Protect Yourself from Sony DRM Rootkit Malware
Sony began experimenting in November 2005 with new Digital Rights Management (DRM) software on their music CDs. While created to prevent pirating of the music they sell, the software appears to have unintended negative consequences for those whose computers it is installed in. Sony installs a system-level application that effectively hides all file names from the user with specific filenames. These files are still present on the system and can be run normally, however any mention of their presence on the system is hidden from the user. This could allow authors of malicious software to use Sony's DRM software to hide their trojan horses on your computer.
Steps
- Disable Autorun on your Windows PC. This way the software cannot be automatically loaded onto your computer when you insert a Sony DRM enabled audio disc or application.
- When you insert a Sony CD into your computer, do not accept the Sony End User License Agreement (EULA). Accepting this long document in legalese effectively means you give permission for Sony to install software on your computer. Don't.
- Copy the music tracks to your computer if you so desire. Since these discs are designed to intentionally hide files from Windows, you may need specialized ripping software. Ripping programs such as Exact Audio Copy (see external links) can read these files if you have turned off autorun and disabled the spyware install.
- If you're already experiencing problems, read Remove Cloaked Malicious Programs Associated with Sony DRM
- Sony has released a patch in response to criticism. In theory, the patch removes the cloaking-rootkit aspects of their software, though leaves the DRM (which prevents copying the music) in place but now unhidden. See Warnings for concerns regarding the patch, and External Links (below) to download it if you choose.
Tips
- Create a file with the name $sys$ on your computer, if the file disappears you are most likely already infected with the Rootkit.
- Technical novices can ensure safety by not placing any new CDs distributed by Sony or BMG into your PC until this issue is resolved.
- Discs with Sony's DRM cannot be officially called Compact Discs, as they violate the original "Red Book" standard devised by Sony and Philips in June 1980. They can be easily spotted as the cases will not feature the familiar 'Compact Disc' logo.
- Microsoft is also coming out with a Rootkit fix in their Microsoft Antispyware Beta (Windows Defender). You can also download this program to fix this issue. (Ref: http://blogs.technet.com/antimalware/archive/2005/11/12/414299.aspx ).
Warnings
- Extensive concerns have been voiced about the patch Sony has released in response to criticism of their DRM. While it does remove the cloaking and theoretically reduces the risk of trojan horses hiding on your PC, it does not remove the DRM, and some believe it installs other new files on your PC. Ideally avoid getting the DRM software installed on your PC in the first place, however, if you already have it, you will have to decide whether it is worth the risk of installing more bad Sony software. Read Remove Cloaked Malicious Programs Associated with Sony DRM for more info.
- Since this article was written, Sony has announced that they will be recalling CDs with the XCP software. Details on this recall have not yet been announced.
Related Articles
- Disable CD and DVD Autorun in Windows XP
- Convert Protected Audio Into a Plain MP3
- Remove Cloaked Malicious Programs Associated with Sony DRM
- Back Up a DVD Onto a VCD
Sources and Citations
- Rootkit info from Wikipedia
- Exact Audio Copy - Software that can safely copy DRM protected CDs to your computer.
- Wired.com on Boycotting Sony
- Warning about DRM Removal Patch
- DRM Removal Patch (See Warning!)
- Muzzy's research about Sony's XCP DRM system
- Microsoft Antispyware Beta
- Wired.com Article: Sony Recalls XCP DRM Discs