RealTime IT News

Microsoft to Block Sony DRM Rootkit

Microsoft has joined other security vendors in pursuit of the rootkit component to Sony's now-infamous anti-piracy measure.

Jason Garms, Microsoft anti-malware technology team architect and product manager, wrote in a blog entry over the weekend that its December update to the Malicious Software Removal Tool will detect and remove Sony's rootkit .

Beta testers for Microsoft's Windows AntiSpyware, now called Windows Defender, will also receive the security fix in the weekly security update.

Garms also noted the patch will be included in the first public beta of Windows Defender, as well as the Windows Live Safety Center.

"We use a set of objective criteria for both Windows Defender and the Malicious Software Removal Tool to determine what software will be classified for detection and removal by our anti-malware technology," Garms stated in his blog entry.

"We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta, which is currently used by millions of users."

The rootkit component has been in use for months, but it wasn't discovered until recently.

Security expert Mark Russinovich described in a blog entry on Oct. 31 how the digital rights management (DRM) software was hiding the fact it is scanning end-user computers to determine whether they are illegally copying music.

First 4 Internet shortly thereafter released a patch to security vendors. The rootkit component is part of the U.K.-based company's Extended Copy Protection (XCP) software, intended to prevent casual piracy of music CDs and used on Sony copy-protected CDs.

The discovery drew sharp criticism from users and legal inquiries from privacy advocates concerned over Sony's use of the technology without informing its customers. One of the concerns over its use was the fact that malware writers could use the cloaking technology from Sony already present on computers.

Romanian security vendor BitDefender last week reported they had discovered two Trojans in the wild that exploit Sony's rootkit, which installs a backdoor that can be controlled through a user on an IRC channel.

Security firms Symantec and McAfee released patches to its customers last week, though both noted that using the patch could violate the End User License Agreement (EULA) customers signed when they installed the Sony media player on their computers.