F-Secure says “I told you so”:
We have just analyzed the first malware (Breplibot.b) that is trying to hide on machines that have Sony DRM software installed.
I’ve seen reports that Pest Patrol and some Norton products are now detecting the Sony rootkit.
And in the comments to a previous post in which I asked for Microsoft’s help (Dear Microsoft: Please clean up the Sony mess), my old friend Giesbert Damaschke points out an encouraging new article:
Microsoft ‘Concerned’ by Sony DRM
The Redmond, Wash., software maker said that the security of its customers’ information is a “top priority” and that the company is concerned by software like that deployed by Sony to block illegal CD copying.
However, unlike other security software vendors, Microsoft hasn’t decided whether to take more aggressive action against the product, such as detecting and removing it from systems, the spokesperson said.
Hmmm. Maybe someone could write a little tweak that causes your computer to make a loud retching sound whenever a rootkit-infected CD is inserted?
Update: Brian Krebs of the Washington Post passes along this five-year-old quote from Sony’s CEO, which discloses how the company really feels about its customers:
Sony CEO Howard Stringer, who kept the audience laughing throughout the night with a battery of quips, said, “Right now it would be possible for us, and I’ve often thought it would cheer me up to do it, you could dispatch a virus to anybody whose files contain us or Columbia records, and make them listen to four hours of Yanni … but in the end we’re going to have to get serious about encryption and digital-rights management and watermarking.”
Something tells me the tape of that conference will be played at a future trial.
And somewhere in Sony HQ, a PR person is banging her head against a desk realizing that the spin is just not working.
Ed Bott 
Look, I’m an artist. Piracy must be defeated – it’s as simple as that. The people have shown that they don’t give a crap about artist’s rights, so why should we care about theirs? They want to listen to our music, they can do it on our terms. Screw them.
And what happened to responsible disclosure anyway. Mark Russonovich has just sprouted a whole industry of viruses. He should be prosecuted to the full extent of the law. What if terrorists used this to mask their whereabouts?
Wow. Interesting point of view, if by “interesting” you mean “clueless.”
There’s an opening in Sony’s executive suite for you!
Addtional DRM thoughts.
The music industry claims that pirating hurts their profits, but they offer no proof. It would be logical to assume that pirating would hurt sales, but two economists determined that file sharing did NOT affect sales (http://www.unc.edu/~cigar/papers/FileSharing_March2004.pdf). Therefore, the basic assumption of the music industry must be challenged. Dropping sales may simply be consumer reluctance to purchase overpriced BAD music.
The copy protection/activation schemes are discussed in terms of protecting the poor corporation. What about the consumer? For example, suppose a program/music/video whatever uses DRM/activation and the company goes out of business or unilaterally decides to discontinue “support”. The unfortunate customer is left with expensive and potentially unusable software/hardware.
Sony used a stealth technology. What happens when companies use DRM technologies that may conflict with each other causing a computer crash. It will be virtually impossible to figure out the cause of the crash since the program is hidden. Attempting to trace the problem will be time consuming, expensive, may ultimately require reloading everything; not to mention the possibility of lost data. If one is operating a business, the computer downtime could result in significant revenue loss. I would also advocate that the offending company that “forced” the DRM installation to protect their profits be held liable for the any computer problems that they create. Given today’s corporate culture of “we are not responsible” I realize that this would fly like a lead balloon, but we can try and may eventually win.
The use of stealth technology implies a trustworthiness gap on the part of the vendor; clearly the companies are attempting to hide what they are doing. If one is paranoid, it is not much of a logical leap to get to dirty tricks. What is to stop one DRM program from disabling another DRM application?????