Sony DRM installs NT rootkit

Mark Russinovich, a Windows expert and author of the famous Sysinternals tools discovered that Sony’s latest copy protected CDs install a small rootkit to protect the media content. Bothering? Add that the rootkit cannot be uninstalled using the Add/Remote Programs Control Panel applet and even if you bypass the file protection of the rootkit, deleting the drivers will cause you to “lose” your CD drive. Also add that the rootkit drivers are poorly written: they may make your system instable and open an easily exploitable backdoor for viruses and other malware, because the “DRM protection” hides any folder containing the string “$sys$”. Driver bugs may also prevent to boot your system in Safe Mode.

If this is OK for Sony, I have great news for them: they just lost a customer. I will not buy any Sony CDs marked with “Copy Protection” and I will dissuade everyone around me from buying Sony CDs. No music is worth driving my system into crashes or making the system insecure. It is just not the way how copy protection should be implemented.

3 thoughts on “Sony DRM installs NT rootkit

  1. Allianz

    Yes it seems that Sony are now very red faced over this one. Microsoft have updated their Malicious Software removal tool to remove it.

    Some years ago I purchased a TV with an in-buit VCR. Later the copy protection system called macrovision came out and virtually rendered this TV useless for anything other than free-to-air reception.

    While I understand that illegal copying of copyrighted works does have a serious negative impact, Solutions like these are not the answer.

  2. Pingback: Vamsoft Insider » Blog Archive » Sony BMG Rootkit Battle Won

Leave a Reply

Your email address will not be published. Required fields are marked *

AlphaOmega Captcha Classica  –  Enter Security Code