Skip to main content

Sony's DRM 'rootkit' patch doesn't go far enough

On Tuesday I blogged about the excellent piece of detective work by Mark Russinovich of Sysinternals, which uncovered Sony’s underhand use of ‘rootkit’ technology in its latest Digital Rights Management software (DRM) – the term ‘rootkit’ is generally used to describe tools and techniques used by hackers to hide malware and viruses from security software.

Now it seems that Finnish anti-virus company F-Secure was also independently investigating (opens in new tab)Sony’s DRM ‘rootkit’ and what they found concerned them.

According to Mikko Hyponnen, F-Secure’s director of anti-virus research, Sony’s DRM software was implemented in a way that could allow viruses and other malicious programs to use the rootkit to hide from security software. In effect, a virus could remain undetected even if a user’s anti-virus software is completely up-to-date.

F-Secure, however, warns against using its own rootkit detection software to remove Sony’s DRM software. “If you find this rootkit from your system, we recommend you don't remove it with our products. As this DRM system is implemented as a filter driver for the CD drive, just blindly removing it might result in an inaccessible CD drive letter”, warns Hyponnen. Instead, he advises users to contact Sony direct.

So what has Sony’s response been to the controversy? Well First 4 Internet (opens in new tab), the UK company behind the DRM rootkit has issued a patch that removes the “the cloaking technology component” of the XCP Technology used on Sony CDs.

First 4 Internet says it will also work with anti-virus to use applications such as Norton Anti-Virus to distribute the patch to users, but given that these DRM CDs have been on sale since at least June (opens in new tab)that leaves a lot of users that could potentially be at risk.

Crucially, however, the patch will not remove Sony’s DRM software completely from your machine. To do this, according to this post on the Washington Post’s security blog (opens in new tab), you will need to contact Sony direct, which will involving you, the law abiding user, being grilled by as to why you should what to remove Sony's uninvited DRM software from your system. Oh, and by the way, the removal process only works for users of Internet Explorer, so if you use Firefox then Sony says bad luck.

Also, bear in mind that if you do remove Sony’s DRM rootkit then you will no longer be able to play your CD, and don’t not expect Sony to provide a non-DRM replacement – it says it doesn’t do them.

So, as per usual with most DRM software, users that play it by the rules continue to be penalised whilst the serious pirates continue unhindered. Will other record companies follow Sony’s path? Unless we kick up enough of a stink it seems inevitable that others in the music industry will follow Sony and continue to make DRM software evermore intrusive into our everyday lives.