[Web4lib] Sony and Operating System
Rudy Leon
rudy.leon at gmail.com
Wed Nov 16 11:08:39 EST 2005
Chronicle of Higher Ed Wired Campus Blog picked up a BusinessWeek
article highlighting that the software Sony is providing to remove the
rootkit causes substantial security risks as well. BusinessWeek
Article:
http://www.businessweek.com/ap/financialnews/D8DT2KF02.htm?campaign_id=apn_tech_down&chan=tc
Chronicle blog entry:
http://wiredcampus.chronicle.com/2005/11/_dangers_of_lis.html
On 11/15/05, Martin Wallace <mwallace at library.unt.edu> wrote:
> Sony has apparently discontinued this practice and is now recalling all
> rootkit enabled CDs:
>
> http://news.com.com/Sony+recalls+risky+rootkit+CDs/2100-7349_3-5954154.html
>
>
>
> >>> "Robin Boulton" <rboulton at linc.lib.il.us> 11/09/05 3:29 PM >>>
> I heard about this first on NPR about a week ago. It hasn't been an
> issue
> for me - and it won't; I would never (knowingly) allow Sony or anyone
> else
> to put rootkit software on a machine under my control. This is one
> service I
> will *not* be extending to patrons if I can possible stop it.
>
>
>
> > -----Original Message-----
> > From: web4lib-bounces at webjunction.org
> > [mailto:web4lib-bounces at webjunction.org] On Behalf Of Thomas,
> > Susan Elaine
> > Sent: Wednesday, November 09, 2005 1:35 PM
> > To: Web4Lib
> > Subject: [Web4lib] Sony and Operating System
> >
> > This message comes for the AUTOCAT listserv. Has anyone else
> > encountered this problem and if so what actions have you
> > taken, if any?
> >
> > Susan Thomas
> > Head of Collection Development
> > Schurz Library
> > Indiana University South Bend
> > (574) 520-5500
> > suethoma at iusb.edu
> >
> >
> > I don't know if anyone has been following this, but for those
> > of you who have collections with CDs, be aware that there is
> > a potentially fatal problem with the new anti-piracy software
> > that comes with new Song/BMG titles. These CDs come bundled
> > with their own player, which has to be installed in order for
> > the CD to run. This program then limits the number of copies
> > that can be made from the CD to three. However, in doing this
> > it also installs a rootkit.
> >
> > Rootkits, according to Mark Russinovich, who writes a
> > computer blog, are "cloaking technologies that hide files,
> > Registry keys, and other system objects from diagnostic and
> > security software, and they are usually employed by malware
> > attempting to keep their implementation hidden."
> > What this rootkit does is actually rewrite parts of the code
> > on your OS.
> > Trying to delete these files may cripple your system, and may
> > leave it vulnerable to other viruses and worms that
> > capitalize on security weaknesses in the new code. It may
> > also lead to the "Blue Screen of Death" and potential loss of data.
> >
> > Note that nowhere in the licensing agreement we all click
> > without reading does it say that using the CD will alter your
> > OS or rewrite your computer's code. It is also very hard to
> > get the uninstall program from Sony, and it doesn't seem to
> > work very well if you do get it.
> >
> > The original problem was noted in Russovich's blog:
> > http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-dig
> > ital-right
> > s.html
> >
> > and its follow-up:
> > http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerou
> > s-decloaki
> > ng.html
> >
> > It has also been covered by several news outlets and on it security
> > websites:
> > http://www.enterpriseitplanet.com/security/news/article.php/3561181
> >
> > http://blogs.washingtonpost.com/securityfix/2005/11/hackers_ra
> > id_so_1.ht
> > ml
> > (this has good links to other ariticles as well)
> >
> > Because libraries buy and circulate CD copies to mulitple
> > users, you may want to take a look at the CDs in your
> > collection and avoid these. Apart from the spyware and
> > privacy aspects, this is potentially a huge security problem,
> > and may actually cause Windows PCs to fail. Caveat emptor.
> >
> > Amanda Sprochi
> > Health Sciences Cataloger
> > J. Otto Lottes Health Sciences Library
> > University of Missouri-Columbia
> > Health Sciences Center
> > One Hospital Drive
> > Columbia, MO 65212
> > (573) 882-0461
> > sprochia at health.missouri.edu
> > -----Original Message-----
> > From: web4lib-bounces at webjunction.org
> > [mailto:web4lib-bounces at webjunction.org] On Behalf Of Reynolds, Bess
> > Sent: Wednesday, November 09, 2005 1:04 PM
> > To: kgs at bluehighways.com; Web4Lib
> > Subject: RE: [Web4lib] Google Print NYPL Event November 17
> >
> > For those of you on the east coast, tickets are now on sale
> > for an event at the New York Public Library on November 17.
> > http://smarttix.com/show.aspx?showCode=BAT2
> >
> > "The Battle Over Books" co-sponsored by Wired Magazine and featuring
> :
> >
> > Allan Adler, Association of American Publishers Chris
> > Anderson, Wired Magazine David Drummond, Google Paul LeClerc
> > & David Ferriero, The New York Public Library Lawrence
> > Lessig, Stanford Law School Nick Taylor, The Authors Guild
> >
> > Bess Reynolds
> > Technical Services Manager
> > Debevoise & Plimpton LLP
> >
> >
> > -----Original Message-----
> > From: web4lib-bounces at webjunction.org
> > [mailto:web4lib-bounces at webjunction.org] On Behalf Of K.G. Schneider
> > Sent: Wednesday, November 09, 2005 10:52 AM
> > To: 'Web4Lib'
> > Subject: RE: [Web4lib] Google Print
> >
> > > For the digitizing project, it seems a fair question to
> > ask if Google
> > > Print fully exploits the existing catalog records for each
> > book out of
> > > the cooperating libraries. They say a library spends as
> > much money on
> > > an original catalog entry as they do to buy most books. So
> > the manual
> > labor
> > > has
> > > already been paid for by the libraries themselves.
> > > (Hmmm, another way in which Google may be getting an
> > incredibly good
> > > deal.)
> >
> > If they are using the human-generated metadata, this makes me
> > wonder if Google has a stake in humans continuing to produce
> > this metadata? (Put it another way, would Google pay for cataloging?)
>
> >
> > If they aren't using it, and they create a system that works
> > well without it, what does that say about the future of the
> > ILS? (That's bordering on a rhetorical question...)
> >
> > I bet they're using it to figure out how to mimic its
> > function through AI.
> >
> > Karen G. Schneider
> > kgs at bluehighways.com
> >
> > _______________________________________________
> > Web4lib mailing list
> > Web4lib at webjunction.org
> > http://lists.webjunction.org/web4lib/
> >
> >
> > _______________________________________________
> > Web4lib mailing list
> > Web4lib at webjunction.org
> > http://lists.webjunction.org/web4lib/
> > _______________________________________________
> > Web4lib mailing list
> > Web4lib at webjunction.org
> > http://lists.webjunction.org/web4lib/
>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
--
Rudy Leon
Instruction & Collection Development Librarian
College Libraries
SUNY Potsdam
(315) 267-3309
AIM: leonre3309
More information about the Web4lib
mailing list