Sony: Why care about rootkits?

[jinxy]

Originally posted here by morganlefay
FYI

MS is gonna strip it with the next set of updates...

http://www.eweek.com/article2/0,1895,1886122,00.asp

MLF

Just thought I would add, it looks like all the av/antispyware vendors are gettin in on the act. Not only that but the smelly stuff is well and truely on the way to a fan.

http://www.theregister.co.uk/2005/11...sony_analysis/

[!mitationRust]

Well when the assistant secretary for policy at the department of homeland security starts to bitch at Sony, phone calls have been made. Boycott......... I'm sure those trimmers will be felt up the chain.

[jinxy]

Originally posted here by !mitationRust
Well when the assistant secretary for policy at the department of homeland security starts to bitch at Sony, phone calls have been made. Boycott......... I'm sure those trimmers will be felt up the chain.

I take it you mean:

"It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days.

from here: http://www.mp3newswire.net/stories/5002/admonish.html

[cabby80]

FYI - Sophos to release an Unmasking tool

http://www.theregister.co.uk/2005/11..._drm_unmasked/

[dalek]

Sony may wish their name was RCA after everyone gets through with them:

Sony BMG has said it will suspend production of audio 'CDs' that use XCP, the rootkit-style DRM developed by British company First4Internet Ltd. However the music giant refused to apologize for the software, which exposes PCs to malware and which can disable the PC's CD drive when users try to remove the software.

Sony also declined to follow EMI's example in September and recall CDs already in the retail channels.

Around 20 CDs use XCP, which has been on the market since April. http://www.theregister.co.uk/2005/11...s_rootkit_drm/CD List

But since a security website drew attention to implications of XCP last week, Sony has been deluged with complaints, prompting lawsuits in California and Italy.

"We are aware that a computer virus is circulating that may affect computers with XCP content protection software," Sony said in a statement. "Nonetheless, as a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology. We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use."

Sony may rue the wave of consumer outrage, and the subsequent lawsuits. But it may also note that the scandal took more than six months to surface.

And the music publisher isn't exactly rushing to make amends. Sony's unfortunately worded phrase "ease of consumer use" reminds us that while the stealth DRM software installs itself without permission (the click-through statement fails to inform of the user of its true nature), uninstalling it requires the CD buyer to request permission from Sony via a web form. So it's hard to take Sony BMG's assurances seriously.

Damn, good thing I passed on the Ricky Martin CD

[Lv4]

well now it looks the the cure is worse than the disease... at least the cure from Sony.

clicky


Summary:

When you fill out the request form from Sony it downloads an ActiveX control called CodeSupport. This control is marked as Safe for Scripting and stays on your machine. What this means is anything can call to CodeSupport to install anything from any website.

Nice going Sony.

[jinxy]

This just gets better and better.............................It would seem some of the code in this rootkit maybe stolen. Even more entertaining is the possibilty it is DVD Jon's code.

Have a read of this: http://yro.slashdot.org/article.pl?s...id=188&tid=158