Sony says the rootkit-like behavior of a device driver used to run its biometric Micro Vault USM-F thumb drive was unintentional. McAfee has joined F-Secure in criticising Sony for allowing such a mistake to happen. The Micro Vault drive is a USB device featuring fingerprint-reading software intended to add an extra layer of security for PC users. McAfee reported that Taiwan"s FineArt Technology, which makes encryption software for PCs and laptops, was responsible for creating the offending USB software with rootkit technology.
The criticism is reminiscent of that directed at Sony BMG Music Entertainment in November 2005, when a programmer revealed that a technique designed to cloak the company"s copy-protection software for music CDs also could be used by virus writers to hide malicious software. Both F-Secure and McAfee security experts agree that the default installation path does nothing to stop malicious-software authors from copying code to a directory of their choice and executing it in that location.