Posted on 11/15/2005 4:09:12 PM PST by Amerigomag
Not only is Sony no longer selling the RootKit CDs, .... according to a USAToday article, "Sony is to pull their controversial rootkit CDs from store shelves". A nice gesture, but a little late.
.... "Sony's DRM rootkit has been found by Dan Kaminsky to have infected at least half a million networks". .... Dan has even put together some pretty pictures of the breadth of the infection.... "With so many people infected, it's unfortunate that from the Washington Post comes the news that "serious security flaws have been found in the software that Sony is distributing to users who want to remove the Sony rootkit". .... "Because of the way the tool is configured ... it allows any Web page that the user subsequently visits to download, install and run any code that it likes". Oops.
Even Microsoft is getting into the act. .... "Microsoft said it would remove controversial copy-protection software that CDs from music publisher Sony BMG install on personal computers, deeming it a security risk to PCs running on Windows."
(Excerpt) Read more at slashdot.org ...
Inserting their CD makes their program run and install which is true of thousands of other program and media CD's.
That is not true, the autorun feature was meant to prompt the user to install something, NOT install it without their knowledge, with is the case with Sony.
That's what it is meant to do, but it is not precluded from installing something without the user's knowledge. It is probably more often used to run, but not install, a program without the user's knowledge.
I should be a little more clear. I don't believe that Sony should install anything with or without the user's knowledge. The user's "knowledge" is useless anyway, since they would just put up a fine print screen saying they are going to spy on you and install some file cloaking. Then people would click ok. I don't like that no matter what the Sony software does.
Actually from what has been stated, the spyware was NOT covered in the EULA on teh CD. And even if it was, the spyware automatically installed even before you got to the EULA, which is illegal.
That is asking you to agree to something, after the fact, with is wrong.
>>Sorry, a lot of people want their music CD to start up after inserting it into the drive and closing the door.
Great, they should buy dedicated CD players. What part of "would expect any halfway-decently locked-down machine to not allow" did you not understand? And I really, really, really don't care what the Windows default is. Your door locks come from Home Depot unlocked by default. Do you leave them that way?
It's a computing device. It's 2005, and attacks on computing devices come from every angle. Treat your computing device like a casual piece of consumer electronics, and pay the price.
Absolutely. If some l33t haquer d00d whose only experience with the nude female form is via JPEG did this, he'd get two to five.
Have we abandoned even the pretense of uniform rule of law?
"the main story we have here is a Sony's malicious attempt to secretly install software, which is virtually undetectable, without the user consenting to it being installed.
And unfortunately, the removal tool, as we are finding out today, may cause more damage than the software Sony forced installed upon us."
Oh, I didn't say that Sony didn't just totally stink, for what they did. It will definitely biad me anti-Sony for any future purchases.
That said, there's a personal responsibility aspect to all this. Lock your systems down, people!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.