Links and Other Materials
** UPDATE: 11/14/2005**
F-Secure has their rootkit detection system in beta release. I haven’t looked at it, but it might be worth giving a whirl.
This is the XCP Aurora page with instructions for “updating” or removing the Sony “rootkit” DRM technology.
The folks at F-Secure discovered this problem in early October 2005, began researching it, purchased CD’s from Amazon, “infected” their machines, and have thoroughly documented their findings.
The folks at F-Secure wrote: "Although the software isn’t itself malicious, the hiding techniques used are exactly the same that malicious software known as rootkits use to hide themselves. The DRM software will cause many similar false alarms with all AV software that detect rootkits.
The hiding techniques used by the DRM software can be abused by less technical malware authors to hide their backdoors and other tools. If a malware names its files beginning with the prefix ‘$sys$’, the files will also be hidden by the DRM software. Thus it is very inappropriate for commercial software to use these techniques."
Remember: F-Secure’s Blacklight rootkit scanner provides a REMOVAL capability BUT YOU MUST NOT USE IT or, as Mark found, or you’ll lose your CD Drive!!!
In June of 2004, Cory Doctorow of the EFF (Electronic Frontier Foundation) gave a talk to Microsoft about why DRM is always a bad idea.
(source: Sony’s “Rootkit Technology” DRM (Copy Protection Gone Bad))