• DRM systems that use rootkit technology

    Author
    Topic
    #425862

    An article from the always interesting site F-secure: News from the Lab November 1, describes how some music companies use rootkit-based DRM systems to restrict the ability to make copies.

    As this particular DRM technique per se is not malicious it is not a problem, but it can generate false positive alarms when scanning with AV software. Further more it can be abused by malware to hide files!
    Technical details, link from the blog

    Argus

    Viewing 3 reply threads
    Author
    Replies
    • #982479

      A similar article is in The Register. Mark Russinovich of SysInternals is quoted…

      John

      • #982507

        John,
        Yes, although I thought F-secure’s page was more interesting. BUT, the link to Mark Russinovich’s Blog is VERY good.

        The Register says:
        “What makes Sony’s CD digital media software particularly nasty is that using expert tools for removing the parasite risks leaving you with a Windows PC that’s useless, and that requires a full reformat and reinstall.”

        They also quote Mark Russinovich that says something similar, but not exact.

        Well, that is not the first time a removal of something (spyware, virus etc.) could leave the system (still) unusable. This since it wasn’t removed (uninstalled) the appropriate way, since there many times are no appropriate ways!

        I have the deepest respect for Mark Russinovich. In my opinion this particular DRM technique has an even greater problem. Let us say that you accept this being installed and running; then you will have a system that is prepared for malware also.

        Quote F-secure
        “The hiding techniques used by the DRM software can be abused by less technical malware authors to hide their backdoors and other tools. […] Thus it is very inappropriate for commercial software to use these techniques.”

        Argus

        • #982875

          [indent]


          Quote F-secure
          “The hiding techniques used by the DRM software can be abused by less technical malware authors to hide their backdoors and other tools. […] Thus it is very inappropriate for commercial software to use these techniques.”


          [/indent]

          It won’t be long before someone write a peice of malware that explicitly looks for Sony’s rootkit installation and exploits it to attack the machine.

          What am I supposed to do? Ban my users from playing Sony CDs on the office computers?

          • #982935
          • #982994

            > What am I supposed to do? Ban my users from playing Sony CDs on the office computers?

            Yes! Or should I say, playing any CDs or DVDs that want to install software. They should not need to install software.

            • #984574

              My boss (owner) read a few of these articles and instituted a total ban on the purchase of any Sony product.

            • #984611

              Your owner? scratch

            • #984662

              Probably he means his better half… ! evilgrin

              John

            • #984777

              My boss, who is happens to be the owner of the company.

              Not “She Who Must Be Obeyed” (SWMBO)

          • #984428

            Quote F-secure Weblog: News from the Lab November 10:

            “We have just analyzed the first malware (Breplibot. that is trying to hide on machines that have Sony DRM software installed.”

            It isn’t a great threat since it is a badly written program that does not work, but someone is trying! I think we will hear more about this for some months …

            Sadly some people sent hate mails to F-secure last week, accusing them for stealing Sysinternals work. Mark Russinovich did and does a brilliant work, but some people don’t understand that different individuals can be working on the same issue.

            • #984456

              i have 2 car magazine subscriptions that come to my house & last week, both magazines shared 3 identical car articles: “miata vs. solstice”, “sedan showdown” (hyundai sonata, ford fusion, honda accord, and toyota camry), and a “behind the scenes” type of story on a new mercedes. but hey… they are new (hence, news), what else are they going to talk about?

              btw, that was a very interesting article – especially for me since i used to play the game they mention. thanks!

            • #984493

              confused3

              Game? News?

              Sorry if I missed something!

            • #984508

              i was replying to your post about people sending hatemail for them reporting on the same news topics……

              and for the game… it was actually found on StuartR’s link in his reply.

    • #982827

      Sony have now issued a utility to remove the component – XCP Technology software updates

      • #982832

        Tony,
        Yes, I saw that in the morning (this time also on F-secure blog). To clarify, as I understand it, the update removes the component that hides the DRM software. This update doesn’t give the users the ability to uninstall the complete program. I don’t say that you implied that in any way, only wanted to clarify.

        Thanks for the update!

        Regards,
        Argus

    • #985281

      Another reason to have a MAC? poke duck
      [indent]


      The Sony copy-protection software does not install itself on Macintosh computers or ordinary CD and DVD players.


      [/indent]
      From Reuters: Microsoft to remove Sony BMG malware By Lucas van Grinsven

      The difference between Genius and Stupidity:
      A Genius knows their limits.
      - Albert Einstein

    • #985397
    Viewing 3 reply threads
    Reply To: DRM systems that use rootkit technology

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: