Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    DRM systems that use rootkit technology

    An article from the always interesting site F-secure: News from the Lab November 1, describes how some music companies use rootkit-based DRM systems to restrict the ability to make copies.

    As this particular DRM technique per se is not malicious it is not a problem, but it can generate false positive alarms when scanning with AV software. Further more it can be abused by malware to hide files!
    Technical details, link from the blog

    Argus

  2. #2
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: DRM systems that use rootkit technology

    A similar article is in The Register. Mark Russinovich of SysInternals is quoted...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  3. #3
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DRM systems that use rootkit technology

    John,
    Yes, although I thought F-secure's page was more interesting. BUT, the link to Mark Russinovich's Blog is VERY good.

    The Register says:
    "What makes Sony's CD digital media software particularly nasty is that using expert tools for removing the parasite risks leaving you with a Windows PC that's useless, and that requires a full reformat and reinstall."

    They also quote Mark Russinovich that says something similar, but not exact.

    Well, that is not the first time a removal of something (spyware, virus etc.) could leave the system (still) unusable. This since it wasn't removed (uninstalled) the appropriate way, since there many times are no appropriate ways!

    I have the deepest respect for Mark Russinovich. In my opinion this particular DRM technique has an even greater problem. Let us say that you accept this being installed and running; then you will have a system that is prepared for malware also.

    Quote F-secure
    "The hiding techniques used by the DRM software can be abused by less technical malware authors to hide their backdoors and other tools. [...] Thus it is very inappropriate for commercial software to use these techniques."

    Argus

  4. #4
    Platinum Lounger
    Join Date
    Jan 2001
    Posts
    3,788
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: DRM systems that use rootkit technology

    Sony have now issued a utility to remove the component - XCP Technology software updates

  5. #5
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DRM systems that use rootkit technology

    Tony,
    Yes, I saw that in the morning (this time also on F-secure blog). To clarify, as I understand it, the update removes the component that hides the DRM software. This update doesn't give the users the ability to uninstall the complete program. I don't say that you implied that in any way, only wanted to clarify.

    Thanks for the update!

    Regards,
    Argus

  6. #6
    5 Star Lounger
    Join Date
    May 2003
    Location
    Pittsburgh, Pennsylvania, USA
    Posts
    629
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DRM systems that use rootkit technology

    <hr>
    Quote F-secure
    "The hiding techniques used by the DRM software can be abused by less technical malware authors to hide their backdoors and other tools. [...] Thus it is very inappropriate for commercial software to use these techniques."
    <hr>


    It won't be long before someone write a peice of malware that explicitly looks for Sony's rootkit installation and exploits it to attack the machine.

    What am I supposed to do? Ban my users from playing Sony CDs on the office computers?

  7. #7
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: DRM systems that use rootkit technology

    Not long at all http://www.securityfocus.com/brief/34

    StuartR

  8. #8
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: DRM systems that use rootkit technology

    > What am I supposed to do? Ban my users from playing Sony CDs on the office computers?

    Yes! Or should I say, playing any CDs or DVDs that want to install software. They should not need to install software.

  9. #9
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DRM systems that use rootkit technology

    Quote F-secure Weblog: News from the Lab November 10:

    "We have just analyzed the first malware (Breplibot.[img]/forums/images/smilies/cool.gif[/img] that is trying to hide on machines that have Sony DRM software installed."

    It isn't a great threat since it is a badly written program that does not work, but someone is trying! I think we will hear more about this for some months ...

    Sadly some people sent hate mails to F-secure last week, accusing them for stealing Sysinternals work. Mark Russinovich did and does a brilliant work, but some people don't understand that different individuals can be working on the same issue.

  10. #10
    5 Star Lounger
    Join Date
    Jul 2004
    Location
    Ohio
    Posts
    629
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DRM systems that use rootkit technology

    i have 2 car magazine subscriptions that come to my house & last week, both magazines shared 3 identical car articles: "miata vs. solstice", "sedan showdown" (hyundai sonata, ford fusion, honda accord, and toyota camry), and a "behind the scenes" type of story on a new mercedes. but hey... they are new (hence, news), what else are they going to talk about?

    btw, that was a very interesting article - especially for me since i used to play the game they mention. thanks!
    <img src=/w3timages/blueline.gif width=33% height=2>
    <big>John</big>

  11. #11
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DRM systems that use rootkit technology

    <img src=/S/confused3.gif border=0 alt=confused3 width=45 height=45>

    Game? News?

    Sorry if I missed something!

  12. #12
    5 Star Lounger
    Join Date
    Jul 2004
    Location
    Ohio
    Posts
    629
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DRM systems that use rootkit technology

    i was replying to your post about people sending hatemail for them reporting on the same news topics......

    and for the game... it was actually found on StuartR's link in his reply.
    <img src=/w3timages/blueline.gif width=33% height=2>
    <big>John</big>

  13. #13
    5 Star Lounger
    Join Date
    May 2003
    Location
    Pittsburgh, Pennsylvania, USA
    Posts
    629
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DRM systems that use rootkit technology

    My boss (owner) read a few of these articles and instituted a total ban on the purchase of any Sony product.

  14. #14
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: DRM systems that use rootkit technology

    Your owner? <img src=/S/scratch.gif border=0 alt=scratch width=25 height=29>

  15. #15
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: DRM systems that use rootkit technology

    Probably he means his better half... ! <img src=/S/evilgrin.gif border=0 alt=evilgrin width=15 height=15>

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •