Bruce Schneier (Wired): Real Story of the Rogue Rootkit (via Boing Boing)
He points out that normally, antivirus companies like McAfee and Symantec respond to malware within hours.
The Sony DRM rootkit has been reported in the press for over a fortnight, yet their response is still lukewarm at best. For over a week, it was nonexistent altogether. The rootkit is also over a year old with over half a million infections, but mere incompetence would be forgivable. For a week, though, at least, they both knew about it and did nothing.
Who are the security companies really working for? It's unlikely that this Sony rootkit is the only example of a media company using this technology. Which security company has engineers looking for the others who might be doing it? And what will they do if they find one? What will they do the next time some multinational company decides that owning your computers is a good idea?
(other posts: feature comparison chart, mistakes vs intentions, the recall, I heart rootkit, bloggers vs Sony, EULA, my Sony link
collection and
DRM of adhesion)
⇦ Idea: wiki game gameplay - items carried | ⇨ Link: One laptop per child for the developing world |
