facebook rss twitter

Microsoft targets Sony DRM and other rootkit malware

by Bob Crabtree on 14 November 2005, 23:14

Quick Link: HEXUS.net/qad2h

Add to My Vault: x

Rootkits have a clearly negative impact on security and the reliability and performance of systems


Microsoft to remove rootkit component of XCP copy-protection software used by Sony and others

In a recent TechNet blog, Jason Garms of Microsoft's Anti-Malware Technology Team outlined how the company will be tackling Sony's DRM and other rootkit malware. Garms, whose title is Architect & Group PM, said that Microsoft would be adding a detection and removal signature to the Windows AntiSpyware beta for the rootkit component of the XCP software used by Sony and others. He also said that Microsoft planned to include this signature in the December monthly update to the Malicious Software Removal Tool.

Below is what Jason Garms wrote

Sony DRM Rootkit
I've been getting a lot of questions in the last week about Microsoft's position on the Sony DRM and rootkit discussions, so I thought I'd share a little info on what we're doing here.

We are concerned about any malware and its impact on our customers' machines. Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems.

We use a set of objective criteria for both Windows Defender and the Malicious Software Removal Tool to determine what software will be classified for detection and removal by our anti-malware technology. We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta, which is currently used by millions of users.

This signature will be available to current beta users through the normal Windows AntiSpyware beta signature update process, which has been providing weekly signature updates for almost a year now. Detection and removal of this rootkit component will also appear in Windows Defender when its first public beta is available. We also plan to include this signature in the December monthly update to the Malicious Software Removal Tool.

It will also be included in the signature set for the online scanner on Windows Live Safety Center.

I'll update you if any more information comes up.
best,
-jasong
------------------------------------------------------------
Jason Garms
Architect & Group PM
Anti-Malware Technology Team
Microsoft Corporation

Team Blog: http://blogs.technet.com/antimalware

HEXUS Forums :: 11 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by directhex - Mon 14 Nov 2005 23:35
with any luck, that means it'll be forcibly ripped out of every single xp machine with windowsupdate turned on.

well done to microsoft

i just hope somebody has a backup plan, for those who still want to be able to play their defective discs post-update
Posted by dangel - Tue 15 Nov 2005 09:40
The backup ‘plan’ is to bypass it altogther and rip the audio as per normal… But you can't say things like that now can you? ;)
Posted by Atomic - Tue 15 Nov 2005 09:53
Good at least MS are removing the rootkit possibility.

Glad I have AutoPlay turned off.
Posted by Funkstar - Tue 15 Nov 2005 11:28
Excellent. Would be good if MS highlighted what the software was and who it belongs to when the removal tools finds it, that way more people would be aware of what Sony (and potentially others) have been doing.
Posted by directhex - Tue 15 Nov 2005 11:32
sony are recalling XCP-protected discs. all 2.1 million of them.

SEE NEWER »