Tuesday, November 22, 2005

Sony is a four-letter word

Texas has filed suit against it for installing a really tough virus called a rootkit on the computers of people who buy it's CDs and DVDs as a form of copy protection. The existence of the rootkit was discovered by a computer security expert. According to Wired magazine,
A rootkit is a particularly insidious type of Trojan horse that hides its existence from users and programs by tampering with the operating system on the most fundamental level. Where normal malicious code might be content to choose a deceptive file name, a rootkit "hooks" operating system calls that might reveal its presence, and essentially reprograms them to lie -- like bribing the coroner to conceal a murder.

And the lie the First 4 Internet code tells is a whopper. Under the program's influence, Windows will deny the existence of any file, directory, process or registry key whose name begins with "$sys$." Russinovich verified this by making a copy of Notepad named "$sys$notepad.exe," which promptly vanished from view.

That means that any hacker who can gain even rudimentary access to a Windows machine infected with the program now has the power to hide anything he wants under the "$sys$" cloak of invisibility.
Thus Sony not only protects its own material, it leaves a gaping hole in your computers protection. Now it's being asked why it took so long to discover this, and suggested that computer security firms have covered it up, because, well, it's Sony and it's in everybody's (except consumers') interest to prevent piracy. I guess they'll have to add a paragraph to those EULAs for virus protection programs, disclaiming failure to point out backdoors installed by Sony and any other content company. It kind of makes you wonder why you were being so honest yourself. I guess we'll all have to go back to snailmail and never using computers for anything that could be personally identifiable.

So my laptop is nothing more than a spam collector. I wonder how much of my hard disk is occupied by spam, rootkits and viruses.

John Dvorak notes that it's unsafe to be online anymore and advises people with broadband to disconnect it when not in use. His conclusion:
This situation is totally out of control with today's architecture, and it's about time we scrap the whole structure. And by this I mean Linux, Unix, Mac OS, and Windows. Scrap it all.
I've thought for a long time that the people who developed our computer OSes and networks were all pretty naive. I doubt that any of them had a thought about how what they were designing could be turned into a means of stealing information, wasting bandwidth with spam or committing fraud. Most of the early computer scientists never saw the PC revolution coming.

Another group I blame for much of this is the privacy freaks. There are places where privacy on the internet is absolutely necessary, such as China, but for most of us, being anonymous is not something we care about. We carry credit cards and drivers license precisely because being anonymous is really inconvenient. Yet somehow having a national ID is perceived as a threat. The reason we worry about identity theft is that we have done away with cash in most transactions. What we need is an infallible ID so that if someone steals your credit card, he can't use it, because the card would contain some unfakeable information about you that only you can provide. Passwords are a lousy substitute. Maybe in the future we'll have to have our fingers scanned in addition to swiping our cards.

I don't know what could be done to make the internet more safe, but it's a cinch that the monitoring programs aren't up to it or their vendors don't really care.

0 Comments:

Post a Comment

<< Home