Sony Rootkit - Worst.DRM.Ever

We may earn a commission from links on this page.

I was on the fence about talking about Sony's DRM mess but things are cropping up that make it sound a little creepier than it originally sounded, which means it's really, really creepy. Basically, this is a "media player" that ensures that you're only using Sony's system to view content on their DRM protected CDs. The player, written by First 4 Internet, hides itself by forcing Windows to hide everything with the "$sys$" prefix. Therefore:

Once the driver is installed, there s no security mechanism in place to ensure that only the XCP2 software can use it. That means any application can make itself virtually invisible to standard Windows administration tools just by renaming its files so that they begin with the string $sys$ . In some circumstances, real malicious software could leverage this functionality to conceal its own existence.

Not only does it potentially cloak malware, it also ups processor usage by quite a bit and also makes fun of your grandma. Man, it's one step forward/one step back for Sony today. [Thanks to all those who wrote in.]


The Real Danger Of Sony's Rootkit: It Lets Others Piggyback [TechDirt]
Sony, Rootkits and Digital Rights Management Gone Too Far [SysInternals]