This is something that passed under my radar recently probably because I don't really buy music CDs very much.
That antipiracy software - which works only on Windows PCs - came with a cloaking feature that allowed it to hide files on users' computers. Security researchers classified the program as "spyware," saying it secretly transmits details about what music the PC is playing. Manual attempts to remove the software can disable the PC's CD drive.
So in other words Sony infected PCs with spyware just to protect Sony from people putting music on their Ipods. That is highly unethical but it gets far worse:
The program also gave virus writers an easy tool for hiding their malicious software. Last week, virus-like "Trojan horse" programs emerged that took advantage of the cloaking feature to enter computers undetected, antivirus companies said. Trojans are typically used to steal personal information, launch attacks on other computers and send spam.
Yup nothing like a big company putting spyware on your PC and then making the spyware so crappy that virus writers can exploit it. And this blows it into a boycott all Sony stuff at all costs until they fire top management territory:
To get the uninstall program, users have to request it by filling out online forms. Once submitted, the forms themselves download and install a program designed to ready the PC for the fix. Essentially, it makes the PC open to downloading and installing code from the Internet.
"The consequences of the flaw are severe," Felten and Halderman wrote in a blog posting Tuesday. "It allows any Web page you visit to download, install, and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get."
Yup the fix makes it even worse. To uninstall their spyware you have to go and fill out a form which downloads more spyware that makes your PC even more open to attacks. That is something that only the worst of worst spyware offenders have done. And this bit is the most ironic thing about this whole mess:
Other programs that knock out the original software are also likely to emerge. Microsoft Corp. says the next version of its tool for removing malicious software, which is automatically sent to PCs via Windows Update each month, will yank the cloaking feature in XCP.
That means MSFT is coming to the rescue of a mess that Sony made. That is ancient Greek style irony. Whatever the case it is time to buy a Panasonic or Samsung TV and DVR player instead of anything by Sony. Who knows what will happen if I watch a DVR disc made by a Sony player in my PC.
I am also thinking of not buying a PS3 until that thing has been vetted by security pros. Or forgetting about the thing all together. It could download some spyware to my PC when I connect it to my home network. Finally, I *definitely* won't buy a thing from BMG music or even allow a CD from them to touch any electronic item I own for the rest of my life.
This is the kind of screwup that should cost top managers their jobs. If Sony does nothing to address the culture that made them put spyware on PCs, then more spyware if you want to get rid of the first batch of spyware, then I will never buy anything from Sony ever again.
No comments:
Post a Comment