Protected CDs shown to wreck systems


November 10, 2005|By MIKE HIMOWITZ

Country music fans who play the latest Van Zant CD on their computers are getting more than they bargained for: a secret software installation that modifies their operating system and might open it up to exploitation by hackers. And what happens when they try to get rid of the hidden software? It disables their CD drives.

Welcome to the latest battle in the war between the music industry and its customers. In particular, between Sony BMG and its customers - or, if they're smart, former customers.

Since the mid-1990s, when technology made it possible to create high-quality digital copies of songs from CDs, the recording industry has battled illegal music file trading and CD copying. It has closed down pirate disc duplicators and battered Napster, Grokster and other file-sharing services into submission. It pushed one-sided legislation through Congress that makes felons out of 12-year-olds and hired armies of lawyers to sue people who post songs online.

Record companies have also experimented with a variety of copy protection schemes for CDs, whose basic design dates back to the 1970s, long before consumers had the power to create and manage digital music.

Until now, none has been particularly successful. One early attempt could be defeated by holding down the shift key while the CD started playing. Hackers disabled another scheme with a Magic Marker. Several others proved to be incompatible with too many computer-based CD drives.

But the copy protectors kept trying. The scheme Sony settled on was developed by an English company called First 4 Internet Ltd. By Sony's account, it had been in use for eight months before its true nature was exposed last week, which officials said was proof that the software was harmless.

Not so, according to the man who unmasked it, Mark Russinovich, a Windows security expert and system software developer. His latest project involved software that probes the operating system for signs of invasion by the most insidious virus makers.

These are the guys who gain control of computers by installing something called a "rootkit," named after the "root" directory, where the core of the operating system resides. If you can "get root," as they say in the trade, you can control the computer.

Rootkits typically modify the operating system so it won't report the presence of virus files. With a rootkit installed, a virus writer can take control of a PC without detection by most standard anti-virus programs.

On his Web log, Russinovich reported that he was working with his anti-rootkit software shortly after playing a Van Zant album when he was surprised to find a handful of otherwise undetectable files on his PC. When he was able to uncloak the files, he discovered they were connected to a company that Sony had hired to create its copy protection scheme.

It turned out that the Van Zant CD- and discs by 20 other Sony artists - contain a proprietary music player that runs on Windows PCs. It installs on the PC the first time it plays, but its main purpose isn't to play music - Windows has a perfectly good media player.

No, its main job is to limit the number of times the CD can be copied. It also prevents individual tracks from being converted into an unprotected MP3 format. That's the one format all digital music players can read and is the format of choice among illegal file traders on the Internet.

There's no question that Sony has the right to protect its music. In fact, the disc was labeled as being copy-protected. The problem, Russinovich said, is that Sony protected its music by installing the same kind of rootkit that virus and worm writers use.

Specifically, it fixed the operating system so that it would not report the presence of any files beginning with the letters "$sys$." Those are the starting characters it used to name the files containing the copy-protection program.

Unfortunately, hackers can use the same chink in Windows' armor to their advantage by naming their virus and worm files the same way.

When Russinovich uncloaked and removed the copy protection files, his CD player was completely disabled and he couldn't play anybody's music, let alone copy it.

Word of Russinovich's blog posting spread quickly. Windows security and privacy experts exploded, and rightly so. Although Sony's software warned users that it was installing copy protection software, it didn't say it was making a major modification in the operating system, compromising Windows security creating the potential for losing the use of the CD-ROM drive.

Thomas Hesse, president of Sony BMG's global digital business division, said the rootkit was no big deal. "Most people, I think, don't even know what a rootkit is, so why should they care about it?" he told National Public Radio.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.