According to Settec, Heise's report of Alpha-DVD has prompted unfair comparison between Sony BMG?s DRM and Alpha-DVD.
"Before delving into the ideological debate over the definition of a "rootkit" and whether our copy protection solution falls into that category, Settec would like to address a more immediate issue. Under investigation prompted by Heise's discovery, we acknowledge possible security risk resulting from our implementation. As of this writing, there is no report of any malicious attempts by hackers or programs to take advantage of this function in our solution. However, we believe the best course of action is proactively eliminating any possible security concerns", said Settec.
Settec engineers have developed and released an update for our Alpha-DVD software. The update can be downloaded at http://update.settec.com.
By updating the software, any and all rootkit-like behaviors identified are removed.
Settec said that it was not intenting to cause great disturbance and alarm to its users.
"Sole purpose of our implementation was to provide our client with the highest possible level of copy protection. Consequently, we believe this came at too high of a price for the end-user and have reacted to customer's demands swiftly. Settec highly recommends users of our Alpha-DVD copy protection to download and apply this update to prevent possibility," said a Settec's spokesman.
Mr. Calvin Kim, Settec's Executive Vice President of Business Development, has stated that "You must make clear distinction between circumstances that surrounds the rootkit technology applied by Sony BMG and Settec's implementation."
Settec claims that the Alpha-DVD software is hidden so that it cannot be targeted by malicious ripping programs. The original design of the hidden process is for protection purposes rather than deception, as is the case with rootkit.
"Most of the definitions available for computer and security experts tend to classify a rootkit as installed by an 'intruder,' designed to be hidden and to conceal processes and files without the user's knowledge. Usually, these files and processes are difficult - almost impossible - to remove once installed on a system."
On the other hand, Alpha-DVD software clearly notifies the user before installation and its purpose by displaying an End-User License Agreement upon insertion of the disc. Also Settec has provided a self-contained uninstaller, which was released at the same time as 'Mr. & Mrs. Smith' and has been updated since, to completely remove the software and all of its components from the user's computer. The downloadable uninstaller, available at http://uninstall.settec.com, will return the user?s computer back to its original state safely and completely.
Settec also ran tests on programs specifically designed to find rootkits on a user's computer using our software. The result shows that only the F-Secure's Blacklight RootKit Eliminator Beta identified our software as behaving like a rootkit due to our hidden process.The newly released patch has been updated and the first test results return no rootkit-like functions regarding the Alpha-DVD software.
Nevertheless, Mr. Kim agrees with Heise Online's claim of possible security risk with current version of Alpha-DVD copy protection solution. In order to counter the security issue, Settec has advised users to either uninstall its copy protection software after viewing of the DVD or execute the security update that can be downloaded from Settec's update patch site.
Also Mr. Kim would "like to thank Heise Online and F-Secure of notifying us of the possible security issues in our software and allow us the opportunity to address this concern. Settec is committed to providing the most complete copy protection solution and will continue to improve our technology. Settec, Inc. pledges to provide the highest level of compatibility and stability on its Alpha-DVD copy protection while securing content owners' copyrights and continue to respect the end-user's privacy rights."