Rootkit woes for Sony again?
Remember the hubbub over Sony BMG Music Entertainment's rootkit debacle, involving its CDs?
Well, another arm of Sony, this time Sony Electronics, may face a little of the brouhaha, as well.
According to a blog posting Monday by F-Secure, Sony's Micro Vault USM-F thumb drive comes with software that contains a rootkit.
For those who missed out on the Sony BMG fiasco, a rootkit is a tool that can cloak the presence of certain files or processes and prevent users from performing certain tasks on their computer. While Sony BMG used the rootkits as a means to prevent the pirating of their artists' work, it also had the potential side affect of allowing attackers to hide their malicious software if it made its way onto users' systems.
F-Secure says Sony's Micro Vault USB drive fingerprint reader software installs a driver that hides a directory under "c:\windows\". As a result, that directory and the files within it don't show up in the Windows API, when trying to count files and subdirectories.
It's an ironic twist, considering fingerprint readers are designed to add another lay of security.
"It is our belief that the Micro Vault software hides this folder to somehow protect the fingerprint authentication from tampering and bypass," F-Secure's blog posting notes. "However, we feel that rootkit-like cloaking techniques are not the right way to go here."
The security firm also notes that when the Sony BMG rootkit debacle flared up in 2005, malicious software with rootkits was not pervasive. But over the past two years, a number of malicious versions have popped up that include rootkit cloaking techniques.
UPDATE
Users who are out shopping for a Sony Micro Vault USB this year won't have the same problem, said a Sony spokesman. He noted that the USM-F version was discontinued last year and it was the only Micro Vault that came with a fingerprint reader feature.
Dawn Kawamoto covers enterprise security and financial news relating to technology for CNET News. E-mail Dawn.
another Sony product since the las fiasco and this just reinforces
my feeling that I was right.
Here's a better definition: A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes.
1. There's no cracking here; I'm sure the license agreement is very precise on what this software will or won't do.
2. There's no permanency; I'd bet the software has an uninstall tool.
moreover
3. There is no malicious intent !
Now you can try to argue that the driver itself may (who knows ?) have flaws that would allow any unrecognized applications to live under this hidden folder. Three things: a) if Windows can't find it, and the malicious file riding the door left open by the driver does not have the collaboration of the driver to let Windows find it, then it won't load, period. b) Did you obtain a disassembly of the code, or did you just guess that it may bring in vulnerabilities "cuz you never know" ? c) If the driver uses the most common types of cloaking, the cloaking will only be truly effective against nefarious software; good anti-virus software, with their greater legitimate access to a system and far greater testing and implementation resources, will locate all the files in this hidden folder in case static data is of concern to you.
This is either sensationalistic reporting, or some guy who really has no clue what he is talking about.
http://en.wikipedia.org/wiki/Rootkit
--mark d.
You have not established any arguments to tell us how you think your understanding differs from mine, though; that make sit difficult to figure out what your contention is.
You complain that a root kit's doesn't hide itself for self-defense. But from the Wikipedia article:
"A rootkit's purpose is typically to hide files, network connections, memory addresses, or registry entries from other programs used by system administrators to detect intended or unintended special privilege accesses to the computer resources."
You complain there's no cracking. Then I guess the Sony/BMG root kit isn't a root kit by your defintion. But, referring to the Wikipedia article again:
"Rootkits are not always used to attack and gain control of a computer. Some software may use rootkits to hide from 3rd party scanners to prevent detection or tampering. Some emulation software and security software is known to be using rootkits."
You complain about a lack of permanency and presume a removal tool. Yet, two applications that use rootkits cited in the Wikipedia article include Alcohol 120 and Daemon Tools, commericial app's that I'd bet a dollar to a donut have removal tools (a much safer bet than anything from Sony having one, if history is any indication!).
--mark d.
- sony micro vault
-
by alexab99
September 21, 2007 4:03 AM PDT
- I have a Sony Micro vault usb memory device.
-
Reply to this comment
-
(12 Comments)I worked for about a month and then "failed".
I was unable to access it as a drive.
It would not reformat.
Any advice appreciated.