Log in

No account? Create an account
spilled brain matter accomplices history of the disturbed inside a demented mind My Website Previous Previous Next Next
Sony's screwup - what you need to know - Speak Friend and Enter
Grammar and Lord of the Rings
Sony's screwup - what you need to know
For all my nongeek friends out there, you may not be aware of the massive problem Sony has been facing over the last week. You can read a quick summary here.

Simply put, Sony fucked up - badly.

That page doesn't give great details, and may scare people with word usage like "trojan" so let me break it down for you as clearly as possible. Sony hired a company to develop an anti-piracy program that limits the number of copies you can make from a CD on the BMG label that you bought. The company, whose reputability is unclear, designed the system in an effort to prevent people from hacking the program and disabling the copy-protection feature. The way they did this is by literally hiding the program from any attempt at locating it. In order to do this, they used a particular string of a filename ($sys$) and hid everything that starts with that. Somehow, they failed to realize how easily this could be exploited. What is to stop a virus writer from simply renaming their program with that string? It will be hidden along with every similar file, and become a huge problem to remove. Within days of the release of 5 million CDs using this protection, hackers were writing programs to take advantage of this hole.

Fortunately for many, Symantec was on the ball, and had definitions out to their anti-virus client that detects the file these hackers were using. However, it's still a massive problem. Sony has continued to screw up in efforts to fix the problem. For some reason, they keep using the original company to patch it. The patches so far have actually succeeded in making your computer more vulnerable by leaving a new file that is further exploitable. The safest way to make sure you aren't infected is by having a Symantec Antivirus client, and getting the removal tool created specifically for it if you have bought one of the affected CDs.

Sony BMG has created a file that will remove the cloaking aspect of the program, but little else apparently. You should know that it's also been reported, but not confirmed, that the software tracks the kind of music you listen to, and reports it back to Sony, making it spyware.

In an effort to curb piracy, they probably managed to increase it, by scaring people away from buying their CDs and just downloading them online. If you have questions, ask away.
Do me