so the "rootkit" CDs were not sold outside of the US, then why are there more computers in Japan that are infected with the rootkit then in the US?
http://www.nbr.co.nz/home/column_article.asp?id=13511&cid=3&cname=Technology
Quote:
Mr Kaminsky's data show computers communicating through at least 568,200 nameservers around the world have been compromised by the trojan, with Japan (217,296), the US (130,519) and the UK (44,421) being the hardest hit.
and to top it off the uninstaller provided by Sony is worse then the rootkit it self:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1145344,00.html
Quote:
The security risk created by Sony BMG Music Entertainment Inc.'s rootkit-based copy protection software may be nothing compared to a flaw that appears when someone tries to use the tool Sony made available to uninstall it.
Researchers at Princeton University said they've taken a "detailed" look at the Web-based uninstaller software and confirmed claims from a Finnish researcher that malicious Web sites could exploit a flaw in the software to install and run code on victims' computers.
"Over the weekend a Finnish researcher named Muzzy noticed a potential vulnerability in the Web-based uninstaller that Sony offers to users who want to remove the First4 Internet XCP copy protection software," Ed Felten, a professor of computer science and public affairs at Princeton University, wrote in his Freedom to Tinker blog along with Alex Halderman, a Ph.D student at the university. "We took a detailed look at the software and discovered that it is indeed possible for an attacker to exploit this weakness. For affected users, this represents a far greater security risk than even the original Sony rootkit."
According to Felten and Halderman, a "serious" design flaw in the uninstaller puts users at risk under the following circumstances:
* When the user fills out Sony's form to request a copy of the uninstaller, the request form downloads and installs an ActiveX control called CodeSupport,
just a fast heads up, ActiveX means you must use IE you can not use the more secure web browsers on the market
Quote:
created by Sony's British technology partner, First4 Internet.
* CodeSupport remains on the user's system after they leave Sony's Web site, and it is marked as safe for scripting, "so any Web page can ask CodeSupport to do things," the researchers said
very self explanitory here. if you use the sony uninstaller you will be installing more malware on your system
Quote:
* Among other things, CodeSupport can be told to download and install code from Web sites. "Unfortunately, CodeSupport doesn't verify that the downloaded code actually came from Sony or First4 Internet," the researchers said. "This means any Web page can make CodeSupport download and install code from any URL without asking the user's permission."
In other words, Felten and Halderman said, "The consequences of the flaw are severe. It allows any Web page you visit to download, install, and run any code it likes on your computer… That's about as serious as a security flaw can get."
They recommended users take the following protective measures:
* Don't accept the installation of any software delivered over the Internet from First4 Internet. That will keep CodeSupport off the user's machine, if it's not already there.
in other words do not trust Sony to clean up after them self without doing more damage to your system!
Quote:
* Users can check their machines to see if CodeSupport is installed by trying Muzzy's reboot demonstration link. "If CodeSupport isn't on your machine, the link will do nothing, beyond displaying a message in your browser window. But if you have CodeSupport and are therefore vulnerable, then the link will reboot your machine," the researchers said. They warned, however, that Muzzy's demo "might sometimes make things worse" and that "We'll develop a safer variant and post it [on the Freedom to Tinker blog]."
* If the machine is vulnerable, delete the CodeSupport component. From the start menu, choose "Run." In the box that pops up, type (on a single line) cmd /k del "%windir%downloaded program filescodesupport.*
like normal users know enough about computers to figure this out on their own... stupid sony /rude
Quote:
"This is not an ideal solution -- depending on your security settings, it may not prevent the software from installing again -- but it's better than nothing," Felten and Halderman said. "We'll have to wait for First4 Internet to develop a complete patch."
Security experts have roundly criticized Sony since researcher Mark Russinovich, chief software architect and co-founder of Winternals Software in Austin, Texas, found the company's rootkit on his own machine and wrote an analysis of it on his blog at Sysinternals.com, setting off the controversy.
Experts said Sony was playing with fire by using a rootkit-based digital rights management (DRM) system to prevent CD copying and that the company's move could trigger a variety of dangerous exploits.
the more i learn, the more i am devoted to writting my congressman about getting something done to prevent sony or any other company from doing anything like this again and making sony pay millions in restoration to ALL windows networks that have to deal with the security issue created by their virus.