Sony got caught installing malicious rootkits on music-buyers' computers as part of a misbegotten DRM system for CDs. These pose a terrible security risk and couldn't be uninstalled without killing Windows. Now Sony has issued a patch to kill the rootkit, in which they lie about the danger it posed:
SOFTWARE UPDATES/ PLUG-INS
November 2, 2005 – This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers.
What petulant jerks. Look, Sony, you got caught sleazing your customers' computers. Telling us that it wasn't so bad is just infuriating and insulting. An apology would have been better-received.
(Thanks, AV!)
Update: The plot sickens. Paul and others point out, "The patch offered by Sony does not remove the rootkit, it just gets rid of
the $sys$ cloaking. A lot of the chatter about the Sony rootkit has been
about other malware authors using files/processes/reg keys starting $sys$,
which would then be invisible on machines with the Sony rootkit installed."
Update 2: See also this post on Ed Felten's take on this software
