Rootkit? Whenever I hear that word, I always
associate it with malware as a means to hide themselves from AV
companies. And do we share the same perspective? I bet but not for
Sony(?!).
The rootkit being utilized by Sony BMG is a technology to protect
its digital property from atleast casual piracy considering the
easy way of CD burning provided by simple software and CD writers.
TrendMicro is still analyzing this software and formulating a stand
on whether this can be considered a threat or not, since it is
being utilized by Sony as DRM (digital rights management), which is
“actually” for a good cause. So, does that actually give rootkits
new definition? Or does that open another door for malicous acts by
some malware authors?
For more details on Sony Rootkit, you may visit:
http://news.cnet.co.uk/digitalmusic/0,39029666,39189658,00.htm
associate it with malware as a means to hide themselves from AV
companies. And do we share the same perspective? I bet but not for
Sony(?!).
The rootkit being utilized by Sony BMG is a technology to protect
its digital property from atleast casual piracy considering the
easy way of CD burning provided by simple software and CD writers.
TrendMicro is still analyzing this software and formulating a stand
on whether this can be considered a threat or not, since it is
being utilized by Sony as DRM (digital rights management), which is
“actually” for a good cause. So, does that actually give rootkits
new definition? Or does that open another door for malicous acts by
some malware authors?
For more details on Sony Rootkit, you may visit:
http://news.cnet.co.uk/digitalmusic/0,39029666,39189658,00.htm
Update (Ivan, 03 November 2005 13:22:46)
Previously, Trend Micro security expert Joe
Hartmann shares the belief that the anticopying technology used by
Sony BMG could be adapted by virus writers to hide malicious
software on the hard drives of computers that have played one of
the CDs. A great analysis on this implementation is featured in
this
site by one Sysinternal researcher.
Hartmann moreover reiterates “how easy it has become to hide
infections from users and AV scanners.”
And then a ‘solution’ presents itself…
According to the most recent
report, “Sony BMG’s technology partner First 4 Internet, a
British company, said Wednesday that it has released a patch to
antivirus companies that will eliminate the copy-protection
software’s ability to hide. In consequence, it will also prevent
virus writers from cloaking their work using the copy-protection
tools.”
The record label and First 4 Internet will post a similar patch on
Sony BMG’s Web site for consumers to download directly, the
companies said.
Hmmm…
Isn’t it the common practice of AV and Anti-Spyware companies to
collaborate with supposed “spyware” creators in fixing or patching
the suspected applications? So is this really “spyware”?
And if it is indeed spyware, aren’t AVs or Anti-Spyware companies
supposed to detect potentially-unwanted programs?
Let’s keep our eyes open on this mates…
Hmmm…
Hartmann shares the belief that the anticopying technology used by
Sony BMG could be adapted by virus writers to hide malicious
software on the hard drives of computers that have played one of
the CDs. A great analysis on this implementation is featured in
this
site by one Sysinternal researcher.
Hartmann moreover reiterates “how easy it has become to hide
infections from users and AV scanners.”
And then a ‘solution’ presents itself…
According to the most recent
report, “Sony BMG’s technology partner First 4 Internet, a
British company, said Wednesday that it has released a patch to
antivirus companies that will eliminate the copy-protection
software’s ability to hide. In consequence, it will also prevent
virus writers from cloaking their work using the copy-protection
tools.”
The record label and First 4 Internet will post a similar patch on
Sony BMG’s Web site for consumers to download directly, the
companies said.
Hmmm…
Isn’t it the common practice of AV and Anti-Spyware companies to
collaborate with supposed “spyware” creators in fixing or patching
the suspected applications? So is this really “spyware”?
And if it is indeed spyware, aren’t AVs or Anti-Spyware companies
supposed to detect potentially-unwanted programs?
Let’s keep our eyes open on this mates…
Hmmm…