I think Robert Vamosi describes the whole debacle pretty well in Security Watch: To be “0wned” by Sony, so I’ll let him do the work for me.

It was a grand experiment that failed miserably: As a means of copy-protecting its music, Sony employed a piece of software from First4Internet. But the technology, as used by Sony, did two bad things: First, it hid itself on computers by using root-kit technology; and second, it opened a remote access connection that called out to Sony (or one of its agencies). This exposed users’ computers to worms that took advantage of the stealth technology. Sony has agreed not to put root-kit technology on future music CDs as a means of protecting its copyrights. But this story is far from over. There are at least two lawsuits pending. There are also viruses poised to take advantage of already-infected PCs worldwide, the number of which may be much higher than anyone previously thought. Worse, Sony’s fix for the problem may not be any more secure than the original root kit. Security Watch: To be “0wned” by Sony — Robert Vamosi

I’m not sure about his assertion that this was ever a “grand experiment” (!), but he sums up the problems pretty well.

Many antispyware companies have already released tools to remove Sony’s intrusive and buggy software, but not all of them work very well. Some “fixes” could possibly kill your installation of Windows, so you need to be careful about removing the offending software.

The mess is serious enough that Microsoft has released updates for its AntiSpyware software (soon to be known as “Windows Defender”… who chose that?) that remove the offensive rootkit component of Sony’s software and will do the same with the December release of their Malicious Software Removal Tool that is part of the regular Windows Update schedule.

Removing the Sony rootkit

If you recently played a newish Sony CD in your PC and think you might have it, download Microsoft’s AntiSpyware Beta (it’s good – why don’t you already have it? ), install it and get the latest updates. A full scan should detect the Sony software if it’s on your system.

Blessings, Steve

Updates

• Sydney Morning Herald — Texas, EFF sue Sony over ‘spyware’
• Manual rootkit removal instructions — Most stable uninstall method outlined at Sysinternals
• Cripple Sony’s copy protection using only Scotch tape

[Listening to Jaco Pastorius, Word of Mouth — Crisis ]

Sunbelt have announced the release of a removal tool that is available for free public download.

• Sunbelt Software: SSA-Keylogger Cleaner

If you’re concerned that you might have contracted this vicious bout of thievery, download the cleaner software and run it on your PC.

Further update info can be found at Spyware Warrior.

Blessings, Steve

[Listening to Charles Mingus, Passions of a Man — Wednesday Night Prayer Meeting]

Sunbelt has also released an update for their excellent CounterSpy software and has announced that they will also release a standalone utility to be released later today.

Further reading material:

• The keylogger from hell (SunbeltBlog)
• Fix for the Srv.SSA-KeyLogger (SunbeltBlog)
• Announcement Regarding Keylogger Used in ID Theft (Spyware Warrior)
• What to do in case of ID Theft (Spyware Warrior)

Make sure to check out Spyware Warrior’s What to do in case of ID Theft if you think you might have already been stricken with a keylogging spy.

Blessings, Steve

[Listening to Kathryn Scott, Satisfy — At The Foot Of The Cross (Ashes to Beauty)]

Last week, Sunbelt Software uncovered an identity theft operation so large, it has made security professionals feel sick to the stomach.

Some articles by those more learned than myself:

• Massive identity theft ring (Sunbelt Software)
• Identity Theft Update (Sunbelt Software)
• Massive ID Theft Ring Discovered (Spyware Warrior)
• More on the identity theft ring (Sunbelt Software)
• Update on ID Theft Ring (Spyware Warrior)
• Identity Theft? What to do? (Sunbelt Software)

The scale of this is staggering. Internet users can not afford to be ignorant about internet safety anymore.

If you haven’t installed a software firewall, it’s time to go and install one now. I’ll post about some good firewalls sometime, but if you’re looking for one now, you won’t go wrong with the ZoneAlarm free version.

On today’s internet, you’re asking for trouble if you don’t have a decent firewall.

Blessings, Steve

[Listening to John Scofield, A Go Go — Chicken Dog]

Although making mention of (previous) negative press, the article tends to use nice, happy words to describe Claria’s new software direction like “tailored”, “personalised” and “more value”. The article also finishes with a short Q&A session, as if straight from the mouth of the beast.

Some quotes…

Larry Ponemon, one of three outside privacy consultants hired by Claria, said complaints about privacy stem more from annoyance with pop-ups rather than any data collected. Non-adware companies might capture more data but get fewer complaints, he said. Online ad pioneer shuns pop-ups — SMH

What, so it’s OK to collect user’s data since people generally complain more about “annoyance with pop-ups”?

Claria still must win over the websites which once sued it. Eagle said most had been willing to listen, even if they have yet to sign deals. Advertisers who have shunned pop-ups, meanwhile, had been more willing to run traditional ads through Claria, Eagle said, though he declined to name any of the 250 advertisers participating in BehaviourLink’s pilot. Elias Plishner, head of the interactive group at Universal McCann ad agency, said many companies which previously weren’t willing to “dip their toes into behaviour marketing” might now be willing to give Claria a chance. Online ad pioneer shuns pop-ups — SMH

Any company involved in this slimy business will come out of it with muck on them. You can’t “dip your toes” into sewerage without stinking of something.

I hope the internet community aren’t just holding their noses.

Blessings, Steve

Further reading

• Related AP stooges can be Googled at will.

P.S. Thanks to Rowen for the link.

[Listening to Iona, Heaven's Bright Sun — When I Survey]