Wired News is running a terrific editorial by cryptography and security expert Bruce Schneier. He poses a question that I hadn’t considered before:
Initial estimates are that more than half a million computers worldwide are infected with this Sony rootkit. Those are amazing infection numbers, making this one of the most serious internet epidemics of all time — on a par with worms like Blaster, Slammer, Code Red and Nimda.
What do you think of your antivirus company, the one that didn’t notice Sony’s rootkit as it infected half a million computers? And this isn’t one of those lightning-fast internet worms; this one has been spreading since mid-2004. Because it spread through infected CDs, not through internet connections, they didn’t notice? This is exactly the kind of thing we’re paying those companies to detect — especially because the rootkit was phoning home.
The only difference between the malware that Sony has installed and your typical garden variety type is that the first is backed by a multinational corporation with lots of assets. The virus and anti-spyware companies have been slow to respond to protect their customers, presumably out of some sense of courtesy to their corporate compadres.
You might expect Microsoft to be the first company to condemn this rootkit. After all, XCP corrupts Windows’ internals in a pretty nasty way. It’s the sort of behavior that could easily lead to system crashes — crashes that customers would blame on Microsoft. But it wasn’t until Nov. 13, when public pressure was just too great to ignore, that Microsoft announced it would update its security tools to detect and remove the cloaking portion of the rootkit.
I’ve said it before, I’ll say it again: Microsoft and the constellation of anti-virus companies that serve to help protect it are not out to protect you, the consumer. They are doing the absolute mininum necessary to keep you using their products, and they are willing to utilize the very technologies which they should be protecting you against to annoy, harrass, and generally make your life annoying. The DRM measures which are part of Windows and which will be deployed even more extensively in Vista do nothing for the customer, they are merely part of corporate collusion designed to extract more money from consumers. Now, we have anti-virus companies doing precisely the same thing, for even more inexplicable reasons.
I suspect that ten years from now, we will be citing this as a landmark case in computer law, perhaps even equal to the first Sony case.