p2pnet - rss feed: Sony BMG DRM ‘uninstall’ warning
p2p news / p2pnet: Don’t use Sony BMG’s deb-based CD DRM uninstaller, warn Princeton’s Alex Halderman and professor Ed Felten.
Sony BMG’s First 4 Internet XCP uninstallation utility “exposes users to serious security risk,” they say on Felton’s Freedom to Tinker blog.
“Under at least some circumstances, running Sony’s Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit.
“We are working furiously to nail down the details and will report our results here as soon as we can.
“In the meantime, we recommend strongly against downloading or running Sony’s Web-based XCP uninstaller.
“Kudos to Muzzy for first suggesting that such a hole might exist.
“UPDATE: If you’re technically sophisticated, and you have run the XCP uninstaller on your computer, you may be able to help us in our investigations. It won’t take long. Please contact Alex to volunteer. Thanks.”
Bill and the Boyz have already deecided to include the Sony BMG rootkit DRM on the December Microsoft Malicious Software Removal Tool update for detection and removal.
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local political representatives. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance.
See:-
Freedom to Tinker - Don’t Use Sony’s Web-based XCP Uninstaller, November 14, 2005
Malicious Softwar - Sony DRM goes on MS spyware list, November 13, 2005
