Sony offers removal and replacement for rootkit DRM

Summary:By way of ZDNet reader Barb Bowman comes news that Sony BMG is moving quickly to clean up the PR disaster that ensued after Mark...

By way of ZDNet reader Barb Bowman comes news that Sony BMG is moving quickly to clean up the PR disaster that ensued after Mark Russinovich provided an incredibly detailed account of how the company was including Digital Restrictions Management (DRM) software on its artists' CDs that, like Trojan horses, not only surreptitiously installed itself on PCs, but used a common-to-malware technique known as a rootkit to cloak itself in a way that made discovery and/or removal of the software very difficult. 

As if news of the underhanded technique wasn't bad enough for Sony BMG, the situation spiraled even further out of control when it became apparent that Russinovich's exposure of the rootkit's details may have given hackers the hall pass they needed to treat the rootkit as a back door entry point into "infected" systems.  IT managers should take note since there's a likelihood that the CDs have been used in business systems. 

Sony promised a fix and now, within days of the rootkit's discovery (and subsequent outrage that spread on the Net like wildfire) that fix is apparently already available.  According to Bowman's blog, "Sony BMG and First 4 Internet have just released an update that will completely remove the rootkit based DRM content protection software and replace it with anon-rootkit DRM technology that is compatible with all current security protocols."  Oddly, the downloadable fix is being referred to as "Service Pack 2"  but it should not be confused with Microsoft's Service Pack 2 for Windows XP.  Whereas the fix only handles substitution of the new DRM technology for the old rootkit-based on, Sony is apparently providing another form-based process for removal altogether.  However, the removal procedure reveals yet another minor gaff that Sony says it hopes to have corrected later this month: it requires Internet Explorer and ActiveX.  

One question I have, in case anybody knows the answer, is what happens when you put one of these CDs into a non-Windows computer (ie: Mac or Linux).

Topics: Security


David Berlind was fomerly the executive editor of ZDNet. David holds a BBA in Computer Information Systems. Prior to becoming a tech journalist in 1991, David was an IT manager.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.