The Sony rootkit debacle continues to gain steam, with fresh revelations of incompetence and malice every day, and with fresh news of lawsuits too. Previously, I published two roundups of news on this leading up to Nov 17 (Sony Rootkit Roundup Part I, Sony Rootkit Roundup Part II) and what with all the news, it’s time for a third:
Nov 17: Sony still advising public to install rootkits
18 days after the revelation that Sony’s CDs contain dangerous rootkits, Sony still has live web-pages advising its customers to go ahead and install their software (This is still the case as of Nov 22!).
Nov 17: Schneier: Why didn’t anti-virus apps defend us against Sony’s rootkit?
Security researcher Bruce Schneier accuses anti-spyware companies of being soft on Sony because it was released by a giant, sleazy company instead of a small, sleazy company.
Nov 17: Uninstaller for Sony’s other malware screws up your PC
Some of Sony’s music CDs carry a second form of malicious software, a spyware program called Suncomm Mediamax. Princeton researchers Ed Felten and Alex Halderman discover that the uninstaller provided by Suncomm leaves your computer open to complete takeover through simply looking at web-pages with malicious code in them.
Nov 17: Amazon offers refunds for all Sony rootkit CDs
Amazon sends an email to everyone who bought a rootkit-infected Sony CD from them and offers a full refund — now that’s how it’s done. (On November 21, the US Army/Airforce Exchange Service followed suit).
Nov 18: I HEART Rootkit tees, list of Mediamax CDs, Mediamax installer to be fixed
Lovely “I HEART Rootkit” tee shirts for sale. A user discovers a long list of CDs infected with Suncomm’s MediaMax spyware. Suncomm vows to update its Mediamax uninstaller, which presently leaves your computer wide open to total take-over simply by looking at web-pages with malicious code on them.
Nov 19: Sony offers MP3s in replacement for rootkit CDs
Sony is not only offering to replace infected CDs with CDs that are free from the rootkit DRM (no official word from Sony on whether they’ll also be free of the Mediamax spyware) — they’re also offering free MP3s of any music that you bought on an infected CD!
Nov 20: RIAA prez: Lots of companies secretly install rootkits! It’s no biggie!
The CEO of the RIAA kisses off all the customers who got infected by Sony’s rootkit: “How many times that software applications created the same problem? Lots.” Uh, really? Lots of companies install rootkits on users’ PCs without permission? Apparently this guy doesn’t know the difference between “companies” and “criminal organizations”
Nov 20: Latest news on Sony lawsuits
A website launches to keep track of news about the lawsuits arising from Sony’s use of spyware and rootkits on its music CDs.
Nov 20: Sony insider: DRM is discredited at Son
A high-placed tipster at Sony tells me that the execs who green-lighted DRM at Sony are in trouble, and that the label-heads in Sony are really pissed about the rootkit fiasco, with at least one vowing to swear off DRM forever.
Nov 21: Foxtrot cartoon on Sony’s rootkit
The Foxtrot comic strip nails Sony in today’s syndicated strip
Nov 21: Texas sues Sony over rootkits — YEE-HAW!
Texas Attorney General Greg Abbott has brought an anti-spyware lawsuit against Sony over its rootkit DRM. He’s looking for $100,000 per violation of Texas’s anti-spyware laws, plus costs. Ouch. That’s gonna be pretty costly.
Nov 21: EFF brings class-action against Sony!
My employer, the Electronic Frontier Foundation (a nonprofit civil liberties group) has brought a class action suit against Sony. We’re gonna nail them!
Nov 21: Microsoft: Trusted Computing sucks!
A senior Microsoft exec says that computer users should never be deprived of control over their PCs; too bad that Microsoft has built so much of its current business on depriving its customers control over their PCs.
Nov 21: Why not update Sony’s rootkit with a warning message?
Security researcher Ben Edelman suggests that Sony could reach all its infected users by pushing an update to the rootkit that warns them that they’re compromised and gives instructions for uninstalling and getting replacement CDs.
Nov 21: Sony’s Mediamax spyware gets a new uninstaller
The Suncomm Mediamax spyware on Sony’s CDs caused embarrassment when it was revealed that using the uninstaller left your computer vulnerable to total compromise by web-pages with malicious code on them. Now Suncomm has issued a new uninstaller, though heavens knows if it’s any better.
One more thing: remember back in 2002 when it was revealed that you could cause your computer to ignore audio-CD DRM by scribbling on the visible data-sectors on the physical disc? Turns out that a variant on this can also immunize you against Sony’s current crop of malicious software.