Microsoft to Sony: I’ll get you, and your little DRM virus-enabler, too!!

Leave a reply

Sony realizes just how stupid its attempt to control their property rights (and sabotage a competitor’s game?) by sabotaging customer’s computers is. Microsoft chimes in to say they’re going to treat it as malware and remove it.
(Edit: fixed a double reference & clarified MS’ role)

Sony BMG’s patch does not remove the program, which installs itself on a Windows-operated personal computer when consumers want to play certain Sony BMG music CDs. According to programmers it still leaves a security hole.

According to anyone who understands computer filing systems, that is. I’m not a programmer, but even I understand that if you alter the operating system in such a way as to render any program starting with four specific characters totally invisible (nothing you can do will make it show), you just invited the world to install itself on your hard drive. Stupid jackasses. I hope someone in the military just forbade playing of all music CD’s in military PC’s. Yes, I said all. Sony’s caught, but it doesn’t mean someone else isn’t doing it too.

Hat tip to Chizumatic.

Update: 2005-11-16 10 :50:02 (again, hat tip to Chizumatic:)

Oh. My. Fucking. G-d!!!!!

When you first fill out Sony’s form to request a copy of the uninstaller, the request form downloads and installs a program – an ActiveX control created by the DRM vendor, First4Internet – called CodeSupport. CodeSupport remains on your system after you leave Sony’s site, and it is marked as safe for scripting, so any web page can ask CodeSupport to do things. One thing CodeSupport can be told to do is download and install code from an Internet site. Unfortunately, CodeSupport doesn’t verify that the downloaded code actually came from Sony or First4Internet. This means any web page can make CodeSupport download and install code from any URL without asking the user’s permission.

A malicious web site author can write an evil program, package up that program appropriately, put the packaged code at some URL, and then write a web page that causes CodeSupport to download and run code from that URL. If you visit that web page with Internet Explorer, and you have previously requested Sony’s uninstaller, then the evil program will be downloaded, installed, and run on your computer, immediately and automatically. Your goose will be cooked.

Do you understand why I have refused to have anything to do with Sony products for months now???

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.