In some un-surprising news in the continuing Sony rootkit drama, it appears that Sony was made aware
of the problem long before it was known to the public, and chose to sit on it rather than take a proactive approach. When the knowledge first came out a month ago, it was assumed that Sony didn't understand that the security vulnerability existed. However, it now appears that nearly a month before Mark Russinovich first made the discovery of the DRM software public, anti-virus company F-Secure had spotted the hole and alerted Sony to the gravity of the situation.
"If [Sony] had woken up and smelled the coffee when we told them there was a problem, they could have avoided this trouble," says Mikko H. Hypponen, F-Secure's director of antivirus research.
Originally providing a patch, Sony eventually recalled millions of the actual discs when the patch often botched things up even more. Though the fine details are in dispute and Sony has now taken steps to correct its actions, one thing remains true: XCP(the DRM software coupled with the CDs) has turned into a disaster for Sony, both in public relations and product.