Wednesday, November 09, 2005

He's on a roll now

From Mark Russinovich's latest entry

    For those readers that are coming up to speed with the story, here’s a summary of important developments so far:

    The DRM software Sony has been shipping on many CDs since April is cloaked with rootkit technology:

      * Sony denies that the rootkit poses a security or reliability threat despite the obvious risks of both
      * Sony claims that users don’t care about rootkits because they don’t know what a rootkit is
      * The installation provides no way to safely uninstall the software
      * Without obtaining consent from the user Sony’s player informs Sony every time it plays a “protected” CD

    Sony has told the press that they’ve made a decloaking patch and uninstaller available to customers, however this still leaves the following problems:

      * There is no way for customers to find the patch from Sony BMG’s main web page
      * The patch decloaks in an unsafe manner that can crash Windows, despite my warning to the First 4 Internet developers
      * Access to the uninstaller is gated by two forms and an ActiveX control
      * The uninstaller is locked to a single computer, preventing deployment in a corporation

    Consumers and antivirus companies are responding:

      * F-Secure independently identified the rootkit and provides information on its site
      * Computer Associates has labeled the Sony software “spyware”
      * A lawfirm has filed a class action lawsuit on behalf of California consumers against Sony
      * ALCEI-EFI, an Italian digital-rights advocacy group, has formally asked the Italian government to investigate Sony for possible Italian law violations

Go get 'em Mark!

No comments: