Tech Shout!

On Wednesday, reacting to criticism of its CD copy protection, Sony posted a patch that revelas files previously hidden by a rootkit. However this reaction maybe regarded as a slightly late one as hackers are already discussing ways to use the rootkit to conceal their own code.

Sony put a patch on its Web site on Wednesday that “removes the cloaking technology component on SONY BMG content protected CDs,” according to a statement on the site. The patch can be downloaded and installed while online, or a 3.6MB file can be retrieved for later installation.

Sony defended the technology even after posting the patch.”This [rootkit] component is not malicious and does not compromise security. However, to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released.”

Although Sony said that for several months it has been using the First4Internet-developed digital rights management (DRM) software on selected CDs for several months, it was only this week that researchers discovered that the technology relied on a rootkit to hide files. The practice was quickly condemned by other security experts because rootkits are typically used only by virus, worm, and spyware writers to hide their code.
Results of an investigation into the Sony DRM done by Helsinki-based F-Secure, which with independent researcher Mark Russinovich, tested the patch and confirmed tested the patch and confirmed. “It now seems that the DRM software no longer attempts to hide anything on the computer,” F-Secure concluded. “The rootkit driver (aries.sys) is removed from the system during the update.”

The copy protection scheme itself, however, remains on the PC, and cannot be removed without special tools and a complicated, risky procedure. F-Secure, in fact, continued to recommend that users request additional software from Sony to remove all traces of the DRM software. Users must fill out this Web form to make the request.