Thursday, November 03, 2005

Sony rootkit and viruses - Think again before installing that music cd from Sony

Sony is installing rootkit and viruses on computers? I could have never believed it just a couple of years ago. But today seeing how greedy corporations are getting, I have no choice but to believe it.

GameShout reports
Sony is using spyware and rootkit technologies to prevent unauthorized copying of its music CDs. It has become the basis of a dispute that once again pits comptuer advocates against an entertainment company experimenting with new ways to prevent the unauthorized copying of its products.

And in case you are wondering that what about uninstalling the rootkit put by Sony, Andy (GameShout) had this to say
the uninstall process is not exactly straightforward and cannot be done through the Add or Remove Programs utility in the Windows control panel.

Sony has released a patch after facing backlash from security companies. Be warned, that after using the patch you cannot play that music CD either. So either you give control of your computer to Sony or stop listening to music from Sony.

The next time you pop-in that music cd from Sony, you may be asking for more than you want. According to reports, the media giant is installing rootkit on every computer where the cd is to be played. rootkits are a nightmare of a systems administrator and may leave your computer exposed to other hackers.

Credit goes to Mark Russinovich for discovering the Sony rootkit.

Rootkits that hide files, directories and Registry keys can either execute in user mode by patching Windows APIs in each process that applications use to access those objects, or in kernel mode by intercepting the associated kernel-mode APIs. A common way to intercept kernel-mode application APIs is to patch the kernel’s system service table, a technique that I pioneered with Bryce for Windows back in 1996 when we wrote the first version of Regmon. Every kernel service that’s exported for use by Windows applications has a pointer in a table that’s indexed with the internal service number Windows assigns to the API. If a driver replaces an entry in the table with a pointer to its own function then the kernel invokes the driver function any time an application executes the API and the driver can control the behavior of the API.

According to a comment posted on SysInternals by SiliconAngel:
... Whether or not Sony accepts responsibility for it, I do believe they should be prosecuted by governments as a matter of course - you can't let a multinational get away with criminal practices just because they're a big company! Do you think courts would be lenient with virus writers if they said 'We CLEARLY mentioned in the attached text file what parts of the system were being affected while we pwn3d each user's PC. If they wanted to remove our virus, all they had to do was contact us at the listed help desk number and pay $4.30 a minute, fill out some forms and download the removal tool. Trying to remove the virus on their own was clearly not part of their licence agreement and they deserve what they got!'? I think not...

IMO, this is really sickening.

- - - - -


Post a Comment

<< Home