This flap over the XCP copy protection on certain Sony CDs has been prevalent in today's news, both in mainstream and technology-based outlets. A few BitWise users have sent various links to me the past couple of weeks, though in most cases I've been following this one pretty closely already. I haven't posted yet because I didn't really have anything new to say, and what's the point of being a broken record?
However, I do have something to say now that I haven't seen talked about much elsewhere. It seems to me that part of the problem is that the Windows security model has made it so easy for this to happen. Users are administrators by default, with full access to the system. Not being an administrator makes it difficult to use your computer, so in effect it's almost a necessity to use your computer with an administrator account. Easily installing such hidden/rootkit software into the system would not be as easy on Mac OS X or on Linux, which both have better user-level accounts. But why is no one pointing this out? Sony couldn't have used the XCP "rootkit" if Windows actually had good user-level accounts. It is good that, from what I've read, Vista will finally have usable user-level accounts that will hopefully make these types of hidden attacks much less likely to happen.
So, in the end, while Sony and Microsoft may have both had a role in this terrible invasion, at least both of them have done something about it. Sony has recalled the protected CDs and provided ways to unhide the root kit, and Microsoft is improving the security model in Vista. I wouldn't call it a victory for consumers, but it's a step in the right direction, at least.
Kevin,
Microsoft has indicated it will add a Sony rootkit zapper to their anti-spyware program definitions. Made me feel a little better about the whole thing when MS did the right thing.