(Cary Sherman is the President of the Recording Industry Association of America (RIAA))
Let’s see. First Sony secretly installs a poorly programmed Rootkit on your PC. It’s so secret that alpha geeks have a difficult time figuring out what’s going on and when they do figure it out and uninstall, it makes their CD-ROM drive unusable. The rootkit also leaves your computer open to possible remote attacks.
Then Sony has the company that wrote the rootkit write an uninstaller. If you install the rootkit uninstaller and remove the rootkit, the uninstaller leaves your computer open to remote attack and the possible hijacking of your computer.
Sony is allowing you to return the CD. Of course, you’ve likely ‘infected’ your PC already so it’s really not much consolation.
And before Sony did the (marginally) right thing, they said things like consumers don’t really care about these rootkits anyway.
Mr. Sherman thinks that Sony’s actions constituted “responsible” action. Here is what he said:
The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware. They have apologized for their mistake, ceased manufacture of CDs with that technology,and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they’ve taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?
Mr. Sherman is glossing over a lot of facts and he really does not understand the nature of a rootkit. No, Mr. Sherman, lot of applications haven’t “created the same problem.” Yes, software does have security vulnerabilities that must be fixed or patched but generally, you can avoid any problems by not using the software once you become aware of the vulnerability. The rootkit is deeply embedded in the operating system itself and so the computer is useless until the rootkit is gone.
Highlights of the interview and a full transcript at the (ugly) Malbela blog.