Sunday, November 13, 2005

The Sony/BMG DRM "rootkit"


The Sony/BMG DRM rootkit was first discovered by F-Secure and widely publicized by Mark Russinovich of Sysinternals in his blog. The Sony DRM hides itself by modifying the Windows kernel, names itself "Plug and Play Device Manager" to confuse users, consumes CPU resources whether running or not with sloppily written code that does things like querying the file size eight times per scan, scanning every two seconds, and, worst of all, allows any hacker to easily hide files on your system.
Sony's
license agreement is vague about what it's installing and implies that it can be easily disabled. It cannot.
Use Sysinternals'
Rootkit Revealer or F-Secure's Blacklight to find the rootkit - look for $sys$ - but don't remove it or you'll loose access to your CD-ROM drive.
Sony is now offering
removal instructions that point you to the XCP Aurora web site and Service Pack 1 containing "fixes and workarounds." (from Twit)

Also there is a similar program that is on DVD’s. If it is installed your DVD copying software will no longer work, so never install anything from a music CD of a movie DVD or you may be sorry you did! If you can don’t buy Sony CD’s! (Boycott Sony Music) All this type of crap will do is start making people turn to copy more music illegally!

0 Comments:

Post a Comment

<< Home