Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

In Depth

Technology

Sony and the rootkit

How a programmer's blog turned into a PR and legal nightmare for Sony

Last Updated Nov. 10, 2005

CBC does not endorse and is not responsible for the content of external sites. Links will open in new window.

A week before Halloween 2005, programmer Mark Russinovich got a nasty surprise that had nothing to do with vampires or ghouls.

Russinovich was running a new version of one his company's security programs and found that his computer was covertly handling programs he didn't know were there. For an expert on the internal workings of Microsoft Windows, that was unusual.

He continued digging and found the programs were cloaking themselves using a "rootkit," a technique that isn't dangerous by itself, but is most often used in computer viruses to prevent their detection.

The hidden programs were written by the company First 4 Internet. After a bit of Googling, Russinovich found that First 4 Internet had licensed software to Sony BMG to protect the company's CDs from being copied.

And so he found the source of the program that was sneaking around inside his computer: a CD he had just bought, Get Right with the Man by the band Van Kant, released by Sony BMG.

The CD was advertised as copyright-protected on Amazon.com, where Russinovich had bought it, and he had clicked on an installation agreement when he had put it in his computer's CD-ROM.

But Russinovich wasn't happy about this CD installing software on his computer and then masking it using techniques normally used by viruses and worms.

His first attempt at deleting the offending software disabled his CD-ROM drive.

"Now I was really mad," wrote Russinovich.

After Russinovich got his computer cleaned up, using techniques far beyond a typical Windows user, he wrote about his findings on his blog on Oct. 31:

"Not only had Sony put software on my system that uses techniques commonly used by malware [malicious software] to mask its presence, the software is poorly written and provides no means for uninstall.

"Worse, most users that stumble across the cloaked files … will cripple their computer if they attempt the obvious step of deleting the cloaked files."

Almost immediately, blogs concerned with technology and copyright issues started buzzing about Russinovich's findings. Other tech blogs chimed in with their own takes on the rootkit.

It didn't take long for the tech news websites to notice. The next day, Nov. 1, News.com ran a story about the security concerns over Sony's protection scheme. The CEO of First 4 Internet told them the cloaking mechanism they used wasn't a risk to computers and CDs using this program had been out for eight months without complaints from customers.

SonyBMG told News.com the hidden files could be "easily" uninstalled by contacting their customer support, but those instructions where not on the Sony website at the time.

Security experts interviewed for the story said the fact that the Sony program was hidden wasn't itself harmful. It did remain active on the computer even when the CD isn't being played, so the cloak could be abused by a computer virus.

(As if to fulfil the prophecy, a Finnish antivirus research team found on Nov. 10 the first malicious software that attempts to hide itself using the Sony cloaking software.)

Two days after Russinovich's first blog post on the topic, Sony released a free update to its software that "removes the cloaking technology component." Again, blogs started buzzing about whether Sony's software could be trusted. Security experts found that the software patch removes the rootkit, but causes new programs of its own and can cause computers to crash.

The mainstream media, including the Associated Press and BBC, then got a hold of the story. Lawyers interviewed in the stories questioned the legality of Sony installing hidden files that resist being deleted. Representatives for Sony and First 4 Interest countered that the CDs were clearly labelled as copy-protected.

On NPR, Thomas Hesse, president of SonyBMG's global digital business division, lashed back at the blogs for causing such a fuss over software that he said was installed on just 20 CDs.

"Most people don't even know what a rootkit is, so why should they care about it?" said Hesse.

The firestorm on the blogs continued, with some Sony customers claiming the copy-protected CDs had caused their computers to crash. Websites published lists of CDs that incorporated the cloaked copy-protection scheme, warning consumers not to buy them.

Computer software companies that produce antivirus programs began to openly wonder whether they should include Sony BMG's CDs on their list of malicious software. Eventually, Computer Associates did just that, adding the copy-protection software to the virus definitions of their PestPatrol program. And Microsoft itself added Sony's rootkit to the malware definitions in its Windows AntiSpyware program.

On Nov. 10, Reuters reported that a lawyer for a group of consumers filed a class-action lawsuit against Sony BMG claiming their computers have been harmed by the CDs' anti-piracy software.

In response to all of the negative publicity it received over the copy-protection scheme, Sony BMG suspended its use as a "precautionary measure."

Go to the Top

Menu

Main page

Technology

Green machines
Disk drive: Companies struggle with surge in demand for storage
Open season: Will court decision spur Linux adoption?
Analogue TV
Video games: Holiday season
Video games: Going pro
Guitar Hero
Parents' guide to cheap software
Working online
Laptop computers for students
Technology offers charities new ways to attract donations
The invisible middleman of the game industry
Data mining
Two against one
The days of the single-core desktop chip are numbered
Home offices
Cyber crime: Identity crisis in cyberspace
Yellow Pages - paper or web?
Robotics features
iPhone FAQ
Business follows youth to new online world
A question of authority
Our increasing reliance on Wikipedia changes the pursuit of knowledge
Photo printers
Rare earths
Widgets and gadgets
Surround Sound
Microsoft's Shadowrun game
Dell's move to embrace retail
The Facebook generation: Changing the meaning of privacy
Digital cameras
Are cellphones and the internet rewiring our brains?
Intel's new chips
Apple faces security threat with iPhone
Industrial revolution
Web developers set to stake claim on computer desktop with new tools
Digital photography
Traditional film is still in the picture
HD Video
Affordable new cameras take high-definition mainstream
GPS: Where are we?
Quantum computing
What it is, how it works and the promise it holds
Playing the digital-video game
Microsoft's forthcoming Xbox 360 Elite console points to entertainment push
Online crime
Botnets: The end of the web as we know it?
Is Canada losing fight against online thieves?
Malware evolution
Money now the driving force behind internet threats: experts
Adopting Ubuntu
Linux switch can be painless, free
Sci-fi projections
Systems create images on glass, in thin air
Power play
Young people shaping cellphone landscape
Digital cameras
Cellphone number portability
Barriers to change
Desktop to internet
Future of online software unclear: experts
Complaining about complaints systems
Canadian schools
Multimedia meets multi-literacy age
Console showdown
Comparing Wii, PS3 and Xbox 360 networks
Social connections
Online networking: What's your niche?
Virtual family dinners
Crackdown
Xbox 360 console game
Vista and digital rights
Child safety
Perils and progress in fight against online child abuse
Biometric ID
Moving to a Mac
Supply & demand
Why Canada misses out on big gadget launches
Windows Vista
Computers designed for digital lifestyle
Windows Vista
What's in the new consumer versions
Cutting the cord
Powering up without wires
GPS and privacy
Digital deluge
RFID
Consumer Electronics Show
Working online
Web Boom 2.0 (Part II)
GPS surveillance
Hits and misses: Best and worst consumer technologies of 2006
Mars Rovers
Voice over IP
Web Boom 2.0
Technology gift pitfalls to avoid
Classroom Ethics
Rise of the cybercheat
Private Eyes
Are videophones turning us into Big Brother?
Windows Vista
Cyber Security
Video games: Canadian connections to the console war
Satellite radio
Portable media
Video games
Plasma and LCD
Video screens get bigger, better, cheaper
Video games:
New hardware heats up console battle
High-tech kitchens
Microsoft-Novell deal
Lumalive textiles
Music to go
Alternate reality
Women and gadgets
High-tech realtors
The itv promise
Student laptops
Family ties
End of Windows 98
Bumptop
Browser wars
Exploding laptop
The pirate bay
Stupid mac tricks
Keeping the net neutral
PS3 and WII at E3
Sex on the net
Calendars, online and on paper
Google, ipod and more
Viral video
Unlocking the USB key
Free your ipod
In search of
Xbox
Sony and the rootkit
Internet summit
Electronic surveillance
[an error occurred while processing this directive] [an error occurred while processing this directive]
Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

World »

302 Found

Found

The document has moved here.

more »

Canada »

302 Found

Found

The document has moved here.

more »

Politics »

302 Found

Found

The document has moved here.

more »

Health »

302 Found

Found

The document has moved here.

more »

Arts & Entertainment»

302 Found

Found

The document has moved here.

more »

Technology & Science »

302 Found

Found

The document has moved here.

more »

Money »

302 Found

Found

The document has moved here.

more »

Consumer Life »

302 Found

Found

The document has moved here.

more »

Sports »

[an error occurred while processing this directive] 302 Found

Found

The document has moved here.

more »

Diversions »

[an error occurred while processing this directive]
more »