1-12-2006: Now it's starting to get interesting. Norton admits to hiding a directory (ala rootkie) in Norton SystemWorks but says it has updated the program to remove the hidden directory.
12-17-2006 Lavasoft, the makers of AdAware, has released a beta version of a program to remove Sony's rootkit. It does not remove the copy protection part of the Sony software.
http://www.lavasoftresearch.com/betaprogram/rootkit.php
12-07-2007 The Internet is now reporting the that latest MediaMax uninstaller leaves a potenial security 'hole' in your computer.
12-06-2005: Sony has released another uninstaller for their XCP rootkit program. They promise this one will work without leaving a large security hole on your computer. Too soon to tell if this is true.
http://cp.sonybmg.com/xcp/english/updates.html
They also released a uninstaller for MediaMax, their other copy protection program. It can be loaded to your computer via:
http://sonybmg.com/mediamax/
*****************************************************************************
This is super scary. Sony Music is including a 'rootkit' program that secretly installs on your computer when you insert one of their Content/Copy Protected CD's.
A 'rootkit' program is a program that is invisible to any program running on your computer (including anti-virus programs) and can do ANYTHING it wishes to your computer: Allow 'bad guys' to access your computer without your knowledge, use your computer to attack other computers, steal or erase your data and/or passwords - ANYTHING..
And you get this installed automatically and without your knowledge just by inserting a SONY copy protected CD that you have purchased legally.
This web site has the details.
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
PS: If you have already played a Sony Content/Copy Protected CD on your computer and you think you may have this rootkit programed installed, it will take someone a lot more knowledgeable than me to remove it.
PSS: More information from an antivirus firm that has been developing a rootkit detector/remover program (Blacklight). Notice that they say while the rootkit appears to be used to insure you don't make copies of the CD it also makes if very easy for bad guys to use the rootkit for what ever purpose they desire. They also imply that there might be a removal program available from Sony/BMG.
http://www.f-secure.com/weblog/archives/archive-112005.html#00000691
11-2-2005: Sony is beginning to back-pedal and trying to 'spin' this as a non-event.
Sony BMG's technology partner First 4 Internet, a British company, said Wednesday that it has released a patch to antivirus companies that will eliminate the copy-protection software's ability to hide. In consequence, it will also prevent virus writers from cloaking their work using the copy-protection tools.
The record label and First 4 Internet will post a similar patch on Sony BMG's Web site for consumers to download directly, the companies said.
11-3-2005: After facing a barrage of negative publicity, Sony is offering the patch as a download. Do NOT install this patch unless you think you might have the rootkit program installed on your computer.
http://updates.xcp-aurora.com/
11-15-2005: Turns out that the Sony patch installs a HUGE security hole in your computer. Do NOT install it. Microsoft Antispyware and other antivirus programs are currently only making the hidden files visible, not removing the rootkit.
11-17-2005: It looks like all of the antivirus and antispyware programs will only make the invisible rootkit files visible, not remove them or any other part of the kit. Removing the entire Sony program is pretty tricky and the manufacturers of the removal programs are not sure that it is even legal. Sony continues to try to avoid issuing a program that will totally remove the program rootkit.
11-18-2005: This just keeps getting more interesting. Sony has included another copy protection program on other music discs. While this one is not a hidden rootkit program, it does track what options you install and who knows what else and sends that data to Sony. Given the uproar over the rootkit program, they have begun to offer an uninstaller for this program. Guess what - it also leaves a large security hole in your system. Current state of affairs - don't uninstall either Sony copy protection program. I feel sure that one or more geeks will issue a reliable uninstall program because the antivirus/antispyware companies don't have the guts to touch this.
Thursday, January 12, 2006
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment