?

Log in

No account? Create an account
Eyes

Sony's “Rootkit-Like” DRM Enforcement Software

Brought to attention by darksakura:

It seems that Sony/BMG finally gave in. ]

It's a good thing that they're finally taking a corrective action at least, but it seems, in fact, that they're doing it because they were cornered and forced to.  To quote the article:

“The recall and exchange program, which was first reported by USA Today, comes two weeks after news began to spread on the Internet that certain Sony BMG CD's contained software designed to limit users to making only three copies.  The software also, however, altered the deepest levels of a computer's systems and created vulnerabilities that Internet virus writers could exploit.

“Since then, computer researchers have identified other problems with the software, as well as with the software patch and uninstaller programs that the company issued to address the vulnerabilities.

“Several security and antivirus companies … quickly classified the software on the CD's, (sic) as malicious because, among other things, it tried to hide itself and communicated remotely with Sony servers once installed. …

“On Saturday, a Microsoft engineering team indicated that it would be updating the company's security tools to detect and remove parts of the Sony BMG copy-protection software to help protect customers.

“Researchers at Princeton University disclosed yesterday that early versions of the "uninstall" process published by Sony BMG on its Web site, which was designed to help users remove the copy protection software from their machines, created a vulnerability that could expose users of the Internet Explorer Web browser to malicious code embedded on Web sites.

“Security analysts at Internet Security Systems, based in Atlanta, also issued an alert yesterday indicating that the copy-protection software itself, which was installed on certain CD's beginning last spring, could be used by virus writers to gain administrator privileges on multi-user computers.”

Good job, Sony.  Dunno if you are suing First 4 Internet to recover the recall cost, but you know what?  I think you are partially responsible and should pay some of the cost as well—as 1) a lesson fee for learning that there's this thing called business ethics, which draws a line that you oughtn't cross, and also as 2) a penalty for persisting until even security experts all turned their back against you.  You know, what kind of a shame is that?  *tsk tsk*

Tags: , , ,

Comments

Business ethics? Any kind of ethics that separates itself from a key word (ethics) by using another key word (business) when both keywords generally have absolutely opposite meanings cannot ginuinely be classified as ethics IMHO.
Sony/BMG is doing "business as usual". :-p, they just happened to get slammed like Martha Stewart. Heh.
Heh, I was thinking something along those lines. Business ethics is like military intelligence -- it's an oxymoron. XD

Pariah capitalism, anyone?

I dug around through their site and found the list of titles that included the XCP crap. Then there was the Service Pack 2a to remove the cloaking to allow an uninstall.

I'm glad they got caught.