SONY ROOTKIT

Only ZoneAlarm offered protection from the Sony Rookit threat even before it was made public, starting in July 2005. Norton & OneCare did not offer protection until later (November 2005).

Sony Rootkit response timeline

Time Event
August 10, 2000 Sony Pictures Entertainment US senior VP, Steve Heckler's keynote at Americas Conference on Information Systems (AMCIS) suggesting, "The industry will take whatever steps it needs to protect itself and protect its revenue streams." [1]
April 2005 Sony BMG began shipping CDs with rootkit-style features as part of a DRM technology. [11]
July 21, 2005 With the release of OSFirewall® in ZoneAlarm 6.0 (ZoneAlarm protected customers before the rootkit was even made public).
October 31, 2005 Mark Russinovich posted to his blog a detailed description and technical analysis of the characteristics of the software contained on Sony BMG music CDs. [2]
November 9, 2005 McAfee provides detection and partial removal of the Sony Rootkit (it doesn't remove the rootkit, only the cloaking device).
November 11, 2005 Norton provides detection and removal of the Sony Rootkit.
November 12, 2005 An article on Freedom To Tinker discusses the SunnComm DRM found on some Sony BMG CDs. [3]
November 13, 2005 Microsoft provides detection and removal of the Sony Rootkit.
November 14, 2005 Sony announces that it is pulling the rootkit CD from store shelves and offering a buy-back program.
November 15, 2005 On 2005-11-15, vnunet.com announced that Sony BMG was backing out of its copy-protection software, recalling unsold CDs from all stores, and offering consumers to exchange their CDs with versions lacking the software. [4]
November 16, 2005 US-CERT, part of the United States Department of Homeland Security, issued an advisory on XCP DRM. They said that XCP uses rootkit technology to hide certain files from the computer user, and that this technique is a security threat to computer users. [5]
November 18, 2005 Reuters reported that music publisher Sony BMG would swap affected insecure CDs for new unprotected disks as well as unprotected MP3 files. [6]
November 18, 2005 Sony BMG provided a "new and improved" removal tool to remove the rootkit component of Extended Copy Protection from affected Microsoft Windows computers. [7]
November 21, 2005 Texas Attorney General, Greg Abbott, sued Sony BMG. [8]
December 6, 2005 Sony-BMG said that 5.7 million of its CDs were shipped with SunnComm MediaMax that requires a new software patch to prevent a potential security breach in consumers' computers. [9]
May 11, 2006 Sony BMG's website offered consumers a link to "Class Action Settlement Information Regarding XCP And Mediamax Content Protection." [10]

RELATED NOTES...

[1-10] Wikipedia Entry about Sony Rootkit
http://en.wikipedia.org/wiki/2005_Sony_CD_copy_protection_scandal

[11] Sony: You don't reeeeaaaally want to uninstall, do you?
http://www.sysinternals.com/blog/2005/11/sony-you-dont-reeeeaaaally-want-to_09.html
..The DRM software Sony has been shipping on many CDs since April is cloaked with rootkit technology:. Sony denies that the rootkit poses a security...

ZoneAlarm date of Sony rootkit prevention:
July 21, 2005 with the release of OSFW in 6.0 [ZoneAlarm protected customers before the rootkit was even made public]

Sony Rootkit is publicly disclosed by Mark Russinovich:
Oct. 31, 2005
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

McAfee detection/partial removal:
[it doesn't remove the rootkit, only the cloaking device] Nov. 9, 2005

Norton detection/removal:
Nov. 11, 2005

Microsoft detection/removal:
Nov. 13, 2005

Sony announces it is pulling the rootkit CD from store shelves and offering a buy-back program:
Nov. 14, 2005