Former British Prime Minister Harold Wilson once said â€œA week is a long time in politicsâ€ and TrustedReviews can now officially reveal that a fortnight is a lifetime on the Internet. It was two weeks ago that Mark Russinovich reported on www.sysinternals.com that he had found that Sony BMG had included a rootkit within some CD playing software thatâ€™s included with a number of Sony BMG audio CDs. Many (all?) Sony BMG CDs have used a form of content protection to prevent bad people from copying them since April 2004. In practice this means that when you run the CD into your PC you are obliged to install a piece of Sony software that runs in the background to check that you donâ€™t have any CD ripping software open. Naturally you have to click to accept a license, which none of us would normally bother to read, but if you did youâ€™ll find the following pearls:
"As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the â€œSoftwareâ€) onto your computer. The Software is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the digital content. Once installed, the Software will reside on your computer until removed or deleted. "
The software in question is supplied by a British company First 4 Internet Ltd (www.first4internet.co.uk) which was founded at the end of 1999. The Chairman, Nicholas Bingham, (appointed in 2002) worked at Sony Pictures and Sony Television for a total of 12 years as President-International and was also Chairman of VIVA TV in Germany.
First 4 Internet lists XCP Content Management among its products, but seemingly the DRM software used by SONY BMG is called MediaJam. In principle thereâ€™s nothing wrong with content protection. However, MediaJam installs a rootkit called Aries.sys, which is misnamed as â€˜Network Control Managerâ€™ to reduce the chances that you will spot it running on your PC. Presumably Aries.sys is digitally signed by Microsoft, however Microsoft, First 4 Internet and Sony BMG are reluctant to either confirm or deny this. Because Aries is a rootkit it is installed at a very low system level which renders it invisible to anti-spyware software. More worryingly the rootkit is used to hide any code that starts with the characters $sys$, which allows Sony BMG to hide software within Windows to prevent its CD contents from being ripped.