[Dshield] Sony, Rootkits and Digital Rights Management Gone Too Far

Rick Sewill rsewill at cableone.net
Sun Nov 6 21:18:58 GMT 2005

On Sun, Nov 06, 2005 at 10:06:34AM -0500, JW Clements wrote:
> However, we retain the right to purchase only that which we want to, and a
> boycott of Sony products can have an immense effect. The problem is that
> many people will still *want* the Sony disks, and get root-kitted and be a
> fertile ground for the malware artists.
> It would be so very nice if everyone, when thinking of Sony, would think
> "Goodbye" rather than "Good buy".
> JW Clements

I almost never respond in these lists, not being an IT professional.

I feel so strongly that installing a rootkit, even if one makes the
rootkit files visible, is way over the line, to the point of being
criminal.  I believe, an individual doing this, would face criminal

I sent messages to Sony Playstation indicating Sony's lack of
comprehension of first using a rootkit, and then believing making
their rootkit files visible was an adequate response, made Sony
untrustworthy.  I told them their actions caused me to buy an X-Box
this past week.  I'm letting them know they ruined the Sony brand.

I respond to this thread because I worry these Sony CDs pose a danger
to a company or university intranet.

If I were an IT professional, I would either want a policy forbidding
individuals from having administrator privilege or I would want a
policy forbidding CDs brought in that pose a danger to my internal

In my mind, these Sony CDs pose such a danger.

My questions for IT professionals are the following:
1) Do companies and universities, as a rule restrict administrator
   access for company-owned or university lab PCs?

2) Do companies and universities, as a rule issue a policy forbidding
   music CDs on their premises?

2) Do personal laptops brought into the company or university intranet
   pose less of a threat to the intranet, or should those laptops have
   the same restrictions as company PCs and university lab PCs?

I ask these questions because I can see a direct problem for any PCs
that are administered by the IT department.  I would not want to be an
IT person having to upgrade a PC only to find this rootkit.  I would
not want to be an IT person stuck with removing this rootkit.

I can't judge the threat posed by personal PCs that are just brought
into the company or university Intranet.

>From my personal experience, some companies had a policy restricting
all administrator access for company PCs, other companies permitted
local administrator access for individuals with the IT department
having network administrator access.  I don't remember a company
having a policy regarding music CDs on the premise.  I don't remember
a company having a policy forbidding personal laptops being brought
into the company Intranet.

I don't believe Sony has heard the last of this.  Individuals will
need to upgrade their operating system and will need to apply system
patches.  Could Sony's rootkit interfere with an upgrade or a patch?

I will go back to lurking now and let more knowledgeable people on
this list either ignore me or respond, as appropriate.

Rick Sewill

More information about the list mailing list