I didn’t think that there would be more to blog about Sony BMG today but I was wrong, oh, so wrong … According to an article on p2pnet Mikko Hyppönen, research director of F-Sescure, discovered the Sony BMG DRM software at the beginning of October even though the fact was kept secret until blogged by Mark Russinovitch of Winternals Software at the end of October. What is so incredible about this latest revelation is that, 1. Sony made no attempt to handle the issue in a responsible way or, in fact, in any way; and 2. that Hyppönen gave them the benefit of the doubt by assuming that Sony BMG would act on his advice! The first issue can be put down to Sony BMG’s corporate arrogance but the second is disappointing. I wrote to Hyppönen for a comment and here’s our exchange: —————- [mg] I have read that you discovered Sony BMG’s DRM software and told them your doubts about the advisability of using it at the beginning of October. [mh] That’s right. [mg] What I was wondering is why you didn’t go public with the news until Mark Russinovitch blogged his findings? [mh] Simple. We didn’t want to disclose this publicly in fear of virus writers exploiting it. After it became public, it took 9 days for the first malware to come out that used the Sony rootkit to hide itself (Breplibot). Breplibot used it not just to hide from the user but also from almost all of the antivirus programs out there (except us, as we have a rootkit detector in our product). Instead of breaking the story we were trying to convince Sony BMG to act on this before it’s too late. Unfortunately they only acted after the Breplibot trojans were already out. See Breplibot Stinx. —————- While I understand Hyppönen’s thinking don’t we all know that appproach doesn’t work? We have repeatedly seen large companies fail respond to serious security problems in their software so the hope that Sony BMG would step up and address their problem in a timely fashion was optimistic at best. On top of the almost certain knowledge of Sony BMG’s likely inaction there’s also the fact that by the time the public knew that Sony BMG was putting retarded DRM software on their PCs the company had been doing so for about eight months! That was eight months in which the consequences of their software should have become obvious to them unless they just naively put it out to market and forgot about. Surely they couldn’t have been that naive, could they? Nah … Related content reviews Gravityscan, keeping WordPress sites safe If you want to keep your WordPress site free from hackers, you need Gravityscan to find the vulnerabilities By Mark Gibbs May 24, 2017 4 mins Security how-to Raspberry Pi, ultrasonics, and music Building a theremin with a Raspberry Pi using an ultrasonic distance sensor By Mark Gibbs May 19, 2017 4 mins Computers and Peripherals news What's in your home's basement? Bet it's not a mainframe. Collecting vintage computing gear should have its limits ... but not in this case By Mark Gibbs May 14, 2017 2 mins Computers and Peripherals reviews PodPi makes STEM education exciting! Problem solving with electronics, code, and cartoons. School wasn't this cool in my day. By Mark Gibbs Mar 29, 2017 4 mins Smart Home Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe