Sony slated over anti-piracy CD

By Mark Ward
Technology Correspondent, BBC News website

Windows expert Mark Russinovich found across the Sony system

Sony's music arm has been accused of using the tactics of virus writers to stop its CDs being illegally copied.

One copy protection system analysed by coder Mark Russinovich uses cloaked files to hide deep inside Windows.

The difficult uninstallation process left Mr Russinovich saying that Sony's anti-piracy efforts had gone "too far".

In response to criticism, Sony BMG said it would provide tools to users and security firms that would reveal the hidden files.

Search history

Mr Russinovich, a renowned Windows programming expert, came across the Sony BMG anti-piracy system when performing a scan of his computer with a utility he co-created that spots so-called rootkits.

Rootkits are starting to be used by a small number of computer virus writers because they allow malicious code to be inserted deep inside the Windows operating system, meaning that it will not be spotted by most anti-virus scanners.

Rootkits are used to hide malicious software once it is installed and ensure it is not found and removed by anti-virus programs

After extensive analysis Mr Russinovich realised that the "cloaked" software had been installed when he first listened to the CD album Get Right With the Man CD by country rockers Van Zant.

Although resembling a virus, Mr Russinovich found the hidden files had come from an anti-copying system called Extended Copy Protection (XCP) developed by UK software company First 4 Internet.

About 20 titles are thought to be using the XCP software and in May 2005 Sony said more than two million discs had been shipped using the technology. XCP is just one of several anti-piracy systems Sony is trying.

XCP only allows three copies of an album to be made and only allows the CD to be listened to on a computer via a proprietary media player. The hidden files are installed alongside the media player.

The CD plays normally on a hi-fi system and the copy protection does not affect computers running on Apple Mac or Linux operating systems.

In some countries CD piracy is rampant

Ridding his computer of XCP proved difficult and briefly crippled Mr Russinovich's CD player.

Writing in his blog about the incident, he said: "Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall."

Mr Russinovich said the licence agreement that he accepted when he first listened to the CD made no mention of the fact that he could not uninstall the program or of the significant changes it made to his computer.

If Sony BMG released XCP copy-protected CDs in the UK this oversight could leave the music company open to prosecution under the Computer Misuse Act because it made "unauthorised" changes to a machine, said net law expert Nick Lockett.

"There would be no problem if there's a big screen coming up saying as part of the anti-piracy measures this CD will amend your operating system," he said.

Mr Lockett added that Sony might be inadvertently provoking piracy as consumers irritated by the anti-copying system rip the tracks to get around the restrictions.

Virus link

Mr Russinovich feared that diligent users trying to keep their systems clean of viruses could stumble across the hidden XCP files, delete them and inadvertently cripple their computer.

His worries were echoed by Mikko Hypponen, chief research officer at Finnish security firm F-Secure, who has been looking into XCP since he first came across it in late September.

"What we are scared of is when we find a new virus written by someone that relies on the fact that this [XCP] software is running on tens of thousands of computers around the world," he said. "The rootkit would hide that virus from pretty much any anti-virus program out there."

Unauthorised changes are outlawed under UK law

Mathew Gilliat-Smith, chief executive of First 4 Internet, said the techniques used to hide XCP were used by many other programs and added that there was no evidence that viruses were being written that took advantage of XCP.

He said the debate on the net sparked by Mr Russinovich's work had prompted the company to release information to anti-virus companies to help them correctly spot the hidden XCP files. Consumers can also contact Sony BMG for the patch to unveil, rather than remove, the hidden files.

He said that users were adequately warned about the copy protection software in the licence agreement and were told that it used proprietary software to play the CD.

"It's clearly packaged on the CD that its copy-protected," he said.

A spokesman for Sony BMG said the licence agreement was explicit about what was being installed and how to go about removing it. It referred technical questions to First 4 Internet.

Mr Gilliat-Smith said Mr Russinovich had problems removing XCP because he tried to do it manually something that was not a "recommended action". Instead, said Mr Gilliat-Smith, he should have contacted Sony BMG which gives consumers advice about how to remove the software.

Getting the software removed involves filling in a form on the Sony website, visiting a unique URL and agreeing to have another program downloaded on to a user's PC that then does the uninstallation.

He added that First 4 Internet had had no complaints about XCP since it started being used eight months ago. He also added that the latest generation of XCP no longer used cloaked files to do its job.

"We've moved away from using that sort of methodology," he said.