RSS

Corporate Criticism In Sony Rootkit Row

John Stith
Staff Writer
2005-11-18

Insider Reports RSS Feed

What defines a good cyber security company? Is it response to new threats? Is the customer service superb? Do they keep your computer protected? When Sony BMG issued CDs with malware, most of the big time security companies were quiet. Even after it was discovered, they remained quiet for a while.

Security dude Bruce Schneier covered the issue in detail. One significant point he discussed and really went after major security companies for were their lack of response on the whole issue. When Mark Russinovich first published the problem on Oct. 31st, Schneier pointed it took McAfee until Nov. 9th to do anything and then, they only produced something that removed the mask and not the rootkit itself. Symantec waited until the 11th.

He attacks these companies for not taking a stand because if it had been a hacker or someone else, then these companies would've been all over it with a full wave assault on this rootkit. When Sony did it however, their response was almost timid.

He even went after Microsoft because their fix next month will just remove the mask and not the rootkit. It's their software this program is wrecking, crashing and shredding; yet they don't want to remove it.

Schneier said on his blog, "The only thing that makes this rootkit legitimate is that a multinational corporation put it on your computer, not a criminal organization."

He only had praise for Russinovich's SysInternals and F-Secure. They were the first to spot this problem and do anything about it.

He went on to say, "Bad security happens. It always has and it always will. And companies do stupid things; always have and always will. But the reason we buy security products from Symantec, McAfee and others is to protect us from bad security.

"I truly believed that even in the biggest and most-corporate security company there are people with hackerish instincts, people who will do the right thing and blow the whistle. That all the big security companies, with over a year's lead time, would fail to notice or do anything about this Sony rootkit demonstrates incompetence at best, and lousy ethics at worst."

He did hit upon something here. The existence of the rootkit is probably illegal. Sony has recalled the disks. While some lawsuits are in place, the big company should probably face criminal proceedings for this who debacle. If any private individual had done what they did, the federal government would investigate them, with the FTC banging down the door. Why isn't anyone knocking at Sony's door?

About the Author:
John is a staff writer for SecurityProNews covering cyber security.

More news_security_news Articles

Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials