Quantcast

Don't have an account? Register Now! Forgot password?

Maximum IT
SEE MORE MAXIMUM IT
News

Use a Sony USB Fingerprint Reader and Thumbdrive, Get a Rootkit Free!

Posted 08/29/07 at 12:40:00 PM  by By Mark Soper

comment Commentsprint Printemail EmailDeliciousDiggStumbleUponRedditFacebookSlashdot

Sony - Slightly Smarter...

However, in a follow-up analysis two days later, F-Secure also points out that Sony has learned a few things from its 2005 fiasco:

  • The fingerprint driver software can be uninstalled easily
  • The program does not hide software or registry keys

...But Not Smart Enough 

Unfortunately, the driver can be used to hide any (!) folder (McAfee's AVERT Labs used it to hide the Windows folder and all subfolders). How long will it be before some malware writer comes up with a nasty piece of "ransomware" to take advantage of this 'feature?'

Time for a "Bill of Rootkit Rights"?

Right now, the way that some rootkits are designed and used by legitimate companies makes it easy for the bad guys to abuse a rootkit by using it to attack users' computers - and users who don't know about a particular rootkit (and don't use anti-rootkit programs) are sitting ducks. Here's my modest proposal to set up a "Bill of Rootkit Rights" for PC users:

  • Vendors should use rootkits only if other methods for protecting files and programs are not feasible
  • Users need to be notified that a rootkit will be installed when a program or device containing a rootkit is being installed or connected
  • Users should be given the option to opt-out of installing a program that uses a rootkit
  • Vendors should provide an alternative to a program that provides a rootkit whenever possible, and explain the potential security risks of not using the rootkit-enabled version
  • Vendors should provide effective uninstallers for rootkits they distribute
  • Vendors should clearly explain what the rootkit does and why they believe it's necessary to the operation of the program or device
  • Vendors should use rootkits only if the rootkits cannot be used in ways other than what the vendor intended

Sony's Micro Vault driver quite clearly fails to meet most of these proposed rules - especially the last one.

Some may argue that this level of disclosure would harm the effectiveness of a rootkit designed to perform legitimate tasks. I disagree: right now, the bad guys know about what rootkits can do - and all I'm advocating is the same level of knowledge for legitimate users. Nobody wants to install a program that can be turned into a weapon against their system or their information.

-------------------

Discover what features are great, what works, and what needs work in Windows Vista with Mark's new book Maximum PC Microsoft Windows Vista Exposed. It's now available at Amazon.com and other fine bookstores.

 

« first‹ previous12
COMMENTS:10
TAGS: windows, sony, malware, antivirus, rootkit, copy protection
COMMENTS
avatarPersonally, I do think that

Submitted by Cache on Thu, 08/30/2007 - 4:23am

Personally, I do think that any root access to a system must have additional protection--Windows should (ideally, I grant) inform a user that information will be stored as such with the option to cancel the install.

Additionally, all Sony products that use rootkits should be able to be returned open-packaged. I'm tired of these companies selling crapware, then saying you can't return it because the package has been opened.

Although I must admit--for lulz along--I would love to see Sony try and sue people for movie/music copyright violation whose systems were compromised by a Sony rootkit. The humiliation over that alone would hopefully convince Sony to cease with this once and for all.

Login or register to post comments
avatarOh, the irony!

Submitted by JC's Demon Slayer on Wed, 08/29/2007 - 5:38pm

Quote: "Nobody wants to install a program that can be turned into a weapon against their system or their information."

And yet they still install Windows, which is the epidomy of this, lol.

Login or register to post comments
avatarNot condoning Sony's practice but...

Submitted by RGCook on Wed, 08/29/2007 - 2:42pm

it seems to me that when a company goes out of its way to repeat a mistake that left lumps on its head before, there is something fundamentally wrong with the OS. Why can't the system provide a security-based API that can be trusted and robust. Instead, developers have to resort to "creative" ways to protect devices/data, e.g., rootkits. Sony's not being malicious here I believe, they are simply trying to come up with something that works. I'm not going to say Windows sux this time.

Login or register to post comments
avatarMind Boggling

Submitted by One4yu2c on Wed, 08/29/2007 - 1:13pm

It's absolutely mind boggling that after all the negative publicity Sony garnered from their first go-round with rootkits, that they've even conceive going down that road again. And the irony of including a rootkit on a product designed with enhanced security in mind.

Another great write-up Mark, and kudos on your new book - I'm looking forward to reading it!

Login or register to post comments
avatarI won't let a rootkit ruin another PC of mine

Submitted by soggybomb on Wed, 08/29/2007 - 12:42pm

The Sony rootkit got installed on my former (now trashed) laptop against my knowledge (of course). It opened up a vulnerability for a trojan called downloader.trojan to get on my computer. this trojan downloaded at least 30 other viruses and spyware that it deteriorated my system until it would take 15 minutes to boot and then would shut off. Nothing I could do about it, and i didn't get compensation.

An afterthought: what if Sony has rootkits in their bluray disks? i know there is some heavy drm, what what else lurks in those things?

Login or register to post comments
avatarGood thing I boycott Sony

Submitted by popstop785 on Wed, 08/29/2007 - 12:52pm

Good thing I do not buy Sony products.

Login or register to post comments
avatarWhat will make them stop?

Submitted by soggybomb on Wed, 08/29/2007 - 4:50pm

There needs to be a bigger motivation than a lawsuit to stop sony from doing this.

Login or register to post comments
avatarAnd don't bury the warning in the EULA

Submitted by EvilHomerGD on Wed, 08/29/2007 - 10:07am

As we all know, most people just accept the EULA without a second thought about it (I know I've even done it in the past, though I've gotten into the habit of reading them thoroughly now). Putting the warning into the EULA won't provide the vast majority of users with enough of a warning about the rootkit.

Login or register to post comments
avatarVisible disclosure's the way to go

Submitted by Marcus_Soperus on Wed, 08/29/2007 - 10:33am

I agree that the EULA's no place for adequate disclosure. The choice of whether to install a rootkit needs to be an obvious Yes/No dialog box at the start of the installation process.

Vendors who want to avoid user rebellion against sneaking rootkits onto their systems should also consider disclosing this information in product spec sheets.
----------------------------------------------
It's amazing how illogical a business built on binary logic can be.

Login or register to post comments
avatarNot buying Sony again.

Submitted by dedgar on Wed, 08/29/2007 - 10:00am

Well looks like I get to boycott Sony again. I don't think they will ever learn until someone shoves a law suit down their collective throats. Any millionaires with a lot of free time out there willing to take them on? How about a pro bono lawyer?

Login or register to post comments

This Month's Issue
Maximum PC
SUBSCRIBE NOW
AND SAVE!
FEATURE How to Get FREE Programs, Services, Software & MoreFEATURE Digital Photo Printer RoundupHOW TOBuild a 3D CameraFEATUREDIY Arcade PCWHITE PAPERHow TRIM Works