Quote:
Quote:
Yet, no patches from Microsoft to fix this. They don't think its a problem.

It isn't their problem. The user is the one that is installing stuff and in this case, it contains some drivers which affect how you see things.


Well, there is one problem I can see here. Users are going to the store, buying what they think is a CD Audio disc, putting it into a stock Windows PC, and a few moments later they have a rootkit installed. Beyond putting in the CD, the user didn't do anything manually to install it. All thanks to technologies Microsoft built into the OS without thinking about the security implications. True, fault lies here with Sony, but it also does indeed also have some fault with Microsoft. As a counter example, my Mac doesn't auto run CDs put into it. And if a CD did try to install something like this, I'd at least see a warning sign in the form of an Administrator password prompt that something wasn't right.

Trying to make Microsoft seem innocent when they have a very long list of problems like this is silly. Should they be free of blame for the blatent holes in IE and Active X? I will admit I am glad to see Microsoft adopting a strong security stance now, but I cringe every time they make the same mistakes some variant of Unix did 10-20 years back. They don't learn from others histories. It took until Windows 2003 SP1 to decide that having full network connectivity and things like IIS running during the install was a bad idea. Even better, they still run things like printer drivers in the kernel level, allowing some bad code from some 3rd party printer driver to enable the entire system to come tumbling down. Imagine if your a small business running a single server as both a print and file server. One minor glitch in the print subsystem, and blam, the file server is down. Thankfully Vista is addressing this, but that means we all get to pad Microsoft's bottom line a little more to have security we should already have. It's a shame they are doing this, but at least they backed away from the idea of charging for spware protection, when it was the fault of their own browser and OS integration that spyware came to be.

Anyhow, to answer FireFox a bit, Microsoft does know of the issue, and does actually have a research project on it that had led to the release of software. The Strider Ghostbuster project was started in 2004 to help address the potential problems of rootkits. Hopefully they will learn the lessons of Unix here quicker, as rootkits have been a problem in the Unix world for nearly 15 years now. Quite a bit has been done in that world to help combat them, and hopefully soon the same can be said for Microsoft.