No matter which internet page you open these days you are guaranteed to find at least one article mentioning the Sony rootkit affair. Instead of providing you with the latest news on the case customer vs. Sony BMG I´d like to analyze an interesting aspect of it.
In the beginning, there was one guy, who found out about the rootkit software, analyzed it in depth and wrote an entry on his blog named Mark’s Sysinternals Blog on a well frequented site. Then the ball got rolling, the news was copied and commented on other sites, big portals like slashdot and digg had articles that soon became the most popular ones for the day.
The news spread like fire in the world wide web, people from all over the world read the news. It was soon clear that there were only a few who supported Sony´s move, the majority was clearly against it.
News got worth for Sony the following days, Mark again identified some additional “features”. First, the rootkit software was phoning home to Sony. Second, it was almost impossible for the average user to uninstall it. Third, the rootkit possed a cloaking ability that other executable files could use to hide inside, a perfect hiding place for viri and trojans.
Sony’s reaction was to provide an update to the rootkit software that disabled the cloaking feature. Unfortunately it was again almost impossible for the average user to find the uninstaller on their webpage. Still, Sony in its shining glory denied that the rootkit posed a security threat and that most users didn’t care whether a rootkit was installed on their system. The patch unfortunately had the nasty habit to crash windows on some machines.
The internet community created lists of cd´s that contained the software, boycott websites went into existence and had to deal with a massive amount of visitors who were looking for information or wanted to join the boycott.
With lots of News Coverage from respected institutes like BBC Sony presented a statement on Monday that they would cease the production of music Cd’s containing First 4 Internet’s XCP technology, for now.
Yesterday Dan Kaminsky presented the first figures of rootkit infections analysing the rootkits phone home traces in the dns cache of nameservers. This lead to the conclusion that at least half a million networks are infected with it. He created a graphic showing infections on a map of north america.
Today Sony finally announced that it would institute an exchange program for already purchased cd’s and pull the rest from the market.
Now, what conclusion can we draw from this ? It´s pretty obvious to me that Sony underestimated the “might” of the internet community. From a single website the story spread into the whole world in no more than one day. It became so popular that big internet portal sites like wired.com, cnn.com and theregister.co.uk reported on it. The traditional media became aware and soon the story was also making headlines in newspapers, radio shows and even television.
Sony: 0
Internet Community: 1
What i learn from this ? We have a tremendous power in our hands and can use it to force even multinational corporations to yield, even countries ? That question remains to be answered.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Sony and the rootkit, the story continuesSony halts production of ‘rootkit’ CDs
World of Warcraft hackers using Sony BMG rootkit
How to remove the Sony – XCP DRM Rootkit
Sony to patch copy-protected CD
Very well written and thought out.
Makes ya go “Hmmmm.” doesn’t it. :)
I think it highlights far more on the state of security for most users. You can only install the sony rootkit with admin rights, and yet we have heard stories of the military being affected by it, whole company network being affected after IT tried to remove the rootkits etc etc. All of these things were caused by the rootkit, but they were only allowed to happen by bad security setups; allowing users to work with admin rights etc.
oliver we all know that many computers are vulnerable because of people who don´t know or care, even in security workplaces like the military or science. But thats another story :P
It also highlights the fact that windows lets you run as administrator out of the box, and most people, not understanding the implications, just leave it that way.
Hoopy what would you suggest then, I think it´s a complicated matter.. maybe something like a driving license for the internet and computers ;)