Here We Go Again (Germany) - DiscussWorldIssues - Socio-Economic Religion and Political Uncensored Debate

**Amoniustauns** · 02-21-2006, 06:11 PM

'Mr. & Mrs.

Smith' DVD Ships with Rootkit-like DRM
By Ryan Naraine

Sony BMG is not the only company to dabble in using

copy-protection technology that resembles rootkits.

According to anti-virus vendor F-Secure, based in Helsinki,

Finland, the German DVD release of "Mr. & Mrs. Smith"—a recent movie starring Brad Pitt and Angelina Jolie—contains

a DRM (digital rights management) protection scheme that uses rootkit-like cloaking technology.

Rootkits are

typically used to maintain a persistent and undetectable presence on a computer.

Because malicious hackers can

piggyback on the technology to hide offensive files, the use of such cloaking technology is seen as a serious

security risk.

In a blog post, F-Secure vice president Antti Vihavainen said the DVD ships in Germany with Settec

Alpha-DISC copy protection.

"The system will hide its own process, but does not appear to hide any files or

registry entries. This makes the feature a bit less dangerous, as anti-virus products will still be able to scan all

files on the disk," Vihavainen said.

However, Vihavainen said it's not uncommon for real malware to only hide

processes.

The discovery of the cloaking mechanism is credited to Heise Online, a German news

outfit.

Although Settec provides an uninstaller for its DRM mechanism, Vihavainen said commercial software

vendors should "always avoid hiding anything" from the user, and especially from the administrator responsible for

managing the machine.

"It rarely serves the needs of the user, and in many cases, it's very easy to create a

security vulnerability this way," he warned.

The use of stealthy rootkit-type techniques by commercial software

makers triggered widespread condemnation recently when Sony BMG admitted to using the technology to cloak its DRM

scheme.

After hackers used the Sony DRM rootkit as a hiding place for Trojans, the music company suspended the

use of the technology and recalled CDs with the offending copy protection mechanism.

Earlier this year, security

vendor Symantec also admitted to using a rootkit-type feature in its Norton SystemWorks software that presented a

perfect hiding place for attackers to place malicious files on computers. Symantec acknowledged that it was hiding a

directory from Windows APIs as a feature intended to stop customers from accidentally deleting files, but, prompted

by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk.

02-21-2006, 06:11 PM	#1
Amoniustauns Join Date Nov 2005 Posts 395 Senior Member	Here We Go Again (Germany) 'Mr. & Mrs. Smith' DVD Ships with Rootkit-like DRM By Ryan Naraine Sony BMG is not the only company to dabble in using copy-protection technology that resembles rootkits. According to anti-virus vendor F-Secure, based in Helsinki, Finland, the German DVD release of "Mr. & Mrs. Smith"—a recent movie starring Brad Pitt and Angelina Jolie—contains a DRM (digital rights management) protection scheme that uses rootkit-like cloaking technology. Rootkits are typically used to maintain a persistent and undetectable presence on a computer. Because malicious hackers can piggyback on the technology to hide offensive files, the use of such cloaking technology is seen as a serious security risk. In a blog post, F-Secure vice president Antti Vihavainen said the DVD ships in Germany with Settec Alpha-DISC copy protection. "The system will hide its own process, but does not appear to hide any files or registry entries. This makes the feature a bit less dangerous, as anti-virus products will still be able to scan all files on the disk," Vihavainen said. However, Vihavainen said it's not uncommon for real malware to only hide processes. The discovery of the cloaking mechanism is credited to Heise Online, a German news outfit. Although Settec provides an uninstaller for its DRM mechanism, Vihavainen said commercial software vendors should "always avoid hiding anything" from the user, and especially from the administrator responsible for managing the machine. "It rarely serves the needs of the user, and in many cases, it's very easy to create a security vulnerability this way," he warned. The use of stealthy rootkit-type techniques by commercial software makers triggered widespread condemnation recently when Sony BMG admitted to using the technology to cloak its DRM scheme. After hackers used the Sony DRM rootkit as a hiding place for Trojans, the music company suspended the use of the technology and recalled CDs with the offending copy protection mechanism. Earlier this year, security vendor Symantec also admitted to using a rootkit-type feature in its Norton SystemWorks software that presented a perfect hiding place for attackers to place malicious files on computers. Symantec acknowledged that it was hiding a directory from Windows APIs as a feature intended to stop customers from accidentally deleting files, but, prompted by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)