Not many days have passed since Sony got negative attention for its DRM protection of Copy Protected CDs, to which they were quickly issuing an update to remove it.Or – did they? The update is 3.5 MB, seems to update all the files, and leaves some more files there, according to Ed Felten, who had looked a bit closer at it:
The update is more than 3.5 megabytes in size, and it appears to contain new versions of almost all the files included in the initial installation of the entire DRM system, as well as creating some new files. In short, they’re not just taking away the rootkit-like function  they’re almost certainly adding things to the system as well. And once again, they’re not disclosing what they’re doing.
No doubt they’ll ask us to just trust them. I wouldn’t. The companies still assert  falsely  that the original rootkit-like software “does not compromise security†and “[t]here should be no concern†about it. So I wouldn’t put much faith in any claim that the new update is harmless. And the companies claim to have developed “new ways of cloaking files on a hard driveâ€Â. So I wouldn’t derive much comfort from carefully worded assertions that they have removed “the … component .. that has been discussedâ€Â.
But, there’s more – related to the rootkit, unrelated to the “fix”.
Use the rootkit to cheat other companies
Players of World of Warcraft don’t like the game makers, and the controversial tactics to avoid cheating in the game. (To my limited understanding – I don’t play it myself.) The program ‘Warden’ scans the players’ PCs, to make sure there’s no processes running tohelp cheating in the game.
Sony to the rescue – their rootkit DRM helps War of Worldcraft hackers to fool the Warden. After all, with the DRM rootkit installed, all that is needed to hide a process is to start the filename with $sys$ – right?
