^On 10 Nov 2005 at 20:21, John Howell wrote: > OK, esteemed computer gurus: urban legend, spam or confirmed > terrorism?
It's unquestionably real. And it's very dangerous. One of the things it does is hook into low-level file I/O subroutines to hide its own files and its own activities. This is accomplished by hiding every file/directory that begins with $sys$ (or a similar such pattern -- I could be misremembering the exact prefix). Now that it's public knowledge, any hacker could exploit this on computers on which it has been installed to install their own nefarious files, as long as they name them with the same prefix. It's a hugely dangerous security hole. But the main issue is that it's a form of trespass -- they are installing software on your PC without full disclosure of the repercussions of that installation. And the really sad thing is that it's so poorly implemented that it could easily be avoided by: 1. turning off AutoPlay. 2. holding the SHIFT key when you insert a CD (which turns off AutoPlay for that CD). And, most critically: 3. running under a user-level logon that does not have adminstrative permissions on your system. This prevents the software from installing itself, as on Windows 2000 and XP, the system data areas are not available for writing by user-level logons. I have been saying for years to anyone who listens that it is complete idiocy to run a Windows PC with an administrative logon. This is a perfect example of just where avoiding that widespread practice would immunize you from a very serious problem. Sony has also been extremely evasive and untruthful in its response to this problem, having released a "fix" that doesn't fix it at all, but, in fact, extends the capabilities of the hidden programs. -- David W. Fenton http://www.bway.net/~dfenton David Fenton Associates http://www.bway.net/~dfassoc _______________________________________________ Finale mailing list [email protected] http://lists.shsu.edu/mailman/listinfo/finale
