Sony President Defends Rootkit

[Tux of Borg]

http://antivirus.about.com/od/virusdescrip...nypres.htm?nl=1

 

Sony President Defends Rootkit

From Mary Landesman,

 

November 7, 2005

 

In an interview with NPR reporter Neda Ulaby, the President of Sony BMG's Global Digital Business, Thomas Hesse, defends Sony's installation of a rootkit by declaring, "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"

 

It may be true that many people don't know what rootkits are (and if you are one of them, check out Rootkits Revealed to find out). But that doesn't mean they should not care - or would not care, if they understood the implications. They should care, Mr. Hesse, because rootkits hide the presence of programs, files, and other specified settings. In short, the user has no control over the programs or indeed any knowledge that they even exist on their system. And they should doubly care about the Sony rootkit, because with just the most trivial file naming convention, virus writers can leverage it to hide their viruses from antivirus and security scanners.

 

In that same NPR interview, Mr. Hesse also claims that, "No information ever gets gathered about the user's behavior. No information ever gets communicated back to the user. This is purely about restricting their ability to burn MP3 files in an unprotected manner."

 

In fact, as Mark Russinovich of SysInternals points out, not only does the rootkitted Player phone home, but "with this type of connection their servers could record each time a copy-protected CD is played and the IP address of the computer playing it."

 

Of course, Sony BMG may be doing absolutely nothing with the data or the connection - but information is being communicated between the user's system and Sony BMG. It's just not clear whether Mr. Hesse knows about it - or whether he cares.