|Sony releases "uninstall" for rootkit, which causes even worse vulnerability!|
|As reported in Security Wire Daily, a publication of SearchSecurity.com, the recent brouhaha over Sony-BMG Music's
Digital Rights Management "rootkit" has taken yet another interesting turn...
In the effort to allay negative publicity and ease the minds of consumers, Sony-BMG has released an uninstall program to remove the rootkit software installed as a part of their copy protection scheme on music CD's. But hold on there, Babalouie! The new uninstall program, according to top security researchers in Finland and the U.S., leaves an even more exploitable vulnerability in its wake, exposing the unsuspecting consumer to more risk than the original rootkit!
To say this is a bit of a "black eye" to the music moguls is understatement; this sort of heavy-handed copy protection exercise was rampant in the gaming industry years ago, and many game producers backed away from such methods amid the hail of consumer criticism and lawsuits when copy protection methods of the day caused numerous system crashes, loss of data, and were quickly circumvented by "pirates" who then illegally circulated the "crack" of the protection scheme to Internet users.
At the time, the consensus seemed to be that if software were freely duplicable, but lacked certain features or functions unless "registered", far more sales would result from people sharing and trying the software for themselves.
The concept of "freeware" is based on just this philosophy. Folks will share the programs, use them for free, and when "hooked" on the functions and capabilities they provide, will eventually register to obtain updates, enable locked functions, and gain the full use of the package.
Will the music industry catch a clue, and release new titles in "abbreviated" form, released for free with no attempt at protection, then sell the full selections via a registration or other purchase process? After all, data is data, and songs in electronic media form can be manipulated just like any other digital data. Other possible methods abound, and this doesn't seem like rocket surgery to manage, in a way that doesn't make victims out of the firm's potential and future clientele.
Stay tuned to the Sony Saga... there's surely more to come!