General discussion

Locked

Not Just Sony to Blame - Security Companies' Catastrophic Failure

By secureplay ·
While it is easy and valid to blame Sony for this problem, where were our beloved, and well-paid security companies?

Rootkits are an old, well-known attack - why didn't Zone Alarm, Symantec, MacAffee, Computer Associates, or any of the others pick this up in the MONTHS that it has been out there?

This is either incompetence or collusion - neither should make someone who paid $70 + $20/year for a "security suite" to protect their computer happy.

The professional "security" industry created this problem and didn't detect it... shame on us all.


Steven B. Davis
CEO
IT GlobalSecure Inc.
http://www.secureplay.com/
http://www.playnoevil.com

This conversation is currently closed to new comments.

74 total posts (Page 1 of 8)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Excellent point

by prplshroud In reply to Not Just Sony to Blame - ...

This is an excellent point, which lead me to another.

In this modern day of business, it's not the customer that brings in the cash it's the various alliances and licensing agreements with other corporations that brings in the big cash.

I see the consumer beginning to be looked upon as a necessary evil in marketplace. Even though, without the consumer, there would be no marketplace.

I would bet that lots of people around conference room tables knew about this rootkit, but corporations were so keen on not affecting their cash cow corporate alliances that no one said or leaked anything.

Nothing happened until this reached the point of a somewhat widespread media attention. I still have yet to see something of this on the evening news though.

The whole thing stinks to high heaven, but I'm sure heads have rolled at SonyBMG for this.

Collapse -

I agree

by Neil Higgins In reply to Excellent point

I read somewhere today,that Phillips even said that Sony's little root-kit "discs" were'nt even true cd's,in the correct definition of them.No,Sony went out on a limb on this,were maybe warned behind the scenes what would happen,and zing...total catastrophe.Even MS have basically blown a raspberry at them,and are no doubt sniggering behind the scenes.I bet Sony shares nosedive in the next few weeks.Do I shed a tear.Not one jot.****,they could have trashed my pc,and ruined many months of stored data.

Collapse -

It was posted by Fox News

by irenaeus In reply to Excellent point

While I do not know anything about the evening news due to never wasting my time with them, I do know that www.foxnews.com has posted articles about it and has been giving updates on the progress of the story.

Collapse -

Symantec Rant

by Thumper1 In reply to Excellent point

Seems to me these guys are simply clipping coupons. Supplying us with minimum protection and charging exorbitant fees.

More than once I have wondered why the **** I am paying so much money to Symantec. Last time I called tech support using my "Gold" account, I was told the hold time would be at least 1.5 HOURS!

I think it's time they got off their asses and started developing products that actually afford something other than one dimensional protection.

Collapse -

express yourself

by richard In reply to Excellent point

Express yourself! Our crew of thousands works 24/7 to give you the best music label and artist sites. If you like what we're doing, or you think we could be doing something better, please let us know. We appreciate all feedback, although we aren't able to respond to all of it.
Thanks for your feedback! Your input will help us to make a better Sony Music Online
I think that everyone should alse send a complaining eMail to every sony email address you can find, daily for the next 90 days.
should raise a stink.

the following is a link to Sony Music Feedback page
http://www.sonymusic.net/sony/feedback.cgi

AND
here are som sony email addresses.
General Comments: SonyMusicOnline@sonymusic.com
Website Technical Problem: SonyMusicOnline@sonymusic.com
Columbia Records: feedback@columbiarecords.com
Epic Records: feedback@epicrecords.com
Legacy Recordings: LegacyOnline@sonymusic.com
Sony Music Nashville: SonyMusicOnline@sonymusic.com
Sony Classical: feedback@sonyclassical.com
Sony Wonder: SonyWonder@sonymusic.com
Sony Music Store: SMFCustomer_Services@sonymusic.com
Sony Music Custom Marketing: smsp@sonymusic.com

Scotch tape
http://informationweek.com/story/showArticle.jhtml?articleID=174400748

Collapse -

Corporations, News and Sony

by cmurray In reply to Excellent point

I think one reason we didn't see it on the news is that it is not in corporate interests to do so. Whether it is collusion is probably difficult to prove but self-sensorship is very strong within contemporary corporate structure. And we the consumer? Individually we don't count! Well, some do to be fair.

Collapse -

I would expect zone alarm to popup an unknown on kit call home

by TG2 In reply to Not Just Sony to Blame - ...

I would expect that ZoneAlarm would have warned on call home of the kit. Unless Sony did with ZA like they did with Symantec, worked with the venders to identify their product and components and so not alarm as to what they were doing.

I would have still expected Zonealarm to alerted me to the traffic *but* once trusted, it becomes a difficult issue for ZA to track and catch something ... and if its using IE... then ZA trusts IE to use other components to do network access and that would be why these could slip by zone alarm.

Collapse -

its allow-all on approved policy

by rabear In reply to I would expect zone alarm ...

theres an IT paper on it, policies should be deny-all then let the user explicitly allow only what is needed. for example, to put it to the barest, you only need http, smtp and pop3. then per protocol, which programs will use it. you only look at the good that you need.

on the other hand, virus scanners fail if they dont have the signature of the bad program, even with their heuristics. why? they look for the bad only. with additional hackers coming online, you would guess they can never sleep at all.

Collapse -

add allow only specific pop3, smtp, etc

by TG2 In reply to its allow-all on approved ...

in your "for example" ... that rule for pop should be specified to allow only pop to your pop servers.. smtp to your *known* smtp servers..

and before outlook 2002/3 hit with the option to disable graphics in email.. I had already specified that outlook.exe was not allowed to http anywhere but special sites (microcenter.com, bestbuy.com .... places I get sales email from)

even the new outlook doesn't do that.. so as to stop graphics from someplace else.. (although phishers use original graphics from their respective sites)

Collapse -

Group policy here also is ...

by Too Old For IT In reply to add allow only specific p ...

... that you don't get to FTP anything from anywhere, anyhow, anyway.

Back to Security Forum
74 total posts (Page 1 of 8)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums