According to Edward Felten and Alex Halderman, it's dangerous:
Under at least some circumstances, running Sony’s Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit.
We are working furiously to nail down the details and will report our results here as soon as we can.
Update: According to USA Today
, Sony, which now says it "deeply regrets any inconvenience" people may have suffered, has decided to recall the infected CDs and will offer exchanges. Ed and Alex hope
the plan includes doing what Sony ought to have done long ago
: providing people with an easy-to-get clean-up tool that doesn't further damage their computers.
Update #2: EFF's open letter to Sony-BMG, which lists eight ways the company ought to make amends to its customers by Friday morning at 9:00 a.m. -- after which, presumably, the suggestions will become more than that.
Update #3: Security Fix: Researcher: Sony DRM on Half a Million Networks: "'It's funny, because the last time we saw these kinds of infection rates, they were because of bugs in [Microsoft] Windows that were later patched,' [security researcher Dan Kaminsky] said. 'But Sony's patch actually deploys new flaws.'"
Update #4: Wired: Sony Numbers Add Up to Trouble: "The results have surprised Kaminsky himself: 568,200 DNS servers knew about the Sony addresses. With no other reason for people to visit them, that points to one or more computers behind those DNS servers that are Sony-compromised. That's one in six DNS servers, across a statistical sampling of one third of the 9 million DNS servers Kaminsky estimates are on the net.
The damage spans 165 countries, with the top five countries being Spain, the Netherlands, Great Britain, the United States and Japan, which, with over 217,000 DNS servers reporting knowledge of Sony-related addresses, takes the top spot."
Update #5: Sony-BMG: "We currently are working on a new tool to uninstall First4Internet XCP software. In the meantime, we have temporarily suspended distribution of the existing uninstall tool for this software. We encourage you to return to this site over the next few days. Thank you for your patience and understanding."