Details On The Sony BMG / First4Internet Uninstaller Problem

from the it-just-gets-better-and-better dept

It seems the folks over at First4Internet, who made the Sony rootkit in the first place, aren't the sharpest knives in the drawer when it comes to designing secure applications. After all, the rootkit left open the ability for other malware to hide behind it, and, as mentioned yesterday, the web-based uninstaller they provided has a huge security hole. Ed Felten and Alex Halderman have detailed the security problems with the uninstaller, and it's quite a security hole. Basically, they were using an ActiveX control to download and run the uninstaller, but the control stays on your machine and is open for any other website to use. So all a malicious coder needs to do is code some nasty malware that looks for that ActiveX control and if you visit that website, you're toast. As Felten and Halderman note, this is only the web-based uninstaller. Sony BMG and First4Internet also provide a downloadable uninstaller that doesn't appear to have similar issues (or, at least they haven't been found yet). Either way, every step of the way, this story just gets more and more ridiculous.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    giafly, 15 Nov 2005 @ 11:01am

    The UK company that supplied the DRM software

    Email: info@first4internet.co.uk sales@first4internet.co.uk webmaster@first4internet.co.uk
    Phone: Tel: +44 (0)1295 255777, Fax: +44 (0)1295 262682
    Post: 6 South Bar Street, Banbury, Oxfordshire, OX16 9AA, UK Google Map
    Management Team: Nick Bingham Chairman, Mathew Gilliat-Smith CEO, Tony Miles Operations & Technical Director, Peter Worrall Marketing & Research Director, Nick Drew ICA Business Development Manager (thanks, voidstar)
    There's nothing on the first4internet press page since August.

    link to this | view in chronology ]

  • identicon
    Sissy Pants, 15 Nov 2005 @ 11:56am

    smooth move sony

    Sony must have at least 1 competant engineer that works for them. It's hard to believe the root kit was allowed to be put out in the first place. The fact that they did a half ass job at the uninstaller is rediculous...

    note to self; don't buy sony

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Nov 2005 @ 1:43pm

      Re: smooth move sony

      Ironically I was about to go buy a Sony digital camera this weekend.. but now I am worried about what might be included? Maybe their software will quietly call home and send back pictures of my naked girlfriend?

      The Canon Powershot now looks like a better deal..

      link to this | view in chronology ]

      • identicon
        Bunch a' pricks..., 15 Nov 2005 @ 8:12pm

        Re: smooth move sony

        Ditto for me. Sony just lost a bunch of money I was gonna spend too. I'm in the market for a new camcorder having not upgraded since 1999. Jvc hasn't seen a penny of my money since I discovered the famous eo error which will apparently eventually effect EVERY Jvc camcorder. Sony had improved the reputation of their camcorders and was high on my list. Now I won't buy a Sony camcorder, my son, who is a good kid won't get the PSP he despirately wants for Christmas and I won't buy the PS3 I've been looking forward to buying. As angry as I am over this whole rootkit thing I'm more insinsed by the fact that my son has to suffer because of these pricks. I really hope that someone starts an official Sony boycott. I'm taking part already, but I'd love to add my name to an official list posted for Sony to see.

        link to this | view in chronology ]

      • identicon
        Bunch a' pricks..., 15 Nov 2005 @ 8:16pm

        Re: smooth move sony

        Engadget actually adressed a similar yet less ominous issue more than a year ago... http://features.engadget.com/entry/3239236478279892/

        link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.