In response to the firestorm over its DRM on CDs, Sony made available last week a Web-based "uninstaller" to remove it. It appears this cure is worse than the disease.
/zimages/2/28571.gifClick here to read about how Microsoft plans to handle Sonys DRM software.
Matti Nikki of Finland was the first to figure out just what the uninstaller was doing. It seems the uninstaller puts an ActiveX control called CodeSupport on the target machine even before the uninstall URL can be obtained.
/zimages/2/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.
The control is marked "safe for scripting" and remains this way on the machine even after the uninstall process is concluded.
What this means is that any remote user can use the methods of this control to do anything.
/zimages/2/28571.gifRead the full story on Security IT Hub: Sonys Uninstaller Is Worse than Its DRM
/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.