News and Reviews....

    SONY Under Fire  August 2007

 By Robert Lieto

This is a follow up on our initial story of the "SONY BMG Hides The Pea" Software issue of December 2005 and SONYBMG REVISITED of May 2006. A federal judge gave a settlement approval on Monday May 22, 2006 in the Sony BMG Entertainment and the class action lawsuit over CDs containing root-kit software which is a set of clandestine software programs that can interfere with an operating system and potentially open security holes. The CDs with the copy protection software featured music from 52 artists, including Ray Charles, Frank Sinatra, Louis Armstrong and Celine Dion.

After facing the class-action suits in several states, as well as action from state attorneys general and the Federal Trade Commission, SONY in January of 2007 announced a recall of the albums containing root-kits and a settlement with the FTC by which SONY agreed to pay consumers $150 to repair damage to their computers. 

On August 28th, 2007, Finnish security company F-Secure announced that another SONY product, this one from SONY ELECTRONICS, also contains root-kit software. The SONY MicroVault USM-F memory Stick includes software that acts like a root-kit, hiding itself from the operating system. F-Secure went on to say, it was their belief that the MicroVault software hides a folder to somehow protect the fingerprint authentication from tampering and bypass. Conceding that fingerprint ID software would require some secure authentication scheme where the root-kit like cloaking technique is not the proper way to go. Another security analyst with nCircle stated that SONY "more then likely" used the hidden directory to secure the operation of the fingerprint reader on the memory card. "The threat to the consumer is that it may also be used by enterprising malware authors being the hidden directory is now a known quantity. Virus authors can instruct their code to first try this hidden directory as resting place for their malware, which subsequently will become undetectable to anti-virus software.

CNET reported that SONY spokesperson stated the reader product is no longer for sale and no other versions of the MicroVault stick contain the root- kit.

Consumers can check to see if they are eligible for a claim at "www.eff.org/sony/".

Comment .....   I don't know about you, but I have an extensive collection of CDs and I play them on many computers and I haven't received any call or contact telling me that I have a $150 check for damage as yet. I have added new Spyware and Anti-Virus software. Maybe it is a good idea to check the claim site. SONY = Buyer Beware.

Have a comment on the subject in this article, please let us know on our email page.

Past Articles on Subject:

SONYBMGREVIS  May 2006

SONY BMG HIDES THE PEA    December 2005

Copyright © 2007  Custom Audio-Video Systems, Inc.  |  All Rights Reserved