Category Archives: Security

Rootkit Detection

Enough has probably been said about Sony’s woes regarding the Rootkit issue. The attention needs to now switch to the antivirus and antispyware vendors. Why did they miss the problem all these months? According to eWeek, even now, only the Finnish anti-virus specialist F-Secure Corp. appears to have added a rootkit detection engine in its security suite. Other big-name anti-virus vendors—including Symantec Corp., McAfee Inc. and Trend Micro Inc.—appear to still have not implemented true rootkit detection/removal capabilities. It also looks like antivirus and antispyware companies will need to monitor software distribution methods other than just the Internet.

Sony faces another spyware problem

Alex Halderman, writing in Freedom to Tinker, reports that Sony may have another spyware problem on its hands. According to Halderman,

Sony uses another copy protection program, SunnComm’s MediaMax, on other discs in their catalog, and that this system presumably is not included in the moratorium. Though MediaMax doesn’t resort to concealing itself with a rootkit, it does behave in several ways that are characteristic of spyware.

Like XCP, recent versions of MediaMax engage in spyware-style behavior. They install software without meaningful consent or notification, they include either no means of uninstalling the software or an uninstaller that claims to remove the entire program but doesn’t, and they transmit information about user activities to SunnComm despite statements to the contrary in the end user license agreement and on SunnComm’s web site.

Each problem is described in more detail on the Freedom to Tinker post.

The Trusted Download Program

The end of popups may be near. Industry leaders including Time Warner Inc.’s online division AOL, Verizon Communications, the Center for Democracy and Technology, CNET Networks Inc., CA , Yahoo Inc. and nonprofit online privacy organization TRUSTe are announcing a new program, the Trusted Download Program, that sets tough criteria for makers of spyware and adware. It will require such software vendors to provide more plain disclosure to users of what they are downloading and to make such applications easier to remove. TRUSTe will administer a best-practices “standard of good behavior for adware companies and companies more broadly that distribute downloadable software,” said one source, who declined to be identified. Adware vendors that don’t comply will face exclusion by participating advertisers and ad networks.

From Business Week and eweek.

Sony issues apology re XCP

After the consumer outrage over its CD copy protection scheme which involved the installation of rootkits on PCs in which the Extend Copy Protection (XCP) disks were played, and possibly the fear of further lawsuits, Sony today issued an apology and announced that it would temporarily suspend the manufacture of XCP copy-protected CDs and re-examine its digital-rights management strategy.
Continue reading Sony issues apology re XCP

Another Read the License Agreement Example

Section 5.4 of the Master End-User License Agreement for Microsoft Software (PDF) states:

Internet-Based Services Components. The Software contains components that enable and facilitate the use of certain Internet-based services. You acknowledge and agree that Microsoft may automatically check the version of the Software and/or its components that you are utilizing and may provide upgrades or fixes to the Software that will be automatically downloaded to your computer.
Continue reading Another Read the License Agreement Example

Canadian Lawful Access Bill Due Nov 15th

According to Michael Geist, the lawful access bill, Modernization of Investigative Techniques Act, is expected to be unveiled on Tuesday, November 15th.

The bill will “compel all Canadian telephone and Internet companies to create and maintain infrastructures that are intercept capable and to provide access to basic subscriber contact information such as a name, address or telephone number.”
Continue reading Canadian Lawful Access Bill Due Nov 15th