By way of ZDNet reader Barb Bowman comes news that Sony BMG is moving quickly to clean up the PR disaster that ensued after Mark Russinovich provided an incredibly detailed account of how the company was including Digital Restrictions Management (DRM) software on its artists' CDs that, like Trojan horses, not only surreptitiously installed itself on PCs, but used a common-to-malware technique known as a rootkit to cloak itself in a way that made discovery and/or removal of the software very difficult.
As if news of the underhanded technique wasn't bad enough for Sony BMG, the situation spiraled even further out of control when it became apparent that Russinovich's exposure of the rootkit's details may have given hackers the hall pass they needed to treat the rootkit as a back door entry point into "infected" systems. IT managers should take note since there's a likelihood that the CDs have been used in business systems.
Sony promised a fix and now, within days of the rootkit's discovery (and subsequent outrage that spread on the Net like wildfire) that fix is apparently already available. According to Bowman's blog, "Sony BMG and First 4 Internet have just released an update that will completely remove the rootkit based DRM content protection software and replace it with anon-rootkit DRM technology that is compatible with all current security protocols." Oddly, the downloadable fix is being referred to as "Service Pack 2" but it should not be confused with Microsoft's Service Pack 2 for Windows XP. Whereas the fix only handles substitution of the new DRM technology for the old rootkit-based on, Sony is apparently providing another form-based process for removal altogether. However, the removal procedure reveals yet another minor gaff that Sony says it hopes to have corrected later this month: it requires Internet Explorer and ActiveX.
One question I have, in case anybody knows the answer, is what happens when you put one of these CDs into a non-Windows computer (ie: Mac or Linux).