Sony and the Root-kit

Everyone knows the name Sony but few people are familiar with the term root-kit . However, recently these terms have been used together regularly.

A root-kit is a devious bit of software left on a computer by an intruder to hide the intruder's presence and cover their tracks. It replaces system commands that would normally reveal that the system has been invaded with versions that selectively omit tell-tale details. They generally also leave the computer open for subsequent access. Recently spy-ware has used such tricks to hide its presence.

All pretty unsavoury and illegal in many places. It is not something you'd expect a respected international corporation to get involved with.

"Get Right with the Man" by Van Zant - the CD that started all the fuss.

Nevertheless, Sony's hubris and paranoia over illegal CD copying led them to believe there were no limits to what they could do to your PC to protect their interests.

Earlier this year, Sony BMG (Sony's music entertainment division) released some music CDs with DRM (digital rights management) copy protection. To play the CD on a computer, you had to use the enclosed media player. This much was noted on the sleeve.

What the sleeve didn't mention was that when you installed the media player, you were also installing a root-kit which would monitor your use of the CD and prevent you from making illegal copies.

It also didn't warn you that each time you play the CD, the software would contact the Sony BMG web site, opening the potential for Sony to monitor your playing of the CD. This type of behaviour is known as phoning home .

There was no way for you to find out this software was on your computer and no way for you to un-install it. If it crashed your PC, there was nowhere for you to turn.

The root-kit's method for hiding itself was so indiscriminate that viruses and spy-ware could easily use it to hide themselves - and some have recently been discovered in circulation.

When a respected Windows consultant found the root-kit on his PC and traced it back to Sony and a CD he'd bought recently, the resulting media activity was dramatic, even catching the mainstream press.

Sony BMG was rebuked from all sides and a lawsuit from the State of California was quickly followed by many others.

Sony's initial response further demonstrated their arrogance when in an interview their president of global digital business stated: "Most people don't even know what a rootkit is, so why should they care about it?"

In a very few days, Sony was forced to release an un-install program through their web site but this was awkward to obtain and left security holes.

It then transpired that Sony's software, which was designed to prevent people from infringing music copyright, was, in part, itself copied from another software suite and used without permission, violating that software's license agreement.

Sony has, at last it seems, come to its senses over this. The Sony BMG website now has a link on the home page for information on the XCP Content Protection which takes you to a page with instructions on removal and information on getting your CDs replaced with clean ones.

The trail of incompetence doesn't end here. The un-install software distributed by Sony only works with Internet Explorer and leaves a security hole in your browser that a web site could use to take over your PC.

The repercussions from this are likely to be ringing for some time. Sony has lost a lot of trust and respect. The debate over who can install software on your PC in the name of digital rights is by no means over and corporations will always be tempted to step over the line to protect their interests.

There's a thought provoking footnote to this story; one commentator has been highly critical of the time taken for the security products from firms like Symantec, Microsoft and McAfee to catch on to this exposure and alert their users. Had this root-kit appeared on the Internet anonymously and been causing a minor security worry, you can be pretty sure they'd have been falling over themselves to produce detection and removal programs. But because the mal-ware originated from a respectable company, they seemed to suffer some sort of symbiotic corporate blindness.

It makes you wonder who you can turn to for reliable security software.

Further Reading

• Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far
• Wired News: Real Story of the Rogue Rootkit
• Sony BMG web site
• Business Week Online: Sony BMG's Costly Silence

Palamon Capital Partners, LP

Palamon Capital Partners is a private equity manager with funds under management of approximately €1 billion. The Palamon funds are backed by some of the biggest investment institutions in the world and are some of the largest in the European middle market.

Palamon is backed by some of the biggest investment institutions in the world

The extensive private equity experience of the firm has enabled them to develop an investment process that, while being extremely thorough, is flexible enough to respond to time-sensitive situations. This investment process will see a potential deal go through from initial approach and investigation, to more detailed exploration of the company, then to full due diligence and finally to the actual investment itself.

At any given moment, there will be a number of deals at each stage of this development process. Riverhall developed the "deals database" software for Palamon Capital Partners that enables this process to be tracked and managed. The system acts as an information and communications centre for the progressing of deals through this process.

The other major task that Riverhall have assisted Palamon Capital Partners with is the building and maintaining of a database of investors in the fund. Communication with investors has to be both timely and extremely accurate. Riverhall's software acts as a specialized relationship management system for the investors in Palamon Capital Partners funds. Recent enhancements include support for multiple funds, and the creation of an investor communication web site, which is to be launched by the firm shortly.

"Riverhall have been supplying software to Palamon Capital Partners and supporting our databases since 2000. They have been able to understand our commercial needs and understand how we operate internally and then have designed a system that meets our needs closely and are able to support us post implementation." Annette Wilson, Investor Relations Director, Palamon Capital Partners