Sony Rootkit

[John Francini]

Yes, but...

Unlike the PC one, which just quietly installs itself with NO knowledge on
the part of the user, the Mac one requires that you type in an Administrator
user name and password.  And it's in a separate partition.  You can't
install it without KNOWING that it's trying to do something that's
Aministrator-privileged.

Even if the software didn't show the EULA, the moment the installer tried to
do anything at all that would affect the system, the system automatically
generates the Admin username/password challenge screen.  This happens even
if you're already logged in on an account that has Administrator privileges.

Most Mac users that I see (I do Mac consulting) know very well that they
shouldn't type that info into their computer unless they're actively trying
to do Something Important.

And there's no reason on God's green earth why a bloody CD should want to
install Administrator-privileged software on a computer unless it's to do
something most users don't want done.

Therefore, to shoot yourself in the foot on a Mac, you actually have to AIM
at the foot.


> -----Original Message-----
> From: Sandra Harris [mailto:sandra.lunch@citcomm.com]
> Sent: Tuesday, November 22, 2005 11:27
> To: John Francini; rogerkirk@mail.ttlc.net; boston-radio-
> interest@rolinin.BostonRadio.org; 'SteveOrdinetz'
> Subject: Sony Rootkit
>
>
>
> > > >On another related note, I read somewhere about Sony having put some
> > > >sort of hard to detect, harder to remove spyware into their CDs that
> > > >will automatically load if you try to play them in a PC.  Apparently
> > > >it was an attempt to make the music copy-proof.  I understand that
> > > >several lawsuits have been filed.
> > >
> > > It is true, they essentially did this.  However, they initially did
> not
> > > inform the purchaser/user that the software was being installed. Later
> CDs
> > > had miniscule fine print informing the user that it would happen and
> that
> > > could circumvent it by not placing the CD in their computer.  The hue
> &
> > > cry over this resulted in Sony/BMG discontinuing the practice,
> although
> > > there are an untold number of CDs in the retail chain that still
> contain
> > > this little bugger.  Sony has supplied a program that will remove the
> > > offending software.
> >
> > However, said program doesn't work right in many cases. Also, the
> original
> > spyware has been classified as 'malicious software' by all the anti-
> virus
> > software companies, such as McAfee and Symantec.
> >
> > Makes me all the more glad that I only use Macs for all my
> personally-owned
> > computers. They're immune to every last one of the PC viruses.
> >
> > John Francini
>
>
> Macs are also vulnerable to the Sony rootkit
> http://www.eweek.com/article2/0,1895,1885915,00.asp