×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Another Sony Rootkit?

ScuttleMonkey posted more than 6 years ago | from the slow-learners dept.

Security 317

An anonymous reader writes to tell us F-Secure is reporting that the drivers for Sony Microvault USB sticks uses rootkit techniques to hide a directory from the Windows API. "This USB stick with rootkit-like behavior is closely related to the Sony BMG case. First of all, it is another case where rootkit-like cloaking is ill advisedly used in commercial software. Also, the USB sticks we ordered are products of the same company — Sony Corporation. The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:\windows\". So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

317 comments

Sony (4, Interesting)

jshriverWVU (810740) | more than 6 years ago | (#20371527)

What happened to Sony? Growing up they always seemed like a great tech company, pumping out quality products that most people liked. When did politics and this kinda crap really start. It's sad.

Re:Sony (5, Interesting)

Prof.Phreak (584152) | more than 6 years ago | (#20371589)

It started when they became an entertainment corp, rather than a technology corp.

Re:Sony (3, Funny)

hackstraw (262471) | more than 6 years ago | (#20371873)

It started when they became an entertainment corp, rather than a technology corp.

So, are rootkits entertainment or technology?

Re:Sony (5, Funny)

Anonymous Coward | more than 6 years ago | (#20371945)

I'm finding this all quite entertaining, I must say. So I think that's your answer.

Re:Sony (2, Interesting)

FatAlb3rt (533682) | more than 6 years ago | (#20371597)

Seems like they've been pushing their own proprietary stuff for the past 20 yrs - most recently Blue Ray, but then there was that miniDisc that went nowhere. Not sure...did they have a roll in VHS/Beta? I used to be a fanboy, but it seems they get more negative press anymore.

Re:Sony (3, Interesting)

king-manic (409855) | more than 6 years ago | (#20371667)

Seems like they've been pushing their own proprietary stuff for the past 20 yrs - most recently Blue Ray, but then there was that miniDisc that went nowhere. Not sure...did they have a roll in VHS/Beta? I used to be a fanboy, but it seems they get more negative press anymore.

MD disks were actually very successful across asia. They didn't find a market in North America. In the same span they have also created the 3.5 inch floppy, the CD, and had a bit of input on the DVD. It's be more accurate to describe their format strategies as being hit and miss since they have been part of some huge dogs (beta, UMD) and some very successful formats (CDs, 3.5 inch floppies).

Re:Sony (4, Informative)

Andy Dodd (701) | more than 6 years ago | (#20371731)

CD was Philips, not Sony.

As to DVD - Not sure about the original DVD format, but Sony effectively created the recordable DVD format war with the + series of formats.

And yes, Sony had a role in VHS vs. Beta - Beta was Sony's format.

Re:Sony (3, Interesting)

king-manic (409855) | more than 6 years ago | (#20372247)

Like someone else pointed out, CD was a Sony/Philips collaboration and if you look at the spec and who contributed what it's nearly 50/50.

Re:Sony (2, Funny)

omeomi (675045) | more than 6 years ago | (#20371819)

Don't forget about Memory Stick, the solution to a problem that nobody has...a lack of choices among removable flash storage media.

Re:Sony (2, Insightful)

SenseiLeNoir (699164) | more than 6 years ago | (#20371839)

Yes, they were very successful with the 3.5 inch floppy.. also Trinitron screens, and the CD, which was co-developped with philips. They were also very successfull at putting DV/Firewire video in the hands of ordinary customers.

yeah they made some lemons too, but like any tech company, that actually tries to invent stuff.

Re:Sony (2, Informative)

morgan_greywolf (835522) | more than 6 years ago | (#20371707)

Not sure...did they have a roll in VHS/Beta?
Yes. Beta was a proprietary Sony product, while VHS was what was being produced by almost everyone else.

Re:Sony (0)

Anonymous Coward | more than 6 years ago | (#20371941)

Betamax was the better format but it lost due to politics & porn.

Re:Sony (1)

OldeTimeGeek (725417) | more than 6 years ago | (#20372111)

Which shows that better marketing beats better technology...

Re:Sony (2, Interesting)

morgan_greywolf (835522) | more than 6 years ago | (#20372203)

No, it doesn't. I remember the VHS vs. Beta wars. Sony pulled out all the marketing stops, whlie VHS had virtually nothing. If there's one thing Sony has always been very good at, it's marketing.

All it proves is that since you could get porn on VHS and you couldn't on Beta, people like porn, so they stuck with VHS.

Re:Sony (2, Funny)

Anonymous Coward | more than 6 years ago | (#20372277)

Which shows that better marketing beats better technology...

The proliferation of Windows and the proliferation of x86 processors is the ultimate proof of that statement.

Re:Sony (4, Insightful)

plover (150551) | more than 6 years ago | (#20371613)

It happened when they added a movie studio and a recording label to the corporation. The media side of the house demanded copy protection from the technical side of the house, without understanding the technical limitations.

Re:Sony (0)

Anonymous Coward | more than 6 years ago | (#20371627)

they are under the direct control of satan. Or so it would seem.
Growth leads to power and power leads to corruption and corruption leads to desire and desire leads to power. Not always, but often enough to be considered valid.

Re:Sony (0)

Anonymous Coward | more than 6 years ago | (#20371635)

Sony, where the customer getting screwed comes first!

Re:Sony (4, Insightful)

Otter (3800) | more than 6 years ago | (#20371717)

When did politics and this kinda crap really start.

Hype here notwithstanding, this is not a "rootkit". It seems to be a bizarre form of write-protection.

Re:Sony (4, Informative)

AKAImBatman (238306) | more than 6 years ago | (#20372009)

Yes, it is a rootkit. It's modifying the kernel space to hide directories from the user. There are better ways of doing such a thing, but a rootkit has the advantage of keeping the files hidden from common methods of hidden-file detection. Something like a virus or trojan would tend to use a kit like this to make sure that it couldn't be found by antivirus software. Such kits also tend to mask the presence of their processes, just to make sure that they REALLY can't be detected.

Re:Sony (3, Insightful)

ajs (35943) | more than 6 years ago | (#20371907)

I posted this on the firehose version of this article. Thought I should do so here too:

Please note: this software simply creates a directory that is hidden from the Windows API for its fingerprint authentication. It's not actually a rootkit, just using one of the many tools of the trade of rootkits. The concern is that the hidden directory is hidden from all of the Windows API, including virus scanners, and thus could be used by malicious software to hide infected files.

I'm not sure that it's reasonable to accuse Sony of distributing a rootkit when they've simply distributed software which uses a technique that could accidentally help malicious software.

It's also probably a bad thing to keep swinging the rootkit-bat around like this. The next time some large corporation really tries to root all of their customers' machines, no one will believe the story.

Re:Sony (5, Informative)

harrkev (623093) | more than 6 years ago | (#20372091)

Please note: this software simply creates a directory that is hidden from the Windows API for its fingerprint authentication. It's not actually a rootkit


Please note the defenition of "rootkit," ripped from the beginning of the rootkit wikipedia article:

A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system.


If it looks like a duck, quacks like a duck, yada yada yada.

Re:Sony (0, Troll)

f0dder (570496) | more than 6 years ago | (#20371937)

It started with the Betamax. They're like the retarded cousin of Apple, always wanting to lock people down to Sony hardware but never figured out how to do it properly.

Consider (4, Insightful)

nlitement (1098451) | more than 6 years ago | (#20371545)

It is therefore technically possible for malware to use the hidden directory as a hiding place.
Isn't software behaving like that already considered malware?

Re:Consider (4, Insightful)

wizardforce (1005805) | more than 6 years ago | (#20371685)

Isn't software behaving like that already considered malware?
yes and no. it depends on what and how you use it. if you use the property of hiding directories as a simple way of keeping data from less experienced people [eg. slashdotters hiding the porn from their parents] then it isn't malware; in this case sony's software doesn't seem to be hding a directory for any good purpose, so yes it is malware.

Re:Consider (5, Insightful)

B'Trey (111263) | more than 6 years ago | (#20371793)

No. The distinction is WHO's doing the hiding. If a user on the computer intentionally hides files or directories from other possible users on the computers, it's not malware. It may or may not be ethical, depending on who's doing the hiding and why. Presumably, it's the owner of the computer and they have a right to hid info from prying eyes. If not, the issue is with the user's actions and not with the software. If, however, a program creates files or directories and hides them (by means other than simply using the H attribute, at least) from the owner/user of the computer, it's malware. It's understandable for a content owner to wish to protect their content, but that doesn't justify them altering the behavior of a computer without the owner's express understanding and permission for what they're doing.

Hidden files (4, Insightful)

king-manic (409855) | more than 6 years ago | (#20371549)

Is root kit now the new buzzword for "please send me traffic"? This isn't the same as a rootkit, it's just a annoyingly hidden directory. Can we tag this as FUD?

Re:Hidden files (1)

Carewolf (581105) | more than 6 years ago | (#20371601)

Depends on how it accieves it. Hiding stuff is one of the primary functions of rootkits, though usually to hide themselves.

Re:Hidden files (4, Insightful)

j00r0m4nc3r (959816) | more than 6 years ago | (#20371633)

It doesn't matter what their intent is, they are using rootkit techniques to hide shit on your computer. This allows other parties to piggyback on that tech and install other nastier UNDETECTABLE malware. It would be like if your house cleaning lady leaves your front door wide open when she leaves. Someone could stroll in, fuck your shit up, and leave undetected. Definitely something to seriously worry about.

Re:Hidden files (1)

king-manic (409855) | more than 6 years ago | (#20371745)

It doesn't matter what their intent is, they are using rootkit techniques to hide shit on your computer. This allows other parties to piggyback on that tech and install other nastier UNDETECTABLE malware. It would be like if your house cleaning lady leaves your front door wide open when she leaves. Someone could stroll in, fuck your shit up, and leave undetected. Definitely something to seriously worry about.

However any old program can also do similar things by creating badly formated directory names. Rootkit implies a bit more. There are many files that employ the hidden property (like thumbs.db). Would we consider merely trying to hid enough to be a root kit? Or does it have to be malformed directory names? The previous rootkits made the Os unable to even see these files directly but this malformed directory can still be seen if you know what your looking for.

Re:Hidden files (1)

Kozar_The_Malignant (738483) | more than 6 years ago | (#20371927)

>There are many files that employ the hidden property (like thumbs.db).

However, by clicking "Show Hidden Files and Directories" they are made visible. This, apparently, is not. This is not OK. It allows things to be hidden from scanners and from the owner of the machine, me. That makes it malware.

Re:Hidden files (5, Insightful)

Applekid (993327) | more than 6 years ago | (#20371653)

Hiding from the API is pretty important, actually. That's done by pulling the rug under the pointers to the functions that retreives lists of files/directories. If that's not a Windows rootkit, what is?

And much like their last rootkit, this one can easily be used to cloak files on your system and is pretty much a fantastic place to put your virus. Way to really push the limits, guys.

Re:Hidden files (4, Informative)

MontyApollo (849862) | more than 6 years ago | (#20371669)

First sentence from wikipedia article:

"A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system"

So, it sounds like a rootkit as described by wikipedia.

Re:Hidden files (0)

Anonymous Coward | more than 6 years ago | (#20371757)

So every unix file with a "." prefix is a rootkit? Twat!

Re:Hidden files (0)

Anonymous Coward | more than 6 years ago | (#20371853)

except those aren't hidden from the file system api, they're only hidden from the user with the default ls output

Re:Hidden files (2, Informative)

chad.koehler (859648) | more than 6 years ago | (#20371861)

While the '.' prefix will "hide" a file from plain view of a user, it is hardly hidden from the operating system.

Re:Hidden files (0)

Anonymous Coward | more than 6 years ago | (#20371895)

Tard, the '.' prefix doesn't hide the file from the operating system. It just doesn't show up in a 'ls' list. 'ls -a' will display the file.

Re:Hidden files (1, Insightful)

Anonymous Coward | more than 6 years ago | (#20371919)

The '.' naming convention is a convenience function, much like "hidden" directories in dos/windows, both of those have to be specifically honored by an application to have an effect.

Do you see the difference yet or does someone have to break this down for you step by step till you understand?

Re:Hidden files (4, Informative)

aztracker1 (702135) | more than 6 years ago | (#20371953)

If it doesn't show up in nautilus via ctrl+h it is... if it doesn't show up in windows with "show hidden files and folders" checked it is.... simply setting an *intended* file system attribute isn't the same as hiding from the operating system.

Re:Hidden files (0)

Anonymous Coward | more than 6 years ago | (#20371971)

Nice of you to call names when you are clueless yourself.

"ls -la" will show "." hidden files meaning it isn't transparent to the OS but only to the user.

Whereas this *is* hidden from the OS meaning that "dir /A:H" doesn't show it.

Wikipedia? (5, Funny)

Spy der Mann (805235) | more than 6 years ago | (#20372253)

So, it sounds like a rootkit as described by wikipedia.

Not for long! *rushes to edit wikipedia*

"A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system, except when it's with Sony products"

There! Now by definition, sony's isn't a rootkit anymore! :D

(Legal Disclaimer: This was actually a joke, I didn't vandalize wikipedia or the like. <-- you can't never be too sure these days)

Re:Hidden files (0)

Anonymous Coward | more than 6 years ago | (#20371863)

Haha, way to prove you have no idea what the fuck you're talking about.

Format before use (3, Interesting)

VincenzoRomano (881055) | more than 6 years ago | (#20371559)

Maybe formatting USB memories before usage would be a good move.
And using OS that won't run anything from the newly attached memry as a default would also help.

Re:Format before use (1)

andrewd18 (989408) | more than 6 years ago | (#20371675)

Maybe formatting USB memories before usage would be a good move.
That sounds like an awesome plot for Tron 3.0. The main character is digitized into the computer to determine why all the USB drives are suddenly losing their memories. Unfortunately for the Symantec security company hired to patrol the streets, the suspect program has eluded all searches so far...

Re:Format before use (1)

morgan_greywolf (835522) | more than 6 years ago | (#20371751)

Maybe formatting USB memories before usage would be a good move.
And using OS that won't run anything from the newly attached memry as a default would also help.
You mean like, say, Linux? ;)

Everytime I see stuff like this, I just chuckle and smile and say "Well, that's why I run Linux."

Re:Format before use (2, Insightful)

djdbass (1037730) | more than 6 years ago | (#20371891)

Yeah just stick it in your pc and format it before you stick it in your....

Wait...

Re:Format before use (1)

jimicus (737525) | more than 6 years ago | (#20371965)

Maybe formatting USB memories before usage would be a good move.

It might, but this is a biometric USB memory stick - it requires a fingerprint before you can access files.

Most of these devices do the fingerprint reading in software, so without it you may as well buy a normal memory stick and save a bit of money. (On a side note: has anyone seriously investigated how secure these biometric memory sticks are?).

And using OS that won't run anything from the newly attached memry as a default would also help.

Good point. Does pressing shift when you insert the stick work like it does with CDs?

Hidden (-1, Redundant)

Anonymous Coward | more than 6 years ago | (#20371569)

F1rst p0st!

-- The message will be made unvisible in 3..2..1, by a "-1 Redundant" Rootkit

Is there a way to permanantly disable this? (1)

RyanFenton (230700) | more than 6 years ago | (#20371571)

I'd really rather not have this 'capability' when using windows, to allow software to hide files/directories on my system through these registry/filesystem techniques.

Is there anything that would break if one was to find a way to nullify this functionality in OS calls?

Ryan Fenton

Re:Is there a way to permanantly disable this? (2, Funny)

BronsCon (927697) | more than 6 years ago | (#20371643)

Is there anything that would break if one was to find a way to nullify this functionality in OS calls?

No. But, the universe would begin to unravel as Windows became more secure.

Yes. That flushing sound you hear is my karma going down the toilet.

Re:Is there a way to permanantly disable this? (0)

adrianbaugh (696007) | more than 6 years ago | (#20371833)

To disable this permanently:

1. Download kubuntu install CD
2. ???
3. Profit! (Well, insomuch as you won't have to worry about this kind of crap anymore.)

Oh, you want to keep Windows? You're probably SOL then.

Why? (2, Insightful)

thatskinnyguy (1129515) | more than 6 years ago | (#20371591)

How many lawsuits is it going to take before Sony gets it into their head that rootkit=bad? I, for one, am going to fight against our new malware overlords.

Re:Why? (1)

theshowmecanuck (703852) | more than 6 years ago | (#20371809)

Bah!! There is enough info and history about Sony doing this. If someone has their computer (or whatever) screw up because they bought some root-kit-ish containing Sony product, then they deserve what they get. A lawsuit is not needed. Just stop buying their crap.

Re:Why? (1)

mtmra70 (964928) | more than 6 years ago | (#20371967)

What is happening is the Sony Execs are thinking "Rootkit!. This is bad". The program managers are misinterpreting it into 'rootkit!=bad'.

tsk tsk tsk... (5, Insightful)

JazzyMusicMan (1012801) | more than 6 years ago | (#20371609)

They are simply conditioning a public growing weary of dishonest tactics and policies to steer clear of any products they produce. Sony has many divisions and has a presence in many markets, and they are royally screwing all of them up. First the music cd fiasco, now this, no wonder they were prematurely blasted for the SecuROM program that was talked about on here a few days ago. Most people automatically saw it as a rootkit or something they didn't want on their computer because of the record that Sony is establishing for itself. It doesn't matter that maybe it wasn't a rootkit or something malicious, if the public starts thinking that everything you produce is going to create security vulnerabilities and screw up their machine, they'll simply stay away without giving you a second (or third, [or fourth]) chance...

kiosk (5, Insightful)

SolusSD (680489) | more than 6 years ago | (#20371615)

It seems to me that our personal computers are becoming more and more like kiosks where "vendors" install software they want and the "end users", ie) us, have less and less control over our own PCs. Think about it- DRM, (truly) hidden folders, subscriptino software, product activation, ..vista?

Re:kiosk (2, Insightful)

jshriverWVU (810740) | more than 6 years ago | (#20371775)

that's why some people are moving to linux and OS X. No matter what your believe on open vs closed source code. Linux is more "free" as in "freedom" than Windows, you don't hear people complaining about putting in a CD/DVD/USB key and having their system owned by some root-kit or DRM system that was installed w/o intervention. The freedom to own and do what I want with my hardware makes Linux a necessity. I agree with you. Running windows anymore is like running a kiosk. You pay for the hardware, and the software companies dictate what you do with that hardware. With linux, I dictate what I do with my hardware. It's that simple.

Re:kiosk (1)

Idaho (12907) | more than 6 years ago | (#20372055)

It seems to me that our personal computers are becoming more and more like kiosks where "vendors" install software they want and the "end users", i.e. us, have less and less control over our own PCs. Think about it- DRM, (truly) hidden folders, subscriptino software, product activation, ..vista?


It seems to me that you are making the classic mistake of saying "personal computers" when you really mean "computers running Microsoft Windows".

Re:kiosk (2, Insightful)

swb (14022) | more than 6 years ago | (#20372081)

You're not kidding.

I keep trying to convince my customers they'll pay me less money in the long run to do clean setups on new machines versus the time spent both uninstalling conflicting software they won't/can't use (ie, Symantec AV, PDF Complete, etc) and the problems they inevitably run into down the road when the factory installed crapware craps the machine out, requiring a clean load anyway.

I've pretty much quit gaming due to all the copy protection crap that gets installed with most modern games (and interferes with legitimate software).

Another followup to your post mentions migrating to OS X/Linux, where I guess you're less victim to this kind of nonsense, but you're still locked in (to Jobs/Apple) or dealing with a lot less functionality (Linux zealots aside).

Wow... (4, Interesting)

shoptroll (544006) | more than 6 years ago | (#20371639)

Did anyone read the article before coming up with the post title? They say right in the middle of the article that it's not a rootkit, and "It is our belief that the MicroVault software hides this folder to somehow protect the fingerprint authentication from tampering and bypass. It is obvious that user fingerprints cannot be in a world writable file on the disk when we are talking about secure authentication. However, we feel that rootkit-like cloaking techniques are not the right way to go here."

This is also nothing new in terms of USB drives. I have a USB flash drive, which I can't remember the name of, that essentially keeps a secure partition hidden from Windows unless you run a special app to put in a password to make it visible to Windows.

Re:Wow... (1)

sacrilicious (316896) | more than 6 years ago | (#20371831)

Did anyone read the article before coming up with the post title?

Even if it turns out to be a misleading headline, I can live with Sony being vilified some more. I'd consider it appropriate collateral payback for their original rootkit foray.

Re:Wow... (0)

Anonymous Coward | more than 6 years ago | (#20371857)

Umm... creating a hidden folder in c:\windows is quite different than having a hidden partition on the device. Perhaps you should read the article again, and pay closer attention to the details.

Re:Wow... (1)

LarsG (31008) | more than 6 years ago | (#20371865)

Other programs (i.e. malware) can use the hidden directory to hide themselves. Not to mention potential stability problems caused by the software altering core OS functions.

Password protected hidden partitions don't patch OS function pointers and can't really be (ab)used by malware in the same way, so not the same thing.

Re:Wow... (1)

empiricistrob (638862) | more than 6 years ago | (#20371871)

While I agree that using the term rootkit is highly questionable in this context, I think there's an important distinction between having a hidden partition on a USB drive and what this driver does. This driver installs an inaccessible directory in C:\windows\, not on the USB drive. Still, what this driver does certainly doesn't fall under the category of rootkit, IMO.

Re:Wow..., double Wow. (1)

whoever57 (658626) | more than 6 years ago | (#20371913)

Did anyone read the article before coming up with the post title?
Apparently you did not.

They say right in the middle of the article that it's not a rootkit
Where? They do not claim that it is a rootkit, but they consistently describe its behavior as "rootkit-like".

Re:Wow... (2, Informative)

makomk (752139) | more than 6 years ago | (#20371925)

That depends on your definition of "rootkit". It's using a driver to conceal the existence of a directory from standard Windows APIs and programs, which is very definitely a rootkit technique.

Re:Wow... (1)

gad_zuki! (70830) | more than 6 years ago | (#20372057)

If article contains word 'rootkit' then lots and lots of pageviews.

Example: See Bioshock.

I'm really getting sick of this. Its like the C-class bloggers and clueless tech writers have discovered a magic word that gets them all the ad impressions they want, and techies dont seem to care as the exposure just lets them bitch and moan. Facts be damned.

Re:Wow... (3, Insightful)

Idaho (12907) | more than 6 years ago | (#20372211)

Did anyone read the article before coming up with the post title? They say right in the middle of the article that it's not a rootkit, and "It is our belief that the MicroVault software hides this folder to somehow protect the fingerprint authentication from tampering and bypass.

The intent is irrelevant w.r.t. the fact whether or not it uses rootkit-like behavior to implement it.


  It is obvious that user fingerprints cannot be in a world writable file on the disk when we are talking about secure authentication.


This is why file access permissions/restrictions where invented in the 1970's.

This is also nothing new in terms of USB drives. I have a USB flash drive, which I can't remember the name of, that essentially keeps a secure partition hidden from Windows unless you run a special app to put in a password to make it visible to Windows.


That is a completely different technique at about 10 different levels. Of course the driver of some USB device may chose to reserve parts of the storage on said USB device for internal usage such that it cannot be (easily) accessed by normal means (i.e. the API offered by said driver). However, "cloaking" parts of the driver itself using rootkit-like mechanisms has, well, about nothing in common with such techniques.

Then again... (0)

Anonymous Coward | more than 6 years ago | (#20371645)

There was a moderate buzz about Bioshock installing a rootkit that turned out to be false.

Rootkits aside... (1)

Skiron (735617) | more than 6 years ago | (#20371649)

... which I still do not think should be called 'rootkit' in these instances, as this is what MS code allows for - it is part of the system and designed to be so.

The issue here is the biometric stuff. If your CC number gets stolen, or your password gets hacked, you can simply cancel the old CC/reset your account etc.

Now, what happens when your data 'fingerprint' [retina scan, whatever] gets hacked and compromised? Get new fingers? Get new eyeballs (ala Tom Cruise!)?. I think not. The sooner people learn not ot buy and trust this crap the better - but thinking, perhaps the people that buy this crap deserve a MS designed rootkit anyway.

You can't solve this on a single system. (3, Insightful)

argent (18001) | more than 6 years ago | (#20371921)

The issue here is the biometric stuff.

This is an inherent problem in biometrics: you have to trust every scanner that takes a reading not to be trapdoored.

The entire authentication process has to be performed verifiably in the scanner hardware and firmware, and the scanner itself had to be trusted - either it's your scanner or it belongs to someone you have to trust anyway.

But no reversible form of the biometric information can be transferred to potentially untrusted storage.

Re:Rootkits aside... (5, Insightful)

deftcoder (1090261) | more than 6 years ago | (#20372151)

A malicious driver is being installed that patches the Win32 API ( FindFirstFile() and FindNextFile() ) not to report the presence of a directory when enumerating through your C:\Windows folder.

How is this *NOT* a rootkit? This is the very definition of one!

Wow, it's a hidden directory (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#20371651)

It's not like Windows itself would ever come with those, say, to hide important OS files or backups of them. It's not like that's been an accepted practice by the OS vendor themselves since the inception of XP to deal with important files.

Hey, I have this directory .foo in my linux home that only appears in certain conditions! OMG ROOT KIT OMG OMG! SONY ROOTKIT GOOGLE SEARCH I WIN!

A Nasty Trick (5, Interesting)

Sigismundo (192183) | more than 6 years ago | (#20371737)

It reminds me of the time that some friends and I discovered that a labmate had left himself logged in as root on a virtual console at his Linux workstation. Here's what we did:
  1. Created a directory with the name " " (single space)
  2. Added that directory to his path
  3. Wrote a Perl script that would spit out a random quote from zippy 1/3 of the time, and then execute the program pointed to by argv[0]
  4. Populated the special hidden directory with symlinks to the perl script, each given the name of a common command like ls, ps, and so on.

So whenever he ran a common command from his shell, he would first get a random quote from fortune appearing, followed by normal command output. He figured it out pretty quickly, but I like to think that there were a few moments where he entertained the idea of his workstation gaining sentience.

Re:A Nasty Trick (2, Insightful)

MrBulwark (862510) | more than 6 years ago | (#20372075)

See, if you had a real OS like Windows, this kind of security problem wouldn't...oh...nevermind.

SUCKERS! What did you expect? (2, Insightful)

Anonymous Coward | more than 6 years ago | (#20371781)

Fool me once, shame on you. Fool me twice, shame on me.

How fucking stupid can you people be? Stop buying Sony! [mcgrew.info]

-mcgrew

Is this a problem under Linux too? (1)

rdavidson3 (844790) | more than 6 years ago | (#20371815)

I realize that this is an issue under Windows, but can this cause issues in Linux?

Also, can we see the directory and the contents and determine the reasons behind this?

This article is retarded (-1, Offtopic)

DogDude (805747) | more than 6 years ago | (#20371825)

First, the article has so many grammatical errors, that it's laughable.

Secondly, all it's talking about is a hidden directory. That's a pretty pathetic attempt at "hiding" the software, and I can't imagine any functioning rootkit would rely on something this simple (and easily bypass-able). My "Windows API" as this article calls Explorer, is already set to view hidden folders. Not a big deal. Just another checkbox.

This article is retarded (in the way a 12 year old would use the word "retarded"), and Slashdot is retarded for posting it.

Re:This article is retarded (5, Informative)

LarsG (31008) | more than 6 years ago | (#20372093)

First, the article has so many grammatical errors, that it's laughable.

F-Secure is from Finland. You try writing Finnish some time.

My "Windows API" as this article calls Explorer, is already set to view hidden folders.

Turn in your geek card at the door when you leave.

This is a driver that patches the Windows APIs in order to hide a directory. It will not show in Explorer or in any other program for that matter, even if Explorer is set to show 'hidden files'. Rootkit hunters like Blacklight and Rootkit Revealer do not flag regular 'hidden directories'. They read and parse the raw on-disk directory structure (that is, they have their own NTFS parser) and compare that to what the Windows FS API reports.

Re:This article is retarded (5, Informative)

deftcoder (1090261) | more than 6 years ago | (#20372197)

Hi.

They are patching 2 API functions, FindFirstFile() and FindNextFile(), not to report the presence of a directory. They are doing this by loading a malicious *DRIVER*.

This is quite different than simply toggling a flag for a given directory.

Re:This article is retarded (0)

Anonymous Coward | more than 6 years ago | (#20372251)

Consider:
  Most computer users just are consumers .
Purchase decisions are digital.
All they know is legit or not legit
One man or woman may be the technical guru for 50 people or more
I am such a man, and my answer to the 50 is,:
No! You don't want to buy that one
Get another brand instead
  I think that I am not alone in my feelings and anger

Do you mean Loot kit ? (0)

Anonymous Coward | more than 6 years ago | (#20371977)

Very sim poe
loot kit This
  Buy products with your loot from some other company who doesn't loot kit

Just stop buying all Sony stuff (0)

Anonymous Coward | more than 6 years ago | (#20372003)

I wanted a new DVD burner recently. Some good reviews on Sony but then I remembered their infectious love for customers so no Sony drive for me. Just buy someone else's product.

what a bunch of weasels (2, Insightful)

swschrad (312009) | more than 6 years ago | (#20372015)

down around the courthouse, they have some terms for mutts who don't learn and keep on doing the same crimes.

the classy term is "recidivist."

of the others, we can probably safely post "weasel," "snake," "bastard," "crook," and "lowlife."

HDTV is around the bend, and I'm remodelling the basement soon to accomodate its new wiring requirements. Sony, the snake-in-a-box company, is not going to be a part of this undertaking.

Desensitized (4, Interesting)

Dachannien (617929) | more than 6 years ago | (#20372079)

The overuse of the term "rootkit" points to (at least) one thing: we've become so desensitized to security hazards that it takes a new buzzword for nefariousness to grab people's attention. Regardless of whether this is itself a rootkit or not, it's still a security hazard, and what's perhaps more ironic, that hazard was created in an attempt to effect "security through obscurity".

Ha! it melted anyway! (0)

Anonymous Coward | more than 6 years ago | (#20372181)

My 11-year-old bought one of these a couple of days ago.

It got so hot when he plugged into the USB port on his linux machine that the plastic casing literally melted. He took hold of it and yelled "Ow! it's hot!" and when I looked at it the whole case was drooping and had his thumbprint in it.

At the time, I was mildly annoyed, but now I'm going to tell him he didn't want that one anyway. We'll be returning it for cash and buy another brand at a different store.

Not an Accident (1)

Nom du Keyboard (633989) | more than 6 years ago | (#20372249)

This is no longer an accident with Sony. No longer a simple lapse in judgment. This is a bad, ugly, habit on their part now, likely caused by the dichotomy of trying to be a content producer and a tech company at the same time.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...