Print
However, in a follow-up analysis two days later, F-Secure also points out that Sony has learned a few things from its 2005 fiasco:
Unfortunately, the driver can be used to hide any (!) folder (McAfee's AVERT Labs used it to hide the Windows folder and all subfolders). How long will it be before some malware writer comes up with a nasty piece of "ransomware" to take advantage of this 'feature?'
Right now, the way that some rootkits are designed and used by legitimate companies makes it easy for the bad guys to abuse a rootkit by using it to attack users' computers - and users who don't know about a particular rootkit (and don't use anti-rootkit programs) are sitting ducks. Here's my modest proposal to set up a "Bill of Rootkit Rights" for PC users:
Sony's Micro Vault driver quite clearly fails to meet most of these proposed rules - especially the last one.
Some may argue that this level of disclosure would harm the effectiveness of a rootkit designed to perform legitimate tasks. I disagree: right now, the bad guys know about what rootkits can do - and all I'm advocating is the same level of knowledge for legitimate users. Nobody wants to install a program that can be turned into a weapon against their system or their information.
-------------------
Discover what features are great, what works, and what needs work in Windows Vista with Mark's new book Maximum PC Microsoft Windows Vista Exposed. It's now available at Amazon.com and other fine bookstores.
Comments are closed on this article
Cache
August 30, 2007 at 5:23am
Personally, I do think that any root access to a system must have additional protection--Windows should (ideally, I grant) inform a user that information will be stored as such with the option to cancel the install.
Additionally, all Sony products that use rootkits should be able to be returned open-packaged. I'm tired of these companies selling crapware, then saying you can't return it because the package has been opened.
Although I must admit--for lulz along--I would love to see Sony try and sue people for movie/music copyright violation whose systems were compromised by a Sony rootkit. The humiliation over that alone would hopefully convince Sony to cease with this once and for all.
JC's Demon Slayer
August 29, 2007 at 6:38pm
Quote: "Nobody wants to install a program that can be turned into a weapon against their system or their information."
And yet they still install Windows, which is the epidomy of this, lol.
RGCook
August 29, 2007 at 3:42pm
it seems to me that when a company goes out of its way to repeat a mistake that left lumps on its head before, there is something fundamentally wrong with the OS. Why can't the system provide a security-based API that can be trusted and robust. Instead, developers have to resort to "creative" ways to protect devices/data, e.g., rootkits. Sony's not being malicious here I believe, they are simply trying to come up with something that works. I'm not going to say Windows sux this time.
Paul_Lilly
August 29, 2007 at 2:13pm
It's absolutely mind boggling that after all the negative publicity Sony garnered from their first go-round with rootkits, that they've even conceive going down that road again. And the irony of including a rootkit on a product designed with enhanced security in mind.
Another great write-up Mark, and kudos on your new book - I'm looking forward to reading it!
soggybomb
August 29, 2007 at 1:42pm
The Sony rootkit got installed on my former (now trashed) laptop against my knowledge (of course). It opened up a vulnerability for a trojan called downloader.trojan to get on my computer. this trojan downloaded at least 30 other viruses and spyware that it deteriorated my system until it would take 15 minutes to boot and then would shut off. Nothing I could do about it, and i didn't get compensation.
An afterthought: what if Sony has rootkits in their bluray disks? i know there is some heavy drm, what what else lurks in those things?
soggybomb
August 29, 2007 at 5:50pm
There needs to be a bigger motivation than a lawsuit to stop sony from doing this.
EvilHomerGD
August 29, 2007 at 11:07am
As we all know, most people just accept the EULA without a second thought about it (I know I've even done it in the past, though I've gotten into the habit of reading them thoroughly now). Putting the warning into the EULA won't provide the vast majority of users with enough of a warning about the rootkit.
Marcus_Soperus
August 29, 2007 at 11:33am
I agree that the EULA's no place for adequate disclosure. The choice of whether to install a rootkit needs to be an obvious Yes/No dialog box at the start of the installation process.
Vendors who want to avoid user rebellion against sneaking rootkits onto their systems should also consider disclosing this information in product spec sheets.
----------------------------------------------
It's amazing how illogical a business built on binary logic can be.
dedgar
August 29, 2007 at 11:00am
Well looks like I get to boycott Sony again. I don't think they will ever learn until someone shoves a law suit down their collective throats. Any millionaires with a lot of free time out there willing to take them on? How about a pro bono lawyer?
