$150: Sony’s price for 0wning a computer

That’s what FTC appeared to be doing when they finally settled with  Sony BMG over the rootkitted-CD incident. (Or as the proponents of DRM might say, “aggressive copyright protection” technology.)

According to one version of the story from Information Week, Sony did not admit to any wrong-doing– standard operating procedure for these deals– but will replace any infected CDs purchased before 2007 and also agreed to compensate customer upto $150 for damages caused by the malicious software. By one measure of market pricing, this is a hefty penalty for root-kitting a machine, considering that PCs by the thousands can be purchased for remote control botnets at better price points in the underground economy. (And at least Sony did not “exploit” the rootkitted machines the way bot-herder will.) On the other hand, one could argue Sony got off the hook too easy considering that a reputable company should never have engaged in practices that exposed users’ computers to risk. It is not clear what consumers will have to do to claim damages. Some users may have receipts from tech support services, others may have wasted hours of their own time trying to uninstall the rootkit and mitigate the vulnerability it creates. How can that loss of productivity be quantified?


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s