And Sysinternals, of course, which hosts Russinovich's blog and brought this to light. But the reason we buy security products from Symantec, Mc Afee and others is to protect us from bad security.
I truly believed that even in the biggest and most-corporate security company there are people with hackerish instincts, people who will do the right thing and blow the whistle.
What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers?
It's the sort of behavior that could easily lead to system crashes -- crashes that customers would blame on Microsoft. 13, when public pressure was just too great to ignore, that Microsoft announced it would update its security tools to detect and remove the cloaking portion of the rootkit.
Perhaps the only security company that deserves praise is F-Secure, the first and the loudest critic of Sony's actions. And companies do stupid things; always have and always will.
And Microsoft is known for watching out for its business interests at the expense of those of its customers.
What happens when the creators of malware collude with the very companies we hire to protect us from that malware? A dangerous and damaging rootkit gets introduced into the wild, and half a million computers get infected before anyone does anything. It's unlikely that this Sony rootkit is the only example of a media company using this technology.
This story was picked up by other blogs (including mine), followed by the computer press. Sony claimed the rootkit didn't phone home when it did. 4, Thomas Hesse, Sony BMG's president of global digital business, demonstrated the company's disdain for its customers when he said, "Most people don't even know what a rootkit is, so why should they care about it? Even Sony's apology only admits that its rootkit "includes a feature that may make a user's computer susceptible to a virus written specifically to target the software." However, imperious corporate behavior is not the real story either. Sony's latest rootkit-removal tool actually leaves a gaping vulnerability. Someone created malicious code that used the rootkit to hide itself.