[Dshield] Sony, Rootkits and Digital Rights Management Gone Too Far

Tim Hollebeek tholleb at teknowledge.com
Tue Nov 1 17:06:58 GMT 2005


 
> The first of these is, what is the difference between what 
> Sony BMG has allegedly done here and if a someone breached 
> Sony's systems?  In my eyes, nothing.  Sony has illegally 
> accessed individual and organisation's computer systems and 
> as such should be accountable to the same laws as anyone else 
> committing this act.

I tend to agree, though I'm not sure the current laws are 
actually up to the task.  It's best not to support the twisting
of existing laws to support conclusions that you prefer, as 
allowing laws to be to be twisted usually has unintended 
consequences.

The following actions, though, certainly SHOULD be illegal:

(1) taking actions that hide the existence of installed 
    applications or application components from consumers.

(2) Attempting to hinder or prevent the consumer from uninstalling 
    any installed applications or application components.

Regardless of the legalities, I do think that Sony should be held 
liable for damages due to the increased difficulty in removing any 
worm named $sys$*, since that increased effort is a direct result 
of the action of Sony's software.  I wonder if it occurred to the 
Sony executives that they were opening themselves up for the 
possibility of a billion dollar class action suit against them when 
their rootkit is found to be aiding and protecting third party malware.

Tim Hollebeek




More information about the list mailing list