The Sony rootkit debacle
On and off for a couple of weeks, I’ve been trying to work out how to put the whole Sony rootkit mess in terms that don’t make the average person run screaming for the hills.
I think Robert Vamosi describes the whole debacle pretty well in Security Watch: To be “0wned” by Sony, so I’ll let him do the work for me. 
It was a grand experiment that failed miserably: As a means of copy-protecting its music, Sony employed a piece of software from First4Internet. But the technology, as used by Sony, did two bad things: First, it hid itself on computers by using root-kit technology; and second, it opened a remote access connection that called out to Sony (or one of its agencies). This exposed users’ computers to worms that took advantage of the stealth technology. Sony has agreed not to put root-kit technology on future music CDs as a means of protecting its copyrights. But this story is far from over. There are at least two lawsuits pending. There are also viruses poised to take advantage of already-infected PCs worldwide, the number of which may be much higher than anyone previously thought. Worse, Sony’s fix for the problem may not be any more secure than the original root kit. Security Watch: To be “0wned” by Sony — Robert Vamosi
I’m not sure about his assertion that this was ever a “grand experiment” (!), but he sums up the problems pretty well.
Many antispyware companies have already released tools to remove Sony’s intrusive and buggy software, but not all of them work very well. Some “fixes” could possibly kill your installation of Windows, so you need to be careful about removing the offending software.
The mess is serious enough that Microsoft has released updates for its AntiSpyware software (soon to be known as “Windows Defender”… who chose that?) that remove the offensive rootkit component of Sony’s software and will do the same with the December release of their Malicious Software Removal Tool that is part of the regular Windows Update schedule.
Removing the Sony rootkit
If you recently played a newish Sony CD in your PC and think you might have it, download Microsoft’s AntiSpyware Beta (it’s good – why don’t you already have it? 
), install it and get the latest updates. A full scan should detect the Sony software if it’s on your system.
Blessings, Steve
Updates
- Sydney Morning Herald — Texas, EFF sue Sony over ’spyware’
- Manual rootkit removal instructions — Most stable uninstall method outlined at Sysinternals
- Cripple Sony’s copy protection using only Scotch tape
[Listening to Jaco Pastorius, Word of Mouth — Crisis ]
