Still on that Sony's shit that hit the fan recently

I just read this from a site in Portuguese. Hot news:

After a few days, Sony released an application that may uninstall their pirated anti-piracy software from Windows.

You see, I found it pretty strange that they would release an uninstaller AFTER Microsoft made a tool that works 100% perfectly.

Turns out that Sony’s uninstaller opens a new security breach in the system.

In order to uninstall Sony’s malware with Sony’s uninstaller, you’ve got to fill a form in their site requesting it. The browser will then load an ActiveX file called CodeSupport.

I should now say that ActiveX has been a good thing for programmers a long time ago. Nowadays it’s just a way to get malicious code running into people’s machines.

Well, CodeSupport stays in your machine and it is marked as a “safe” control even after you close the browser. Long story made short, that allows people who know that you have it and know your IP to run malicious scripts in your machine remotely. CodeSupport does NOT check if the incoming scripts and requests to run them come from Sony.

A guy called Ed Felten, teacher for the course of Computer Sciences in Princeton, said he was able to make malware that exploits this breach. He didn’t give details about it, though.

In time: seems like after this discovery, Sony released a second uninstaller that doesn’t open this breach. Still, I suggest anyone with Sony’s stuff installed in the machine to use Microsoft’s anti-spyware, not anything released by Sony.

Also, Sony is now exchanging CD’s with that cursed anti-piracy software of theirs for CD’s without it. Seems like the wound did make the giant move.

Edit: My two cents: while the first time seemed like pure evil, this turn it seems like incompetence from the programmers. Still, bad or dumb, I am not going anywhere near any (legitimate) software from Sony for a while, it’s bad for the health of computers.

Haw, I knew about the retarded form , but I didn’t know it created further problems. Hilarious.

Man, IS that’s more deadly than the thing that you are uninstalling?

Sony:
By the end of fiscal 2005, 100% of Sony BMG titles released will contain this content protection technology. Please assume every one of our CDs are protected in this fashion.

http://docwhat.gerf.org/sonybmg/

Great!

And also, $ony is now trying to move blame. Apparently they’re saying they got the rootkit from a company called “First4Internet.”

Now, i don’t doubt that this is true. Tons of grey-hat companies do work like this, modify their own black-hat tools for commercial business to use. The fact that $ony PAID THEM FOR A PRODUCT, and INTRODUCED that product to market totally removes any blame from this company. Its like saying “hey, don’t blame me because i shot someone…blame the guy who sold me the ammo.”

This whole saga is ridiculous.

Sony may or may not be allowed to do that depending on the EULA and Sony’s contract with First4Internet.