Real Story of the Rogue Rootkit, Bruce Schneier on the Sony debacle. Bruce points out that Microsoft and anti-malware companies should have responded when Sony launched this software many months ago, but they are only responding now due to public outcry. The reaction represents a double-standard about malware: It's wrong if it comes from organized crime, but OK if it comes from a big company. Does this double-standard represent collusion that undermines our ability to trust providers of security software that's meant to protect us from this sort of thing?

In the case of Microsoft, perhaps, but otherwise it seems just as likely—and just as nasty—that security providers were afraid that disabling Sony's malware might appear to be assisting circumvention of copy protection technology. McAfee and Symantec didn't respond to Sony's software until this month, and so far are only willing to disable the cloaking feature, even though much of what the software does beyond the cloaking is destructive and excessive with regards to the stated goals of the software (preventing MP3s from being made from the CD contents) and within the definition of malware (such as spyware).