Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony Warned Weeks Ahead of Rootkit Flap

Posted by Zonk on from the going-a-little-slowly dept.

pdschmid writes "Business Week has an article describing how Sony BMG had been warned by F-Secure on Oct. 4 about the dangers of their rootkit protection, but failed to do anything until Oct. 31 when computer-systems expert Mark Russinovich revealed the rootkit in his blog." From the article: "Sony BMG officials insist that they acted as quickly as they could, and that they expected to be able to go public and offer a software patch at the same time. However, Russinovich posted his blog item first, forcing Sony BMG to scramble to contain the crisis. It recalled millions of CDs recorded by 52 artists, including Van Zant, Celine Dion, and Neil Diamond. Plus, it offered exchanges to customers."

2 of 335 comments (clear)

  1. Still on the Shelves by Anonymous Coward · · Score: 5, Informative

    Not only is Sony not moving fast, NY AG Elliot Spitzer reports that affected CDs are still being sold at various retail outlets. I'm not sure how much control Sony has over recalling CDs at some Wally World in Drum Nebraska, but this snafu puts them right up there with Adobe in corporate arrogance and stupidity.

  2. Don't forget Sony's other nasty DRM by Old+Man+Kensey · · Score: 5, Informative
    Lest we forget, Sony is still shipping CDs with SunnComm's MediaMax DRM on them -- ten times as many as the XCP rootkit, in fact (that's 20 million CDs at last count, for those keeping score at home). It's still just as easy to defeat as it was in 2003, but if you make the mistake of letting it install like my wife did, it's fairly nasty. In particular it actually installs before you agree to the EULA -- the only difference between agreeing and declining is that if you decline, the software is not activated (but it remains installed).

    If you have a device driver named Sbcphid.sys (which shows up as a hidden non-plug-and-play device named Sbcphid when active), you've got MediaMax and should remove it.

    Only the EFF has mentioned MediaMax in the various legal claims against Sony, and Sony has remained silent about it in public as well. Obviously they're not sorry about using DRM at all -- they're just sorry they got caught.

    --
    -- Old Man Kensey