By now, just about everyone has heard about the nifty little rootkit that the latest Sony CDs auto-install when you pop them into your PC. It manages to fit right into that nebulous legal area where law enforcement thinks its against the law, but has a tough damn time proving it.
Welcome to the wide world of rapidly changing technology, and law enforcement's efforts to stay only two years behind. The short version of what Sony CDs install is software that is both invicible to users and which cannot be removed. Oh, and anti-virus software won't pick it up. Should you manage to find it, forcibly removing it will more often than not result in a full system clustersnafu. My favorite part about this?
Sony not only did it as a means of copy protection (thus hurting people who had legally purchased the music CDs), but they didn't cop to the fact that they did it until after they were caught.
And now hackers have already released the first virus based on Sony's toolkit. Caught between a rock and a hard place, Sony decided to release a removal kit.
According to this story, the removal tool only opens a few more security holes than the inital rootkit did. Not to mention the fact that once the initial rootkit is uninstalled, the uninstaller itself remains on your machine.
There are so many things wrong with how Sony is handling this it borders on parody. Unfortunately, it seems that the larger a company grows, the dumber it gets. Call it the inverse law of success. As it stand now, I don't think Sony is going to quite get the message until one of two things happen:
1) Microsoft patches Windows to the point where nothing like this can be installed on any machine running Windows, period
2) Sony gets slapped with a class-action lawsuit the likes of which its never even heard of.
Considering the way Sony has handled this, I'm actually betting the only question is which of those two examples happens first.