Anti-Malware Engineering Team

This blog provides information about what's happening in the anti-malware technology team at Microsoft. We're the team that builds the core antivirus, antispyware, anti-rootkit, and related technology, which is then used across a number of Microsof


Sony DRM Rootkit

  • Comments 114
  • Likes

I've been getting a lot of questions in the last week about Microsoft's position on the Sony DRM and rootkit discussions, so I thought I'd share a little info on what we're doing here. We are concerned about any malware and its impact on our customers' machines. Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems.

We use a set of objective criteria for both Windows Defender and the Malicious Software Removal Tool to determine what software will be classified for detection and removal by our anti-malware technology. We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta, which is currently used by millions of users. This signature will be available to current beta users through the normal Windows AntiSpyware beta signature update process, which has been providing weekly signature updates for almost a year now. Detection and removal of this rootkit component will also appear in Windows Defender when its first public beta is available. We also plan to include this signature in the December monthly update to the Malicious Software Removal Tool. It will also be included in the signature set for the online scanner on Windows Live Safety Center.

I'll update you if any more information comes up.


Jason Garms
Architect & Group PM
Anti-Malware Technology Team
Microsoft Corporation

Team Blog:




  • Good for you guys!

  • Finally... good work, glad to see at least Microsoft isn't scared of sony.

  • Good job! Thanks for sticking up for the little guys!

  • As a IT Specialist this is the kind of things i am scared of.

    I help manage over 200 computers and this is the kind of thing we fear. We tell people you get 20 hours of Internet access every month. We tell people you can not install any software. Everyone's access settings is just a regular user. But we tell them its OK to listen to a music CD. Not only will the root kit not install because the accounts are limited, but on Sony's web site they used to have information on how to install it even though you are not administrator. And you know what, out of our 200 computers, we had 3 of them infected with this root kit. I had to reformat the computers in order to safely know that no other Sony software is on there.

  • That's good, I know a few people who have discovered this rootkit has been installed.

  • Excellent news! I was getting worried about Microsoft's wishy-washy stance in various media publications.

  • Thank you very much!

  • Good Move Guys!

  • Before seeing this, I wouldn't have belived that MS is truly objective when it comes to malware removal. This changes my mind. It makes feel a lot better about using Microsoft products.


  • Cheers, guys. I'm glad someone higher up decided this was wrong.

  • Very nice.

  • Great to see Microsoft step up like this and recognize these actions for exactly what they are: hurtful and dangerous to consumer

  • What a well deserved blow in Sony's face!

  • Nice job guys,Sony needs a slap in the head for this one.

  • Glad to hear it.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment