Sony rootkit may be more dangerous on the way out

Powered by SC Magazine
 

Uninstalling Sony-BMG Entertainment’s spyware-like application from a PC could be more harmful than having downloaded it in the first place, a Princeton University professor warned on Tuesday.

"For affected users, this represents a far greater security risk than even the Sony rootkit," said Ed Felten, a professor of computer science at the Ivy League university and author of the weblog "Freedom to Tinker."

Felten warned that the rootkit remover allows any website to run code onto a PC and take command of it.

"Any web page can seize control of your computer; then it can do anything it likes," Felten wrote on his blog. "That's about as serious a security flaw as you can get."

The uninstaller downloads a program onto PCs called CodeSupport, which remains on a unit after a user leaves Sony's site. The program is labeled as "safe for scripting," Felten contends, so a site can download code onto a PC – without user permission – by using it.

Sony had said earlier this week that it would withdraw the rootkit application from CD-Roms. A media firestorm erupted after Windows security expert Mark Russinovich first reported on the application's existence on his blog late last month.

A number of viruses, which exploited the cloaking code to download software onto PCs, appeared in the weeks following the disclosure. Meanwhile, USA Today has reported that Sony has agreed to pull CDs containing the application from stores and offer exchanges to customers who bought CD-Roms containing the rootkit.

www.sony.com
www.freedomtotinker.com
www.sysinternals.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 888

Vote