In 2005, Sony added "rootkit" to the vocabulary of computer users across the world when it added hidden copy protection software to its music CDs. Two years later, history seems to be repeating itself.
Rootkits 101
What's a rootkit? In case you slept through the Sony music CD debacle, a rootkit is a program that hides its presence from normal operating system interfaces. A Windows rootkit, for example, will not show up in Windows Explorer. Depending upon its design, a rootkit can hide files and folders, registry keys, or other system components.
Rootkits can be used in a variety of ways: Sony used two different rootkits to prevent copying of music CDs by computer users in 2005, while other rootkits have been used to run security programs, run malware to attack systems, and so forth. While some users will object to any rootkit, no matter its purpose, others will be more concerned if the rootkit makes it easy for others to attack your PC.
What's Wrong with Rootkits
Sony's 2005 rootkits provided a vivid demonstration of everything a company that uses rootkit technology can do wrong:
- Users weren't notified of the presence of the rootkit by the end-user license agreement
- The copy-protection programs Sony installed as rootkits didn't prevent malware such as Backdoor.Ryknos.B (also known as Breplibot.C and others) from hiding themselves in the rootkits' own folders
- The programs hiding in the rootkit degraded system performance
- The programs could not be removed with normal uninstall routines
Sony eventually wound up recalling over 100 music CD titles that used the rootkits and shelled out millions of dollars in settlements.
Sony Rootkit, Part Deux
Monday, anti-malware vendor F-Secure announced that Sony's MicroVault USM-F line of USB flash drives with onboard fingerprint readers create a folder invisible to Windows that is used for the fingerprint reader's software and data files. While this method helps protect the reader from tampering, F-Secure points out that the hidden folder can also be accessed from the command prompt, can be used to store additional files, and could be exploited by hackers as a location for storing malware. In other words, whether Sony intended it or not, the MicroVault fingerprint readers install a rootkit on your PC that can be exploited as a security risk.
No comments:
Post a Comment