Tuesday, August 28, 2007

More Sony Stealthware

It looks like Sony is getting more bad press for foisting stealth software on users. This isn't strictly a rootkit, and not as extreme an example as before.

You might have been residing under a rock a couple years ago. Back in 2005 Sony BMG put what amounted to rootkit-like software on certain CDs. Insertion into PCs resulted in software being installed without user consent the purpose of which was to enforce digital rights management and hide itself from all but the most experienced users.

The current software creates a hidden directory perhaps to prevent tampering with USB fingerprint device it supports. Sure, a hidden directory could aid attackers (but not any more than leaving the bedroom light off at night aids burglars).

One of the big issues in 2005 was the software introduced a vulnerability to PCs on which it ran. Any software installed could do so. Even knowing what software is running on our systems, it's hard enough keeping up on patches (forget all the 0-day attacks in the last couple years). When companies cloak their software from us it makes it that much harder protect one's computer and to make informed decisions about security. Essentially companies that follow this approach are taking away our right to make certain security decisions for ourselves.

Even though somewhat hyped, I'm glad this made the news. More press on the topic can't hurt user rights and dissuading companies from these ill-advised tactics.