Antivirus firms consider protection against Sony DRM rootkit

Kaspersky calls it spyware, while at Sophos it's ineptware. Whatever you call the software used by Sony's digital rights management, antivirus companies are considering adding protection against it to their products

Antivirus firms are considering protecting their customers from the digital rights management software used by Sony on some CDs.

Kaspersky Labs has classed Sony's DRM software as spyware because, among other things, it can cause crashes and loss of data and it can compromise system integrity and security.

Explaining its decision, Kaspersky said it used the definition of spyware provided by the Anti-Spyware Coalition. Sophos is similarly scathing of Sony and is calling the software "ineptware".

The issue reaches much further than the individual PCs of those users who buy particular Sony CDs, say the antivirus companies. The DRM software uses what is known as a rootkit, which means that it is invisible to the operating system, to most anti-virus and security software and to IT departments trying to cope with security on user's desktop and notebook PCs.

Furthermore, say the antivirus companies, the software can be exploited by hackers and viruses and used to cloak any file from the operating system.

"The Sony rootkit can be used to hide any files from the operating system, so we think the way that Sony has implemented this is somewhat flawed," said Graham Cluley, senior technology consultant at Sophos. "The danger is that other malware may come along which exploits the Sony rootkit."

Due to what Cluley said is a lack of malicious intent on Sony's part, Sophos is not defining the rootkit itself as malware, preferring instead to refer to it as ineptware.

"We don't really believe this is malware and so we don't currently detect it," said Cluley. However, he said detection for rootkits like that used by Sony will be built into Sophos Antivirus version 6, due out in 2006. "This is potentially unwanted...

For more, click here... and we will add the capability to detect the bad stuff and give the enterprise more control over what is on their PCs. This software is the sort of thing we will consider adding."

At Kaspersky Labs, senior technology consultant David Emm said he was also dismayed to see Sony using rootkits. "We don't have an issue with Sony taking steps to protect its legal rights and licensing," he said. "But given that over the past 12 to 18 months we have seen an increasing use of rootkits (by criminals), to see similar technology being implemented from someone supposedly on the good side is particularly worrying."

Use of techniques that are usually the preserve of criminals by companies such as Sony are causing problems to antivirus and security companies. "Previously it has been possible to say a rootkit equals a bad thing, but now we're having to deal with things that are not so clear cut," he said.

Kaspersky uses the term riskware to define programs that behave like malware but may not have malicious intent behind them. Although it attempts to detect riskware, so that users can be asked what they would like to do with it and so that policies can be created, it does not currently detect the rootkit used by Sony's DRM. "At the moment this is still under discussion and no final decision has been made," he added.

[? /*CMS poll(20003927) */ ?]Sony's use of techniques usually employed by hackers and virus writers makes it much more difficult to differentiate between malicious and benign software, said Kaspersky on its blog. "Rootkits are rapidly becoming one of the biggest issues in cybersecurity. Vendors are making more and more of an effort to detect this kind of threat. So why is Sony opting to use this dubious technology?" wrote Kaspersky Labs.

"Naturally, we're strongly against this development. We can only hope that this message comes across loud and clear to the people who have a say in this at Sony and elsewhere. We'd hate to see the use of rootkits becoming a habit among mainstream software manufacturers when there are so many security and ethical arguments against such use."


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All