In Depth
Technology
Sony and the rootkit
How a programmer's blog turned into a PR and legal nightmare for Sony
Last Updated Nov. 10, 2005
John Bowman, CBC News
A week before Halloween 2005, programmer Mark Russinovich got a nasty surprise that had nothing to do with vampires or ghouls.
Russinovich was running a new version of one his company's security programs and found that his computer was covertly handling programs he didn't know were there. For an expert on the internal workings of Microsoft Windows, that was unusual.
He continued digging and found the programs were cloaking themselves using a "rootkit," a technique that isn't dangerous by itself, but is most often used in computer viruses to prevent their detection.
The hidden programs were written by the company First 4 Internet. After a bit of Googling, Russinovich found that First 4 Internet had licensed software to Sony BMG to protect the company's CDs from being copied.
And so he found the source of the program that was sneaking around inside his computer: a CD he had just bought, Get Right with the Man by the band Van Kant, released by Sony BMG.
The CD was advertised as copyright-protected on Amazon.com, where Russinovich had bought it, and he had clicked on an installation agreement when he had put it in his computer's CD-ROM.
But Russinovich wasn't happy about this CD installing software on his computer and then masking it using techniques normally used by viruses and worms.
His first attempt at deleting the offending software disabled his CD-ROM drive.
"Now I was really mad," wrote Russinovich.
After Russinovich got his computer cleaned up, using techniques far beyond a typical Windows user, he wrote about his findings on his blog on Oct. 31:
"Not only had Sony put software on my system that uses techniques commonly used by malware [malicious software] to mask its presence, the software is poorly written and provides no means for uninstall.
"Worse, most users that stumble across the cloaked files … will cripple their computer if they attempt the obvious step of deleting the cloaked files."
Almost immediately, blogs concerned with technology and copyright issues started buzzing about Russinovich's findings. Other tech blogs chimed in with their own takes on the rootkit.
It didn't take long for the tech news websites to notice. The next day, Nov. 1, News.com ran a story about the security concerns over Sony's protection scheme. The CEO of First 4 Internet told them the cloaking mechanism they used wasn't a risk to computers and CDs using this program had been out for eight months without complaints from customers.
SonyBMG told News.com the hidden files could be "easily" uninstalled by contacting their customer support, but those instructions where not on the Sony website at the time.
Security experts interviewed for the story said the fact that the Sony program was hidden wasn't itself harmful. It did remain active on the computer even when the CD isn't being played, so the cloak could be abused by a computer virus.
(As if to fulfil the prophecy, a Finnish antivirus research team found on Nov. 10 the first malicious software that attempts to hide itself using the Sony cloaking software.)
Two days after Russinovich's first blog post on the topic, Sony released a free update to its software that "removes the cloaking technology component." Again, blogs started buzzing about whether Sony's software could be trusted. Security experts found that the software patch removes the rootkit, but causes new programs of its own and can cause computers to crash.
The mainstream media, including the Associated Press and BBC, then got a hold of the story. Lawyers interviewed in the stories questioned the legality of Sony installing hidden files that resist being deleted. Representatives for Sony and First 4 Interest countered that the CDs were clearly labelled as copy-protected.
On NPR, Thomas Hesse, president of SonyBMG's global digital business division, lashed back at the blogs for causing such a fuss over software that he said was installed on just 20 CDs.
"Most people don't even know what a rootkit is, so why should they care about it?" said Hesse.
The firestorm on the blogs continued, with some Sony customers claiming the copy-protected CDs had caused their computers to crash. Websites published lists of CDs that incorporated the cloaked copy-protection scheme, warning consumers not to buy them.
Computer software companies that produce antivirus programs began to openly wonder whether they should include Sony BMG's CDs on their list of malicious software. Eventually, Computer Associates did just that, adding the copy-protection software to the virus definitions of their PestPatrol program. And Microsoft itself added Sony's rootkit to the malware definitions in its Windows AntiSpyware program.
On Nov. 10, Reuters reported that a lawyer for a group of consumers filed a class-action lawsuit against Sony BMG claiming their computers have been harmed by the CDs' anti-piracy software.
In response to all of the negative publicity it received over the copy-protection scheme, Sony BMG suspended its use as a "precautionary measure."
Menu
Technology
- Green machines
- Disk drive: Companies struggle with surge in demand for storage
- Open season: Will court decision spur Linux adoption?
- Analogue TV
- Video games: Holiday season
- Video games: Going pro
- Guitar Hero
- Parents' guide to cheap software
- Working online
- Laptop computers for students
- Technology offers charities new ways to attract donations
- The invisible middleman of the game industry
- Data mining
- Two against one
- The days of the single-core desktop chip are numbered
- Home offices
- Cyber crime: Identity crisis in cyberspace
- Yellow Pages - paper or web?
- Robotics features
- iPhone FAQ
- Business follows youth to new online world
- A question of authority
- Our increasing reliance on Wikipedia changes the pursuit of knowledge
- Photo printers
- Rare earths
- Widgets and gadgets
- Surround Sound
- Microsoft's Shadowrun game
- Dell's move to embrace retail
- The Facebook generation: Changing the meaning of privacy
- Digital cameras
- Are cellphones and the internet rewiring our brains?
- Intel's new chips
- Apple faces security threat with iPhone
- Industrial revolution
- Web developers set to stake claim on computer desktop with new tools
- Digital photography
- Traditional film is still in the picture
- HD Video
- Affordable new cameras take high-definition mainstream
- GPS: Where are we?
- Quantum computing
- What it is, how it works and the promise it holds
- Playing the digital-video game
- Microsoft's forthcoming Xbox 360 Elite console points to entertainment push
- Online crime
- Botnets: The end of the web as we know it?
- Is Canada losing fight against online thieves?
- Malware evolution
- Money now the driving force behind internet threats: experts
- Adopting Ubuntu
- Linux switch can be painless, free
- Sci-fi projections
- Systems create images on glass, in thin air
- Power play
- Young people shaping cellphone landscape
- Digital cameras
- Cellphone number portability
- Barriers to change
- Desktop to internet
- Future of online software unclear: experts
- Complaining about complaints systems
- Canadian schools
- Multimedia meets multi-literacy age
- Console showdown
- Comparing Wii, PS3 and Xbox 360 networks
- Social connections
- Online networking: What's your niche?
- Virtual family dinners
- Crackdown
- Xbox 360 console game
- Vista and digital rights
- Child safety
- Perils and progress in fight against online child abuse
- Biometric ID
- Moving to a Mac
- Supply & demand
- Why Canada misses out on big gadget launches
- Windows Vista
- Computers designed for digital lifestyle
- Windows Vista
- What's in the new consumer versions
- Cutting the cord
- Powering up without wires
- GPS and privacy
- Digital deluge
- RFID
- Consumer Electronics Show
- Working online
- Web Boom 2.0 (Part II)
- GPS surveillance
- Hits and misses: Best and worst consumer technologies of 2006
- Mars Rovers
- Voice over IP
- Web Boom 2.0
- Technology gift pitfalls to avoid
- Classroom Ethics
- Rise of the cybercheat
- Private Eyes
- Are videophones turning us into Big Brother?
- Windows Vista
- Cyber Security
- Video games: Canadian connections to the console war
- Satellite radio
- Portable media
- Video games
- Plasma and LCD
- Video screens get bigger, better, cheaper
- Video games:
- New hardware heats up console battle
- High-tech kitchens
- Microsoft-Novell deal
- Lumalive textiles
- Music to go
- Alternate reality
- Women and gadgets
- High-tech realtors
- The itv promise
- Student laptops
- Family ties
- End of Windows 98
- Bumptop
- Browser wars
- Exploding laptop
- The pirate bay
- Stupid mac tricks
- Keeping the net neutral
- PS3 and WII at E3
- Sex on the net
- Calendars, online and on paper
- Google, ipod and more
- Viral video
- Unlocking the USB key
- Free your ipod
- In search of
- Xbox
- Sony and the rootkit
- Internet summit
- Electronic surveillance
RELATED
- RFID and privacy: Tracking your patterns?
- Nike+iPod could be used to track user: study
- Canadian coins bugged, U.S. security agency says
- CBC science section
- Online I.D. theft
- Internet
- Computer security
- VoIP
- Spam