Replies

I've been reading over this story the past few days and it is far worse than most can imagine.

First off, like in the sysinternal blog, if you remove it under normal means (such as deleting it) your CD-Rom is gone. You have to do a bit of work to get it back.

From what I've read, the sony rootkit hoses Windows Vista installs to the point of requiring a reinstall.

From what I understand, the EULA that you agree to that installs the player from the CD DOES NOT mention the rootkit that gets installed with it. Neither is there an uninstall routine provided with it. Sony's uninstall for it that just came out requires installing an ActiveX control onto your machine to remove the rootkit. Hopefully there's an uninstall for the control.

And yes, people have been threatened with jail time for doing these very same things.

Apparently this has been around for a while and it is only recently people have found it or discovered the true nature of the DRM so there's no telling how many machines are infected. An early version of it was easily bypassed by going to safe mode in Win so it was updated to list the rootkit as a safe mode driver which only makes it worse. There seems to be a big list of threads on tech forums from up to a year ago from people trying to figure out why weird things were happening on their machines to point of reinstall of windows is needed. Theories are now pointing at this rootkit as the cause.

Plus I believe the sony rootkit uses 1 to 2 percent of your cpu cycles even if there is no CD in the drive.

Now for the worst part, the sony rootkit is so badly written that it simply just hides any file that starts with &sys& on the system. Meaning that virus writers can now just name all of their files beginning with &sys& and the sony rootkit will hide those files for them. Therefore no virus scanner would be able to detect a virus using that naming scheme on a system with the sony rootkit. Even if you knew for a fact it was there! You would need something like Rootkit Revealer to see it. So, open door for all the nasty software of the world.

Thanks sony.

If there is to be a lawsuit over this I think it would be after a virus hits the net that takes advantage of it. And if the virus is nasty enough that causes enough problems then heads will roll at sony. Probably also at the company that made the rootkit in the first place. Most hopefully the programmer or programmers involved.

With their names on some sort of blacklist.

Woops, it looks like the first malicious use of the sony rootkit has happened. I found this while researching as I typed this up. Blizzard uses a program called Warden to scan your machine's processes while you play attempting to catch you cheating at games like World of Warcraft. Cheaters can now use the naming scheme that the sony rootkit uses to cheat because the Warden program would be unable to detect the cheating programs the user has. Anybody want to start a pool on when the first virus hits?

Good news is that it doesn't seem to affect Mac users. I think I even saw a workaround that allows a Mac user to rip the music from the disc to give to their PC buddy so that he can play his music on the PC. Maybe this is a bad attempt from sony to get everybody to switch to the Mac.

Also, if you are running a non-adminstrator account on your Windows machine it should not get installed. Of course you probably can't listen to your music on your computer from the cd that you purchased but why would sony worry over that small detail?

There is a great podcast called SecurityNow! that I listen to and they released an early edition covering this topic. There are also starting to cover Wi-Fi security which I recommend everyone with a wireless router to download.

http://www.grc.com/securitynow.htm