A few updates first for friends. I’ll be in Waterloo this weekend, so contact me and we’ll get together. I have about a month and a half left of work, and will be home for Christmas Eve. :) (Passed 1000 unique visitors!)

I’ve found out something very distressing. I have a rootkit on my laptop. What’s a rootkit you ask? Let me explain…

I’ve been listening to podcasts on technology and security issues lately. My favourite is This Week In Tech (who’s Episode 29 talks about a specific rootkit), though Security Now is pretty good as well. A few weeks ago Security Now did an issue on rootkits (In the link you can get Episode 9 and 12, the relevant podcasts). Rootkits are programs that hide files and running processes from the operating system and run at kernel level. A rootkit can be used by spyware or viruses to make it harder to find and remove. Thus they are major security threats, and why I am so distressed over the fact I found one.

This particular rootkit is unique. It wasn’t put there by a hacker, but by a corporation: Sony. It has actually been known for quite a bit, but became well known when Sysinternal posted a blog about it after finding one on their machine. It’s a program that aids Digital Rights Management, for use in preventing piracy. It’s also been reported that the program reports back to Sony to say what people are listening to (something Slashdot has picked up on). Sounds like Spyware to me. Even worse (I invite you to listen to the podcasts, where lots of my info comes from, especially the Security Now one), is the fact the rootkit is poorly coded, and essentially just hides files beginning with $sys$ (read more at rookit.com), so that script kiddies could use the rootkit themselves to make viruses that could also not be detected. It’s a very dangerous rootkit!

Now that you know about rootkits, I’ll tell you how I found mine, how I got it, and what I’m going to do to remove it. And I suggest you all do the same. I used Sysinternal’s RootkitRevealer to scan my computer for it. Sony is installing this rootkit through Audio CDs that you play on your computer and require software to install to run. I believe it may have come from my Our Lady Peace album Healthy in Paranoid Times, which is the only Sony BMG CD I remember playing recently. I had already been distressed with the album because the protection software didn’t allow me to rip it to iTunes, thus I couldn’t get the music to my iPod. This software only encourages piracy! Makes it very hard for legitimate users to enjoy their music!

Sony, through the company that made the software, has the ability to remove the rootkit. If you try to remove the software with RootkitRevealer, you will lose your CD drive. There used to be a work around removing the rootkit, but Sony patched it! You have to now go to the site, allow an ActiveX control to run on your computer, which will ask if you want to update the software, say no, and it will give an option to delete it. Sony may change this soon as they are taking alot of heat in the media. Follow whatever instructions they have on their site. If rootkits are being used by one major company, there is no guarantee that others aren’t either. Terrifying.

***EDIT***

A virus is already out taking advantage of the rootkit. Also Sony’s fix is causing more damage and now Sony is recalling CDs.

I’m planning a new entry, but some more updates. Texas is sueing Sony, there is a way of cheating the DRM technology using tape, and Bruce Schneier (a famous cryptographer) weighs in on the events.

Random Wikipedia Article: Tonberry
Currently Listening to: The ScientistColdplay