Refine search for Home

  Leave a comment      Email this to a friend TrustedReviews Newsletters

Last week I spoke to Graham Cluley, Senior Technology Consultant at anti-virus company Sophos who was incredibly diplomatic about what Sony BMG had been doing. In his view Sony BMG was covered by the click-to-accept license, and no-one could argue that it had a right to protect its intellectual property, however he confirmed that Sony BMG didn’t tell the anti-virus companies about its use of rootkit technology so there was the potential for black hats to use this backdoor as an exploit in any PC that had MediaJam and Aries installed.

I was reminded of the fictional character Sir Humphrey Appleby in Yes Minister who said ‘If you must do this damn silly thing, don’t do it in this damn silly way’ however Cluley was far too sophisticated to rise to this bait.

By the end of the week Sophos had released an alert headlined ‘Trojan horse exploits Sony DRM copy-protection vulnerability’ which told us that
‘Sophos experts warn of the Stinx Trojan horses that can hide under the cloak of Sony's controversial CD copy-protection software, and have been spammed across the internet in an email claiming to come from a business magazine. Also, find out about the free Sophos tool which can detect if Sony's cloaking technology has been installed on your PC and disable it if you wish’, so it would seem that events had moved on somewhat since our discussion three days previously.

Jason Grime from Microsoft's Anti-Malware Technology Team announced Microsoft’s anti-spyware product, Windows Defender will be updated to detect and remove the rootkit component of MediaJam/XCP in its December release.
This puts the tin hat on the matter and confirms that the Sony BMG rootkit is officially a Bad Idea, so you would hope that any other media company that is up to similar tricks will have second thoughts, but it’s not really an end to the matter as there are all sorts of loose ends.

For one thing, Sony BMG’s Content protection software only runs on PCs and not on Linux boxes or Apple Macs. For another, you can insert a CD while holding the Shift key which disables the auto-run function and thus stops all content protection systems, including SunnComm’s MediaMax which is used by RCA, but these are mere details.

The fundamental question is, what on earth are Sony BMG, RCA and all the rest trying to achieve?

Add your comment