Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account

Exposing hidden files all in a day's work

  • Please log in to reply




  • Retired Staff
  • 11,413 posts
Exposing hidden files all in a day's work
Austin techie sniffs out Sony spyware with a music CD and curiosity.

By Kirk Ladendorf
Thursday, December 29, 2005

Mark Russinovich's latest adventure in computer sleuthing began in late October, when he bought a country music CD called "Get Right with the Man" and played it in one of his home computers.

Russinovich, an Austin computer security expert, was testing some specialized software tools when he discovered an abnormality — new, hidden software code had been inserted on the PC's hard drive.

Russinovich soon linked it to Sony BMG Entertainment Music, the world's second-largest recording company. The software was designed to prevent unauthorized copying of Sony CDs, but it installed itself surreptitiously, invisible to antivirus programs, and it left computers potentially open to hackers.

Russinovich was annoyed, and he said so on his blog, which he estimates has about 75,000 readers daily.

Sony soon found itself in a hornet's nest of consumer complaints and several lawsuits, as computer-privacy analysts declared that the record industry's campaign to thwart the digital piracy of its music had been set back dramatically.

"Sony got caught with its hand in the cookie jar," says analyst Michael Goodman with the Yankee Group in Boston. "When you have a company, without telling you, install stuff on your computer that may be harmful, that is not going to cause good feelings."

Russinovich, the 39-year-old chief software architect for Winternals Software in Austin, may have had the perfect credentials to ferret out Sony's secret software.

He is both a fan of popular music and an acknowledged expert in the secret quirks of personal computing software. Russinovich earned a doctorate in computer science from Carnegie Mellon University, and he has been deciphering the internal secrets of Microsoft Corp.'s Windows operating software for nearly a decade.

"He is absolutely the best authority on Windows software today," said Peter Szor, a leading antivirus researcher for Symantec Corp.

Russinovich and fellow graduate student Bryce Cogswell began writing advice articles in computer trade magazines in 1996 and soon launched a commercial Web Site, Winternals.com, aimed at systems administrators who were charged with keeping networks of Windows computers up and running. The Web site and the software product eventually grew into their present company, which has 80 employees and more than 70,000 customers.

By profession and avocation, Russinovich is an unabashed software geek as well as a fan of Johnny and Donnie Van Zant, who recorded "Get Right with the Man" for Columbia Records, a division of Sony BMG. It was one of 52 CDs that Sony distributed this year with a copy-protection software program called XCP included. Sony said it shipped 4.7 million of the copy-protected CDs, of which 2.1 million were sold.

Hidden files found

On Oct. 30, Russinovich was running a software security tool called Rootkit Revealer.

It was just a routine test of the software. Russinovich wasn't expecting to find anything. But there they were on the scan report: 22 hidden files, buried amidst the Windows operating system software on the computer's hard drive.

"So that's what launched it," he recalled recently of his discovery. "I was asking: What the heck are hidden items doing on the machine? And the names of the files gave no clue as to what they were connected with.

"So I brought in some other tools to try to figure out what (the hidden files were) doing.

A fragment of software code and a Google search soon led him to First 4 Internet, a British company specializing in copy-protection software that worked with Sony.

"That's when I made the connection with the CD that I had purchased."

He ran another analysis tool and saw communication between the hidden or "cloaked" software and the computer's CD player. He made some more tests on other computers and concluded that Sony's CDs included stealth software that installed itself on consumers' computers and then tried to hide itself.

Worse, removing the software disabled a PC's ability to play CDs.

He posted his blog report of the discovery the next day under the heading "Sony, Rootkits and Digital Rights Management Gone Too Far."

Russinovich's report of his detective work become public knowledge in the computer industry almost overnight. The trade press quickly picked up the story.

"But I had no idea what to expect out of the mainstream press," he said. "Whether this was too technical for them or not. The story did go a lot broader in the mainstream press than I thought it would."

Sony declined to comment for this report. But after Russinovich's discovery, Sony asked retailers to remove the remaining CDs and offered to exchange copy-protected CDs with ones that aren't copy-protected. The company also put instructions on its Web site on how to remove the offending software.

But it's still being sued by consumers and various states. Among those suing Sony is Texas Attorney General Greg Abbott, who says the company's anti-piracy software violates the state's spyware and deceptive trade practices act.

Analysts say that recording companies face tough business challenges as they look for the right balance in protecting songs from piracy, which is estimated to cost the industry more than $4 billion in lost sales. Too much protection turns off consumers and less onerous protection is easily cracked.

"The content companies are between a rock and a hard place," said Goodman, the analyst with the Yankee Group.

A history of inquiry

This isn't the first time that Russinovich had been at the center of a computer storm. Back in 1995, when DRAM memory chips were selling at a premium, software programs proliferated that claimed they would double a computer's memory capacity.

Russinovich, then a graduate student, bought a RAM-doubling software program, studied it and concluded it wasn't doing anything within the computer. After he wrote a trade press article saying so, the furor sparked a Federal Trade Commission investiga- tion.

A decade later, he isn't sure what the publicity over the hidden Sony software will lead to. He has agreed to be a consultant for one of the New York law firms pursuing a class-action lawsuit against Sony.

Perhaps, he said, the big record companies will revise their approach to protecting their copyrighted music.

"If they are trying to protect content at all costs," Russinovich said, "they might pause and say, 'Let's do it in a way that does not irritate the end user.' "

  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP