Gartner has criticised Sony for using
rootkit technology to hide its Digital Rights Management (DRM)
tool, which the analyst group said meets both the 'formal and
informal definitions of spyware', and is 'unacceptable'
The DRM software is called XCP and was created by UK-based
First 4 Internet. It installs automatically when a CD is played
on a PC and hides itself deep within the operating system.
Security experts have
blasted the cloaking mechanism, which is called 'rootkit',
because it could be exploited by virus writers. Malware
designed to take advantage of the veil provided by Sony BMG
started appearing last week.
According to a research note published by Gartner, the use of
"spyware techniques… constitutes bad business practice and
should be discouraged". The note went on to say that sneaking
software onto a computer without consent is "unacceptable"
Gartner also criticised Sony for deliberately making the
process of removing XCP complicated: "It was deliberately
designed to be difficult to remove, and although Sony has now
issued a patch that 'decloaks' the software, the process for
completely removing the software from the user's computer is
complex, requires the user to interact with Sony and is not
included with the CD".
Personal firewall developer Zone Labs, which is owned by
enterprise security firm Check Point, also slammed Sony on Monday
for using what it called 'hacker-type techniques' to copy protect
Laura Yecies, general manager at Zone Labs and vice president
at Check Point, said: "While we understand Sony's need to protect
its digital rights, compromising the security of its customers by
using hacker-type technologies such as rootkits that create
points of entry for actual hackers are not the answer."
Microsoft has said it will
protect Windows users from Sony's DRM software by updating
its AntiSpyware and Malicious Software Removal Tools to allow its
detection and removal.
Sony has now
stopped production of CDs using XCP software but the company
has admitted that it will continue using an antipiracy tool
developed by SunnComm.