Computer security companies had been predicting such exploit code in the wild for weeks, since an independent developer had exposed the presence of a "rootkit" tool on the Sony CDs. The rootkit technology hid the copy protection from view, but also left open a hole that could hide other software.
Virus writers quickly took advantage of that hole, modifying an old Trojan horse to take advantage of the powerful inadvertent shielding provided by the Sony software.
On Friday, Sony responded to the furore and announced that it will suspend production of CDs that contain this particular copy-protection technology and take a second look at its digital rights management strategy.
Antivirus companies are now offering a range of advice, and confusion remains about exactly what the software does and how dangerous it can be to a PC. Here are the basics that everyone should know about this potentially dangerous issue:
What is on the Sony CDs?
The CDs involved are loaded with a relatively new kind of content protection created by British company First 4 Internet. When a listener puts the album into a computer's CD drive, it pops up a licence agreement. If the listener accepts, it installs the copy protection rootkit onto the hard drive.
The rootkit element of the software is used to hide virtually all traces of the copy protection software's presence on a PC, so that an ordinary computer user would have no way to find it. The software acts to limit the number of copies that can be made of the CD and prevents a computer user from making unprotected MP3s from the music.
What is a rootkit? Isn't that something that virus writers use?
A rootkit is a powerful piece of software that takes over control of a computer at the most fundamental level. In computer terms, it establishes "root" access, which is similar to administrative access, instead of access for just an ordinary user. It can potentially prevent a computer user from detecting its presence or from performing certain tasks on their own PC.
Like most computing tools, this is not intrinsically a bad thing, but can be abused. Virus writers use these tools to help take over computers and hide the presence of their work.
Is Sony's software a virus or a Trojan horse?
Some aggrieved users may see little difference. Computer security companies do make a distinction between Sony's software and a virus, noting that this was distributed by a legitimate company with a legitimate business interest (even if many people disagree with that business interest).
However, they are deeply critical of Sony's techniques and say that the amount of information given to users about what the software would do to a computer was wholly inadequate, and the lack of an uninstall tool was bad policy.
Computer Associates has labelled the software "spyware," because it also sends back some information about what CDs are being played.
Okay, so I have one of the "culprit" CDs and I have burned it to my PC (Windows). How do I know if my machine has created the vulnerability?
According to this report (http://www.eff.org/deeplinks/archives/004144.php), at least one of the CDs is "labeled as XCP, but, oddly, our disc had no protection," I find myself wondering how in the world I check my machine to see if it's there!?
Any suggestions are appreciated!