Dear Microsoft: Please clean up the Sony mess

Security, Windows 2 Minutes

Update: Microsoft will indeed add the Sony rootkit software to the list of software detected by its Malicious Software Removal Tool. This capability will appear in the December 2005 update to the utility. Signatures for the XCP component will also be added to Windows AntiSpyware, Windows Defender, and the Windows Live Safety Center. Details here.

Mark Russinovich has analyzed Sony’s “patch” for its rootkit-based software and discovers that the patch is crap and Sony is still lying.

Microsoft’s John Howard just found out about the Sony rootkit debacle and says, “Be worried – very worried”:

Normally, I wouldn’t comment on news like this except on anything except my personal blog, but I’m am so outraged and stunned by what I’ve discovered having spent the past hour or so researching and reading about the techniques and implications of the “RootKit” approach and the legalities, the fact that a half-baked patch has been issued, and the follow up entry from yesterday on Marks blog about the way that the software “calls” home.

Yes, there is a huge amount of publicity out there about this, but what worries me most now is that even with that publicity, how many home users are really going to take action on it? There is a probable chain reaction:

  • Home users generally won’t read or hear about this, are highly unlikely to run a root kit revealer to discover the “rootkit”, blame XP for potentially crashing or certainly being slower due to the “rootkit” performance overhead.
  • By not knowing about it means the majority of infected users will not visit the appropriate site to patch/remove the DRM software (which it appears is not flawless either).
  • Many people will purchased CDs with this DRM “rootkit” software.
  • Given a significant percentage of purchasers will play those CDs on home machines, there will be many home machines installed with an unpatched rootkit
  • Joe Hacker now has it on a plate with an easy way to cloak their worms/viruses on “infected” machines through the sys$ file prefix.

My proposed solution?

Each month, Microsoft updates its Malicious Software Removal Tool and pushes it down to all Windows XP clients via Automatic Updates. The next release of this software should target the First 4 Internet software and automatically remove it. It should also inoculate the system so that the software cannot be reinstalled.

Yes, I know this is unlikely to happen because the software doesn’t technically qualify as “malicious.” But it could happen if Sony gave its permission to Microsoft.

So, add one more item to my list of things Sony should do immediately:

  1. Fire First 4 Internet immediately and publicly.
  2. Remaster the CDs with DRM-free versions.
  3. Offer free replacement CDs to anyone who purchased one of the rootkit-infected CDs.
  4. Provide toll-free tech support for anyone who experiences a problem with their Windows computer that they think is related to this software.
  5. Assist Microsoft in updating the Malicious Software Removal Tool to remove the rootkit-based software from any infected systems and prevent it from being reinstalled.

Background:

Sony wants to hijack your PC

Sony’s even sleazier than I thought

Sony tries to stop the bleeding

Sony’s phony patch

Is Sony violating the law?

Published by Ed Bott

Tech journalist. Author of 25+ books. ZDNET Contributing Editor since 2006. Contact info: https://edbott.com/contact-me/

Published

10 thoughts on “Dear Microsoft: Please clean up the Sony mess

  1. Pingback: Life On the Wicked Stage: Act 2
  2. Pingback: The PC Doctor

  3. We now live in s society where every vendor wants their product to have top billing. Can you imagine the mess if every vendor employess this rottkit strategy.
    The ipod utilizes a proprietary system. Last night a reporter interviewed a representative from the pornography industry. To “defeat” the ipod they are adapting their product to work with the ipod operating system!

  4. Pingback: Windows Tips and Tricks

  5. NPR has some quotes from Thomas Hessa, President of Sony BMG’s Global Digital Business. You can listen to them here:

    http://www.npr.org/templates/story/story.php?storyId=4989260

    “Most people, I think, do not even know what a Rootkit is, so why should they care about it?” (Translation: Okay everyone, put your head back in the sand.)

    “No information ever gets gathered about the user’s behavior, no information ever gets communicated back to the user…” (Translation: Trust us, that stuff that Mark Russinovich sees us sending from your computer each time you play the CD isn’t “gathered”.)

  6. Why, after reading all this, would I ever buy a Sony CD, or ever put a Sony CD in my computer at all?

  7. I sent a note to MSRC asking your question about the removal tool. I quote “The purpose of the Malicious Software Removal Tool is not to catch every one of the thousands of pieces of malware in existence, but rather those most affecting our customers. In addition, it is not designed to detect malware before it gets on the machine, but rather to remove it once it is there.” I had the same hope you did, apparently that is not a goal of this particular tool.

  9. I have purchased Sony products for many years, and have noticed a steady decline in quality. I have put up with alot of Sony’s fragile products, and poor customer service but have stuck by them. This Rootkit fiasco has pushed me over the edge, and from this point forward, I have no intention to EVER purchase anything from Sony.

Comments are closed.