Just days after Sony decided to drop its controversial anti-piracy software on its CDs, more bad news has surfaced for the music giant: Sony’s uninstall program makes the computer even more vulnerable to malware.
Princeton researcher J. Alex Halderman posted instructions for how to find out if your PC is infected at the Freedom Tinker blog, but recommends that consumers leave the Digital Rights Management (DRM) software on their computer until Sony works out all the kinks. Sony said it is working on a new uninstall program.
Graham Cluley, senior technology consultant for Sophos, told TechNewsWorld that the problem is with Sony’s/First4Internet’s ActiveX implementation of their uninstaller.
“Security researchers have determined that this code is left on the user’s PC after it has finished running and is marked as ‘safe for scripting,'” Cluley said. “The upshot of this is that a malicious hacker could create a Web site which would direct Sony’s/First4Internet’s code to download and install malicious code from any Web sitewithout asking for permission.”
Sony’s woes began last week when SophosLabs detected a new Trojan horse that exploits the controversial DRM software. The Troj/Stinx-E Trojan horse appears to have been deliberately spammed out to e-mail addresses, posing as a message from a British business magazine, according to Sophos’ November 10 report.
If the attached program is run, the Trojan horse copies itself to a file called $sys$drv.exe. Any file with $sys$ in its name is automatically cloaked by Sony’s copy-protection code, making it invisible on computers which have used CDs carrying Sony’s copy protection.
Cluley said Sony appears to be getting dragged down into a security whirlpool at the moment, as bad story after bad story about their software reaches the press.
“You can’t help but feel sorry for Sony, as all they were ever trying to do was protect the work of their musicians and artists,” Cluley said. But this sad tale acts as a salutory reminder to anyone putting copy protection onto music CDs to think carefully of the possible security repercussions.”
Phil Leigh, Senior Analyst at Inside Digital Media, blames lawyers. Leigh told TechNewsWorld that attorneys are pursuing a white whale and if they don’t stop then they will destroy everybody connected to the digital music business.
“This whole fiasco is the consequence of lawyers trying to take over a technology,” Leigh said. “The record labels have pursued piracy on legal grounds and what they really ought to be doing is focusing on eliminating the incentive for piracy. The way to eliminate the incentive for piracy is to offer the consumer music for a reasonable value.”
Sony is recalling nearly 5 million of its copy-protected CDs with the controversial code. Sophos’ Cluley, for one, is glad to hear that the company is “seeing sense” and making moves to correct the problem.
“Of course, that’s not much help to those poor souls who have already bought the CDs and may have unknowingly opened up their home PCs and company computers to potential attack,” Cluley said.