News
News
11/7/2005
01:50 PM
50%
50%

Sony Copy Protection Patch Can Crash Windows

The blue-screen crash can also mean some data loss, says one of the researchers who first uncovered Sony's use of a hacker rootkit on its music CDs.

A patch posted by Sony BMG Music Entertainment last week that reveals its copy-protection scheme's files may make some computers crash, said one of the researchers who first uncovered Sony's use of a hacker rootkit on its music CDs.

"Sony’s uncloaking patch puts users systems at risk of a blue-screen crash and the associated chance of data loss," claimed Mark Russinovich, the chief software architect at Winternals Software, on his blog. "[This] type of cloaking prohibits safely unloading the driver while Windows is running."

The crash could happen as the patch is installed, said Russinovich.

The controversy over Sony's XCP (eXtended Copy Protection) technology, which is provided by U.K.-based First4Internet, began last week when Russinovich and Finnish-security firm F-Secure published results of separate investigations. It turns out, said both Russinovich and F-Secure, that XCP relies on a rootkit -- a tool typically used only by hackers and spyware writers -- to hide its files, probably to make it more difficult for someone to crack the copy protection.

The presence of a rootkit, said Russinovich and F-Secure, risks opening the PC to attack, since hackers would hide their malicious software simply by renaming files before embedding them on the machine.

A safer way to de-cloak the rootkit so that it and other XCP files are visible to security software such as anti-virus and anti-spyware programs, is to select "Run" from the Windows Start menu, then enter "sc delete $sys$aries" and reboot.

"This sequence deletes the driver from the Windows Registry so that even though its image is still present on disk, the I/O system will not load it during subsequent boots," said Russinovich.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.