November 4th, 2005

Sony's DRM software called spyware by antivirus vendor

Posted by Suzi Turner @ 8:52 pm

Categories: General

Tags:

Well, isn’t this interesting.  Antivirus vendor Kaspersky has labeled Sony’s rootkit technology, used in copyright protection software on some CDs, as spyware.  ZDNet writer Matt Loney explains more in his write up.  On the Kaspersky Analyst’s Diary at Viruslist.com, roel wrote on November 2:

In short, Sony BMG is using rootkit technology in order to hide and protect its DRM software. This is to prevent CDs produced by the company from being copied too often.

Using rootkit technology is an extremely dubious technique, and the poor coding of this particular example also raised our eyebrows.

Not only will this software slow down your computer, it can also lead to system instability. A number of people have reported that this software has led to the infamous Blue Screen Of Death.

The software can also mess up your system when you try and remove it from your computer. Possibly worst of all, the way this rootkit is coded makes it easy for it to be used to hide malware.

We would like to highlight that according to ASC’s definition of SpyWare this software may be classified as such.

* May be a nuisance and impair productivity
* Can slow machine down or cause crashes and loss of data
* May be associated with security risks
* Can compromise system integrity and security
* Done covertly, it is stealing cycles and other resources

Rootkits are rapidly becoming one of the biggest issues in cybersecurity. Vendors are making more and more of an effort to detect this kind of threat. So why is Sony opting to use this dubious technology?

Mark Russinovich of Sysinternals wrote more about the DRM software also. Russinovich noted that Sony’s software does indeed phone home, even though the behavior is not disclosed in the EULA and Sony executives claim otherwise. The link contains a NPR audio clip with Mark Russinovich, Edward Felten, Ari Schwartz of the CDT and a Sony BMG executive, definitely worth listening to. Russinovich goes on to describe how he used packet sniffer Ethereal to monitor network traffic to confirm the Sony Player software transmits an ID to Sony’s servers.  It checks for updates for the album art and lyrics of the CD being played.  He says although Sony is probably not doing this, they could record and track each time a CD was being played and connect it to an IP address. 

None of this might be of much concern if, that is IF, the behavior Russinovich describes was disclosed in the EULA, but Russinovich and others say that’s not the case.  IANAL, but if what Russinovich and others are saying is true, then this DRM software would meet my personal definition of spyware unless the behavior was clearly described in the EULA, giving users the option to say "No Thanks"!