Sony DRM infection removal vulnerability uncoveredTool is worse than original infectionBy Charlie Demerjian: Tuesday 15 November 2005, 20:45SONY PULLS OFF ANOTHER blatant stupidity in the 'cure is worse than the disease' category. No, not the DRM infection itself, not the security compromising removal agreement, but the removal tool itself. Yes, this one appears to put you in MORE danger than the original rootkit. Silly Sony, no cookie.According to Freedon To Tinker, the web based installer is a worse vulnerability than the original rootkit. More on the story here, FTT goes into detail. It seems the 'cure' from Sony involves downloading an ActiveX control called CodeSupport. This is a signed control that lets just about anyone download, install and execute arbitrary code on your machine.See a problem? See a big problem? To make matters even funnier, the uninstaller, supposedly anyway, leaves this control on your machine. So, the Sony uninstaller is not a total uninstaller, it leaves a hole you can drive a truck through on your system, silently of course.The more disturbing part is that it appears the control is signed. I wonder who at MS approved this, and how this blatant security hole got through the barest minimum of QC? Moral, if you bought Sony products, you are screwed. If it causes you problems, you are screwed more. If you uninstall, you are screwed yet harder. If you uninstall it yourself, you are a criminal under the DMCA. If you use an antivirus program to uninstall it, you spent money to fix Sony's problems, and you are still a criminal. That's what you get for buying music.
Microsoft labeled the XCP software as malware in their Malicious software removal tool
