Release the Hounds: Sony Rootkit Reloaded
If you are a regular reader of Wired this may be old news but someone has finally begun to ask the right questions about the Sony Trojan Horse rootkit(tm) debacle. In an article by Bruce Schneier entitled the Real Story of the Rogue Rootkit, he asks the question as to why the dogs didn't bark. That is, the rootkit infections began last year and has now spread to, in one report, one-half million PCs. Yet, no anti-virus or anti-spyware company raised the alarm save for, according to the article, F-Secure. Why?
Was it because the rootkit was undetectable? Or is it because these companies are in bed with Sony/RIAA/MPAA and considered the rootkit not a security threat you needed to be notified of?
This kind of issue was brought up earlier in relation to Microsoft's Anti-Spyware (now re-named "Defender") program and how MS changed its detection of the Claria adware (nee Gator) such that it no longer advised you to remove it (i.e., the Claria adware).
This is a developing story and things are still unclear, but the trend appears to be that we can no longer implicitly trust the companies that are supposed to detect these security intrusions because, perhaps, their definition of adware/spyware is contrary to ours or they do not scan for rootkits.
There is a high probability, given this history, that the Sony rootkit is not the only adware/spyware application that is not detected by the major anti-virus/anti-spyware companies. If this is true, you have to decide what to do about this (even if these companies belatedly now begin to mark the Sony rootkit).
I am unaware of any security strategy that you can use on Windows to prevent your PC from being owned by someone else if you rely entirely on anti-virus/anti-spyware programs. If there is, feel free to leave a comment. But as far as I can see, the only way to minimize, but not completely reduce the risk, is to switch to another operating system. Which you choose is up to you. But if you don't want to owned by Sony, or the RIAA/MPAA, or the Russian Mafia, you really need to decide. Now. YMMV. Insert disclaimer here.
Aloha!
Comments
For the anti-virus/spyware companies things are not easy. Even if they try to do good (which they probably didn't in this case) they can run into problems. Basically removing the Sony rootkit comes down on removing copyricht protection. Which is of course forbidden.
Posted by: sjon | November 21, 2005 09:38 PM