[funsec] Sony DRM Rootkit (again) and questions about its disclosure...

Pierre Vandevenne pierre at datarescue.com
Thu Nov 17 14:39:37 CST 2005


Good Day,

BB> They need to stop being wusses, and detect solely based on behavior, and
BB> not license.

They're businesses :-) I've obviously dealt with a lot of AV companies
and I've dealt with Sony. I've got a private "ethics" scale which I
won't disclose, but I can certainly say that Sony is NOT at the
bottom, far from it.

I should probably shut up and surf on the tide but I am actually
positively impressed by Sony's reaction speed and their attitude,
given the size of the company and the stakes involved. I find their
response timely and appropriate, given the scope of the problem and
the publicity it gets. Of course, it is a bit weak on the technical
side, but one can't realistically expect big companies like that to be
ideally informed at that level. Many companies/organizations have
reacted in a worse way (Adobe vs Sklyarov, Felten vs RIAA, Cisco...)
than Sony.

BB> ramped back up, and way surpassed anything that went on back then.
BB> Thanks, DMCA!

In a way, yes. But, in some ways, the consumer is really getting what
he deserves.

BB> If you insist on having copy protection, then IDA Pro is a good example
BB> of how to do it nicely.

But one could argue that it doesn't work. It is good enough today, and
we generally have a good relationship with our customer base in a
niche market, but our web server logs are... hmmmm... interesting.

Well, actually, it work in 99.99% of the cases, which speaks highly of
our customers, but is unfortunately bad enough to lead to
statistically amusing facts.... (more about this later, elsewhere)

BB> You punish the paying customer as little as 
BB> possible.  The big media comapnies haven't gotten that message.

Our customer base is very different. The issue is quite complex, not
simply black/white imho.


-- 
Best regards,
 Pierre                            mailto:pierre at datarescue.com



More information about the funsec mailing list