Why Didn't Security Firms Catch Sony BMG's Rootkit Earlier?
from the good-question dept
Bruce Schneier has written up an article for Wired News that highlights a very important question that has been totally ignored throughout the whole Sony BMG rootkit fiasco: how come no security applications caught the rootkit until after there was all this publicity about it and Sony gave them the code to find and remove it? �It makes you wonder just how many other, malicious, offerings these firms are missing as well. �Schneier blames the security companies for making the assumption that just because it's from Sony and had a "legitimate" purpose, it was safe -- which is a pretty big problem. �Of course, another explanation is that many security firms are having difficulty keeping up with all the security vulnerabilities out there. �None of these programs is yet able to be a comprehensive offering. �That's why so many of us have to run multiple security programs to have a chance at protecting a computer.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
DMCA, perhaps?
[ link to this | view in chronology ]
Still the wrong appraoch
That's because they still are not tackling the security issue from the right angle. Current security is reactive, coding for awareness of new specific issues. You'll never win that game, there's always a way to do something different.
Everyone would be way better off if they simply adopted the "least access" principle, or a more proactive appraoch. By default, security software should assume *everything* is a threat, then allow the user to systematically allow execution of those things they use. This is the guiding principle of smart firewall security, and can be deployed on a large scale (so the AOL grandmas don't have to worry about it directly).
When you stop being reactive, and simply say "no" to everything that's not explicity permitted, the entire problem disappears.
[ link to this | view in chronology ]
Re: Still the wrong appraoch
The reason that AV companies use the model they do is simple, they can sell upgrades.
[ link to this | view in chronology ]
Re: Still the wrong appraoch
Unfortunately another problem appears: you have to know what to permit. I share an office with a support team and it is amazing how many calls are due to pop-up blockers and spam filters that people don't understand. And they're the simple things!
If you use ZoneAlarm, you'll know how difficult it is to decide which services should be permitted Internet access, when all you you know about them is a 5 or 6 character module name.
[ link to this | view in chronology ]
Re: Still the wrong appraoch
[ link to this | view in chronology ]
Re: Still the wrong appraoch
I'm not so sure there is a right angle. When have computers ever been "secure"?
Metaphor: having an open mind means the possibility of being "infected" with bad ideas, for a time at least. Computers have to live in the same world we all do. A closed mind may find "perfect security" in the comfort of knowing all the answers. This is, of course, insanity.
[ link to this | view in chronology ]
another reason could be...
http://www.eff.org/deeplinks/archives/004144.php
Instead Sony evidently put XCP on three jazz reissues, none of them too exciting. I actually bought "Silver's Blue" but fortunately I only listen to audio CDs on my stereo (that's where my handle comes from).
[ link to this | view in chronology ]
No Subject Given
Could be why it wasn't caught.
[ link to this | view in chronology ]