New Sony rootkit scandal?
p2pnet news | Security:- Is it possible? Could Sony be stupid enough to get itself involved in another rootkit scandal?
If Finland’s if F-Secure is correct, the answer to both questions is Yes.
Years after Mark Russinovich and F-Secure separately caught Sony red-handed secretly installing dangerous DRM spyware in the computers of people who’d bought its music CDs, Sony is at it again, blogs F-Secure’s Mikko Hyponnen.
“Monday’s post disclosed our investigation of Sony’s MicroVault USM-F fingerprint reader software,” he says, going on, “Sony’s software installs a driver that creates a hidden folder using rootkit techniques.”
Is it as lethal bad as the first Sony BMG XCP DRM case?
No, because, “The user understands that he is installing software, it’s on the included CD, and has a standard method of uninstalling that software.”
Hyponnen adds:
The fingerprint driver does not hide its folder as “deeply” as does the XCP DRM folder. The MicroVault software probably wouldn’t hide malware as effectively from (some) real-time antivirus scanners.
The Microvault software does not hide processes or registry keys. XCP DRM did.
It’s also trickier to run executables from the hidden directory than with XCP. However, it can be done.
And lastly, there seems to be a use-case: The cloaking is most likely used to protect fingerprint authentication from tampering. Sony is attempting to protect the user’s own data. In the DRM case, Sony was attempting to restrict you – the user – from accessing the music on the CD you bought. So their intent was more beneficial to the consumer in this case.
But it isn’t over yet.
The latest (will there be more?) Sony rootkit can still be downloaded from sony.net and can be used by any malware author to hide any folder, says F-Secure, adding:
“We didn’t want to go into the details about this in our public postings, but we suppose the cat’s out of the bag now that our friends at McAfee blogged about this yesterday. If you simply extract one executable from the package and include it with malware, it will hide that malware’s folder, no questions asked.
“We still haven’t received any kind of response from Sony International. Sony Sweden did however confirm in a public IDG story that the rootkit is indeed part of their software.”
Stay tuned.
Also See:
separately caught Sony red-handed – New: Sony BMG rootkit DRM, November 1, 2005
F-Secure – Sony’s USB Rootkit vs Sony’s Music Rootkit, August 29, 2007
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
August 29th, 2007 at 12:39 pm
Okay…
Pay for your music = get music you are restricted from doing what you want with, that won’t work with some ripping software, MP3 players, iPods, etc.
“Steal” your music = get music you can do what you want with that is fully compatible with 99.9% of the audio devices and software out there today.
It seems that Sony’s failed to observe the #1 rule of making sales: giving the customer good reasons to purchase your product over all the other competitors’ products out there. There’s no real benefit to paying for DRM-locked music, because the “stolen” version of the same music is a better quality product at a lower price.
August 30th, 2007 at 12:53 pm
Not only those reasons given aboveare reasons to stay away from sony music…but WHY would you TRUST Sony when you know abouit their behavior in the past?
If you still buy sony music products, you have no one to blame but your stupid self for what you get!
It is as simple as that.