software, but would not remove it. Instead, it will point to Sony's own Web site, where users can get instructions for uninstalling the software or download a patch that will expose the hidden components. "We're trying to reinforce here that we're not talking about a virus, or malicious code, we're talking about technology that could be misused," Symantec Senior Director Vincent Weafer said. "We're trying to work co-operatively." However, Computer Associates, which has a security division, said on Monday it had found further security risks in the Sony software and was releasing a tool to uninstall it directly. According to Computer Associates, the Sony software makes itself a default media player on a computer after it is installed. The software then reports back the user's Internet address and identifies which CDs are played on that computer. Intentionally or not, the software also seems to damage a computer's ability to "rip" clean copies of MP3s from non-copy protected CDs, the security company said. "It will effectively insert pseudo-random noise into a file so that it becomes less listenable," said Sam Curry, a Computer Associates vice president. "What's disturbing about this is the lack of notice, the lack of consent, and the lack of an easy removal tool." A Sony representative said the company's technical staff was looking into the issues identified by Computer Associates, but had no immediate comment. The furor over the Sony software comes nearly eight months after the copy protection technique, created by British company First 4 Internet, was first released on a commercial disc in the United States. Computer developer and author Mark Russinovich sparked debate over the software last week by posting on his blog an account of how he had discovered the First 4 Internet software hiding deep in his hard drive. The software used a tool called a "rootkit" to hide its presence, a technique more typically used by virus writers to hide traces of their work. Sony and First 4 Internet quickly released on their Web site a patch that would uncloak the copy protection software. But CD buyers must go through a more elaborate process -- e-mailing the company's customer service department -- to get instructions for uninstalling the software. _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Wed Nov 09 2005 - 22:37:31 PST