X
Business
Home Business Enterprise Software

Sony rootkit prompts office clampdown on CD use

Sony's decision to include rootkit-like copy restrictions on some of its music CDs is prompting some companies to review whether they allow their staff to use personal CDs at work.Last week, Trojan horses emerged that avoid detection by using the digital rights management, or DRM, software used by Sony BMG Music Entertainment on some of its audio CDs.
Written by Graeme Wearden, Contributor and  Ingrid Marson, Contributor
Sony's decision to include rootkit-like copy restrictions on some of its music CDs is prompting some companies to review whether they allow their staff to use personal CDs at work.

Last week, Trojan horses emerged that avoid detection by using the digital rights management, or DRM, software used by Sony BMG Music Entertainment on some of its audio CDs. This software uses the same techniques used by rootkit malicious software to hide itself from the operating system, which makes it particularly difficult to detect.

Andrew Yeomans, vice president of global information security at Dresdner Kleinwort Wasserstein, said that he is already assessing whether the Europe-based investment bank needs to tighten up its controls.

"I'm reviewing the autorun settings for music CDs, but not planning to ban their use," Yeomans said. "We certainly don't want arbitrary software to be installed."

Yeomans added that the bank cannot prevent all its employees from running executable programs from a CD or download. That's because some people have to be given administrator rights to use certain applications, which would allow them to override such restrictions.

Richard Starnes, president of the Information Systems Security Association, said that other companies should consider whether they need a policy on CD use.

"This is certainly something that would trigger a review of policies. I would advise companies to review the situation," Starnes said.

"If it's solely a Sony issue, it is easier for a company to make a decision that it will not allow particular Sony CDs. But if it becomes widespread, then it becomes difficult to decide what CDs are allowed or not allowed," added Starnes, who was speaking before Sony announced it had stopped producing CDs containing the rootkit-like software, called XCP.

Other companies have confirmed that they are also watching the situation closely.

"Something that can get in and hide itself would have the security people screaming their heads off," said the capacity manager at one major financial firm, who asked to remain anonymous.

"Up until now, they thought that audio CDs are safe. I think that will change, and I wouldn't be surprised if every major bank changed their policy. The fact that this software can be used to hide other stuff means that the possibilities for getting at customer data are horrendous," he added.

Opposition to Sony's behaviour has been fierce, with threats of boycotts and even legal action.

Ingrid Marson and Graeme Wearden of ZDNet UK reported from London. For more coverage from ZDNet UK, click here.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

pxl-20240424-181716738

Facebook's Meta AI is lying when it says you can disable it - but here's what you can do

Placeholder product image alt text

The best AI image generators to try right now