The Sony Rootkit
The XCP software which the music giant Sony/BMG has generously put on its newer audio CDs was subsequently installed on millions of PCs, unbeknownst to their owners. (XCP means “eXtended Copy Protection” and is meant to protect the music CDs against unauthorised copying.) A part of the software uses a functionality that is known as rootkit technology. A rootkit is software (but normally not of the well-meaning sort) that installs surreptitiously and crawls into the innermost layers of the operating system, thereby winning complete control over the hardware and software installed on a PC. Once istalled, a rootkit can do with a computer whatever it wants — or rather whatever it was programmed to do: send spam or virus mails, search for and send files with confidential information, format the hard disk… you get it.
But even if a rootkit is benign (let's just assume it was, in this case), if it's not programmed in an absolutely clean way by competent programmers it can open up all sorts of security holes in a PC, simply because rootkits tie themselves so deeply into the system. And firewalls, virus scanners, anti-spyware… all these security-related applications assume that the underlying operating system code (of which the rootkit is now a part) is safe and sound.
Well, Sony's rootkit was definitely not programmed in a clean way and not by competent programmers either. It has gaping security holes that enable third-party developers to inject malign code into an “infected” PC. This means that the Sony rootkit can render even PCs with up-to-date firewalls and complete anti-virus packages useless, as it opens the door to all sorts of external malwares. And as if all that's not bad enough a rootkit is — by its very definition — so deeply integrated into the system that getting rid of it is almost impossible (and is certainly beyond the casual user).
Worse: the software Sony/BMG finally offered its paying customers to rid their computers of this unwanted piece of shitware (sorry, but I am really disgusted) exhibits even more security holes than the rootkit. Indeed, it opens such a nice can of worms that the cure's even worse than the disease. The best strategy seems to be not to rely on anything that comes from Sony/BMG: if infected either reinstall Windows from scratch (or restore a full clean backup, if available) or use some third-party software: almost all producers of security software have updated their products. Even Microsoft, in an unprecedented step, has announced that it will offer a solution in its Windows anti-spyware product. Well, the simple fact that Microsoft feels the need to do this shows the depth of idiocy on Sony/BMG's part. (I should stress the fact that these programs are designed to get rid only of the rootkit functionality of the XCP software: specifically, they will not de-install the copy-protection software itself.)
None of my PCs was infected (I have safeguards in place that protect my computers against even the worst rootkits, wherever they may come from) but I will nevertheless make sure there's always a healthy distance between any Sony/BMG crap and my PCs. Honestly, these guys are… well, you know what:-)
$updated from: The Sony Rootkit.htxt Sat 18 Jan 2014 13:14:24 thomasl (By Thomas Lauer)$