Just plain "Bad software"
I've got no arguement with anyone's analysis of the software, it's obviously not well written and by using the same techniques as malware, put's itself at risk of exactly what's happened already.
My position perfectly mirrors the first paragraph of the F-Secure Conclusion section which 'el cpu' left out in the quote above:
Quote:
Conclusion
The DRM software does not self-replicate and doesn't contain malicious features and should thus be considered a false positive, triggered by the advanced hiding techniques used by the software.
http://www.f-secure.com/v-descs/xcp_drm.shtml
Though it's badly written and may create a potential hiding place for true malware, nothing described has made this program itself malware. At best it deserves the PUPs 'Possibly Unwanted Program' designation created by Team Spybot for exactly such situations. This would allow optional removal of the software without marking it as malware itself, also requiring the user to check the removal box which is unchecked by default.
My concern is that by considering this software for a malware rating, an antispyware organization would be placing itself at risk of a valid legal suit by the RIAA, which would have to protect its right to copy-protection. This also places them directly in the middle of the RIAA and everyone who hates them, a no win situation from the start and an already hopeless legal mess. No antispyware organization needs to create such an obvious problem for itself and allow it to drain their already limited resources.
Note that all the press has already resulted in exactly what I mentioned it would, Sony has had to respond. They've offered a method to uninstall the software and been forced to respond publicly. Undoubtedly they'll have to respond further over the coming days and weeks by improving/replacing the copy-protection software and installation notification within the associated EULA. All of this is exactly what should happen.
The idea that antimalware exist's to remove every peice of software that creates even a potential issue is getting streched here. By this standard, Internet Explorer and even the Windows OS itself should be removed by antimalware. There must be a solid criteria for such decisions which as I understand, the ASC was created to help provide. Hopefully Team Spybot and other members of this group have defined a way to deal with such situations. We shall see.