Even Big Brands will Install Rootkits
The music industry's efforts to stamp out music piracy are well-documented so I'm not going to go over them here. However, Sony's recent efforts to push their digital rights management (DRM) software on users seems to have crossed the line of what consumers should accept as good business practices. Sony has decided that it's OK to automatically install copy-protection software on your PC when you insert one of their music CDs. There are written, but vague, disclaimers about the copy-protection software, but it is otherwise installed without your knowledge. What's more, it is installed in such a way that you are very unlikely to detect its existence and then you'll have to jump through many hoops to uninstall it.
In an attempt to salvage the situation, Sony recently released instructions and an uninstaller for this piece of software. Seems like good news, no? It would be except Sony's uninstaller actually exposes users to serious security risk. Fantastic.
Sony's software is a rootkit. A rootkit is software that hides itself from detection. It does this by intercepting system calls so that it can alter the response to make it look like everything is normal. So standard anti-virus programs or spyware removal programs will issue a request for information, but rather than getting a "truthful" answer, they'll get back a "lie". A rootkit as actually a pretty sophisticated piece of software that virus writers are just beginning to take advantage of. The unanticipated consequence of Sony's use of a rootkit and subsequent mass distribution, is that virus writers have been given a rootkit to use as they see fit.
What can you? Well, watching carefully what CDs you buy from Sony is a start. Turning off the CD auto-run feature in Windows is another good idea to prevent accidental executions of the rootkit installation program. And lastly, a free rootkit scanner is available from a company called SysInternals. Unfortunately the rootkit scanner isn't for the novice user. It will report suspicious items, but won't make it clear if there's a rootkit installed or not. That part falls to the user. So unless you're comfortable with this kind of detective work, its probably best to skip this download.