Posted on 11/15/2005 4:09:12 PM PST by Amerigomag
Not only is Sony no longer selling the RootKit CDs, .... according to a USAToday article, "Sony is to pull their controversial rootkit CDs from store shelves". A nice gesture, but a little late.
.... "Sony's DRM rootkit has been found by Dan Kaminsky to have infected at least half a million networks". .... Dan has even put together some pretty pictures of the breadth of the infection.... "With so many people infected, it's unfortunate that from the Washington Post comes the news that "serious security flaws have been found in the software that Sony is distributing to users who want to remove the Sony rootkit". .... "Because of the way the tool is configured ... it allows any Web page that the user subsequently visits to download, install and run any code that it likes". Oops.
Even Microsoft is getting into the act. .... "Microsoft said it would remove controversial copy-protection software that CDs from music publisher Sony BMG install on personal computers, deeming it a security risk to PCs running on Windows."
(Excerpt) Read more at slashdot.org ...
I try, but I don't know 10% of it :)
This is directly derived from the methods used by Sony's Verant Interactive subsidiary to detect cheaters in their MMORPGs (and is about as successful).
I'm not clear on what the Sony rootkit needs for user rights in order to function. But the reality is that a great many users operate on an account with full local admin rights anyway. Makes the question sort of moot on those machines.
Sure, it's smart not to, but most don't want to put up with the hassles that happen all day if you limit your own rights and have to keep logging on and off under different sets of rights to get stuff done.
I haven't been playing close attention, but I think this thing installs only if you're set to autorun a CD you stick in the drive. Which I darn sure am not, and would expect any halfway-decently locked-down machine to not allow.
It has to write to HKEY_LOCAL_MACHINE to install itself. By default, only administrators have permission to write to HKLM, so unless you're an administrator, or you've changed the permissions on the registry (surely beyond the ken of most users), it fails.
But the reality is that a great many users operate on an account with full local admin rights anyway.
True that. Well, experience is a harsh mistress ;)
OK - so what does this mean to me... my computer doesn't ask me questions about admin rights.
So... pretty much everybody is vulnerable.
You're operating with local admin rights, just like 99% of users in the world.
That's what I thought... he was making it sound like I would have had to do something beyond me to end up this way.
Doesn't have to be that way, but unfortunately most end-users are not well educated about why running as a local admin all the time is a bad idea. It doesn't have to be that way, though - very few programs really need administrative privileges to run.
Another poster this afternoon said he had heard that the Sony rootkit may propagate over intranets and/or company networks. So once one person puts a Sony/BMG disc into their CD drive ...
"On the other hand, DOD computers should be for official use only and people introducing this software by unofficial use should be reprimanded for it."
Playing commercial music CDs may not be banned.
If this is true, Sony is also guilty of creating a computer virus, which this spyware is.
I do not believe this to be true. I have a network at home with 4 nodes on a domain, and it has not done this, even given ample time.
It is on my network. It's expressely outlined in the employee handbook. I could only hope the DOD systems are at least as secure as that. If not, Sony software is the least of our worries.
I think Sony should get criminal charges for hacking. Course, it's probably not any worse than RealPlayer. However, I created a rule a while back that says, "If it says Sony, I ain't buying it." That was after they put out the cds that would lock up a disc drive.
Well, there goes the server economy for about the next 6 months.
It is spyware and it cloaks files, but it doesn't spread by itself. Inserting their CD makes their program run and install which is true of thousands of other program and media CD's.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.