« Friday Farceur | Main | Sounding Off2: faad2 and xmms2 »

Release the Hounds: Sony Rootkit Reloaded

If you are a regular reader of Wired this may be old news but someone has finally begun to ask the right questions about the Sony Trojan Horse rootkit(tm) debacle. In an article by Bruce Schneier entitled the Real Story of the Rogue Rootkit, he asks the question as to why the dogs didn't bark. That is, the rootkit infections began last year and has now spread to, in one report, one-half million PCs. Yet, no anti-virus or anti-spyware company raised the alarm save for, according to the article, F-Secure. Why?

Was it because the rootkit was undetectable? Or is it because these companies are in bed with Sony/RIAA/MPAA and considered the rootkit not a security threat you needed to be notified of?

This kind of issue was brought up earlier in relation to Microsoft's Anti-Spyware (now re-named "Defender") program and how MS changed its detection of the Claria adware (nee Gator) such that it no longer advised you to remove it (i.e., the Claria adware).

This is a developing story and things are still unclear, but the trend appears to be that we can no longer implicitly trust the companies that are supposed to detect these security intrusions because, perhaps, their definition of adware/spyware is contrary to ours or they do not scan for rootkits.

There is a high probability, given this history, that the Sony rootkit is not the only adware/spyware application that is not detected by the major anti-virus/anti-spyware companies. If this is true, you have to decide what to do about this (even if these companies belatedly now begin to mark the Sony rootkit).

I am unaware of any security strategy that you can use on Windows to prevent your PC from being owned by someone else if you rely entirely on anti-virus/anti-spyware programs. If there is, feel free to leave a comment. But as far as I can see, the only way to minimize, but not completely reduce the risk, is to switch to another operating system. Which you choose is up to you. But if you don't want to owned by Sony, or the RIAA/MPAA, or the Russian Mafia, you really need to decide. Now. YMMV. Insert disclaimer here.

Aloha!

Comments (1)

sjon:

For the anti-virus/spyware companies things are not easy. Even if they try to do good (which they probably didn't in this case) they can run into problems. Basically removing the Sony rootkit comes down on removing copyricht protection. Which is of course forbidden.

About

This page contains a single entry from the blog posted on November 21, 2005 6:09 AM.

The previous post in this blog was Friday Farceur.

The next post in this blog is Sounding Off2: faad2 and xmms2.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.34