Watch out for the Sony uninstaller

Boing Boing points to an article on Freedom to Tinker about the web-based uninstaller that Sony provides for their rootkit-infested XCP DRM software. Apparently the uninstaller it potentially opens another exploitable backdoor in the OS.

According to the detailed analysis by Alex Haldeman and Ed Felten on Freedom to Tinker, the uninstaller leaves behind an ActiveX control called CodeSupport on your system. CodeSupport is marked safe for scripting, meaning that any web page can invoke it to execute a number of interesting functions, including:

Vulnerable users include those who visited Sony’s web site to remove the rootkit (which uncloaked the XCP DRM but left it intact), as well as those using Sony’s full blown XCP uninstaller. The downloadable version of the cloaked uninstaller does not install CodeSupport and thus does not expose the system to additional exploits.

It looks like Sony is now taking action to recall the affected discs. All I can say is, what took them so long?

Leave a Reply

You must be logged in to post a comment.