Security

General discussion

Locked

Not Just Sony to Blame - Security Companies' Catastrophic Failure

By secureplay ·
While it is easy and valid to blame Sony for this problem, where were our beloved, and well-paid security companies?

Rootkits are an old, well-known attack - why didn't Zone Alarm, Symantec, MacAffee, Computer Associates, or any of the others pick this up in the MONTHS that it has been out there?

This is either incompetence or collusion - neither should make someone who paid $70 + $20/year for a "security suite" to protect their computer happy.

The professional "security" industry created this problem and didn't detect it... shame on us all.


Steven B. Davis
CEO
IT GlobalSecure Inc.
http://www.secureplay.com/
http://www.playnoevil.com

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Unplugged not entirely safe

by MWatch In reply to Sad to say, but...

Virus protection was around before the internet became ubiquitous. A disconnected machine can be compromised. They came on real floppy floppies.

In the "old" days they were plain malicious nasties, since they could not communicate all a virus could do was screw things up. Now they try to send your credit card number to Romania. Do you remember tweaking memory to make sure you had enough to run some piggy software??

The problems are different and probably more numerous now. We are asking computers to do much more now as well.

Precisely why a company like Sony should be SMACKED hard for adding another. This thing would never have stopped ardent rippers.

YES Norton, McAfee ... should be questioned in their failure to respond.

Collapse -

Evolution

by rm3mpc In reply to Sad to say, but...

The Personal Computer was a personal computer because in the
beginning, there was no network and no one to talk to. The need
to share information evolved early on because running back and
forth with floppies was painful, even in one office.

Now we have a highly evolved situation where information
sharing is possible, easy and, in fact, essential.

Corporate admins have a thankless and difficult job. Service
providers could do a lot to filter out the garbage closer to the
source. But the real culprits are the OS developers, particularly
Microsoft, who are more bent on adding near-useless features
(but 250 of them at a time!) than they are on providing a secure
computing environment.

If administrators can create reasonably secure environments
despite the flaws in the OS, then just imagine how much easier
life would be if the OS developers eliminated the holes at the
beginning.

The telecommunications industry lives on Unix. So do a lot of
government installations. They are running in secure
environments. I'm not recommending Unix for the masses, but it
demonstrates that it can be done. And the Mac OS demonstrates
that a friendly face can be put on top of Unix.

Collapse -

Good point, but not realistic

by PlacidAir In reply to Little if any inderstandi ...

Having users logged in as just that, users, is a great idea. Too bad in most of the real world that isn't likely to happen. If you work in the IT department of any firm, you answer to those at the top of the firm -- and until those at the top of the firm are themselves willing to have their systems rights restricted, they're not going to allow themselves to be locked down. Getting them down to Power User level is a real battle, but at least at that level the administrative shares are not available to them. In most cases it seems to take the firm getting hit with something nasty before those who can make such decisions give the go-ahead for a lock-down. Sad, but true.

Collapse -

Admin Rights not the answer...

by cloakedrun2001 In reply to Little if any inderstandi ...

My daughters have PCs of their own. I had read about running with Admin rights, and the dangers. So I restricted them to be "users". This was a bit of a pain sometimes when the latest game patches had to be installed, but it was all in the name of security - or so I thought.

Then one day my oldest starts complaining that her machine is running "really slow", and that certain things are not working properly any more.

The hair was up on the back of my neck, so I told her not to use it until I gave her the AOK.

Her machine was peppered with viruses! It took me 3 days to get rid of all the security threats that had infacted her machine. And that machine was completely clean when I gave it to her - so every one of these little nasties managed to get in and get installed WITHOUT ADMIN RIGHTS!

I still think running without admin rights is a good idea, but I liken it to wearing a condom... It gives you a false sense of security while you are being screwed.

Collapse -

by ghastly In reply to Admin Rights not the answ ...

I've experienced the same thing in the corporate environment, where we have more protection. Many or even most of the exploits cleverly circumvent any requirement for administrative privileges, while much legitimate software requires it. Making users non-admins of the local machine great hampers the user, but only minimally (if at all) hampers the great majority of exploits.

Collapse -

by WearsManyHats In reply to Little if any inderstandi ...

You've got to be kidding, graeme@..., this is a very important question -- why did none of the major security companies not alert their *paying* customers to this problem? You're like the person who says that a raped women should not have gone out to her car, that she was just asking for trouble. It's the rapist who is the criminal and needs to be stopped.

Collapse -

Ok NO Admin - Then what

by MWatch In reply to Little if any inderstandi ...

So you set a system up so NOTHING can be installed without notice and seven double dares.

The typical home user would look at the Sony brand (a bunch of them have Sony computers), the message that tells them they need to use the Sony software to play the CD you will even be able to copy it to your computer with Sony software... and install it without thinking any further. No mention that the software will attempt to interfere with other software you may already have on your system, or phone home. I'm sure it's in the EULA on page 26 in latin.

This is unacceptable behavior on the part of SONY, they are hiding behind the EULA not responsible for anything under any circumstances. All in an attempt to stop people that don't know how to burn a cd from burning a cd. It's just plain STUPID on Sony's part.

The sad part is that Sony is not going to be hit hard enough to change their attitude. I used to wonder why Beta lost out to VHS.

Collapse -

Software design

by CliffD In reply to Little if any inderstandi ...

Several common accounting programs REQUIRE the user to be an admin on the local machine. In discussion, they can't see anything wrong with that, claiming that their databases are bulletproof. That may be but leaves the machine wide open otherwise

Collapse -

Well you are right when it come to IT. But...

by Another Canadian In reply to Little if any inderstandi ...

If you talk about normal consumer that put a CD in their computer at home to listen the music and from a well know and trustable corporation as SONY "was" yes they were right to install it. Did Sony put a warning that said if you install me you will install a rootkit that program will not uninstall and will not be detectable by scanning and furthermore if you do not agree to the installation the file will be copied to the HD but not activated? Furthermore we SONY will remove access totaly to your CD burner if you attempt to remove the software by using or not using the ADD/Remove feature from Microsoft.

They were installing their software (home consumer)with the intention to listen the music you can't blame a normal consumer to have trusted SONY to not mess their computer, when I read their warning they only state that you need it to make 3 legal copy of the CD and to be able to listen it on your PC otherwise there were safe with it.

SONY used the worst kind of deceptive activity they could have imagine and it rival with social enginering I for once would have never tough that it is more safe to download illegal music then install a legitimate commercial CD do you see the irony here?

For me SONY should paid a lot and I mean a lot because money talk and when you hurt the wallet it is the only language that it is univeral now :) with multi-national corporation.

Collapse -

root kit fix

by puddytat70 In reply to Not Just Sony to Blame - ...

The software "ANY DVD" made by Slysoft will block the root kit bug. Robert

Related Discussions

Related Forums