The Sony rootkit only works on Windows and Sony's use is atypical (rootkits are usually used by crackers to gain administrator control of a system, not by music companies to implement DRM).
DavidCar said:
I don't do root access, or network access, and I don't believe in Elvis sightings, so it seems I'm safe.
Safe is a relative term. Mac OS X is based on Unix and has very good user managment and segregation but all OS's have security flaws including Linux, BSD and Mac OS X. In order to install and activate a root kit, joe cracker has to have root access on your system. There are many techniques to achieve this (including simply asking the user to enter the root password) - but most often they involve covertly exploiting a security vulnerability in a system service.
Here is a technical document describing one such vulnerability (this is a very old one that Apple fixed ages ago). This particular vulnerability can be exploted by sending a series of carefully crafted network packets to the target computer, resulting in the cracker gaining access to an unpriviledged account. Once they have that, they can upload the root kit and execute it, gaining them a root account.
As mentioned in
the article, such an attack would be beyond most script kiddies and so the likelyhood of your particular system being cracked is low, but crucially it isn't zero. There are some simple things you can do to further reduce the risks:
* run SoftwareUpdate on a regular basis and always install the security updates as soon as you can
* If you are a system administrator (or have a general interest in security), monitor the security mailing lists such as Bugtraq, CERT, FIRST and SecureMac.
* teach yourself about Unix and Mac OS X security
* use the techniques listed in the article (such as installing tripwire and rootkit sniffers)
* set up a proper filewall machine between your Internet router and your home network. Any old PC makes a good firewall machine and you'll find free firewall software on the Internet (try IPcop, m0n0wall or smoothwall).