Why Didn't Security Firms Catch Sony BMG's Rootkit Earlier?

from the good-question dept

Bruce Schneier has written up an article for Wired News that highlights a very important question that has been totally ignored throughout the whole Sony BMG rootkit fiasco: how come no security applications caught the rootkit until after there was all this publicity about it and Sony gave them the code to find and remove it? It makes you wonder just how many other, malicious, offerings these firms are missing as well. Schneier blames the security companies for making the assumption that just because it's from Sony and had a "legitimate" purpose, it was safe -- which is a pretty big problem. Of course, another explanation is that many security firms are having difficulty keeping up with all the security vulnerabilities out there. None of these programs is yet able to be a comprehensive offering. That's why so many of us have to run multiple security programs to have a chance at protecting a computer.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Lewis, Nov 17th, 2005 @ 10:41am

    DMCA, perhaps?

    It seems to me there would be a hesitancy to include removal of Sony's rootkit via {spyware|virus|malware}-removal tools due to fear of DMCA liability. Especially in the beginning when all the details were still fuzzy.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    BlindSide, Nov 17th, 2005 @ 11:17am

    Still the wrong appraoch

    "...None of these programs is yet able to be a comprehensive offering. That's why so many of us have to run multiple security programs to have a chance at protecting a computer."

    That's because they still are not tackling the security issue from the right angle. Current security is reactive, coding for awareness of new specific issues. You'll never win that game, there's always a way to do something different.

    Everyone would be way better off if they simply adopted the "least access" principle, or a more proactive appraoch. By default, security software should assume *everything* is a threat, then allow the user to systematically allow execution of those things they use. This is the guiding principle of smart firewall security, and can be deployed on a large scale (so the AOL grandmas don't have to worry about it directly).

    When you stop being reactive, and simply say "no" to everything that's not explicity permitted, the entire problem disappears.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Chris, Nov 17th, 2005 @ 11:42am

      Re: Still the wrong appraoch

      That's because they still are not tackling the security issue from the right angle. Current security is reactive, coding for awareness of new specific issues. You'll never win that game, there's always a way to do something different.

      The reason that AV companies use the model they do is simple, they can sell upgrades.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      giafly, Nov 17th, 2005 @ 11:55am

      Re: Still the wrong appraoch

      Re: When you stop being reactive, and simply say "no" to everything that's not explicity permitted, the entire problem disappears.

      Unfortunately another problem appears: you have to know what to permit. I share an office with a support team and it is amazing how many calls are due to pop-up blockers and spam filters that people don't understand. And they're the simple things!

      If you use ZoneAlarm, you'll know how difficult it is to decide which services should be permitted Internet access, when all you you know about them is a 5 or 6 character module name.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        bh, Nov 17th, 2005 @ 3:56pm

        Re: Still the wrong appraoch

        The easy way to deal with that is to automatically disallow it. If something quits working right, then you know you disallowed the wrong thing and it is fairly simple to allow it net access again.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Tony, Nov 18th, 2005 @ 12:04am

      Re: Still the wrong appraoch

      they still are not tackling the security issue from the right angle.

      I'm not so sure there is a right angle. When have computers ever been "secure"?

      Metaphor: having an open mind means the possibility of being "infected" with bad ideas, for a time at least. Computers have to live in the same world we all do. A closed mind may find "perfect security" in the comfort of knowing all the answers. This is, of course, insanity.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    nonuser, Nov 17th, 2005 @ 5:42pm

    another reason could be...

    that Sony chose somewhat obscure, middle-of-the-road titles for XCP to dampen the rate of penetration, especially to techies who might discover the installation. For example, Sony owns rights to many of Miles Davis' best recordings, but none are on the list published by the EFF:
    http://www.eff.org/deeplinks/archives/004144.php
    Instead Sony evidently put XCP on three jazz reissues, none of them too exciting. I actually bought "Silver's Blue" but fortunately I only listen to audio CDs on my stereo (that's where my handle comes from).


     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 17th, 2005 @ 9:48pm

    No Subject Given

    Isn't it just one big company who owns everything?

    Could be why it wasn't caught.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This