Microsoft Concerned by Sony DRM

Microsoft hasn't decided yet whether it will identify Sony's DRM software as malicious code, a spokesperson said.

Microsoft Corp. is concerned about rootkit features in CDs from Sony BMG artists and is evaluating the situation to see if any action needs to be taken, a spokesperson said.

The Redmond, Wash., software maker said that the security of its customers information is a "top priority" and that the company is concerned by software like that deployed by Sony to block illegal CD copying.

However, unlike other security software vendors, Microsoft hasnt decided whether to take more aggressive action against the product, such as detecting and removing it from systems, the spokesperson said.

Sonys rights management technology, which it calls "sterile burning," shipped on CDs by around 20 Sony BMG artists and is installed along with a custom media player that must be used to play the songs on a Windows PC.

Using code written by Sony partner First 4 Internet Ltd. of the United Kingdom, the DRM technology manipulates the Windows core processing center, or "kernel," to make it almost totally undetectable on Windows systems and nearly impossible to remove without fouling Windows, much like malicious programs known as "rootkits."

Sonys efforts to hide the anti-piracy programs erupted into a controversy last week, after Windows analyst Mark Russinovich discovered the cloaked software on his own computer and published a detailed analysis of it on his blog at

Russinovich claimed that Sony provided inadequate disclosure of the rootkit program in its end user license agreement and installed software that could destabilize Windows systems, and even be used by hackers to hide their own malicious programs.

Sony BMG acknowledged that the rootkit-style features are part of DRM technology that began shipping with CDs in 2005, and quickly released a software patch to disable it.

/zimages/1/28571.gifClick here to read more about the Sony DRM rootkit issue.

The company also posted instructions for obtaining a program that could remove the DRM technology altogether.

That hasnt stopped security companies, including Computer Associates International Inc. and Symantec Corp., from adding detection for the software to their security products.

Speaking with eWEEK Magazine this week, Sam Curry, Computer Associates vice president eTrust Security Management, said his companys anti-spyware program, Pest Patrol, would identify the First 4 Internet technology used by Sony BMG and label it a "rootkit," a kind of malicious code.

Microsoft, which also ships an anti-spyware program, recently renamed "Windows Defender," hasnt yet decided whether it will also flag the Sony DRM software as malicious code, the spokesperson said.

"Microsofts Windows Defender and the Malicious Software Removal Tool [MSRT] have established objective criteria to determine what code will be classified for removal. We are evaluating the current situation to determine if any action from Microsoft is necessary," the spokesperson wrote in an e-mail statement.

However, Sonys actions have caught the attention of staff in Redmond, she said.

"We have invested considerable resources in the security of our products and processes. As such, we are concerned about any malware, including root kits, which targets our customers and negatively impacts the security, reliability and performance of their systems," the spokesperson said.

/zimages/1/28571.gifCheck out eWEEK.coms for Microsoft and Windows news, views and analysis.