If you are a regular reader of Wired this may be old
news but someone has finally begun to ask the right questions
about the Sony Trojan Horse rootkit(tm) debacle. In an article by
Bruce Schneier entitled the Real
Story of the Rogue Rootkit, he asks the question as to
why the dogs didn’t bark. That is, the rootkit infections began
last year and has now spread to, in one report, one-half
million PCs. Yet, no anti-virus or anti-spyware company
raised the alarm save for, according to the article, F-Secure. Why?
Was it because the rootkit was undetectable? Or is it because
these companies are in bed with Sony/RIAA/MPAA and considered the
rootkit not a security threat you needed to be notified of?
This kind of issue was brought up earlier in relation to
Microsoft’s Anti-Spyware (now re-named “Defender”) program
and how
MS changed its detection of the Claria adware (nee Gator)
such that it no longer advised you to remove it (i.e., the Claria
adware).
This is a developing story and things are still unclear, but the trend appears to be that we
can no longer implicitly trust the companies that are supposed to detect
these security intrusions because, perhaps, their definition of
adware/spyware is contrary to ours or they do not scan for rootkits.
There is a high probability, given this history, that the Sony rootkit is not
the only adware/spyware application that is not detected by the major
anti-virus/anti-spyware companies. If this is true, you have to
decide what to do about this (even if these companies belatedly
now begin to mark the Sony rootkit).
I am unaware of any security strategy that you can use on
Windows to prevent your PC from being owned by someone else if
you rely entirely on anti-virus/anti-spyware programs. If there
is, feel free to leave a comment. But as far as I can see, the
only way to minimize, but not completely reduce the risk, is to
switch to another operating system. Which you choose is up to
you. But if you don’t want to owned by Sony, or the RIAA/MPAA, or
the Russian Mafia, you really need to decide. Now. YMMV. Insert disclaimer here.
Aloha!
