CD/DVD won't burn

By deago
Jul 20, 2006

    Mark Russinovich was doing a routine test this week of computer security software he'd co-written, when he made a surprising discovery: Something new was hiding itself deep inside his PC's guts.
    It took some time for Russinovich, an experienced programmer who has written a book on the Windows operating system for Microsoft, to track down exactly what was happening, but he ultimately traced it to code left behind by a recent CD he'd bought and played on his computer.
    High Impact
    What's new:
    Copy-protection software on CDs produced by SonyBMG is cloaked by a technique that involves a "rootkit," which is designed to hide and protect the software on the user's computer.
    Bottom line:
    Rootkit tools often are used by virus writers to hide malicious software, and security experts say rootkit mechanisms used by recording companies could be misused by others. That threat is only theoretical so far, but the debate continues between consumers and record companies about what copy-protection technologies are necessary and appropriate.
    More stories on this topic
    The Sony BMG-produced Van Zant album had been advertised as copy-protected when he'd bought it on, and he'd clicked through an installation agreement when he put the disc in his computer. What he later found is that the software had used a sophisticated cloaking technique that involves a "rootkit"--something not dangerous in itself, but a tool often used by virus writers to hide all traces of their work on a computer.
    "We're still trying to find a line between fair use and digital rights management, and it is going to take issues like this, with discussions between lawmakers and industry, to come up with what's fair and honest," Russinovich said. "But I think this has gone too far."
    Russinovich posted a detailed step-by-step account of his findings on his blog, drawing immediate criticism of SonyBMG's technology from some inside the security software community. The passionate response underlines the power copy protection retains to inflame emotions and spark bitter debate, despite the growing string of chart-topping albums that have been released over the past year with the protections included.
    A handful of security companies weighed in on the issue, saying the rootkit could present a possible--if still theoretical--risk to computers.
    The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk. The company's team has worked regularly with big antivirus companies to ensure the safety of its software, and to make sure it is not picked up as a virus, he said.
    In any case, First 4 has moved away from the techniques used on the Van Zant album to new ways of cloaking files on a hard drive, said Mathew Gilliat-Smith, the company's CEO.
    "I think this is slightly old news," Gilliat-Smith said. "For the eight months that these CDs have been out, we haven't had any comments about malware (malicious software) at all."
    A SonyBMG representative said the software could be easily uninstalled, by contacting the company's customer support service for instructions. Those instructions are not specifically available on the Web site that answers questions about the company's copy protection tools.
    Rootkit realities
    Rootkit software has been around for over a decade but has recently come to increased prominence as more writers of viruses and the like adopt it for their purposes. Essentially, rootkits are tools for digging deep into a computer's operating system to hide the fact that certain software files exist or that the computer is performing certain functions.
    Unlike other, less-powerful means of hiding files on a hard drive, rootkits are created to be extraordinarily difficult to uninstall without specific instructions, rooting themselves in an operating systems' deepest recesses in order to prevent their deletion.
    In the case of the SonyBMG software, trying to remove it manually could shut off access to the computer's CD player, researchers said.
    Security researchers note that simply hiding something doesn't make it a threat, and the SonyBMG software is designed to hide the digital rights management tools that prevent unauthorized copies of the CD from being made.
    However, it does remain active in the background of a computer, taking up a small amount of memory, even when the CD is not being played. Thus the rootkit software does have the potential to be misused by others, according to some researchers. The First 4 Internet software's technique for hiding files is broad enough that it could be adopted by virus writers, allowing them to hide their own tools on computers that have run the software from the CD, say some security experts.
    Microsoft will update its security tools to detect and remove part of the copy protection tools installed on PCs when some music CDs are played.
    The Redmond, Wash., software maker has determined that the "rootkit" piece of the XCP software on some Sony BMG Music Entertainment CDs can pose a security risk to Windows PCs, according to a posting Saturday to a Microsoft corporate Web log.
    The Sony BMG software installs itself deeply inside a hard drive when a CD is played on a PC. The technology uses rootkit techniques to hide itself. Experts blasted the cloaking mechanism, saying it could be abused by virus writers. The first remote-control Trojan horses that take advantage of the veil provided by Sony BMG have surfaced.
    To protect Windows users, Microsoft plans to update Windows AntiSpyware and the Malicious Software Removal Tool as well as the online scanner on Windows Live Safety Center to detect and remove the Sony BMG software, the software maker said in its blog.
    Reader response
    What should Sony do?
    Debate how the debacle will
    affect the label's policies.
    Windows AntiSpyware is Microsoft's spyware-fighting software that is currently available as a test version and used by millions of people worldwide. Microsoft provides weekly updates for Windows AntiSpyware. The Windows Malicious Software Removal Tool is updated monthly and is part of Microsoft's monthly patch releases.
    #textCarousel { width: 140px; border-color: #630; border-width: 2px; border-style: solid; padding: 10px; float: right; margin: 15px 0 15px 15px; background-image: url(/i/ne05/fmwk/greyfadeback.jpg); background-repeat: no-repeat; background-position: -150px top; } #textCarousel li { font-size: 95%; line-height: 1em; margin-bottom: 10px; } #textCarousel h4 { margin: 0 0 5px 0; font-size: 110%; }
    In other news:
    • Intel launches major reorganization
    • Software service yielding dividends
    • Newsmaker: The future of consumer robotics
    • Extra: Pimp my iPod
    • Video: CNET TV launches
    Detection and removal of the rootkit component will also be in Windows Defender, the forthcoming update to Windows AntiSpyware that will also be part of Windows XP successor Windows Vista, Microsoft said.
    In its move to detect and remove the Sony BMG rootkit, Microsoft follows other makers of security software. Symantec and Computer Associates are among those that are offering, at minimum, rootkit detection capabilities in their products. Sony BMG itself has provided a patch that fixes the security problem and still allows CDs to be played on PCs.
    On Friday, Sony said it had halted production of CDs with the controversial technology, which is designed to limit the number of copies that can be made of the CD and to prevent a computer user from making unprotected MP3s of the music. Sony does still produce CDs
    Windows AntiSpyware is Microsoft's spyware-fighting software that is currently available as a test version and used by millions of people worldwide. Microsoft provides weekly updates for Windows AntiSpyware. The Windows Malicious Software Removal Tool is updated monthly and is part of Microsoft's monthly patch releases.

    Good Luck !!!!!
  2. deago

    deago TS Rookie Topic Starter

    VIRUS against cd/dvd's

    This is the alltime champ of virus's. F-Secure is trying to help me rid myself of this virus.
    When you put a dvd into your computer to view it (Warner Label) a virus is copied to your harddrive and you do not know that it is there.
    What you DO notice is that your cd/dvd will not write anymore. The computer goes through its writing windows and then says "Could not complete
    Writing to the dvd,Would you like to save your work ?

    Now try some MALLWARE and try to remove this virus !!
    Much of the software cant even see this virus.
    I finaly tryed F-Secure , when I loaded the software everything was great.
    when I scanned my computer after about 3-4 minutes I get a message that something was missing and the computer LOCKS-UP.

    I reboot and now it takes forever to get to the logon screen only to find a message that the authintecation number is missing and do I want to check with Microsoft and register.

    Now wat do you think about that ?
    My computer is a old 1.7 gig VIAO
    my dvd is a PIONEER 105/A05
    Running MS XP Home

    This is a heads up for all of you who are watching movies on your desk tops
    Be carefull. LOTS OF LUCK and ask
  3. iss

    iss TechSpot Chancellor Posts: 1,994

    Rootkits and such are installed thru the autoplay feature. That si why savvy computer users disable autoplay.
  4. deago

    deago TS Rookie Topic Starter

    Thank you ISS,But what software will actually take this rootkit off my hard drive ???
    I'v tryed a lot of software but nothing will touch it.Windows XP home shows an unknown file on the drive but I can't find it to delete it.
    Formatting with XP home does not take it off.Linux fights with it but won't take it off.
    I tryed to work with F-Secure but they keep loosing my files and they don't listnen to my e-mail entrys. You would think that they would like to see thin virus !!!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...