The blue-screen crash can also mean some data loss, says one of the researchers who first uncovered Sony's use of a hacker rootkit on its music CDs.
A patch posted by Sony BMG Music Entertainment last week that reveals its copy-protection scheme's files may make some computers crash, said one of the researchers who first uncovered Sony's use of a hacker rootkit on its music CDs.
"Sony’s uncloaking patch puts users systems at risk of a blue-screen crash and the associated chance of data loss," claimed Mark Russinovich, the chief software architect at Winternals Software, on his blog. "[This] type of cloaking prohibits safely unloading the driver while Windows is running."
The crash could happen as the patch is installed, said Russinovich.
The controversy over Sony's XCP (eXtended Copy Protection) technology, which is provided by U.K.-based First4Internet, began last week when Russinovich and Finnish-security firm F-Secure published results of separate investigations. It turns out, said both Russinovich and F-Secure, that XCP relies on a rootkit -- a tool typically used only by hackers and spyware writers -- to hide its files, probably to make it more difficult for someone to crack the copy protection.
The presence of a rootkit, said Russinovich and F-Secure, risks opening the PC to attack, since hackers would hide their malicious software simply by renaming files before embedding them on the machine.
A safer way to de-cloak the rootkit so that it and other XCP files are visible to security software such as anti-virus and anti-spyware programs, is to select "Run" from the Windows Start menu, then enter "sc delete $sys$aries" and reboot.
"This sequence deletes the driver from the Windows Registry so that even though its image is still present on disk, the I/O system will not load it during subsequent boots," said Russinovich.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.