NEWS FROM THE LAB - Tuesday, February 14, 2006

About the Hidden Smith Family Posted by Antti @ 14:51 GMT

Heise Online is reporting about yet another example of the ever-warming relationship of copy protection and rootkit technologies. The affair started with the digital rights management system Sony BMG was using to protect audio CD's. Now, we can also confirm (thanks to Rüdiger from our German office!) that at least the German DVD release of the movie "Mr. & Mrs. Smith" contains a copy protection mechanism which uses rootkit-like cloaking technology.

Mr. and Mrs. Smith DVD BlackLight detecting hidden process

The Settec Alpha-DISC copy protection system used on the DVD contains user-mode rootkit-like features to hide itself. The system will hide its own process, but does not appear to hide any files or registry entries. This makes the feature a bit less dangerous, as anti-virus products will still be able to scan all files on the disk. However, as we note in our article on rootkits, it's not that uncommon for real malware to only hide their processes.

Our message to software companies producing any software (not just copy protection products) is clear. You should always avoid hiding anything from the user, especially the administrator. It rarely serves the needs of the user, and in many cases it's very easy to create a security vulnerability this way.

If you suspect you have this copy protection system installed on your computer and you wish to remove it, the manufacturer is providing an uninstaller.

A note to our local readers: we can also confirm that the Finnish release "Mr. & Mrs. Smith" does not contain this particular copy protection technology.