nullstream weblog - Watching The Watchers

« Hey, wanna try some iTunes? | Windows Live »

Watching The Watchers


October 31, 2005 09:54 PM PST


Check out this article from the excellent SysInternals site on how legitimate companies like Sony install rootkits on your PCs.

When you look at all the effort Mark spent to diagnose and remove the problem, it's no wonder why so many PCs are infected and can't be fixed. There are rootkits that attach themselves to your MBR (master boot record), so even wiping the drive won't make them go away. Hopefully Vista will prevent this sort of abuse from going on, even from companies like Sony.

A book on Windows Rootkits.

Comments (18)
John, October 31, 2005 11:27 PM:

If this doesn't result in a lawsuit or some kind of strong government action against Sony I'm going to be really upset. Seriously, they install a root kit on your system! Un-believable. As if I needed another reason to hate DRM. There is no way I'm going to buy a copy protected CD now. In fact, do I actually need ANY product from Sony. Hmmm.

BTW didn't I already mention that I thought Mark Russinovich was a debugging god?

Paul, November 1, 2005 04:12 PM:

Here we go!

John, November 2, 2005 11:34 AM:

The media is now calling it Spyware.

Paul, November 2, 2005 01:23 PM:

It's interesting how this really struck a nerve with everyone. I made the original post after reading Mark's blog for a completely unrelated reason, but before I heard everyone else mention it. Lets hope a blog-o-storm (I claim invention of that word) erupts against Sony. They hate our freedom.

Paul, November 3, 2005 11:56 AM:

And now for something completely different: from the BBC.

Paul, November 4, 2005 11:03 PM:

Update from Mark.

John, November 5, 2005 02:02 AM:

Well one interesting thing is happening, blogs are becoming more relevant. How interesting it is to see the news media quoting a blog article instead of the other way around. It does look like there is enough backlash on this now to have some sort of effect. I doubt if legal action will actually take place but this gives Sony and by association the whole DRM / RIAA camp some negative PR.

Paul, November 7, 2005 07:20 AM:

Another update from Mark.

John, November 7, 2005 10:39 AM:

That is just classic. F4I claim that Mark's assertion that their code could crash a system is "pure conjecture". So Mark runs up his, NTCrash2 test program and promptly produces a blue screen in F4I's driver! Talk about making a PR nightmare even worse. You don't want to go 'triple dog daring' someone like Mark - he does this stuff for a living.

Paul, November 9, 2005 10:39 AM:

The fun just keeps coming!

Paul, November 10, 2005 11:40 AM:

Class action lawsuit! Yay!

Paul, November 10, 2005 03:12 PM:

The first exploit of the Sony Rootkit is now out.

You mess with the Net, the Net will mess with you! I'm looking at you, Sony.

John, November 13, 2005 12:57 AM:

Microsoft on Sony's rootkit: "Nope, ain't gonna play that." MS is working on adding detection and removal of Sony's rootkit to anti-spyware and the upcoming defender products. You can read about it here.

Paul, November 13, 2005 12:14 PM:

Oh man, the fun just doesn't stop. It looks like Sony's Rootkit includes GPL'd software and therefore infringes on the copyright of others. I wonder if Sony will provide the source to their code, as required by the GPL.

John, November 13, 2005 03:36 PM:

Bush Administration to Sony...

John, November 14, 2005 03:37 PM:

Ok it kinda goes without saying that we consumers should punish Sony by voting with our wallet this holiday season. This Technewsworld article echos that, and gives a decent analysis of the situation.

Paul, November 15, 2005 12:05 PM:


The uninstaller, btw, leaves your computer MORE vulnerable than the original rootkit. Is there no end to the complete and utter incompetitence at Sony?

Paul, November 15, 2005 01:30 PM:

Check out the Amazon reviews for the CD that started it all. Man, if I was in that band, I'd be very pissed at Sony...

All links will be marked with the nofollow tag, making them useless for search rankings. Any posts containing spam URLs will then be deleted.