|
Posted by Rich on 11/05/05 18:58
Wednesday, November 2, 2005 · Last updated 8:23 p.m. PT
Sony unit to distribute software patch
By MATTHEW FORDAHL
AP TECHNOLOGY WRITER
SAN JOSE, Calif. -- After a chorus of criticism, Sony Corp.'s music
division said Wednesday it is distributing a free software patch to
reveal hidden files that automatically installed to hard drives when
some of its music CDs were played on personal computers.
The offending technology was designed to thwart music piracy.
Sony BMG Music Entertainment and its partner, UK-based First 4
Internet, said they decided to offer the patch as a precaution, not
because of any security vulnerability, which some critics had alleged.
"What we decided to do is take extra precautionary steps to allay any
fears," said Mathew Gilliat-Smith, First 4 Internet's CEO. "There
should be no concern here."
The controversy started Monday after Windows expert Mark Russinovich
posted a Web log report on how he found hidden files on his PC after
playing a Van Zant CD. He also said it disabled his CD drive after he
tried to manually remove it.
Russinovich made the discovery while running a program he had written
for uncovering file-cloaking "RootKits." In this case, the Sony
program hid the antipiracy software from view. Similar technology also
has been used by virus and worm writers to conceal their code.
advertising
A firestorm quickly erupted over what appeared to be an attempt by the
music company to retain control over its intellectual property by
secretly installing hidden software on the PCs of unsuspecting
customers.
Making matters worse, Sony did not disclose exactly what it was doing
in its license agreement, Russinovich said. It only mentions that
proprietary software to enable copy protection would be installed. The
software affects only PCs running the Windows operating system.
"The (license) makes no mention that it's going to install something
that's going to be hidden from view, that will constantly consume CPU
resources even if I'm not listening to music and it will have no
uninstall capability," he said.
Because the technology looks for a specific prefix in the filename, it
also could be used by malware authors to mask their programs,
Russinovich said. There's also the question of how a PC user is
supposed to maintain a system that runs hidden programs.
"If you've got software on your computer that you can't see, there's
no way for you to manage it from a security point of view," he said.
"You don't know if you need updates for it. You don't know if you
should uninstall it because you don't know it's even there."
Though there are no known problems with software, that could change
and leave millions of unsuspecting PC users at risk of having their
machines taken over by malware, said Ero Carrera, a researcher at
F-Secure, a computer security firm.
"The code of the application is not exactly well done," he said. "I
would tend to believe there are people already working on finding
exploits."
The copy protection technology, which limits how many times a CD can
be copied, was included on about 20 titles, including discs from The
Bad Plus and Vivian Green, among others.
Gilliat-Smith and Sony BMG spokesman John McKay said the technology
had been on the market for about eight months and there had been no
major complaints prior to Russinovich's blog post. Still, a newer,
similar technology was in the process of rolling out before the latest
controversy erupted.
The patches that reveal the hidden files are being made available to
antivirus companies as well as customers who visit the Sony BMG site.
They do not remove the copy protection software, however.
McKay said customers can request a program to safely uninstall
everything by visiting the Sony BMG Web site at http://cp.sonybmg.com.
That site, however, requires a form to be filled out and submitted.
In a test of the form late Wednesday, an e-mail confirming receipt was
quickly returned by Sony BMG customer service, but it included no
instructions on how to remove the software. The message promised
another reply "shortly."
The process is unlike the vast majority of Windows software, which can
be easily uninstalled - by the user, without permission - through the
"Add or Remove Programs" tool in the operating system's control panel.
The controversy highlights the need for rules as to what content
providers can and can't install on PCs to protect their property, said
Russinovich, who is co-founder and chief software architect at
Winternals Software, which specializes in advanced systems software
for Microsoft Windows.
"We need to get some formality about what's legal, what's ethical and
what's fair - and what level of disclosure there needs to be," he
said. "It's fine for Sony to say we're not going to do that now. What
kind of guarantee do we have they're not going to do it at a future
date or that other companies are not going to do this?"
[Back to original message]
|