Enough has probably been said about Sony’s woes regarding the Rootkit issue. The attention needs to now switch to the antivirus and antispyware vendors. Why did they miss the problem all these months? According to eWeek, even now, only the Finnish anti-virus specialist F-Secure Corp. appears to have added a rootkit detection engine in its security suite. Other big-name anti-virus vendorsâ€”including Symantec Corp., McAfee Inc. and Trend Micro Inc.â€”appear to still have not implemented true rootkit detection/removal capabilities. It also looks like antivirus and antispyware companies will need to monitor software distribution methods other than just the Internet.
Alex Halderman, writing in Freedom to Tinker, reports that Sony may have another spyware problem on its hands. According to Halderman,
Sony uses another copy protection program, SunnCommâ€™s MediaMax, on other discs in their catalog, and that this system presumably is not included in the moratorium. Though MediaMax doesnâ€™t resort to concealing itself with a rootkit, it does behave in several ways that are characteristic of spyware.
Like XCP, recent versions of MediaMax engage in spyware-style behavior. They install software without meaningful consent or notification, they include either no means of uninstalling the software or an uninstaller that claims to remove the entire program but doesnâ€™t, and they transmit information about user activities to SunnComm despite statements to the contrary in the end user license agreement and on SunnCommâ€™s web site.
Each problem is described in more detail on the Freedom to Tinker post.
The end of popups may be near. Industry leaders including Time Warner Inc.’s online division AOL, Verizon Communications, the Center for Democracy and Technology, CNET Networks Inc., CA , Yahoo Inc. and nonprofit online privacy organization TRUSTe are announcing a new program, the Trusted Download Program, that sets tough criteria for makers of spyware and adware. It will require such software vendors to provide more plain disclosure to users of what they are downloading and to make such applications easier to remove. TRUSTe will administer a best-practices “standard of good behavior for adware companies and companies more broadly that distribute downloadable software,” said one source, who declined to be identified. Adware vendors that don’t comply will face exclusion by participating advertisers and ad networks.
After the consumer outrage over its CD copy protection scheme which involved the installation of rootkits on PCs in which the Extend Copy Protection (XCP) disks were played, and possibly the fear of further lawsuits, Sony today issued an apology and announced that it would temporarily suspend the manufacture of XCP copy-protected CDs and re-examine its digital-rights management strategy.
Continue reading Sony issues apology re XCP
Section 5.4 of the Master End-User License Agreement for Microsoft Software (PDF) states:
Internet-Based Services Components. The Software contains components that enable and facilitate the use of certain Internet-based services. You acknowledge and agree that Microsoft may automatically check the version of the Software and/or its components that you are utilizing and may provide upgrades or fixes to the Software that will be automatically downloaded to your computer.
Continue reading Another Read the License Agreement Example
According to TechDirt, while in the past spyware makers have argued with anti-spyware product vendors regarding the definition of spyware and whether their software constituted spyware, some are now exploring a different approach – inserting legal restrictions in their End User License Agreement (EULA) to prohibit the development of countermeaures.
According to Michael Geist, the lawful access bill, Modernization of Investigative Techniques Act, is expected to be unveiled on Tuesday, November 15th.
The bill will “compel all Canadian telephone and Internet companies to create and maintain infrastructures that are intercept capable and to provide access to basic subscriber contact information such as a name, address or telephone number.”
Continue reading Canadian Lawful Access Bill Due Nov 15th
The following article appeared in the November 8th, 2005 issue of Law Times News:
Not long ago, computer viruses were the biggest problem personal computer users had to contend with. However, these days most computers run some sort of antivirus programs and most e-mail systems have built-in scanners to slow down e-mail-borne viruses. The emerging problem in the last year or two has been spyware.
Continue reading The Spyware Problem