AT&T Tech Support 360
August 31, 2007 5:49 AM PDT
Sony pleads innocent in latest rootkit fiasco
- Related Stories
-
Security firms on police spyware, in their own words
July 17, 2007 -
Spammers phish for iPhone fans
July 2, 2007 -
Report: Rootkits becoming increasingly complex
April 18, 2007 -
Grisoft offers free rootkit fighting tool
April 10, 2007 -
PC hardware can pose rootkit threat
February 28, 2007 -
Sony settles with FTC in rootkit case
January 30, 2007 -
Sony has far to go in rootkit case
December 20, 2006 -
Security A to Z: Rootkits
November 27, 2006
Sony Sweden spokesman Fredrik Fagerstedt told local press this week that sometimes even actions undertaken with "good will" can go wrong.
Fagerstedt's comments came the same day that antivirus firm McAfee joined the growing chorus of companies criticizing Sony for compromising its customers' security. The Micro Vault drive is a USB device featuring fingerprint-reading software intended to add an extra layer of security for PC users. The software needed to be installed on the PC for the USB to work contains the rootkit technology.
The criticism is reminiscent of that directed at Sony BMG Music Entertainment in November 2005, when a programmer revealed that a technique designed to cloak the company's copy-protection software for music CDs also could be used by virus writers to hide malicious software.
McAfee reported that Taiwan's FineArt Technology, which makes encryption software for PCs and laptops, was responsible for creating the offending USB software.
"The authors apparently did not keep the security implications in mind" when designing the installation method, McAfee security specialists Aditya Kapoor and Seth Purdy wrote in a blog.
Kapoor and Purdy cataloged the incident as one of the worst examples of "nasty rootkits that use blended techniques to hide or protect themselves."
Echoing concerns expressed by another security specialist, F-Secure's Patrik Runald, the McAfee bloggers said the default installation path does nothing to stop malicious-software authors from copying code to a directory of their choice and executing it in that location.
They added that another easy hack for malicious-software authors would be to launch code from their chosen directory and add a start-up entry for the software to ensure it is hidden immediately as the PC boots up.
Sony Australia has not responded to multiple requests for comment.
Liam Tung of ZDNet Australia reported from Sydney.
See more CNET content tagged:
rootkit,
McAfee Inc.,
device driver,
Sony Corp.,
author
After Sony's first rootkit gambit I swore off all their products. No music, no electronics, no Sony period.
The thing is that Sony is more interested in protecting its own interest than ANYTHING related to its customers.
It will gladly open your machine up to hackers, if that better protects its copyrights and limits your fair use to their product.
http://forums.2kgames.com/forums/showthread.php?t=5527
So why harp on Sony about it when Microsoft allows it?
Harp on Microsoft to stop such crap from being allowed in the first place and this wouldn't be the story it hopes to become!!!
Microsoft is the culprit... NOT Sony!
FWIW
Well let's see, application whose job is to secure access to entire PC (fingerprint authentication device), should it stick all its files in some public place with "any" permissions so any 3-year-old can bypass it?
This hysteria about "rootkits" seems absurd. One wonders what else the antivirus companies are going to come up with to try to promote themselves. (or cry wolf because they are mistakenly detecting something as a "rootkit" that isn't a rootkit)
After all, we know that "FUD" is what keeps antivirus companies selling subscriptions, right?