Thursday, September 06, 2007

Sony Rootkit Version 2 - Clarification

I've been reading a bit of the response to this blog post in various places and want to clear one thing up. I stated that Sony had installed a rootkit when that may not have been the best use of the English language - Sony has DEFINITELY done the wrong thing here and have installed software that causes a part of the filesystem to become invisible to many parts of the operating system and other applications, such as some anti-virus and anti-spyware software. This is a really, really bad thing that Sony has done, especially considering they gave no indication to the user that they were doing this.

Now, technically a rootkit is a piece of software designed to avoid detection and to gain root (aka administrator) access to the operating system. So technically this Microvault driver from Sony is not a rootkit. It *DOES* allow other malware to hide, it *DOES* allow other malware to go undetected, it *DOES* install without letting you know of the implications it could bring and it *DOES* leave a sour taste in the mouth of anyone who values security - all of which are things that Sony should have realised people didn't like after their initial foray into **rootkit-like** software back in 2005.

So, whilst this software driver is **rootkit-like** (insofar as it hides files and folders from the OS and various applications, making way for other malware to hide and work relatively undetected), in and of itself it is not a rootkit as it does not attempt to surreptitiously gain root access.

It is a poorly written, poorly thought out, poorly deployed and extremely poorly marketed driver, though. It *does* compromise security, and it *does* still make me boycott and want to encourage others to boycott Sony products until the company has a proved track record of releasing products that don't attempt to weaken the security of your computer, network and data.

Every time I buy an item where a Sony item would have been considered, I'm going to be letting them know that the reason I didn't think further about the Sony was because of this rootkit-like behavior they seem to see as being valid. If they don't know how much this is hurting their bottom line, why would they change their business practices?

Regards,

The Outspoken Wookie

No comments: