The other option is to choose an alternative browser, such as Firefox or Opera. However, even these browsers are not as safe from attack as they were once considered.
Firefox has been subject to a number of flaws over the past year, including one that could leave its users more vulnerable to phishing scams. Meanwhile, a report published in September by Symantec rated Internet Explorer as safer than Firefox. The report found some 25 flaws in Mozilla’s Firefox internet browser, almost double the number it discovered in IE.
Vulnerabilities in Opera is not mentioned – not here, not elsewhere – and I wonder: Why not? There are vulnerabilities to mention, right? Since it’s mentioned that it’s not as safe from attacks as once considered, I mean. Wouldn’t it be natural to mention at least one, serious vulnerability, like with Firefox?
The update is more than 3.5 megabytes in size, and it appears to contain new versions of almost all the files included in the initial installation of the entire DRM system, as well as creating some new files. In short, theyâ€™re not just taking away the rootkit-like function â€” theyâ€™re almost certainly adding things to the system as well. And once again, theyâ€™re not disclosing what theyâ€™re doing.
No doubt theyâ€™ll ask us to just trust them. I wouldnâ€™t. The companies still assert â€” falsely â€” that the original rootkit-like software â€œdoes not compromise securityâ€ and â€œ[t]here should be no concernâ€ about it. So I wouldnâ€™t put much faith in any claim that the new update is harmless. And the companies claim to have developed â€œnew ways of cloaking files on a hard driveâ€. So I wouldnâ€™t derive much comfort from carefully worded assertions that they have removed â€œthe â€¦ component .. that has been discussedâ€.
But, there’s more – related to the rootkit, unrelated to the “fix”.
Use the rootkit to cheat other companies
Players of World of Warcraft don’t like the game makers, and the controversial tactics to avoid cheating in the game. (To my limited understanding – I don’t play it myself.) The program ‘Warden’ scans the players’ PCs, to make sure there’s no processes running tohelp cheating in the game.
Sony has reacted, and posted a service pack/update that removes the cloaking technology. But does it apologise? No – instead it downplays the problems, saying it wasn’t malicious and didn’t compromise security.
Funny. I thought the previous article showed how easy security could be compromised…
Bad move, not to apologise. If Sony doesn’t regret the actions, what can we expect from the company later?
Today I was made aware of an article called Sony, Rootkits and Digital Rights Management Gone Too Far by Mark Russinovich – and it’s scary news. Mark had bought a Copy Controlled CD made by Sony, and as a result from playing it on his PC, Sony had taken the liberty to install software on his computer – and hidden it.
One thing is to try to limit what can be done with the music on the CD, but trying to hide that you’ve installed software, and make it very difficult to uninstall, that’s going too far. Especially as the software in question takes up resources, poses a security risk, and may also be unstable in itself. This sounds too much alike what is commonly known as malware.
Another question that begs to be asked is: Is what Sony has done here legal? Sony may write about this in their EULA, (but it is not certain that they actually do this, even after they updated it after the fact,) but an EULA can’t override laws – not everywhere at least – and may even be known before the product is bought to be valid.
Netcraft tells about yet another IE spoofing trick:
It might be in its place to remind people that the safest way to avoid trouble with IE, is to use a different browser. (And while there’s a lot of talk about Firefox, personally I find Opera a better choice. In my humble opinion, of course.)
It happens at times, that I think. Some of these thoughts are good - real good. Now, I can't - unfortunately - claim that I manage to publish all of these, or only these. But they're my thoughts in any case.