UPDATED: Sony DRM company declares rootkit issue 'old news' and offers fix

By Matt Whipp

Posted on 3 Nov 2005 at 10:42

The company behind the technology used in Sony's controversial DRM technology has spoken out following the revelations around 'rootkit' code installed with Sony music CDs.

Mathew Gilliat-Smith, CEO of first4internet told us 'For us this is old news, things have moved on ... These CDs have been out on the market for eight months now, and I think we first should establish that this is not malware, nor was it created with the intention of malware, [the rootkit component] is really just a methodology for hiding files.'

He said that uninstallation instructions have always been available by clicking on Help and following the link to the Sony website. And he said that while the EULA outlined broad terms for the acceptance to install DRM technologies in order to play the CD without specifically alluding to the component in question, the actual terms of that EULA were the responsibility of the music publisher and not first4internet.

Gilliat-Smith said that his company is in talks with the antivirus companies to help them identify when the software is present on a system. 'We are in the process of giving antivirus companies the information they need to unmask these files. We are sending them a patch that unhides the files.'

One of the difficulties with rootkits is that because they talk directly to the operating system kernel, they are invisible within Windows, and hence many antivirus software programs don't have the ability to detect code hidden in this way. Kaspersky plans to include such detection in the next version of its suite, and F-Secure already offers a beta version of its Blacklight rootkit detection software on its website.

Gilliat-Smith told us that many of the antivirus vendors he had been in contact with claimed they did detect this type of threat.

He added that the latest version of the 'rootkit' component in this DRM technology addresses the issue that any file starting with $sys$ will be cloaked.

'We did this a few weeks ago,' he said, but with the caveat that there is a lead time for pressing CDs so it might not be on the market yet.

'We develop these technologies keeping the consumer in the forefront of our minds,' he said.

Sony BMG has now made an update to the first4internet copy-protection technology available here. Security company F-Secure says it has tested the technology: 'After visiting the web site, downloading and installing the update, it now seems that the DRM software no longer attempts to hide anything on the computer. The rootkit driver (aries.sys) is removed from the system during the update.'

However, it should be noted that the issue affects SonyBMG CDs sold in the US. AS spokeperson for the company told us that 'there are no plans to release this technology in the UK' and that 'there is no copy-protection on any Sony CD in the UK'.