Why ‘rootkits’ are global security breaches

What a ‘rootkit’ type of environment will do in this case (note; Now patched) is very simple. It does not matter what sort of content is on the CD/DVD from whatever the type of company may be.
It opens up a very well known exploit on a personal computer and in this case Microsoft Windows. By hiding files in this type of method gives all of the people that are out there writing malware, spyware, trojans or a virus is a very easy delivery mechanism. As all they need to do is have the file that they intend to get into your computer system to do whatever is in there mindset of evil is have the filename begin with $SYS$ and that is it.

The file is now hidden and protected from antivirus software detection and spyware monitoring. This results in the piece of software remaining undetected on a PC for a much longer time than what is considered safe. The offending piece of software can then access your personal data and transmit this information via an internet connection for whatever purpose they choose to use it.

By having a delivery mechanism like this the writer of such annoying and costly security breaches spreads across all forms of computing environments from individual, business and government sectors. It remains hidden and protected from detection as it is protected by a major corporation having the masking software on your pc for this case musical Digital Rights Management (DRM)

With the world climate that we live in today where computers are used as a tool for attack and defence of terrorism there can be no leaks of secure information. This issue greatly transcends well beyond the simple issue of musical DRM. This is a major breach of security that has ramifications at all parts of society. A piece of software that is hidden behind such a product is a breach of any security policy of any country.

Sony half baked reply

Sony have replied…

Sony BMG Music Entertainment and a technology partner are working with antivirus companies on a fix for a potential security problem in some copy-protected CDs.

Here is the Sony update update and the FAQ

Over at the FAQ at Sony

6. I have heard that the protection software is really malware/spyware. Could this be true?
Of course not. The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system. Also, the protection components are never installed without the consumer first accepting the End User License Agreement.

A legal point of view is posted here

Another security based review of what the main ‘features’ or this software are here
Here are some of the comments from the legal post above:-

If you’ll read Mark Russinovich’s blog entry, you’ll notice several things that this XCP software does in addition to hiding itself like malware:
– scans the executables corresponding to the running processes on the system every two seconds
– degrades system performance 24/7 (not just when the media player is in use)
– uses misleading names such as “Plug and Play Device Manager” to deceive users into thinking it’s a legitimate part of Windows
– tampers with the low-level operation of the system, causing stability and compatibility problems
 – installs hooks and filters, making it difficult to uninstall without breaking Windows

If that’s not malware, I don’t know what is.

I think J. Stanley’s comment starts to expose the real problem here, and why all the “nerds” are pissed.

This represents DRM gone too far. The techniques used with this DRM package are hacker (the malicious kind) techniques. There has got to be a point at which EULAs cannot protect companies from doing whatever they want.

Here is the Wikipedia entry for a rootkit

DRM (Darn Rootkit Mungrel)

I just checked the new CD from Xavier Rudd that I purchased two days ago to ensure it was not Sony. As if that was the case I would have started the march back to the shop with it and let them know that I came here to purchase my favourite artist’s new CD ‘Food in the Belly’, I most certainly did not come in for the title ‘Rootkit Malware for PC’ title. ‘First4Internet’ really lives up to the company name. I would think that they are the first company to manufacture a rootkit/malware and distribute it with the backing of a global company such as Sony. The spin that will follow this in the near future will be very interesting. I cannot think of any term or spin that can be put on the fact you are trying to install a darn rootkit on my PC. It is far worse than anything that Napster or Kazza did online. At least with those we knew to run antivirus and other protection as the chance of getting infected by something there was very high. But to get it from Sony on a company issued and sanctioned CD is truly mind-boggling. I wonder if in the press release that Sony will be releasing soon that they will publicly recall the 1 million CD’s that have a rootkit on them and apologise to the music listeners of the world for trying to ‘Root’ them. Sony DRM (Darn Rootkit Mungrel) See sysinternals article here on just how bad this is. And CNets article regarding