Sonys Second Rootkit DRM Patch Doesnt Hush Critics

The company's moves in response to criticism of its rootkit-like DRM technology have cut it no slack with the security community.

Sony Corp. released yet another patch for its maligned digital rights management software on Tuesday, as the company fended off barbs from computer security experts.

Sony is being criticized for installing stealth programs, known as "rootkits," which harvest information and make unauthorized updates to customers machines.

Researcher Mark Russinovichs analysis of Sonys new DRM technology put Sony and its partner, First 4 Internet Ltd., in the spotlight.

One week later, Russinovich used a Weblog entry Sunday to blast the companies response: a large and cumbersome software patch that Russinovich claims could harm Windows systems.

/zimages/1/28571.gifRead more here about what Sony is doing to help users remove its rootkit-like DRM.

Sony responded on Tuesday with a slimmed-down version of the same patch. But the change has done little to quiet critics.

/zimages/1/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Speaking with eWEEK, Russinovich repeated claims that Sony was transmitting data on its customers without properly informing them, and pushing copyright control software that could harm Microsoft Corp.s Windows systems.

The controversy over Sonys rights management technology, which it calls "sterile burning," erupted last week, after Russinovich discovered the cloaked software on his own computer and published a detailed analysis of it on his blog at

According to analysis by Russinovich and experts at other security companies like F-Secure Corp. and Computer Associates International Inc., the DRM technology manipulates the Windows core processing center, or "kernel," to make it almost totally undetectable on Windows systems and nearly impossible to remove without fouling Windows, he wrote.

Sony BMG acknowledged that the rootkit-style features are part of DRM technology that began shipping with CDs in 2005, and quickly released a software patch to disable it.

The company also posted instructions for obtaining a program that could remove the DRM technology altogether.

Neither Sony BMG nor First 4 responded to e-mail and phone requests for comment in time for this article.

Sony BMG has tried to fend off criticism from Russinovich and privacy advocates like Ed Felten, Professor of Computer Science and Public Affairs at Princeton University and creator of the Freedom to Tinker Web site.

Felten, Russinovich and others say the company did not provide adequate disclosure in its End User License Agreement about the stealth features, or come clean about activity that suggests that Sony is transmitting information about what CDs are being played on the customers computer back to servers at Sony BMG.

Next Page: Sony defends its DRM technology.