Agent O reinforces the need for SB to include the Sony rootkit in it's detections. By now it is clear that the antispyware/antivirus community regards the Sony DRM as a serious vulnerability, in fact from CA's PestPatrol today, quote: "These CDs install the pest XCP.Sony.Rootkit, which is a trojan that opens security vulnerabilities through rootkit functionality." http://www3.ca.com/securityadvisor/p...aspx?cid=76345
While PestPatrol detects the presence of the rootkit it is not clear to me that they will remove it. I had read that they would be able to do so with their November 11 defs but this is to be confirmed and may have referred to the cloaking aspect only.
McAfee is now "detecting and removing" the cloaking (as of Nov 9, 2005 defs) http://vil.nai.com/vil/content/v_136855.htm
but note their caveat about potential crashes in doing so, quote: "System crashes may also occur during repair using McAfee products due to issues in the First4Internet code itself." I belive that McAfee leaves the DRM software in place with the associated risks that have been identified and mentioned previously.
Symantec has started to detect the presence of the rootkit but it does not remove it. They simply suggest to the user to obtain the so called SonyBMG patch which uncloaks the files but leaves the DRM in place (replaces some files).