Posted on 11/18/2005 3:16:07 PM PST by Eagle9
Sony's controversial copy-protection scheme had been in use for seven months before its cloaking rootkit was discovered, leading one analyst to question the effectiveness of the security industry.
"[For] at least for seven months, Sony BMG Music CD buyers have been installing rootkits on their PCs. Why then did no security software vendor detect a problem and alert customers?" asked Joe Wilcox, an analyst with JupiterResearch.
"Where the failure is, that's the question mark. Is it an indictment of how consumers view security software, that they have a sense of false protection, even when they don't update their anti-virus and anti-spyware software?
"Or is it in how data is collected by security companies and how they're analyzing to catch trends?"
Sony's list of 52 albums with the XCP copy-protection include CDs that were released as long ago as late March, said Wilcox.
"If Sony's software exhibits so many characteristics of a malicious rootkit, why wasn't it detected?" Wilcox asked. "When you have half a million or a million or two million CDs all 'phoning home' to Sony, shouldn't that trigger some [warning] somewhere by something?"
Early in the Sony brouhaha, researchers found that the Sony copy-protection technology surreptitiously transmitting the user's IP address to Sony.
"We all missed this," acknowledged Sam Curry, vice president of Computer Associates’ eTrust security group, which develops and sells the PestPatrol anti-spyware line.
"It has to do where security companies look for malicious code, and where samples come from. We still need that first sample in order to identify a threat. The whole security community failed to go to stores and check out commercial CDs."
Anti-virus and anti-spyware security vendors essentially rely on two sources for the malware samples necessary to create detection definitions, Curry went on. One source is users who report problems, the other is proprietary networks of honeypots -- dubbed honeynets -- set up to snare worms and spyware.
"Why did we miss this? We didn't check CDs or DVDs for malicious code like this rootkit," said Curry. "Now, though, we've begun a program where we'll regularly go out and buy sample CDs and DVDs from the major labels and studios, and check them for things like this."
And only users who are very well versed in Windows -- as is Mark Russinovich, the researcher who was among the first to go public with information about the Sony rootkit -- would be likely to send in reports to a security vendor, added Curry.
Curry offered up other excuses for his industry missing the rootkit boat.
"Frankly, we were busy looking for where the [spyware] money was going," said Curry. "We weren't looking at legitimate industries."
He also said that Computer Associates had the rootkit on its radar this summer, but didn't act. "CA did catch one of the earlier iterations of this rootkit in July, but we only saw a sample or two. It just wasn't very widespread. It wasn't a very big bell ringing." Now, however, it's a different story.
"Admittedly, the security industry is too reactive. But this has been a wake up call for all of us."
Other anti-spyware firms contacted for comment declined to respond. At least one cited legal issues.
Curry blasted such colleagues. "I've yet to hear many in the industry come right out and call the Sony rootkit 'spyware.' That's unforgivable."
|
Note: We will shortly be releasing new versions of these titles without the XCP software. You therefore need to check this list for both the name of the album and the item number (which can be found on the spine of the CD). If the item number is not listed below, your CD does not contain XCP content protection.
Note: Two titles, Ricky Martin’s "Life" and Peter Gallagher’s "7 Days in Memphis" were released with a content protection grid on the back of the CD packaging but XCP content protection software was not actually included on the albums. |
I'm amazed anybody bought any of those albums, except maybe for the Sinatra.
whew!!..Jahati's Used Turbins cool camel nights didn't make the list
Doogle
Sony had very specific markets in mind.
Note how far it went into the various networks.
Why? Because damn few people actually know what is really happening on their Windows PC. It is intricate and esoteric. For myself, I just wipe the damn things when they start acting funky. It's too much of a bother to track this stuff down anymore.
Looks like the "old fart" market!
ROFL
Who's got the money?
The government ;)
Oldies. This is not stuff aimed at high-piracy market segments. Sony would have done better to start with rap and hip hop.
Oh, no! Not "Bette Midler Sings the Peggy Lee Songbook"!
I was just planning to buy two dozen for Christmas gifts!
</not >
I see some good stuff on there, and some junk. If I were one of those artists I'd be fuming over this!
#18, 27, and 28 are re-issued jazz classics
There may be 52 titles but how many dozen customers were affected?
Sort of a contradiction in terms, no?
I'm not sure anybody knows how many people had the rootkit on their computers but it infected a large number of networks worldwide. See example below.
Source: http://www.freerepublic.com/focus/f-news/1522663/posts
More than one-half million networks infected by Sony including U.S. military and various countries.
Well, I'd also add the Louis Armstrong.
Thanks. For many of those titles, I was asking myself if anyone would buy a CD.
Probably the most reliable person who has touched on the issue is Bruce Schneier, in this article (the followup discussion is also somewhat interesting.) To take a selective quote from his article:
The story to pay attention to here is the collusion between big media companies who try to control what we do on our computers and computer-security companies who are supposed to be protecting us.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.