Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management

    Sony Suspends Rootkit DRM Technology

    By
    Paul F. Roberts
    -
    November 11, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Music company Sony BMG Music Entertainment has succumbed to mounting criticism, announcing plans to stop production of music CDs that use a controversial digital rights management technology called XCP.

      The company said Friday that it is temporarily suspending manufacture of CDs with XCP, which security experts said used malicious “rootkit” techniques to evade detection on Windows systems.

      The company will also re-examine its copy protection initiative to make sure it has balanced ease of use for consumers with security, according to an e-mail statement.

      “I think they should have done it right away,” said Mark Russinovich, chief software architect and co-founder of Winternals Software LP.

      Russinovichs analysis of the XCP technology drew international attention to Sonys dubious copy protection wares.

      /zimages/1/28571.gifClick here to read more about the discovery of rootkit-like behavior in Sonys new DRM technology.

      He and others said the companys decision Friday to temporarily halt production of new XCP-enabled CDs doesnt go far enough.

      “Its a step in the right direction—but a baby step,” said Corynne McSherry, staff attorney at the Electronic Frontier Foundation.

      “What does [Sony] intend to do about customers and music fans whose computers are already infected [with XCP]?” she said.

      Sonys decision followed more than a week of steady criticism of the XCP technology, which shipped on CDs by around 20 Sony BMG artists along with a custom media player that must be used in order to play and make a limited number of copies of the CD on a Windows PC.

      Using code written by First 4 Internet Ltd., a U.K. firm contracted by Sony, the XCP technology manipulates the Windows core processing center or “kernel” to make it almost totally undetectable on Windows systems and nearly impossible to remove without fouling Windows, much like malicious programs known as “rootkits.”

      XCP came to light on Oct. 31, after Russinovich discovered the cloaked software on his own computer and published a detailed analysis of it on his blog at Sysinternals.com.

      Russinovich showed that the XCP program hid files with a name that began with the characters $sys$, rather than looking for and hiding the specific files used by the media player for copyright enforcement.

      He speculated that others who gained access to Windows systems with the sterile burning technology on it could also hide their programs simply by assigning them names that began with $sys$.

      Russinovich also criticized Sonys poor description of the XCP technology in the user license agreement customers agreed to when installing the media player and showed that First 4 Internets sloppy implementation of the XCP technology could cause Windows systems to crash under certain conditions.

      Sony BMG reacted quickly to the criticism, releasing a software patch to disable the DRM software and giving instructions for obtaining a removal program within days of Russinovichs analysis.

      However, the patch and removal programs did little to stem criticism of the company by computer security and privacy rights advocates, who charged that the DRM technology exposed customers computers to hackers in the name of protecting copyright.

      /zimages/1/28571.gifRead more here about why some say Sonys responses to criticism of its DRM software dont go far enough.

      Consumers in California filed a class action lawsuit on Nov. 1 to stop Sony from distributing the CDs, and seeking monetary damages for consumers who had already purchased CDs with the sterile burning technology on it, according to a published report.

      Other lawsuits against the company on behalf of aggrieved consumers are in the works, as well, EFFs McSherry said.

      Anti-virus and computer security companies have also been adding detection for the XCP technology to their products. And on Thursday, anti-virus companies warned of a host of new threats, including a virus and a Trojan horse program that used the XCP technology to hide on Windows systems.

      Sony acknowledged the new computer virus and said the company regretted any inconvenience caused by the XCP technology. The company also said it provided a patch to major anti-virus companies that will “fix possible software problems” and “guard against precisely the type of virus now said to exist.” Sony has not disclosed the number of installations of its XCP technology.

      However, the actual threat posed by the technology is probably small, Russinovich said.

      An informal poll Thursday of network managers at leading colleges and universities turned up only a handful of machines that appeared to have the software installed and that were communicating with Web sites used by the media player program, said David Escalante, director of computer security at Boston College in Chestnut Hill, Massachusetts.

      “Im not horribly concerned. Maybe I should be, but Im not,” he said.

      /zimages/1/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

      Still, Sony BMG needs to reach out to customers who may be running the XCP program, make sure they are aware of the dangers it poses, and help them to remove the software, McSherry said.

      The heated discussion of Sonys copy protection technology has also highlighted the ongoing debate about the privacy rights of consumers and those of copyright holders.

      “I fully anticipate well see similar problems in the future with other anti-piracy technologies,” McSherry said.

      /zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Paul F. Roberts
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×