Sony - Busted Again!

[rkr1958]

It was over a year ago when we first reported that Sony was distributing spyware on audio CD's. Recently, during the holiday season, Sony announced that it had settled with over 40 states for its shenanigans. One would think that Sony would have changed its ways, and more importantly, no longer pose a threat to the security, performance, and stability of our computers.

Our latest research is shocking. Based on PC's tested at PC Pitstop, the infection rate of Sony's rootkit and SunComm MediaMax spyware have not dropped!

...

Stop using technology to infect our PC's, and develop technologies that improve our audio experience. We are all waiting.

Full blog at

http://pcpitstop.com/news/rob/rcheng0701.asp

[JohnnyMalaria]

It's not Sony.

It's Sony-BMG - a different company.

So, if you want to boycott and/or rant and rave about Sony you also have to include all the other companies associated with Sony-BMG.

And you'd be surprised how far that reaches....

The shares in Sony-BMG are owned 50% by Sony and 50% by Bertelsmann AG.

Who?

Well, BMG to most people. But actually Bertelsmann AG is the parent of:

RTL Group - Europe's largest broadcasting and production company that operates television and radio stations in eleven different countries

Random House - yes, Random House - the world’s largest general-interest book publisher.

Gruner + Jahr - more than 285 print titles and accompanying homepages in over 20 countries, printing plants in Germany and the United States, and professional websites.

BMG - Revenue € 2.128 billion

Arvato - Arvato's printing operations are among Europe's leading vendors in both gravure and offset. Its U.S. subsidiary, Offset Paperback Manufacturers, produces more than a million paperbacks each day.

Direct Group - brings all sorts of media to the people – wherever customers want it, from traditional hardcovers and paperbacks to DVDs. The range and quality of its clubs and online shops have attracted 35 million members in 22 countries. (i.e., the get 10 CDs for a penny stuff)

That's a lot of stuff to boycott!

Oh...and the source for this information: http://www.bertelsmann.com/bertelsmann_corp/wms41/bm/index.php?ci=99&language=2

[jman98]

I'm no longer a fan of Sony for a variety of reasons, but I think there are logical reasons why the infection rate might not be dropping even if Sony has stopped using the root kit. The fact is, most PC users are idiots. Very few home users think anything about security. You'd be surprised how many people say "I just have dialup. Nobody will want to hack me!" Wrong! Anyway, there were an awful lot of root kit CDs by Sony/BMG in the wild before they supposedly stopped using this technology. I have no problems believing that the same CDs that have the root kit that got released over a year ago are being re-sold or used by people who forgot about the problem. The fact is that most people don't work in IT for a living and those who don't tend to be very lax about security issues on their PC.

Kids are another problem. I can tell you that my 14 year old nephew thinks absolutely nothing of downloading and installing anything he finds on the internet and he has singlehandedly caused an awful lot of problems for my brother's PC as a result of this. His parents yell at him about it and try to get him to be careful, but they can't watch him 24 hours a day and he just downloads stuff when they're not at home. I certainly think it's possible that in some of these cases, dumb kids just loaded the root kit CD onto their PC to "hear some tunes" and that's responsible for infections in some cases. I think someone once said something like "Never attribute to malice that which can be explained by stupidity" and I think that applies here.

[ron spencer]

The fact is, most PC users are idiots.

right you are....largely because of your observation:

Kids are another problem. I can tell you that my 14 year old nephew thinks absolutely nothing of downloading and installing anything he finds on the internet and he has singlehandedly caused an awful lot of problems for my brother's PC as a result of this. His parents yell at him about it and try to get him to be careful, but they can't watch him 24 hours a day and he just downloads stuff when they're not at home.

The child isn't the problem...kids do what kids do...but the parents are stupid. The kids is an Admin!!! LOL So many of my friends have their kids as admins....I am forever fixing their machines. My kids are not...hence my machine works. Plain and simple, don't let your kids install stuff....that is why there is the group and security policy thing in XP....

Duh!!!!

[Capmaster]

LOL So many of my friends have their kids as admins....I am forever fixing their machines. My kids are not...hence my machine works. Plain and simple, don't let you kids install stuff....that is why there is the group and security policy thing in XP....

[lordsmurf]

Better yet, shove the kid into VirtualPC, where he cannot do any real damage to anything but his own virtual hard drive.

[ahhaa]

I can tell you that my 14 year old nephew thinks absolutely nothing of downloading and installing anything he finds on the internet and he has singlehandedly caused an awful lot of problems for my brother's PC as a result of this. His parents yell at him about it and try to get him to be careful, but they can't watch him 24 hours a day and he just downloads stuff when they're not at home.

it seems odd to me that more people -especially parents - don't use the user logon/ personal desktop solution to this kinda thing

[ron spencer]

more LOL!!!! Since my last post at 8:59 a colleague at work here has the same issue...only this one is worse. They never even setup user accounts....everyone uses Administrator as the login. Now I hear that all the mail is gone, most of the program files are in the trash....nice setup right?

oh yah I am an economist, not an IT guy....so if I can figure all this out everyone should. Most people don't want to though...so afraid. So they pay BestBuy $40 an hour to fix.

I am in the wrong business. I could walk around with ERD Commander, XP install discs, and spybot and fix everything. I would charge $30 and hour.

[Denvers Dawgs]

So true. I was at Best Buy the other day and this older couple (50's) was looking to buy a new pc. The "tech" guy asked what they were looking for and they really had no idea, and asked what he thought. Well, you guessed it he went and showed them 2 pcs. The 2 most expensive in the store. As he was explaining to them the specs (as he read them off the spec card) haha...He also said that for I think $130 Best buy would update windows, install virus software and a system cleaner.

A few minutes later his boss asked him to give him a hand for a minute. As soon as he left I asked the couple what they intended to actually use the pc for. Their reply "Internet/E-mail/Digital photos", I then showed them a pc (HP Pavilion a1600n AMD Athlon 64 X2 dual-core processor 3800+) for $564.99, over $600 cheaper then what they were shown. I then told them to not spend the $130 for best buy to install the software. Just go to windows update in the start button (I showed them on one of the display pcs) and just download everything they were going to give you for free. Since they also told me they were going to use Comcast Cable I told them that since they already have a comcast account, that they can get McAfee Virus Scan & Personal Firewall for free from comcast.net. And finally I had them write the website download.com and get Spybot Search & Destroy and also go to www.ccleaner.com and get ccleaner to remove unused files from your system and to clean traces of your online activities such as your Internet history.

Before the "Tech" came back they were already at the register with the best priced PC at the store for their use. (I had mentioned that they may want to shop around before they buy, checking Dell, and other electronic stores, but they said they wanted a pc now so either way they were getting one at BB that day.) Unaware to me, the couple had bought a gift card of $50 and waited outside the door until I paid (about 5mins or so) and gave the card to me for helping them out, and looking out for their best interest. I of course declined the card, but was told that if I didn't take it, he would tak it as an insult....haha gotta love the old school mentality, so i took it.

[dphirschler]

Wow. Those were nice people. And you did quite a nice service for them. Good for you.


Darryl

[Soopafresh]

I like when they ask you if you want the extended warranty - If you say "no", they shake their head like some disapproving parent.

BB-> "The warranty for this USB thumb drive is $16 for three years"

Customer-> "Uh, the drive costs $4.99"

BB-> Pause...."If it has any problem, you can bring it in for repair"

[Capmaster]

Denver Dawgs - Good for you! 8)

[Bjs]

The fact is, most PC users are idiots.

a: NEVER , ever , refer to pc user's as this ... this also gose for you ... ron spencer .

Refer to them as untrained / unadvised only ... those who agreed with such statement ... are idiot's , and need to look a little more closely at home (themselves) .

Very few home users think anything about security.

b: It is not that they don't "think" in the matter of security ... it is a fact that they are not informed and / or ill advised , prior to ownership

The fact is that most people don't work in IT for a living and those who don't tend to be very lax about security issues on their PC.

Part one being true ... but one must include "b".

Kids are another problem. I can tell you that my 14 year old nephew thinks absolutely nothing of downloading and installing anything he finds on the internet and he has singlehandedly caused an awful lot of problems for my brother's PC as a result of this.

We all have the same stories , but complaining about it wont do jack unless one has a plan to combat the issue . This once more fall's to the fact that the modern os requires proper administration in order to minimize the issue's , and the very fact as you pointed out "most don't work for IT" come's down to the lack of training and / or proper advice ... which , most don't come for free these day's ... unless they know who I am ... it is free .

To kid's or young children , the internet is a source , for release , or and outlet from modern day society issue's ... a big candy store for some that can lead to a very sour taste or trap's . Training for such event's need's to start early ... and of course with anything , there will be some "teething" issue's to overcome .

Such training would need to updated constantly as trend's in such problem's improve with technology .

It is why I say to my customer's if they don't understand something ... for goodness sake's ... phone me for advice first .

His parents yell at him about it and try to get him to be careful

a: It wont work , unless they throw the power cable away ... 100% safe ... dumb , but effective .
b: They need to do their own homework "first" before doing such things as yelling ... it's as much their fault and responsibility .
c: Have a backup plan in place before hand .

but they can't watch him 24 hours a day , and he just downloads stuff when they're not at home

a: No-one can .
b: Stuff , junk , crap , whatever ... it's a lack of being informed / advised / training ... depending on what it is being referred too .

I certainly think it's possible that in some of these cases, dumb kids just loaded the root kit CD onto their PC to "hear some tunes" and that's responsible for infections in some cases.

a: Again with name accusation's , and deliberate classing ... quit it .

People don't learn well if put down all the time ... while the problem exists , it will only improve with the right encouragement .

b: While this issue with root kit's has been dealt with , I would agree that the fact remains that not all system's have been patched as yet too prevent this from appearing , and there are those "cd's" still floating about in people's pocket's which would count for a small number of repeated occurrence's .

I think someone once said something like "Never attribute to malice that which can be explained by stupidity" and I think that applies here.

http://en.wikiquote.org/wiki/Robert_J._Hanlon .

===============

If you want a plan , then one must receive good , quality advise from someone who has been :

a: In IT for a minimum of 15 year's .
b: Worked on 90% of system's and os's over the same period .
c: keeps up to date with modern issue's and technology trend's .
d: Knowing is not everything , one must be able to show proof of concept .

As for setting up account's , under xp , this is neither here nor there ... it can still stuff up if not administered correctly .

So for those buying a new pc :

1: Do some research into anti virus products before hand ... Do not just go with what a sale's person's tell's you .

2: Purchase a quality hard drive imaging tool such as driveimage from http://www.powerquest.com .

When the new pc arrives home , set it up correctly on an appropriate powerboard with spike / phoneline protection (minimum) .
Do not plug in fan heater's or other non-pc related device's to the same board or power outlet , unless pc is completely off at that time such device's are running , as they can affect the pc in a number of way's .

If xp , make sure it is activated first .
Setup default account's as required and set permission type's for each .
Then image the hard drive asap to image file ... make "2" set's to quality cd media only (one scratch on dvd and they might be stuffed) .
Followed by isp detail's .
Followed by anti virus install , and update BEFORE even using browser or email program's .

If screwup later , system can be returned to normal in less than a 15 minute's ... providing no issue with hardware exist's .

It's What I tell , and advise my customer's ... I also do it for them if they think it's a little over the top of them for FREE (travel cost's only) .

=================

Denvers Dawgs

(I had mentioned that they may want to shop around before they buy, checking Dell, and other electronic stores, but they said they wanted a pc now so either way they were getting one at BB that day.)

This is all too true .

As soon as he left I asked the couple what they intended to actually use the pc for.

A little of "jumping the gun here" , but some may find this unwarranted , unless you inform them as to "who the heck you are" .

You actually have no idea , as to what this couple's "actual need's" really are , and they themselves , may not know except for the basic's .

Did you ask if they had children , other adult's , that might also be accessing this same pc ?

Those's thing's , that some may considered as minor , neglected "detail's" ... must be known before hand .

[ron spencer]

@bjs

I do mean idiots...these type of people do not even to a simple google search on how to secure your computer. If you do not even take that first step you are simply lazy, and yes stupid.

For those who never have used a computer it is a bit different. But even those older folk mentioned above at Best Buy at least ASKED the sales guy.

But there are many who do no research AT ALL...those are real idiots. Sorry they are. This type of research takes only a second or two and there is no excuse not to; or ask for help. In this day and age with all this identify theft stuff going on you HAVE to take even this smallest step...anyone who does not should not have a computer.

[j4gg3rr]

Better yet, shove the kid into VirtualPC, where he cannot do any real damage to anything but his own virtual hard drive.

Better again, turn the PC off and take your kids too
Football, Swimming, Little Athletics, Baseball, Cricket, Basketball, Snooker, Tennis, Sailing
Go-carting, Shooting, Netball, Ice skating, Bowling, Squash, Bull riding or Marbles etc. etc.

[Denvers Dawgs]

As soon as he left I asked the couple what they intended to actually use the pc for.

A little of "jumping the gun here" , but some may find this unwarranted , unless you inform them as to "who the heck you are" .

You actually have no idea , as to what this couple's "actual need's" really are , and they themselves , may not know except for the basic's .

Did you ask if they had children , other adult's , that might also be accessing this same pc ?

Those's thing's , that some may considered as minor , neglected "detail's" ... must be known before hand .

They had mentioned that they were the only ones in the house, and I had asked if they ever planned on doing video editing or gaming on the pc and they said no. So i told them that if it were me and all i was going to use it for was to get e-mail/internet/Digitalphotos then I would get the cheaper one (which in itself is still a good computer with dual core, and DL burner)

I didn't fell as though I pushed myself on them, they were asking each other questions and they looked confused, kinda reminded my of my grandparents with their computer, so I gave them a little smile and asked if they needed some info on that $$ PC the "tech" guy had them looking at.

[thecoalman]

Talk about threadjacked....

Anyhow going back to the original post the title is colpletely misleading in the article. It implies they have done something again, and were caught again. Wich is not the point of the article, the fact that the rootkits are still being found on computers doesn't suprise me one bit. I'd imagine 95% of the people that purchased those discs never even heard of the rootkit issue and even if they did could care less.