SIDEBAR

Sony and the Newest Rootkit

You -- or your teenager -- may have a rootkit lurking on a system at your home. Mark Russinovich, chief software architect and co-founder of Austin-based Winternals Software LP, discovered last October that some Sony BMG Music Entertainment CDs use rootkit technology to automatically install digital rights management software on Windows computers.

The intent of this kludge was to prevent unauthorized digital copying of the music. Sony, you may recall, has a long and checkered history of implementing copy-protection for CDs that cause trouble for users. (Remember the brief period you had to run a black Magic Marker around the outside of a CD to play it on a PC?) The Sony music CD creates a hidden directory and installs several of its own device drivers; it then reroutes Windows systems calls to its own routines. It intercepts kernel-level application programming interfaces and tries to disguise its presence.

There appears to be no way to uninstall the rogue software. Russinovich discovered that traditional methods did not work, and attempting to manually delete the offending files actually disabled his computer's CD drive. According to several sources, the only way to get rid of the copy-protection software is to reformat the hard drive and reinstall Windows.