While everybody was busy with that BioShock "rootkit" false alarm -- and subsequently busy playing BioShock -- the folks at F-Secure were uncovering a new, legitimate rootkit problem in the software packaged with Sony's MicroVault USM-F fingerprint reader drives. It took Sony a little while to respond, but now the company says it has launched an investigation into the software, which was developed by a third-party, and will offer a fix by mid-September. The drives models had already been discontinued, though you can still pick them up at a few stores, and the rootkit is not as serious as the Sony BMX XCP DRM, but the software is still dangerous enough to allow malware authors to hide folders, so we're glad Sony's going to run clean up here.

Read - Sony confirms security problem
Read - Sony's USB Rootkit vs Sony's Music Rootkit

BioShock is undoubtedly a critical darling, but it's not without its share of technical woes. 2K Games is already on the ball with the widescreen field of view "issue," and has even slackened activation requirements, allowing for up to five SecuROM activations per copy of BioShock. Unfortunately, activation problems go deeper than that, since the Sony-owned SecuROM has deemed it necessary to pack in a rootkit with the BioShock installation, both for registered versions of the game and, inexplicably, the demo. We would've hoped 2K games chose its DRM provider carefully, and screened for such shenanigans, but Sony's SecuROM really has no excuse, since we've certainly been down this path before.

Update: Our pal Dan at PC Gamer points out that while he thought it was goofy to have the DRM on the demo too, it turns out that they pretty much always do this -- if they don't, pirates can use the unprotected exe to figure out what the difference between the demo and retail exe is, and that makes it easier to hack out.

Update 2: 2K has a statement up about BioShock's DRM. According to them, SecuROM isn't an actual rootkit, it's just hiding some registry keys on your system. Gaming Bob, who originated this story, has also retracted his analysis of the DRM as being a rootkit, and posted up some easier instructions for removing the SecuROM service, so it looks like it's indeed safe to come out and play.

[Via Fergie's Tech Blog; thanks Nfinity]

It's been two years since Sony BMG got hit with a number of class action lawsuits for shipping CDs that stealthily installed malware DRM on Windows machines without user permission, and it looks like the company is trying to get back the $5.75M it lost replacing affected discs by suing Amergence, the developer of MediaMax, one of the two DRM systems Sony was using at the time. MediaMax is unrelated to XCP, the infamous "rootkit" DRM at the center of the controversy, but it also installed itself without permission and contained a major security hole, leading Sony to recall both XCP and MediaMax-protected CDs. For its part, Amergence (which used to be called SunnComm) claims that XCP was the real problem and that Sony BMG's demand for final authority over MediaMax's functional specifications insulate it from any liability -- arguments that don't seem like they'll cause any consternation for Sony's legal team.

DIsclaimer: Although the author of this post is an attorney, it is not legal advice or analysis and should not be construed as such.

Well that was quick. After forking over $750k to California on Tuesday to settle charges regarding its nefarious rootkit schemes, Sony BMG has brokered a similar deal with 39 more states in the US and A. Luckily for Sony, it looks like they've improved their per-state cost considerably, at a bargain $4.25 million for all 39 states, with Washington D.C. thrown in there to boot -- it is the holidays after all. Just like with California (and Texas, which settled with Sony on Tuesday as well), Sony BMG will additionally be giving refunds of $175 to consumers who file a claim that the rootkit damaged their computer in some way. Also included in the settlement is a pinky swear from Sony that they won't put any more copy protection software on future CDs that can't be easily located and removed from a computer. Sony BMG says it's pleased to reach the agreements. Aww, big hug.

This one took a bit longer, but it looks like Sony is still wrapping up these rootkit lawsuits, and this here's another one decided in favor of the consumers. Sony BMG has just settled with attorneys general of LA and California for the low low price of $750,000 -- with the suit claiming that Sony's inclusions of lame-o DRM software opened up computers to potential hackers. Sony will also provide refunds up to $175 to any consumer that can prove the rootkit damaged their computer in some way, according to a part of the settlement that is still awaiting judge approval. It wasn't all doom and gloom though, since LA's Tom Papageorge, a head deputy district attorney, says that "To their credit, they did stop the practice as soon as we brought it to their attention," but unfortunately he continued on to mention that "The FTC and a group of other states are looking at this as well and will file similar agreements." So it's not all over for Sony yet. And here we were hoping for a Sony-free year of lawsuits and general consumer neglect in 2007 -- how about we give '08 a shot?

Listen up anyone who "purchased, received, came into possession of or otherwise used" music CDs containing Sony's flawed DRM software anytime after August 1, 2003. Under the terms of the class action settlement approved Monday, you are entitled to file a claim for a replacement CD, free downloads of music from that CD (with Apple's iTunes named as one of the three download services, ironically), and even "additional cash payments" which we presume are likely to amount to a stack of Abes, not Benjamins, folks. Pretty much what Sony BMG was already offering to their customers when this whole fiasco hit back in November. Additionally, Sony BMG definitively agreed to halt manufacture or distribution of that XCP and MediaMax nastiness masked by the rootkit. Now be sure to get your claim in now consumers, so that Sony BMG hears loud and clear that you do know what a rootkit is, and yes, you care. Afterall, the settlement only lasts until the end of 2007 at which point Sony BMG is free to introduce copy protection software once again. Click the read link for a PDF copy of the settlement.

[Via c|net News]