[Dixielandjazz] more about Sony Rootkit

Robert S. Ringwald robert at ringwald.com
Tue Nov 15 22:37:33 PST 2005 

 ==== In the News ====
   by Paul Thurrott, thurrott at windowsitpro.com

Microsoft Will Remove Sony Rootkit
   After dithering for a few days over whether to categorize Sony's new 
audio CD copy protection system as spyware, Microsoft on Friday 
announced that the next update to its antispyware package would indeed 
remove the Sony code from users' PCs. Microsoft will include the 
removal code in an update to the recently renamed Windows Defender, 
formerly Windows AntiSpyware. Sony's system is based on a rootkit, 
typically used by malicious hackers to keep their malware hidden. Sony 
was using it to prevent users from pirating its CDs.

"We use a set of objective criteria for both Windows Defender and the 
Malicious Software Removal Tool to determine what software will be 
classified for detection and removal by our anti-malware [sic] 
technology," Jason Garms, a program manager on the Microsoft 
antimalware team, wrote in his blog. "We have analyzed this software, 
and have determined that in order to help protect our customers we will 
add a detection and removal signature for the rootkit component of the 
XCP software to the Windows AntiSpyware beta, which is currently used 
by millions of users." Microsoft will also add the Sony rootkit removal 
code to the next Windows AntiSpyware update and the December update to 
the Malicious Software Removal Tool, Garms said.

The Sony rootkit was discovered in October by an F-Secure customer. F-
Secure contacted Sony but didn't release any public information. Later, 
security expert Mark Russinovich discovered that his Windows PC had 
been infected with the code after he played a Van Zant CD. Russinovich 
touched off a huge controversy when he wrote about his experience in 
his blog.

Facing mounting complaints from customers, Sony this weekend announced 
that it would temporarily stop making audio CDs with the rootkit-based 
antipiracy technology. About 20 different audio CD titles were 
affected. For more information, please refer to Mark Russinovich's 
blog, where he details his discovery and the methods he used to remove 
Sony's software.
   http://list.windowsitpro.com/t?ctl=1944F:269AF

More information about the Dixielandjazz mailing list