Sony still doesn't get it

Both Sony and the mainstream media are doing their best to prove that they just don't get the problem.
When I first published my articles on the Rootkit that Sony CD's installed on consumer PC's, I hoped that the big media would pick up on the issue behind it.

Although Sony received a huge amount of bad press about this, very little of it cuts to the hart of the real issue.

As the story unfolds, it seems that the rootkit was initially discovered by a PC repair shop that reported it to F-Secure for analysis at the end of September 2005.

F-Secure took up the issue with Sony, who alerted First4Internet to it. They were already talking about and working on a patch when Mark discovered the same problem as the PC shop, but he went public with it.

A lot of the media is now voicing that the thing that put Sony is such hot water is not warning it's consumers earlier on and not having a patch out earlier.

This could not be more wrong.

The real news here is not that the rootkit made consumer systems vulnerable to attack, or that it got out. The news is not that the patch was late and only served to make the problem worse.

The true news features two points.

* A mega-corporation used it's distribution channel to infect the PC's of its consumers. They put software on your system without your consent that hides its presence and makes it difficult to impossible to remove. This action puts them in the same league as spammers or the author of the Sober worm, they misused your resources to accomplish their goal.
* The Sony infection has been spreading since april 2004, that is 1 year and 5 months before it was detected. Most Windows users (the victims in this case) are paying a large sum every year to security companies like Symantec, McAfee and F-Secure to protect their systems form malware. None of them succeeded in finding or detecting the rootkit before it was publicly announced by another party.

So, the conclusion is that both Sony and First4Internet commited malicious and illegal actions that compromised the safety and stability of consumer systems.
All antivirus vendors have proven in this case to be either unable to detect and protect against an outbreak like this, or have a different agenda (as in rather protecting Sony and others then your security).

Written by Guy Van Sanden
Licensed under a creative commons Attribution-NonCommercial-ShareAlike license.