Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Storage

    DRM Software Uses Root-Kit Techniques

    Written by

    Paul F. Roberts
    Published November 7, 2005
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      New digital rights management technology shipping on music CDs by Sony BMG Music Entertainment artists employs stealthy, root-kit-style techniques to hide from users, according to a security expert.

      The technology, which Sony BMG has dubbed “sterile burning,” manipulates the Windows kernel to make it almost totally undetectable on Windows systems. Furthermore, the DRM files are almost impossible to remove without fouling Windows systems and could be used by malicious hackers to hide their own programs, according to Mark Russinovich, chief software architect at Winternals Software LP, an Austin, Texas, company that makes administrative software tools.

      A Sony BMG spokesperson in New York acknowledged last week that the root-kit-style features are part of DRM technology that began shipping with CDs earlier this year but referred technical questions about the technology to First 4 Internet Ltd., the Banbury, England, company that developed it.

      Russinovich discovered the Sony BMG root-kit technology after scanning his own computer with a tool called RootkitRevealer that he developed. Russinovich, an authority on root kits, was shocked by the discovery. “Given the fact that Im careful in my surfing habits and only install software from reputable sources, I had no idea how Id picked up a real root kit,” he wrote on his blog last month at systinternals.com.

      After discovering the program, Russinovich began a detailed analysis of it that turned up the name of First 4. Russinovich said he believes the software was installed on his system by a copy-protected CD of music by Sony BMG duo Van Zant, which he recently purchased from Amazon.com Inc.

      Through a detailed analysis of communication between the media player installed from the Sony BMG CD and the root-kit files, Russinovich determined that the root-kit files were installed with the media player and communicated with it.

      Russinovich was reluctant to discuss the details of how the DRM software works, citing fear of prosecution under the Digital Millennium Copyright Act. However, he said the root-kit features help enforce the sterile burning limits on copying Sony BMG music files.

      The Sony BMG spokesperson said the sterile burning and root-kit technology is intended to act as a “fence” or “speed bump” to users who want to try to go beyond the limit of three copies on the companys DRM-protected music.

      Like other so-called kernel- mode root kits, the Sony BMG DRM software interacts with the system service table, a core component of the Windows kernel that coordinates interactions between instructions from different Windows applications and the kernel. By “hooking” the Windows kernel in this way, kernel-mode root kits can intercept communications between the kernel and the Windows API, filtering or distorting the instructions and information that is sent from the kernel.

      For example, the Sony BMG DRM software did not appear in the Windows Explorer list of programs or the Windows registry, where information on installed programs can typically be viewed, Russinovich said.

      Root-kit technology is well-established and is not, in itself, malicious, said Mathew Gilliat-Smith, CEO of First 4. “Root-kit detection programs have made root kits more high-profile in the media, but this technology has been around for a long time and is used widely by anti-virus and other information security companies,” Gilliat-Smith said.

      That said, First 4 officials dont consider their technology to be a root kit, but part of a copy protection system designed to balance security and ease of use for the CD buyer, he said. Sony BMG began using a version of First 4 technology called XCP in March, Gilliat-Smith said.

      However, the Sony BMG root-kit files developed by First 4 are unsophisticated and could introduce other problems on systems that use the Sony BMG DRM technology, Russinovich said.

      For example, the root-kit features are designed to hide any file on a Windows system with a file name that begins with the characters “$sys$,” not just the files used by the Sony BMG sterile burning technology. That feature could be used by malicious hackers to hide their own attack programs on computers using the Sony BMG DRM technology, simply by following the $sys$ naming convention, Russinovich said.

      The root-kit files also interact with Windows at a very low level and fail to account for certain conditions that could cause the files to overwrite areas of memory, crashing applications that use that memory or even crashing Windows altogether, Russinovich said.

      Finally, removing the Sony BMG DRM software is extremely difficult. Because it is hidden from Windows, there is no entry for it in the Windows Control Panel and no easy way to determine where or how it is installed on Windows. Users, such as Russinovich, who are sophisticated enough to find the files and try to delete them will find that Windows can no longer detect the CD drive attached to their system, Russinovich said. Remedying that requires other subtle manipulations of Windows.

      “The average user would not be able to remove [the Sony BMG DRM] without losing … the CD [drive]. Even a sophisticated user would have trouble,” Russinovich said.

      First 4 developed a new version of the stealth features that respond to many of the questions Russinovich raised in his analysis, including the $sys$ and stability issues. Those features will be available in new Sony BMG CDs, Gilliat-Smith said. Its unclear whether users with the existing DRM technology will be able to upgrade to the new features. But Sony BMG offers a downloadable removal program for the copy protection software, the spokesperson said.

      Paul F. Roberts
      Paul F. Roberts

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×