At Freedom to Tinker, Edward Felten says Sony is trying to weasel out of its obligations to come clean with customers:
Yesterday, [Sony and First 4 Internet] released a software update that they say “removes the cloaking technology component that has been recently discussed in a number of articles”. Reading that statement, and the press statements by company representitives, you might think that that’s all the update does. It’s not.
The update is more than 3.5 megabytes in size, and it appears to contain new versions of almost all the files included in the initial installation of the entire DRM system, as well as creating some new files. In short, they’re not just taking away the rootkit-like function — they’re almost certainly adding things to the system as well. And once again, they’re not disclosing what they’re doing.
No doubt they’ll ask us to just trust them. I wouldn’t. The companies still assert — falsely — that the original rootkit-like software “does not compromise security” and “[t]here should be no concern” about it. So I wouldn’t put much faith in any claim that the new update is harmless. And the companies claim to have developed “new ways of cloaking files on a hard drive”. So I wouldn’t derive much comfort from carefully worded assertions that they have removed “the … component .. that has been discussed”.
Whoever is making these decisions at Sony has no idea how badly they are damaging the company’s reputation.
Ed Bott 
Ed, given the amount of reverse engineering that has been done here and elsewhere (which may or may not violate the DMA, depending on your interpretation). Do you know of anyone (other than Sony or First 4 Internet, I trust them about as far as I can throw them) that has produced an uninstall utility for this? Would writing such a utility violate the DMA? If so, would Sony, et al, even have a case since the rootkit is of questionable legality anyway?
On a different but related point, could this not be circumvented by the old sharpie marks on the outer rim of the CD trick to prevent the drive from accessing the disk as a data disk? Aren’t data disks read from the outside in whereas red book audio disks from the inside out?
The rootkit is already being taken advantage of…
World of Warcraft hackers using Sony BMG rootkit
http://securityfocus.com/brief/34?supsecurityfocus
I’m sure there is more to come.
Ed, Sony’s response is ignorant –but that’s because they don’t understand what a rootkit is and how damaging they can be. In fact, when NPR introduced the concept on the radio this morning, I was hardly surpised to hear a very garbled and oversimplified description of rootkit technology.
If Sony’s to blame, it’s because they tried to play with the computer equivilant of a sharp stick and accidentally hurt themselves. Now they’re bleeding and they don’t know what to do.
They’ll learn. Most of us are still learning about this. Only people like Russinovich really have a handle on this situation. I’m not trying to whitewash what Sony BMG is doing, but you have to allow time for the managers in suits to wrap their minds around this topic.
I place the blame squarely on First4Internet. These idiots should have known better. Their programming effort can only be described as a hack of the first order. It was sloppy to the point of carelessness.
The bottom line is that if DRM technology is going to include rootkits, then we need reasonable assurances that such rootkits are narrowly targeted, stable, and well written.