Friday, December 22, 2006

Sony, the class action lawsuit about their rootkit, and you . . .

Sony has settled on a US federal level class action lawsuit in response to the rootkits included and silently installed on computers over the last 18 months. There are some important things you should know - even if you don't currently own one of the infected CD's from BMG Sony. (More on that in a bit.)

First, for owners of the infected CD's:

Check the list of CD's that install a rootkit if your computers autoplay is enabled.

The settlement and information.

Here are some key facts as best as I currently understand them from the settlement (I am not a lawyer, these are my personal interpretations and opinions, blah blah blah.)

1) If you join the settlement for the payout - you get a little over $7, and some "free" downloads. You gain the right to use their clean-up tools on your infected computers. You lose all rights to participate in any future actions against Sony BMG regarding the rootkits. You also lose the right to ask for damages for your computers.

2) If you do nothing, you get no payout - but you are still automatically considered part of the settlement and lose all rights to participate on any other class actions against Sony BMG - although if you can afford the lawyers you can still go after them yourselves for specific damages to your computers/network.

3) If you opt out of the settlement by filing a form -online or by mail - you get no payout (like it's really worth anything anyway) but you preserve your right to be included in any future class actions. Oddly, according to the court document - by opting out you also deny yourself the use of the clean-up tools being provided by Sony BMG.

4) You may also choose to complain to the court about why you think this settlement is not the best solution to the problem. If you complain, you must also participate in this settlement. You may not opt-out and complain . . . although I have no idea why.

Personally - I choose to opt-out.

Now for the part for non-current owners of the infected CD's.

Forgetting the paltry payout (is the time you spent on removing that rootkit really worth $7.50?) there is the long term view. This rootkit infected wide audiences - including military computers. It was written so poorly that hackers used it as a backdoor to infect and hide even nastier Trojans.

Let's say hypothetically that several years from now you or your kids find one of these at a garage sale, or a used CD store, or anywhere that old unloved albums get re-distributed. It goes into an older computer, infects it, and the removal tools are long gone . . . it's system rebuild time baby!

Or think of any other scenario where one of the un-returned CD's gets into your system. On loan, inherited, you name it.

What Sony BMG needs to do - in addition to the cleaning tools, is "face the music" (ha ha) and do an actual recall on these buggers.

Here are some final links and tips:

XCP Update/Removal tool This removes the Sony rootkit. I suggest you use the remove feature, not the "update" function.

MediaMax Update/Removal tool The other Sony DRM scheme, with severe bugs. Site wants you to update, but buried deep is a Java application that purports to remove their software entirely. They also provide directions to manually remove their software (recommended!)

Protect yourself from future unexpected CD software by disabling AutoPlay:

Disable AutoPlay for Windows XP Professional
1) Click Start, Run and enter GPEDIT.MSC
2) Go to Computer Configuration, Administrative Templates, System.
3) Locate the entry for "Turn Off Autoplay" and Enable it for All Drives.
4) Reboot

Disable AutoPlay for Windows XP Home
1) Create a plain text file and copy the following into it, then save:

Windows Registry Editor Version 5.00


2) Rename the text file's extension from ".txt" to ".reg" (without the quotes)
3) Double click the new REG file and accept the system warning (OK)
4) Reboot


Thursday, December 21, 2006

Firefox released - highly recommended update

If the update is not pushed to you automagically the next time you open Firefox 2.0, then use the menu item "Help.Check for Updates" function.

Firefox release notes.

Fixes five critical vulnerabilities among other bugs. Critical bugs are defined as a vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

Tuesday, December 5, 2006

What's your real connection speed?

Speed Matters, how fast is your Internet connection?  Test by clicking on the image.

Got broadband? Are you even close to the advertised rate your DSL or Cable Internet Provider says you are getting? Check up on them from time to time and keep them honest.

Some typical results that you should see if your connection is healthy.

Advertised (Down / Up)

Connection Rates

Good (typical)

Downlink Speeds

Good (typical)

Uplink Speeds

DSL 1.5M / 128 K

DSL 3M / 256 K

DSL 5M / 768 K

DSL 9M / 1.5 M

Cable 3M / 256 K

Cable 6M / 256 K

Cable 8M / 768 K

Cable 12M / 1.0 M

Cable 20M / 1.5 M

1,200 Kbps

2,600 Kbps

4,300 Kbps

8,100 Kbps

2,400 Kbps

5,100 Kbps

7,000 Kbps

10,900 Kbps

18,000 Kbps

   120 Kbps

   236 Kbps

   746 Kbps

1,236 Kbps

230 Kbps

230 Kbps

690 Kbps

920 Kbps

1,350 Kbps

Here's another couple of great testing links. You should run multiple tests to different destinations and take the medium-highest readings as more reflective of your actual speed.

Speakeasy Multi-Destination Speed Test

DSL Reports Speedtest Selection