Excellent news. Will me months before the full ramifications of this issue are seen, especially with regards to viruses. Most users who installed Sony's software probably don't have anti-virus software or take care of their PCs.

I don't see this as good news, their response is far from adequate.
From the scuttlebutt I've been hearing this has done enormous harm to the Sony franchise.
Corporate needs urgently to wake up their spin doctors, terminate all those responsible without benefits for committing criminal acts and distance itself from the whole sorry mess.
Just as a side note, there's many Windoz based NLE systems, including Sony's own Xpri system, that are legitimately used for extracting audio from commercial CDs. Wait till one of those gets infected with this malware that sits there forever stealing CPU cycles.
Bob.

Also read that there are three confirmed trojan horses latching on to Sony's rootkit.

JJK

I'd be willing to bet the majority of people who have been infected with this rootkit have no knowledge of this issue, do not realize it is there, and will continue to be a threat.

Their solution is too little, too late.

I hate trial lawyers and the litigation-happy environment they live in. That said, this is a situation where real harm has been done, and I think a class action suit would be warranted.

I'm thinking that the problem may not be quite so widespread as we fear. Most everyone i know would balk at the installation screen that pops up when inserting the CD. Most of them would refuse it, and then play the CD anyway in MediaPlayer (which works just fine if the software isn't installed). The rest would call me in a panic and ask what was going on, and i would tell them to refuse it, and then play the CD anyway in MediaPlayer. The very few people i know who might have fallen for it and installed it would have by now called me and asked, "oops, did i do something bad?" To date, not one single person has called me or emailed me or IMmed me about it. So, i'm pretty confident that at least a few thousand haven't had the problem.

Chien,

Exactly how would they know that they have hidden rootkits on their computers?

Bjorn,

They wouldn't have a clue. However, this issue is all over the news everywhere. Even my parents have heard about it. Anyone who knows me and remembers having seen something about installing software pop up on their screens when inserting a music CD would have called me by now just to ask.

I haven't seen this on the evening CBS news all week.

But, I thought that the rootkit installs when autoplay runs, not on instaling the software?

Eigther way, I hope sony burns on this one. "It's perfectly safe. Yes, hackers can give peopel viruses, etc. with it & they won't people won't know they're hacked/infected, but maybe they shouldn't be using online services. Pirates use online serverces, so obiviously our customers are pirates & must be arrested."

Specifically referencing the rootkit that is in the news:

From what I understood from the articles, any file name that starts with '$sys$' becomes invisible to Windows due to the rootkit stealth process. So I copied notepad.exe and renamed the file as $sys$notepad.exe. After the change, I can still see it. The tech guy who found the root kit originally said that as he renamed the test file, it disappeared before his eyes.

So with all of the Sony software on my PC, and I don't have the rootkit, the Sony Media software is save from my standpoint.

Per the guy that found it:

"I studied the driver’s initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with “$sys$”. To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view."

reference:
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

Edited: clarified that I don't have the main sign of the rootkit.

Steve, the software gets installed via an autorun procedure. Bypass autorun and the installation screen never appears.

Sony Media Software has about as much to do with Sony BMG as apples do to oranges. They are both fruits, but they sure don't taste like each other. Never, in all my years of using SMS's tools, all the way back to Sound Forge 4.5 and Vegas Pro 1.0 under Sonic Foundry, have I encountered any type of viral blah blah from this company.

Let's make sure we don't throw the baby out with the bathwater.

**Sony Media Software has about as much to do with Sony BMG as apples do to oranges.**

I don't see anything in this thread suggesting any direct connection between Sony Media Software and BMG or their policies. Are you responding to another thread? If so, your reply might make more sense there.

**Never, in all my years of using SMS's tools, all the way back to Sound Forge 4.5 and Vegas Pro 1.0 under Sonic Foundry, have I encountered any type of viral blah blah from this company.**

Uhh, you need to get your facts straight. Sonic Foundry is a completely separate company from Sony, and developed Sound Forge, Vegas, and Acid. Sony didn't have a thing to do with any of these products before their acquisition in 2003, and CERTAINLY DO NOT INCLUDE ANY OF THE PRODUCT VERSIONS YOU MENTION.

So, in the interest of accuracy, please refrain from equating Sonic Foundry or their original products with any division of Sony. They are, as you said, apples and oranges.

I understand the current "developers" are essentially the same people who worked for Sonic Foundry. They just report through a different heirarchy.

So the same people who brought you Sound Forge, Vegas and Acid originally are mostly the same people/culture that is fixing your bugs and bringing you updated products today.

I think that the current Sony Vegas/DVDA authorization process is more than adequate to secure most of their IP. You can bet that once the dust settles, Sony will be VERY careful in selecting newer methods of authorization.

The apples and oranges applies to Sony Madison group VS Sony BMG music.