Back to top

Sony DRM Uninstaller creates enormous security hole - for some

Maybe you've been following this, maybe you haven't. Basically, music CDs from Sony have contained a piece of "DRM" software which, when run on a windows computer, installs itself in a hidden manner.

Many people have written about this. As a result of public outcry, Sony has agreed not to do this any more and has provided software which removes the orginal offending DRM software.

Just recently some folks are starting to point out that there is a flaw in the uninstaller that sony provided. The flaw causes people who use it to have their computers open to malicious ActiveX software. According to the Princeton folks who researched this: "It allows any web page you visit to download, install, and run any code it likes on your computer." There's only one small problem with that statement which is, of course, that it won't affect you if you are using Mozilla and/or Firefox. And none of this affects you if you were using Linux or MacOSX from the beginning.

[EDIT: Apparently Sony wanted to nail Macs with the DRM software as well - I'm not sure if it would impact IE for Mac, but most Mac users use Safari or Firefox or Camino as their browser anyway, the ActiveX problem isn't a problem for them.]

People Involved: