Jason Garms finally stepped up to the plate on Saturday, November 12th, 2005 and announced that Microsoft’s internal Anti-Malware Engineering Team formally acknowledges Mark Russinovich’s October 31st, 2005 blog entry and will now add Sony’s DRM software into its anti-malware software. That’s right, twelve days after the news broke and two full days after exploits were documented in the wild, Microsoft has quietly announced on a blog that they are going to update their signatures.
Here is Microsoft’s criteria for determining what is spyware, and here are some comments I made earlier.
Quite frankly, we all know that people dumped Microsoft’s anti-spyware software once it was revealed that they cave to companies for odd reasons (which begs the question of what spyware company wouldn’t apply pressure if they know they can — hello, spyware is all about being annoying and persistent, no?).
But even so, I am really disappointed that Microsoft continues to show that they are not the kind of company that a user or company can bank on if they need security. Sony has had to eat so much publicity about this issue that just about everyone and their dog is aware of the issue (contrary to what Thomas Hesse, President of Sony BMG, suggested in an NPR interview, that people don’t know enough to care about root-kits). Just take a look at an anti-virus company who started addressing the issue the very day the news of the root-kit broke. F-secure claims that they were even working on it prior to Mark’s announcement because they were fielding reports about the same suspicious behavior.
The Inquirer responded to Microsoft’s blog announcement on Sunday, November 13th, 2005, with an excellent write-up on why this giant company, yet again, seems to entirely miss the point on what it means to establish trust with users. In brief, one might summarize their point as something similar to the old adage “it’s not the crime, it’s the cover-up”:
So, what do we end the day with? Microsoft dipping a toe in the water and saying it will remove a solitary DRM infection. No future pledges, no strong stand. I was honestly hoping MS would stand up and plant a stake in the ground about things like this. A week later with a murmur in a blog is not the response of a market leader.
Mark has an excellent summary himself today, called “Sony: No More Rootkit – For Now”, regarding the Microsoft announcement as well as the Sony soundbite from NPR. Most importantly, he clarifies that the viruses are just a symptom of bad security:
The viruses simply take advantage of the Sony rootkit if it’s present, but could just as easily install their own rootkit to hide their presence on the system. If a user activating the virus, which is transmitted as an email attachment, is running with administrator privileges, the virus can install a kernel-mode rootkit just as powerful as Sony’s. But even if the virus is activated from a non-administrator account it can install a less powerful, though still effective, user-mode rootkit. The bottom line is that it’s not rootkits themselves that are the problem; it’s the inability to manage the objects that they hide that creates security, reliability and manageability problems.
His point that Sony owns the IP not the computer just reminds me of the story about people who “own” their cars and want the error codes under the Right to Repair Act. Transparency of technology and the ability to protect oneself from predatory corporations are gearing up to be tough issues for the next few years.