Tuesday, November 1, 2005

Intrusion and Immersion

Two contrasting stories here. Both of them use technology to penetrate our space, and to take over the controls of what we thought was ours to control.

Rootkit for remote-controlled content management

In an impressive bit of technical wizardry, Mark Russinovich traces a practically undeletable rootkit on his Windows system to a bit of DRM software installed when he tried to listen to one of the latest Sony BMG CDs. See commentary by Adam Shostack and Bruce Schneier. And there's a reasonable introduction to rootkits on Wikipedia.

There is some speculation (apparently started by Variety magazine and propagated by Marc Perton at Engadget) that this DRM trickery on the part of Sony is designed as a strategic attack on Apple. There is a long discussion of this point on Barry Ritholtz's blog The Big Picture. But as Barry points out. you can evade Sony's trickery by buying a non-Windows machine that is less vulnerable to such tricks, such as an Apple Mac! In other words, Sony's dastardly anti-Apple campaign merely serves to encourage consumers to purchase Apple. Am I missing something here?

Meanwhile, since the rootkit is a clear violation of the integrity of the operating system, it would surely be appropriate for Microsoft to treat this as a serious malware attack, and distribute an appropriate patch that limits the powers of the Sony rootkit. Wonder if they will? (update: Yes, but reluctantly.)

DVS for remote-controlled path management

In an as-yet unconnected initiative, NTT is experimenting with what looks like an Active X control for the human brain. The technology, known as galvanic vestibular stimulation (GVS), allows a person's movements to be steered via remote control. Apparently people are volunteering in droves (if that's the right word) for this experience. See report in New Scientist.

... and finally, the trust perspective

Please don't install your rootkit onto my computer.
Please don't put your wires in my brain.

You really have to trust both the technology and the person/company deploying the technology, before you consent to these take-over tricks.

On the other hand, if you accept something like this without being made aware of the consequences, then this is a gross abuse of trust.

The trust climate has just gotten worse.

update November 18th

Bruce Schneier has written an excellent summary of the Sony rootkit affair for Wired.com. He makes the point that, while many people are already distrustful of Microsoft and are learning to be distrustful of Sony, the companies that have really let us down are the virus-protection companies who failed to prevent half a million computers being infected by a phone-home rootkit. What are we paying them for then?

No comments:

Post a Comment