Sony’s DRM Uninstaller Leaves Your System Vulnerable

By Michael Santo
Contributing Writer, RealTechNews

I debated writing this because I don’t want to end up being the “Sony Writer”. This is a security risk, though, so I decided I’d write about it.

If you recall my post about the hoops you have to jump through in order to uninstall the Sony DRM, it wasn’t easy to get rid of. However, if any of you have done this, you’ve left your system open to potential attacks.

The flaw was discovered over the weekend by a Finnish researcher and confirmed by a team of Princeton scientists on Monday. To be brief, the CodeSupport ActiveX control that’s downloaded when you fill out a web form (see my previous story as linked above) is still marked as “safe” for scripting even after the user leaves Sony’s website.

What does this mean? Any site could call the CodeSupport file and ask it to perform functions, such as downloading and installing code. The software does not make sure the code it is running actually comes from Sony, so it’s an open door.

The Princeton team has a blog entry here at Freedom-to-Tinker.com that has more details as well as tips and tools for detecting and deleting CodeSupport.

We Say: Aaagh. It seems like this will never end. Things just get worse and worse for Sony, and to be honest, for affected consumers as well.