Sony Incident Leads Government to Consider Rootkit Ban

Most electronics consumers had never heard of rootkits before last year’s Sony BMG debacle. Now, rootkits have the attention of the U.S. public — and the U.S. government. The Department of Homeland Security (DHS) on Thursday suggested that a measure outlawing the controversial software may be in order.

A rootkit is a security tool often used by hackers to capture passwords and message traffic to and from a computer. The tool may allow access to a so-called “back door” into a system, where a hacker can collect information on other computers on the network while masking the fact that the system is compromised.

“The recent Sony experience shows us that we need to be thinking about how we ensure that consumers are not surprised by what their software programs do,” said Jonathan Frenkel, director of law enforcement policy at the DHS.

Making an Example of Sony

Frenkel is referring to an incident last November, when SophosLabs detected a new Trojan horse that exploits its DRM software installed on Sony’s music CDs.

The software was designed to limit the number of times a CD can be copied by installing itself on Windows PCs used to play the CDs, then hiding itself from the computer’s anti-virus software. The plan backfired when Sophos learned it could leave music lovers open to computer viruses.

Sony was the victim of a public relations nightmare — and class action lawsuits that cost it millions of compensatory dollars paid to consumers who bought the tainted CDs.

Leading to Legislation?

“Companies now know that they should not surreptitiously install a rootkit on computers,” Frenkel said. Rootkits are a potential vulnerability that has the DHS looking for ways to shore up systems.

“Legislation or regulation may not be a solution in all cases, but it may be warranted in appropriate circumstances,” Frenkel continued. Of course, this government department does not hold the authority to implement new laws.

“All we can do is, in essence, talk to them and embarrass them a little bit,” Frankel said. The message was delivered to Sony in forceful terms that its rootkit was “certainly not a useful thing,” he added.

Ongoing Rootkit Problems

Sony is not the only rootkit culprit. Symantec released an update to Norton SystemWorks to fix a rootkit in January.

The entertainment industry, as a whole, however, does not appear to have learned Sony’s lesson. Earlier this week, security vendor F-Secure reported the discovery of rootkit technology in the copy protection software of the German DVD release of “Mr. and Mrs. Smith,” starring Angelina Jolie.

Should Rootkits Be Outlawed?

While companies are trying to protect their intellectual property, there are limits, noted Basex CEO and Chief Analyst Jonathan B. Spira, as the computer on which the software is installed does not belong to the software company.

“Installing hidden files which may compromise common sense security measures, in my view, contravenes the contract between software/IP publisher and purchaser,” Spira told the E-Commerce Times.

“Malicious rootkits should be outlawed,” said Mikko Hypponen, chief research officer at F-Secure. However, he’s not sure that a copy protection system using hiding techniques to protect itself, without allowing any other programs to use the cloaking, should be deemed illegal.

“The biggest problem with the Sony BMG case was that viruses could use Sony’s rootkit too,” Hypponen told the E-Commerce Times.