NEWS FROM THE LAB - Wednesday, November 16, 2005

Sony, DRM, Rootkits, Bugs and You Posted by Antti @ 10:40 GMT

Van Zant CD with XCP
The Sony DRM case seems to be getting more and more twisted. Our readers might be wondering what the actual risks are at this point and what they should be doing about them. Here's a short recap.

If you have the Sony DRM with the rootkit (aries.sys) still active, you should consider getting the update to remove the rootkit. Do this by using the standalone executable available here. There are already several malware variants that try to hide with the help of the Sony DRM cloaking.

After this you're left with the rest of the Sony DRM software, which might be vulnerable to local privilege escalation attacks reported by ISS X-Force. To remove the DRM software entirely, you will have to wait for Sony to fix their uninstaller and carefully consider using the new version once it's released.

If you have already used the ActiveX uninstaller that was available until Sony stopped distributing it, you are vulnerable to a remote code execution attack. You should remove the vulnerable ActiveX component. If you want, set a kill-bit for it (the CLSID is {4EA7C4C5-C5C0-4F5C-A008-8293505F71CC}) just to be sure.