Sony pleads innocent in latest rootkit fiasco

Sony says the rootkit-like behavior of a device driver used to run its biometric Micro Vault USM-F thumb drive was unintentional. McAfee has joined F-Secure in criticising Sony for allowing such a mistake to happen. The Micro Vault drive is a USB device featuring fingerprint-reading software intended to add an extra layer of security for PC users. McAfee reported that Taiwan's FineArt Technology, which makes encryption software for PCs and laptops, was responsible for creating the offending USB software with rootkit technology.

The criticism is reminiscent of that directed at Sony BMG Music Entertainment in November 2005, when a programmer revealed that a technique designed to cloak the company's copy-protection software for music CDs also could be used by virus writers to hide malicious software. Both F-Secure and McAfee security experts agree that the default installation path does nothing to stop malicious-software authors from copying code to a directory of their choice and executing it in that location.

News source: News.com

Report a problem with article
Previous Story

Nero Announces Nero 8 Ultra Edition

Next Story

VirtualBox 1.5.0

17 Comments

Honestly, Sony would have to be quite dumb to make the same mistake twice. I would laugh if this proved to be true.

Indeed. Let's look at it this way:
Either Sony didn't or didn't know. If they didn't know we're not going to believe them. If they did... DAMN! How stupid is that.

In either case, Sony would be wise to make ammends now, fix it without a fight or other such squabling.

Peace,
James

Me, I prefer our moron President's version:

There's an old saying in Tennessee – I know it's in Texas, probably in Tennessee – that says, fool me once, shame on – shame on you. Fool me – you can't get fooled again.

Bush video on YouTube

avidracer said,
sorry neowin, nothing new about this news. what more would anyone expect from SONY ?

True, the bigger shock would be:

"Sony stops using rootkits!"

"Sony opensources ATRAC technology"

"Sony opensources MiniDisc technology"

I guess the question is did Sony know that FineArt Technology (makers of the device driver) included the rootkit. But nobody is going to believe what they say.

F-Secure 2 - Sony 0.. I liked the latest F-Secure blog entry

We were also promised a direct contact point for future. Just in case we would again discover a rootkit or something in Sony's products. After all, we have already done it twice...

I may be alone here, but the level of criticism here is bordering on crusader zeal and perhaps even a little naïve. Okay, the last time was pretty unforgiveable, but in this instance we are looking at a product whose purpose is protecting the user's security. In that context I think it's reasonable to employ techniques such as this; admittedly though, it would have been wise and judicious to tell people what it was doing, after last time.

If any bit of malware is able to gain access to your system, and identify the presence of this "rootkit" facility, and go ahead and abuse it, I would say you have a bigger problem: your perimeter security and resident anti-malware protection are crap. If a researcher can reveal the cloaked stuff, then so can an AV program, surely?

Dakkaroth said,
Meh, it's easier for them to blame Sony. Saves them from thinking.

Excuseme but I purchased something from sony and I don't expect crap to be laden through the damn media that might cause computer problems.

When I purchase an audio cd, I just want that, an audio cd.

firstly, this is NOT a security technique

second, if you tell them theres a root kit, they will look for it and abuse it.

thirdly, huh?? your last paragraph makes no sense to me whatsoever


Kaiwai - sony stopped root kitting audio CD's years ago, totally different rootkit being talked about here, but yeah pretty much true

Commenting is disabled on this article.