News

Use a Sony USB Fingerprint Reader and Thumbdrive, Get a Rootkit Free!

Posted 08/29/07 at 12:40:00 PM |  by By Mark Soper

comment Commentsprint Printemail EmailDeliciousDiggStumbleUponReddit

In 2005, Sony added "rootkit" to the vocabulary of computer users across the world when it added hidden copy protection software to its music CDs. Two years later, history seems to be repeating itself.

Rootkits 101

What's a rootkit? In case you slept through the Sony music CD debacle, a rootkit is a program that hides its presence from normal operating system interfaces. A Windows rootkit, for example, will not show up in Windows Explorer. Depending upon its design, a rootkit can hide files and folders, registry keys, or other system components.

Rootkits can be used in a variety of ways: Sony used two different rootkits to prevent copying of music CDs by computer users in 2005, while other rootkits have been used to run security programs, run malware to attack systems, and so forth. While some users will object to any rootkit, no matter its purpose, others will be more concerned if the rootkit makes it easy for others to attack your PC.

What's Wrong with Rootkits

Sony's 2005 rootkits provided a vivid demonstration of everything a company that uses rootkit technology can do wrong:

  • Users weren't notified of the presence of the rootkit by the end-user license agreement
  • The copy-protection programs Sony installed as rootkits didn't prevent malware such as Backdoor.Ryknos.B (also known as Breplibot.C and others) from hiding themselves in the rootkits' own folders
  • The programs hiding in the rootkit degraded system performance
  • The programs could not be removed with normal uninstall routines

Sony eventually wound up recalling over 100 music CD titles that used the rootkits and shelled out millions of dollars in settlements.

Sony Rootkit, Part Deux

Monday, anti-malware vendor F-Secure announced that Sony's MicroVault USM-F line of USB flash drives with onboard fingerprint readers create a folder invisible to Windows that is used for the fingerprint reader's software and data files. While this method helps protect the reader from tampering, F-Secure points out that the hidden folder can also be accessed from the command prompt, can be used to store additional files, and could be exploited by hackers as a location for storing malware. In other words, whether Sony intended it or not, the MicroVault fingerprint readers install a rootkit on your PC that can be exploited as a security risk.

12next ›last »
COMMENTS:
10
TAGS: 
windows, sony, malware, antivirus, rootkit, copy protection
comment Commentsprint Printemail EmailDeliciousDiggStumbleUponReddit
COMMENTS
avatarPersonally, I do think that

Submitted by Cache on Thu, 2007-08-30 05:23

Personally, I do think that any root access to a system must have additional protection--Windows should (ideally, I grant) inform a user that information will be stored as such with the option to cancel the install.

Additionally, all Sony products that use rootkits should be able to be returned open-packaged. I'm tired of these companies selling crapware, then saying you can't return it because the package has been opened.

Although I must admit--for lulz along--I would love to see Sony try and sue people for movie/music copyright violation whose systems were compromised by a Sony rootkit. The humiliation over that alone would hopefully convince Sony to cease with this once and for all.

Login or register to post comments
avatarOh, the irony!

Submitted by JC's Demon Slayer on Wed, 2007-08-29 18:38

Quote: "Nobody wants to install a program that can be turned into a weapon against their system or their information."

And yet they still install Windows, which is the epidomy of this, lol.

Login or register to post comments
avatarNot condoning Sony's practice but...

Submitted by RGCook on Wed, 2007-08-29 15:42

it seems to me that when a company goes out of its way to repeat a mistake that left lumps on its head before, there is something fundamentally wrong with the OS. Why can't the system provide a security-based API that can be trusted and robust. Instead, developers have to resort to "creative" ways to protect devices/data, e.g., rootkits. Sony's not being malicious here I believe, they are simply trying to come up with something that works. I'm not going to say Windows sux this time.

Login or register to post comments
avatarMind Boggling

Submitted by One4yu2c on Wed, 2007-08-29 14:13

It's absolutely mind boggling that after all the negative publicity Sony garnered from their first go-round with rootkits, that they've even conceive going down that road again. And the irony of including a rootkit on a product designed with enhanced security in mind.

Another great write-up Mark, and kudos on your new book - I'm looking forward to reading it!

Login or register to post comments
avatarI won't let a rootkit ruin another PC of mine

Submitted by soggybomb on Wed, 2007-08-29 13:42

The Sony rootkit got installed on my former (now trashed) laptop against my knowledge (of course). It opened up a vulnerability for a trojan called downloader.trojan to get on my computer. this trojan downloaded at least 30 other viruses and spyware that it deteriorated my system until it would take 15 minutes to boot and then would shut off. Nothing I could do about it, and i didn't get compensation.

An afterthought: what if Sony has rootkits in their bluray disks? i know there is some heavy drm, what what else lurks in those things?

Login or register to post comments
avatarGood thing I boycott Sony

Submitted by popstop785 on Wed, 2007-08-29 13:52

Good thing I do not buy Sony products.

Login or register to post comments
avatarWhat will make them stop?

Submitted by soggybomb on Wed, 2007-08-29 17:50

There needs to be a bigger motivation than a lawsuit to stop sony from doing this.

Login or register to post comments
avatarAnd don't bury the warning in the EULA

Submitted by EvilHomerGD on Wed, 2007-08-29 11:07

As we all know, most people just accept the EULA without a second thought about it (I know I've even done it in the past, though I've gotten into the habit of reading them thoroughly now). Putting the warning into the EULA won't provide the vast majority of users with enough of a warning about the rootkit.

Login or register to post comments
avatarVisible disclosure's the way to go

Submitted by Marcus_Soperus on Wed, 2007-08-29 11:33

I agree that the EULA's no place for adequate disclosure. The choice of whether to install a rootkit needs to be an obvious Yes/No dialog box at the start of the installation process.

Vendors who want to avoid user rebellion against sneaking rootkits onto their systems should also consider disclosing this information in product spec sheets.
----------------------------------------------
It's amazing how illogical a business built on binary logic can be.

Login or register to post comments
avatarNot buying Sony again.

Submitted by dedgar on Wed, 2007-08-29 11:00

Well looks like I get to boycott Sony again. I don't think they will ever learn until someone shoves a law suit down their collective throats. Any millionaires with a lot of free time out there willing to take them on? How about a pro bono lawyer?

Login or register to post comments
RESOURCE CENTER

THIS MONTH's ISSUE
Maximum PC
FEATURE Windows Tips: Find out what works and what doesn't as we test the most commonly prescribed Windows tipsHOW TO Customize and streamline your Windows desktop Core i7 Check out Intel's next-gen chip, up close and personal The Reactor We preview the first production-ready oil-immersed PC
Get your free trial issue

Don't have an account? Register Now! Forgot password?