| Security |
| Sony: The Root of the Problem |
| by Cat Rambo |
|
The SONY software was originally discovered by John Guarino, who had found himself removing a particular piece of rootkit software multiple times from client PCs. He contacted F-Secure, a computer security outfit, that had produced the root-kit detector software with which he’d discovered the intrusive software. F-Secure ran its own tests and alerted Sony in mid-October about the problem, calling it “a major security risk”, but Sony was slow to respond. First4Internet argued that the risk was mitigated by the fact that very few people knew about the vulnerability. However this was soon not the case.
Mark Russinoich, a computer-systems expert who had discovered the rootkit’s presence on his own, blogged October 31st about the rootkit. Within a week of his disclosure, hackers had readied viruses designed to exploit the vulnerabilities caused by Sony’s software. The rootkit hid any file with $SYS$ in the filename, which meant hackers could use it for their own ends. Players of Blizzard’s popular online game World of Warcraft quickly discovered they could use it to circumvent a program named Warden, spyware placed by the game on their computer to detect cheaters. Blizzard’s software had been the subject of earlier criticism because of its invasive nature, reporting email addresses, website URLs, and the names of all running programs to the company.
On November 3rd, Sony issued a patch which it said would allow a user to remove the rootkit; instead it simply removed the cloaking, making the rootkit visible. Sony released no information disclosing what else the patch did.
On November 15, Sony recalled 4.7 million CDs by 52 different artists such as Frank Sinatra, Rosanne Cash, Celine Dion and Neil Diamond. 2.1 million of the CDs had already been purchased. Security expert Dan Kaminsky suggests that as many as 568000 networks worldwide may hold at least one computer infected with XCP.
The presence of the rootkit roused people concerned about privacy and digital rights issues. Class action suits accusing Sony of failing to disclose the presence of the rootkit were filed in New York and California, and mainstream press soon picked up the story. On November 10, Stewart Baker, an Assistant Secretary at the Homeland Security Department, chided Sony for its actions, saying “It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days”.
Microsoft declared the code a security risk and said the next version of Windows defender would identify and remove the cloaking component. SkySoft Software updated its software AnyDVD, a program designed to circumvent DVD protection, in order to enable it to block the Sony rootkit, and PestPatrol, an anti-spyware product from Computer Associates, will detect and remove it. Boycotts of the company have been suggested, and one Livejournaler created a special image for the purpose featuring a holly logo with the slogan: “No Xmas for Sony – They’ve been very naughty this year.”
(article continues on next page below)
|
|
