Removing Sony's Software? Not Quite
This post is geared toward people who read today's wrapup in The Washington Post about huge security holes in Sony BMG's anti-piracy software and are interested in removing some or all of the broken software from their computers.
That software was crafted to hide its own files and resist any attempt by the user to remove it. However, as several recent Internet attacks have shown, that function could be exploited by computer viruses.
What's more, those skilled enough to uncover and delete the offending anti-piracy software files run the risk of rendering their CD-ROM drives inoperable, or of ending up with computers that repeatedly crash or reboot.
Furthermore, if you haven't already installed the software patch that Sony BMG made available last week in a vain attempt to fix this problem, DO NOT INSTALL IT. Security researchers say it will introduce even more vulnerabilities into your system.
No doubt the first question in readers' minds is: How do I know whether a CD I have purchased includes this corrupted software? At long last, Sony has published a list of CDs that include the offending software. You can tell for sure by checking the copy protection info on the bottom left side of the CD's back cover. Look for an Internet address that ends with the letters "XCP."
If you have played one of these CDs in your Windows-based computer, it is likely that the software has been installed on your machine. (These CDs play just fine in computers powered by Linux or Macintosh operating systems and do not auto-install the offending software.)
First off, if you believe you have Sony BMG's anti-piracy software on your machine, consider using one of several free tools available to remove the underlying software. Most are available only to people who've subscribed to an antivirus service, but as of midnight, Microsoft was offering a new update to its free Web-based "malicious software removal tool" that is supposed to nix the Sony software's file-hiding capabilities.
To get it, fire up Internet Explorer and visit this site, then click the yellow "Full Service Scan" button. If you have not installed Microsoft's Live Safety Scanner, you will be prompted to do so and approve their license agreement. Once the software is installed, select "Quick Scan," and then hit "Next." If it finds any threats when completed, hit "Next" to remove them.
If you have already installed the Sony BMG-issued removal patch, your machine is vulnerable to attackers because the company had not yet -- as of this posting -- released a solution to fix it. Sony said it is still developing a tool to completely remove the anti-piracy software, and that it will make available at some point on its site.
Researchers say the Sony Web page where users can download the removal patch installs a program that remains on the user's PC even after removal tool has done its job. And because of the way the tool is configured, it allows any Web page that the user subsequently visits to download, install and run any code that it likes.
If I were unfortunate enough to have listened to one of these protected CDs and installed this ill-fated patch on my PC, I might be wondering why it has taken so long for Sony BMG, Microsoft and the antivirus companies to come up with easy-to-use software tool that removes this foul program altogether.
But what if you, dear Security Fix reader -- alarmed by news of how this software introduces security threats -- have already run Sony's uninstall "patch"? The short answer is that, at least for now, you are out of luck. Unless, of course, you routinely use a Web browser other than Microsoft's Internet Explorer (such as Firefox or Opera) which do not rely upon the vulnerable ActiveX component futher exposed by Sony's software. Interestingly enough, the Department of Homeland Security's US-CERT has picked up on this threat, though it makes no mention of using another browser as a solution.
I contacted Sony, Microsoft and Symantec, all of whom were at the time still debating whether or not to issue updates to remove the more serious security holes left behind by Sony's patch program. (Microsoft's update only deals with the original software, not the patch). Sony executives say they will release "shortly" a program to entirely remove its anti-piracy software. Microsoft and Symantec both say they are considering whether issuing an update that removes all of Sony's software is doable.
So for now, the unfortunates who used Sony's patch must wait it out until some company comes forward with an easy-to-use tool that will get rid of this pest once and for all.
Editor's Note: See Brian's story in Today's Washington Post: "Sony's Fix for CDs Has Security Problems of Its Own."
Posted by: George | November 17, 2005 2:42 AM | Report abuse
Posted by: Mandy | November 17, 2005 3:14 AM | Report abuse
Posted by: Richard Sez...... | November 17, 2005 3:47 AM | Report abuse
Posted by: Tom | November 17, 2005 4:24 AM | Report abuse
Posted by: Chris | November 17, 2005 7:54 AM | Report abuse
Posted by: Steve | November 17, 2005 8:18 AM | Report abuse
Posted by: Gyffes | November 17, 2005 9:23 AM | Report abuse
Posted by: Doug Lay | November 17, 2005 9:45 AM | Report abuse
Posted by: Ann | November 17, 2005 10:42 AM | Report abuse
Posted by: james | November 17, 2005 11:02 AM | Report abuse
Posted by: Rich | November 17, 2005 12:00 PM | Report abuse
Posted by: Dave | November 17, 2005 1:08 PM | Report abuse
Posted by: Susan W. | November 17, 2005 1:57 PM | Report abuse
Posted by: Brian Krebs | November 17, 2005 2:31 PM | Report abuse
Posted by: Orange | November 17, 2005 4:57 PM | Report abuse
Posted by: Orange | November 17, 2005 6:33 PM | Report abuse
Posted by: Outraged Mac user | November 17, 2005 9:57 PM | Report abuse
Posted by: abc | November 17, 2005 9:59 PM | Report abuse
Posted by: Mark Lyon | November 19, 2005 11:12 PM | Report abuse
Posted by: Chetan | December 12, 2005 7:52 AM | Report abuse
The comments to this entry are closed.