Back in November, I posted to the local noticeboards a short article regarding Sony, Digital Rights Management (DRM) and stealth-like software the company decided to incorporate into some of their CD products. It seemed to spark the interest of many, and a few even responded to me off-line (thanks for reading by the way).
Much has happened since my initial post that I thought would be of interest to you. But first, a quick rundown:
Stealth-like software otherwise known as a 'rootkit' was identified by a security expert when he decided to play a Sony/BMG labeled CD on his computer. This rootkit installed itself on his system once he acknowledged a 2000+ word End User License Agreement (EULA). On discovering the rootkit, he found it was nearly impossible to remove without breaking portions of the operating system.
He reported it in his blog, and it literally exploded from there. Sony faced pressure from a very wide audience on different fronts including class-action lawsuits being filed in California and Texas. On top of this, virus writers took advantage of the rootkit's stealth-like ability and created malware to circumvent Anti Virus software products.
Since then, Sony has done some major back-peddling, including stopping the shipment of rootkit-embedded CD's, pull existing product off shelves, and even release a patch to fix systems already infected with the rootkit. Unfortunately for most, this patch was found to introduce more vulnerabilities than it tries to close. Had Sony responded to this issue when they were initally told by security company F-Secure, all this may have been avoided.
The good news (if there actually is good news in this mess) is that Intel is working on technology that would identify hostile code such as rootkits trying to install themselves and report it to the user. It's possible that said technology could be incorporated at the hardware level, bypassing the software layer entirely. Certainly sounds Interesting, but does this open up a new can of worms for the average computer user?