Avast WEBforum
Other => General Topics => Topic started by: igor on October 31, 2005, 11:09:34 PM
-
Now this (http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html) is incredible - Sony BMG copy-protected audio-CDs installing rootkits in your system...
-
I wonder if people who belong to the BMG Music Service are automatically fed this trash when they sign up for the service???
-
This has got to be at best a breach of privacy and at worst computer misuse. They probably have something buried in their T&C/EULA.
Yes they have a right to try to prevent piracy but this is ridiculous.
-
Yes they have a right to try to prevent piracy but this is ridiculous.
Actually, This is RIAA ;D
-
Except from the EULA
(d) You may not decompile, reverse engineer or disassemble any of the LICENSED MATERIALS, in whole or in part.
Thats the rootkit they are referring to. >:(
-
does this explain why trials can be used once and only once?
because i was wondering there had to be something...
plus hp offered in their brochure to put some "hidden" software into the laptop for an extra fee and if someone stole your laptop, you can call to hp and they have a center that will track it down...
but gee...do you guys think some spyware use this too?
tim ;)
-
Yes it is true,
Sony DMR installs a rootkit: Just a summary for the quick readers- the investigation was done by Mark Russinovich. The rootkit is installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man" (how ironical). The rootkit introduces various security holes into the system to be exploited by others, such as hiding any executable with "SsysS". Programming bugs in the hook system calls method make it develish to "exorcise thisdaeom" from your system.
We know that the music industry and Big Media scan computers for illegal content all the time (browser like bots), but that they reach for these means to make their statement is a bit over the top. And here a link for a further exposé:
http://www.f-secure.com/weblog/#00000675
Important to know is, do not try to get it from your system yourself, this could result in trouble with your CD drive recognition, go contact Sony and ask them for removal instructions or at the maker of the software: http://www.first4internet.com/
greets,
polonus
-
there can be only one response ;D ;D ;D
-
Does avast! detect this rootkit ?
-
Sony to offer patch for 'rootkit' DRM
Fix removes cloaking, but not the 'rootkit'
http://www.theregister.com/2005/11/03/sony_rootkit_drm/
-
It's in the mainstream news now.
http://news.bbc.co.uk/1/hi/technology/4400148.stm
-
Simple solution to all these problems = Disable Autorun in Windows! ;)
-
Simple solution to all these problems = Disable Autorun in Windows! ;)
It seems that even Mark Russinovich didn't do that. For research purpose, presumably? ???
Is there possibility that Sony "bundles" the rootkit in their product such as VAIO and other apps?
-
He probably didn't disable it like most Windows users including myself who would not expect getting infected with a Rootkit from a retail music CD. It is disabled on my PC now and I will be making immediate changes to all my policies. Disabling Autorun in Windows effectively blocks this from happening. You can still listen to music you just have to manually open the CD in Windows Media player or Winamp ect...
Not to mention it stops alot of DVD software installs when watching movies.
-
Thanx for the explanation, mastertech. ;) Although I am much less knowledgeable of computer than many users here not to mention Russinovich, I disabled autorun long time ago. It is my habit to rip CDs first before listening it on my PC.
I lost my trust on Sony long time ago and wasn't surprised by this incident, though.
-
It's on secunia report now.
First4Internet XCP Content Management (http://secunia.com/product/6033/) (SECUNIA ADVISORY ID: SA17408)
-
This whole issue sucks and I hope that now it has started to be aired in the public domain that those contemplating purchase of any Sony products don't purchase it. Not just Sony music products, but all Sony products. Show your distaste at this very underhand (pun intended) tactic by voting with their wallet and don't buy it. This is the only language these huge companies understand, the bottom line.
-
As an ex musician I don't "steal" music; I buy it, but this latest trick from Sony is way OTT. Even tho' I've never stolen music they assume I will. I don't like that attitude.
ROOTKITS!!! A low blow to users. Did they really think we wouldn't notice? Care?
That's done it for me. No more Sony discs or for that matter Sony- anythings.
As DavidR says, if we all boycott Sony they may re-think their strategies, but too late for me. Sony's become a dirty word here. I'll never be able to trust them again.
Walks away muttering "ROOTKITS! Invasion of privacy! Dirrrrrty business.........grrrrr" and playing older music again........
But Happy Days to y'all and thanks for the heads-up!
-
David
The boycott suggestion is a great idea. I shall pass it on.
The more places are made aware of this, the better and the greater the effect will be.
-
Will Avast detect this now or in the future? I didn't see the answer.
SonWon
-
David
The boycott suggestion is a great idea. I shall pass it on.
The more places are made aware of this, the better and the greater the effect will be.
It really is the only language they understand.
When a company automatically brands everyone a possible thief, then perhaps we should consider them possible robbers.
-
Will Avast detect this now or in the future? I didn't see the answer.
SonWon,
The short answer at present would have to be no.
Rootkits by there nature are hidden from the operating system to avoid detection and are very hard to detect and even harder to remove once established.
Unless you are able to detect the file that installs the rootkit (and that requires a sample of the file once identified) and can either block or delete that then most AVs can't detect rootkits, much less remove them. This as far as I'm aware is no different for avast!.
Although this rootkit doesn't have any malicious intent (like the ones that mask malware), so in theory it shouldn't be detected by an AV. Although with the amount of publicity already given about this Sony Rootkit there is concern that malware writers will exploit the fact that it is likely to be present on many systems and use how it works to exploit your system.
Even though this rootkit is benign (no malicious payload), other than to stop your pirating software (even if you have not intention to do that), once installed it could leave your system vulnerable to exploit as is being reported in Secunia.
-
DavidR,
I respectfully disagree. Here is a quote from http://www.theinquirer.net/?article=27426
"The prefix 'mal-' according to Merriam-Webster means 1) bad 2) abnormal 3) inadequate. -ware is short for software. This means malware is defined as bad software."
"If you look at the Sony rootkit, it does several things. It strips you of your rights, it potentially causes your computer harm, it breaks your computer if you remove it, and eats your CPU time. All of these things are bad, no question there. It also does the end user no good in any way, shape or form, not even by the most demented stretch of the imagination. It only hurts those who spent money to buy it."
I think this certainly qualifies as bad and abnormal.
SonWon
-
"If you look at the Sony rootkit, it does several things. It strips you of your rights, it potentially causes your computer harm, it breaks your computer if you remove it, and eats your CPU time. All of these things are bad, no question there. It also does the end user no good in any way, shape or form, not even by the most demented stretch of the imagination. It only hurts those who spent money to buy it."
It will be certainly qualified as bad :P
SonWon, you're right, why do we need this?
I use the Autorun feature on, but when I use a unknown CD, I disable it before. Use a non-administrator account then.
-
I would think the term MALWARE should be considered as short for malicous software in that it actively tries to create problems or damage.
This rootkit although it has the potential for misuse by others exploiting it,doesnt ceate any destructive action apart from the 1-2 percent of CPU that was reported in the original article.
Somewhere down the track im sure Sony will look back on this as a mistake and perhaps regret ever doing it as it hasnt made any difference to the availability of the music in question SEEhttp://forum.avast.com/index.php?topic=17187.0
Amazes me that Sony would opt to use this on such an obscure artist
-
Cloussau, isn't the behavior a malicous one?
I mean, a rootkit can't be a good software piece...
Anyway, who knows 8)
-
Somewhere down the track im sure Sony will look back on this as a mistake and perhaps regret ever doing it as it hasnt made any difference to the availability of the music in question SEE http://forum.avast.com/index.php?topic=17187.0
Amazes me that Sony would opt to use this on such an obscure artist
Famous artists may have rejected the copy protection. Also, Sony may have calculated the impact of the news. This is possibly a result of political gesture to content industry concerning their strategy on the next-gen format.
Different from some manufacturing companies, Sony has content industry inside. As long as it cannot separate its manufacturing business form its content one, I don't think Sony can be trusted from users. In fact, while it is trying to sell its not-exclusively-ATRAC Network Walkman advertising that it now thinks from the side of the users, it is trying to appeal content industry through its copy protection system for its new blue-ray disc format. I am quite sure whatever Sony is making, they will have its copy-protection system inside. Sony may think that it will be able to combine its businesses into one direction but I wonder if users are going to follow the road they are trying to pave.
-
Patch for the Sony rootkit: http://cp.sonybmg.com/xcp/english/updates.html
-
DavidR,
I respectfully disagree. Here is a quote from http://www.theinquirer.net/?article=27426
"The prefix 'mal-' according to Merriam-Webster means 1) bad 2) abnormal 3) inadequate. -ware is short for software. This means malware is defined as bad software."
"If you look at the Sony rootkit, it does several things. It strips you of your rights, it potentially causes your computer harm, it breaks your computer if you remove it, and eats your CPU time. All of these things are bad, no question there. It also does the end user no good in any way, shape or form, not even by the most demented stretch of the imagination. It only hurts those who spent money to buy it."
I think this certainly qualifies as bad and abnormal.
You can disagree if you wish, I have no problem with that; you only need read my previous posts about this to gage my feeling about this issue and see I'm no supporter of Sony.
However what they have done shouldn't be classed as a rootkit virus, my use of the word malware is generic for thing picked up by anti-virus programs and in this context an AV I don't believe should pick it up.
It strips you of your rights, it potentially causes your computer harm, it breaks your computer if you remove it, and eats your CPU time.
None of which can be considered reason to be classed as a virus, after all that is what an AV has to do. Your rights aren't stripped (you have a choice, don't use Sony music or products), removal is only a problem if you install it in the first place (if you did you are accepting it), CPU time as I see it would only be used when you try to do something that is likely to be classed as piracy, e.g burning copies of the CD, etc. (so if you don't do that the hit on CPU time would be negligible).
It doesn't really matter if it is bad or abnormal, what matters is if it qualifies as a virus for an Anti-Virus program to do something about it. Not to mention if an AV did remove it incorrectly, it could screw up your system as been reported by a number of the articles. Then people would be all over the AV for screwing up their system.
So I guess we will have to agree to disagree.
-
The patch Eddy mentions, just unmasks what it does, it doesn't completely remove the function, it still installs copyright protection software to stop piracy.
What strikes me as weird is that the patch to remove the rootkit component is a 3.4MB zip file. I couldn't see anything about the content of the Service Pack to warrant it being 3.4MB.
Colour me suspicious when a tool to remove something is 3.4MB, I wonder if the patch comes with an EULA for I believe it must be completely replacing it with a different copyright protection program.
November 2, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers.
-
I want my anti-virus program to stop the loading of any rootkit without my permission. Or in that case any software that I didn't give the okay. In Sony's case they do not inform the user that they are loading a rootkit just a music player and anti-copy software. But they do not inform me that I cannot uninstall thier software when I am through with playing the CD. I see this as wrong and therefore malware.
Maybe I am expanding the coverage I expect from an anti-virus product but why should I have to load anti-virus, anti-spyware, anti-rootkit, anti-etc. to protect my PC. I just want to load one software product (anti-malware) that covers it all. The first company that does an excellent job at this will get my money.
Although, I just may move to Linux and keep Windows XP around for a gaming platform.
SonWon
-
1. How is an anti-virus to know that you gave your permission, for the loading of software or a rootkit, it can't know this. All it has to go on is anything loaded on to your system is scanned and if it is recognised as a virus then it is dealt with, the difficulty is the definition of the virus.
I would say that the Sony Rootkit issue (now negated by there revokation of the rootkit element) was more of a spyware issue, now there are companies out there that have been legally forced to remove some software that they classed as spyware from their detections. I don't believe it would have been any different in the case of Sony and the amount of financial and legal clout they have.
2. In Sony's case they do notify you in the ubiquitous EULA it is in there, you have to find it and agree to it otherwise you can't use the software. If you simply click and agree on the EULA agreement then you have to accept that EULA no matter how erroneous it is.
The easiest option IMHO is if you don't like the way Sony Play the game then don't play it, don't buy their products.
3. It is unlikely one piece of software will detect everything, so a multi level approach is better. Not to mention we don't want to see avast become a bloated tool like Norton. I would much rather choose the best in a particular arena than accept a jack of all trades, master of none Suite of programs.
-
Hi DavidR,
Good questions and actually quite simple.
1. I'll turn off the anti-Virus software when I choose to. In Sony's case the anti-virus program should come up with a dialog window warning the user that the program has a rootkit and ask if I want to continue or block the program.
Sony should also provide removal instructions. I know you can get them over the phone but that is not good enough. The progam should have included an uninstaller.
2. Correct me if I am wrong but the EULA does not say that you cannot uninstall the software does it? This is wrong. Don't buy Sony which is what I am doing in the future for all of their products.
3. I agree I also do not want a bloat product. However a well written product would work. Many of the functions for anti virus, spyware and rootkits are the same. There are also some differences but the code for a single product would be smaller that three different products.
Another interesting fact is the Sony rootkit software does not even work on a MacIntosh? Mac owners play the CD like any other music CD. So why is Sony only penalizing PC owners? None of this makes any sense from a business prospective. There is money to be made from the first company that puts it all together and stands up to the companies that distribute viruses, rootkits and spyware.
SonWon
-
Just out on CNET, http://www.cnet.com/4520-6033_1-6376177.html?tag=nl.e501
So, let's make this a bit more explicit. You buy a CD. You put the CD into your PC in order to enjoy your music. Sony grabs this opportunity to sneak into your house like a virus and set up camp, and it leaves the backdoor open so that Sony or any other enterprising intruder can follow and have the run of the place. If you try to kick Sony out, it trashes the place. And what does this software do once it's on your PC? Well, here is (via David Berlind's excellent breakdown of the issue) what Amazon's CD listing page has to say on the subject:
"This product limits your ability to make multiple digital copies of its content, and you will not be able to play this disc or make copies onto devices not listed as compatible. Content/copy protected CDs should allow limited burning, as well as ripping into secure Windows Media Audio formats for playback with most compatible media players and portable devices. In rare cases, these CDs may not be compatible with computer CD-ROM players, DVD players, game consoles, or car CD stereos, and often are not transferable to other formats like MP3."
So it's not just the black hat tactics. The DRM itself is almost unbelievably restrictive...
-
In Sony's case the anti-virus program should come up with a dialog window warning the user that the program has a rootkit and ask if I want to continue or block the program.
Now all companies have to make a security warning about this, increase detection... s*it
None of this makes any sense from a business prospective. There is money to be made from the first company that puts it all together and stands up to the companies that distribute viruses, rootkits and spyware.
Oh, I'm just stating to hate Sony :(
-
Good questions and actually quite simple.
1. I'll turn off the anti-Virus software when I choose to. In Sony's case the anti-virus program should come up with a dialog window warning the user that the program has a rootkit and ask if I want to continue or block the program.
Sony should also provide removal instructions. I know you can get them over the phone but that is not good enough. The progam should have included an uninstaller.
The fact that Sony now has a Service Pack available to remove the rootkit element on-line , rather makes this thread redundant.
2. Correct me if I am wrong but the EULA does not say that you cannot uninstall the software does it? This is wrong. Don't buy Sony which is what I am doing in the future for all of their products.
It is contained in the EULA, following this thread and following the first link in the first post will give a link to a copy of the EULA. http://www.sysinternals.com/blog/sony-eula.htm
extract:
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the “SOFTWARE”) onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.
...
...
3.
...
...
Another interesting fact is the Sony rootkit software does not even work on a MacIntosh? Mac owners play the CD like any other music CD. So why is Sony only penalizing PC owners? None of this makes any sense from a business prospective. There is money to be made from the first company that puts it all together and stands up to the companies that distribute viruses, rootkits and spyware.
Something that in the fullness of time they will probably get around to, but with such a small market share doing the same for the Mac may not seem worth it.
Personally I won't spend any further time on the Sony rootkit issue as it is a dead issue now, the copy protection is a totally different issue and like you I won't be buying anything Sony in the future. Watch out for Blu Ray a new DVD format as this is likely to have strong copyright protection built in.
-
The fact that Sony now has a Service Pack available to remove the rootkit element on-line , rather makes this thread redundant.
Not really since it still does not allow you to uninstall but that is a difference of opinin and I respect yours.
From the Sony EULA, "...the SOFTWARE will reside on YOUR COMPUTER until removed or deleted."
Deleting breaks the PC CDROMs and there is no tool for removal.
I agree, no more Sony and watch out for Blu Ray.
SonWon
-
Hi SonWon,
This goes to show that rootkits are that very easily installed through the autoplay functionality of Windows. Only Windows has this. It is nice and handy, but it means you are immediately infected whenever you load a CD with malicious code into your drive.
You have no "no exec"-option with Windows.
-
Since we can no longer trust large corporations autoplay is now turned off on my PC. :)
BTW, there are now some game companies loading copy protection when you load the game. At least the removal does not break the CDROM drive, yet. :-\
SonWon
-
More discussion on /. and Mark R. received a replay from First 4 Internet.
http://games.slashdot.org/games/05/11/07/1221209.shtml?tid=233&tid=207&tid=10
http://www.sysinternals.com/blog/2005/11/sonys-rootkit-first-4-internet.html
My take is none of this bodes well for Sony and First 4 Internet. Malware? I report you decide. ;)
SonWon
-
Hi ye all,
Sony's rootkit will be detected by AV software, see here:
http://news.com.com/Sonys+antipiracy+may+end+up+on+antivirus+hit+lists/2100-1029_3-5933428.html
greets,
polonus
-
Tom's Hardware now has something to say, http://www.tgdaily.com/2005/11/09/sony_music_sounds_off_key/index.html
SonWon
-
Sony Copy Protection Called Spyware
http://www.techweb.com/wire/security/173600432?sssdmh=dm4.157585
SonWon
-
It keeps getting worst for Sony. Hey, Avast isn't it time to make a public statement on this mess? This will probably be my last post on this subject unless you all want me to continue? Here is a summary from Mark Russinovich's website http://www.sysinternals.com/blog/2005/11/sony-you-dont-reeeeaaaally-want-to_09.html:
The DRM software Sony has been shipping on many CDs since April is cloaked with rootkit technology:
* Sony denies that the rootkit poses a security or reliability threat despite the obvious risks of both
* Sony claims that users don’t care about rootkits because they don’t know what a rootkit is
* The installation provides no way to safely uninstall the software
* Without obtaining consent from the user Sony’s player informs Sony every time it plays a “protected” CD
Sony has told the press that they’ve made a decloaking patch and uninstaller available to customers, however this still leaves the following problems:
* There is no way for customers to find the patch from Sony BMG’s main web page
* The patch decloaks in an unsafe manner that can crash Windows, despite my warning to the First 4 Internet developers
* Access to the uninstaller is gated by two forms and an ActiveX control
* The uninstaller is locked to a single computer, preventing deployment in a corporation
Consumers and antivirus companies are responding:
* F-Secure independently identified the rootkit and provides information on its site
* Computer Associates has labeled the Sony software “spyware”
* A lawfirm has filed a class action lawsuit on behalf of California consumers against Sony
* ALCEI-EFI, an Italian digital-rights advocacy group, has formally asked the Italian government to investigate Sony for possible Italian law violations
-
Sophos has a removal tool for the Sony DRM infection, ah feature. :)
http://www.sophos.com/support/disinfection/rkprf.html
Actually the tool says disables, not sure if it removes? Can someone test? I ran this on my system but I have no known infections. :D
SonWon
-
http://news.bbc.co.uk/1/hi/technology/4427606.stm
-
Here is some more information that might be helpful and informative:
Sony sued over copy-protected CDs
http://news.bbc.co.uk/1/hi/technology/4424254.stm
List of CDs infected with Sony's rootkit DRM
http://www.eff.org/deeplinks/archives/004144.php
The patch can be obtained from the following link:
http://updates.xcp-aurora.com/
P.S.
By the way... EFF is looking to hear from potential plaintiffs for their
Sony suit. If you match the criteria below email allison@eff.org.
1. you have a Windows computer;
2. First 4 Internet's "xcp" copy protection has been installed on your
computer from a Sony CD (for more details, see our blog post referenced
above or SysInternals blog);
3. you reside in either California or New York;
4. you are willing to participate in litigation.
-
Sony proves lawsuits have loud voices (http://ct.cnet-ssa.cnet.com/clicks?c=757469-18443838&brand=cnet-ssa&ds=5&fs=0)
Sony has graciously agreed to stop production of copy-protected CDs (http://ct.cnet-ssa.cnet.com/clicks?c=757470-18443838&brand=cnet-ssa&ds=5&fs=0) containing DRM technology that installs itself as a root kit on your PC.
It took two lawsuits, countless angry consumers, and at least one Trojan horse designed to exploit the backdoor they opened to get us there,
but hey, it's a start. :)
-
Thankfully they have made this decision to stop this practice.
Now all we need is for Sony to make available a revoval tool (for easy direct link download) that you don't have to jump through many hoops, including installing an activeX item before you can come close to removing it, or should I say uncloaking it). So we will have to wait and see if a complete removal tool is made available.
-
Microsoft will wipe Sony's 'rootkit' (http://news.com.com/Microsoft+will+wipe+Sonys+rootkit/2100-1002_3-5949041.html)
Looks like Sony went just far enough over the line for big daddy Microsoft to step in.
The company says that the root kit that disguises Sony BMG's DRM software is a threat to Windows' security,
and Microsoft security tools will now detect and remove it. Saved by Microsoft. ;)
-
Saved by Microsoft. ;)[/b]
At last, good news...
It's ridiculous that to avoid piracy the good ones should pay for the bad guys.
Thanks for the news Bob 8)
-
Experts: Sony BMG Rootkit 'Fix' Only Makes Things Worse
http://www.foxnews.com/story/0,2933,175649,00.html
SonWon
-
Sony Using Rootkit in Music CD DRM
This story whipped up a storm during the month after PC SysInternals Mark Russinovich discovered a rootkit installed by a Sony copy protected audio CD. "Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files." Sony initially tried to defend their software but finally caved in and announced they would suspend the copy protection scheme. Several security vendors have released removal tools including Microsoft who will include that capability in the their Malicious Software Removal Tool distributed via the Windows Update service.
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
-
Sony's removal tool leaves your system open to attack after the removal of the rootkit. Read the link two post up.
SonWon
-
Hi SonWon,
If the Sony removal tool for their rootkit is buggy, and can still leave your system open. After you have taken your disks back to the shop to change them for non-rootkitted versions. Then download this removal tool for the Sony Rootkit, that can be trusted:
http://securityresponse.symantec.com/avcenter/venc/data/securityrisk.aries.html
I hope this will be the last chapter in this drama,
polonus
-
Got this over at Calendar Of Updates.
For any who are truly adventurous (not me ::) ) Kevin McAleavey, one of the makers of Boclean, has posted a manual fix that doesn't need Sony's patch.
http://www.dozleng.com/updates/topic7048
-
Software writers spot open source in Sony BMG CDs (http://today.reuters.com/news/NewsArticle.aspx?type=technologyNews&storyID=uri:2005-11-18T073035Z_01_MCC805647_RTRUKOC_0_US-SONYBMG-OPENSOURCE.xml&pageNumber=1&summit=)
Disrespect to another IP to "protect" "their" IP… Now what can justify what Sony BMG did in this whole incident?
In case you don't know, LAME is one of the most recommendable MP3 encoders. You may be using it through other music apps.
-
Sony should issue a full apology and restructure their management to move Sony into the future so this never happens again. Or they are likely to die a slow death like GM is going through. And just like GM can turn the tide so can Sony but now is the time to declare an emergency and begin the progress upward.
For now I will never buy another Sony product until they admit their mistakes ans issue a full apology. I will also recommend to all of my friends to never buy any Sony product.
About 15 years ago I did the same thing when GM failed to fix a problem with a truck I owned. There must have been thousands of others who felt the same way and we can see the results on GM. The same can happen to Sony.
SonWon
-
Hi All,
I have been following the Sony rootkit fiasco since it was initally reported (http://www.sysinternals.com/) and the developments since. The abovestated site has a good summary.
Sony was interviewed by NPR (http://www.npr.org/templates/story/story.php?storyId=4989260) and they had an amazing viewpoint --- the executive said (listen to the audio file - amazing!) - that as most people do not know what a root kit is, they should not worry about it!
I have been using Avast now for almost 2 years (great program), but I also have to agree with SonWon in regards to all his previous posts (quite obvious actually).
I was startled that there was not even an annoucement on the AVAST web site in regards to the Sony rootkit issue.
Yes, I agree with the fact that the anti-virus program may not be able to detect it (initally) on installation, BUT once the code of the rootkit has been established, I would have thought AVAST would be able to at least disable the 'cloaking' element (so other files and viruses can not hide in the $sys$ directory that the rootkit creates). Or at least Avast could place an announcement on the website with links to other sites that could help.
Pat.
-
hi dr pat
Maybe there wasn't an announcement on the website but since this thread was started by igor,
those of us on the forum where made aware of it by Alwil.
-
Yes, I agree with the fact that the anti-virus program may not be able to detect it (initally) on installation, BUT once the code of the rootkit has been established, I would have thought AVAST would be able to at least disable the 'cloaking' element (so other files and viruses can not hide in the $sys$ directory that the rootkit creates).
The problem is what Sony has done is underhand, devious and down right nasty, the problem is it can't be truly classed as a virus or potentially malware is the intent isn't malicious, stupid, arrogant and ignorant to treat all its customers as potential thieves but not with malicious intent.
So it is hard for AVs to not only categorise this rootkit protecting/hidding the DRM process, but what to do about it if they add it to their detections. If they only remove some of it it could effectively disable your CD/DVD, you wouldn't be pleased about that.
If it did manage to remove everything including the DRM software (which you had to agreed to in the EULA) without harming your system, then Sony might not like that, as Sony could say you (Alwil) are encouraging or condoning the piracy of copyrighted material.
So it is not a simply clear cut decision, but one knowing how much Financial and legal clout Sony have, it could be very costly for Alwil.
The best thing by far is don't buy another thing that has anything to do with Sony from a CD to an LCD TV. If they treat all potential customers as thieves then don't be a customer, hit them where it hurts, in the bottom line.
-
When Sony has finished making a working removal link, this will take you to the removal tool.
(http://img.photobucket.com/albums/v190/bob3160/Avast%20Forum/SONYDRMROOTKITRemovalRequest.jpg) (http://cp.sonybmg.com/xcp/english/form14.html)
-
This may not make me very popular but it needs to be said...
Sony's rootkit infected half a million computers - why didn't the major
antivirus companies notice? (F-Secure is only security company that
deserves praise.)
Symantec later came out with a statement saying "this rootkit was
designed to hide a legitimate application."
The only thing that makes this rootkit legitimate is that a
multinational corporation put it on your computer, not a criminal
organization.
It wasn't until public pressure was just too great to ignore, that
Microsoft announced it would update its security tools to detect and
remove the cloaking portion of the rootkit.
Who are the security companies really working for? It's unlikely that
this Sony rootkit is the only example of a media company using this
technology. What will they do the next time some multinational company
decides that owning your computers is a good idea?
Real Story of the Rogue Rootkit (http://www.wired.com/news/print/0,1294,69601,00.html)
-
We have to ask why any operating system would allow a hook (rootkit) to
hide an entire class of processes from user view. Normally such a
"feature" would be called an exploit.
Amazon is offering refunds to customers that bought Sony CDs that use
controversial anti-copy software.
If you still trust Sony... you may want to use their phone system.
Sony Corp. on Wednesday announced a free Internet-based phone service
similar to the popular computer-to-computer calling provided by Skype (http://www.skype.com/),
but with an emphasis on video conferencing.
http://www.washingtonpost.com/wp-dyn/content/article/2005/11/16/AR2005111601914.html
-
Sony Rootkits: A Sign Of Security Industry Failure
http://www.techweb.com/wire/security/174400286?sssdmh=dm4.158635
I agree the security industry has failed us.
"The Sony software is, plain and simple, spyware, by any reasonable standard of the word. It installs itself without users' knowledge, it runs in stealth mode, it damages the user's system, and it resists removal." http://www.informationweek.com/blog/main/archives/2005/11/sony_is_just_as.html
Pretty plain and simple to me.
SonWon
-
[edit] after reading the link and finally finding out more of the sony rootkit, i feel outraged, even though i think i dont have it grr.... http://www.wired.com/news/print/0,1294,69601,00.html ...angry ;D
i mean, since some anti's don't detect rootkits, i should get one that does
speaking of this...is this software legitimate so that i may use it for the detection of rootkits?
i just realize i have a lot of sony software installed on my computer
and was just checking...
the software is here, but i'm unsure if it is rogue or not
http://www.sysinternals.com/utilities/rootkitrevealer.html
thanks,
tim ;)
-
If you are a very knowledgable computer person you can use antihook. But it does have some downsides. For example if you load new software you must put it back into training mode for a few days or else you will likely bluescreen your PC.
Several anti-virus companies have stepped forward and said they will detect this in the future and are working on an upgrade to make this happen.
I haven't heard anything from avast but maybe it is on their webpage somewhere?
SonWon
-
Editor's Note: Putting Away the Welcome Mat
"AV software for Linux is only going to provide hackers more ways into my system, not less."
"Ultimately, the blame for this lies at Sony's feet. But what I want to know is, why didn't the firewalls, spyware detectors, and AV clients catch this in the first place? The fact that no AV appliance or client caught this implies that these companies are either (a) incompetent or (b) letting this stuff slide by all in the name of digital rights management. Either option is inexcusable, but (b) sends chills down my spine."
http://linuxtoday.com/security/2005111802326OPSWNT
I've been thinking Linux is the long term answer.
I report you decided.
SonWon
-
I apologize if this has already been posted but manual removal instructions are here:
www.dslreports.com/forum/remark,14817570
lol It can't hide from the command prompt.
-
I repeat anyone serious worried about this should simply turn off autoruns. Problem solved.
-
gee...this is really becoming a hot topic
i wonder if they company is gonna get sued?
tim ;)
-
If you own any of these CDs, follow these Instructions for Exchanging Your Sony BMG CDs with Rootkit for Safe CDs (http://www.aunty-spam.com/instructions-for-exchanging-your-sony-bmg-cds-with-rootkit-for-safe-cds/)
-
Sony is being sued in at least three states with Texas the newest.
Sony rootkit: The untold story
"In his column on Wired.com, Schneier makes his own hay because of the way that the anti-malware providers may have been co-conspirators in the rootkit fiasco. They apparently gave First4Internet (and by way of inheritance, Sony) a hall pass to surreptitiously install and run the rootkit on users' PCs. Now you know why I called it a Trojan horse when I first wrote about it. Dan Gillmor picked up on Schneier's report. Indeed, if the anti-malware companies have been lured into becoming foxes that watch the henhouse, that's a major problem." http://blogs.zdnet.com/BTL/?p=2177&tag=nl.e589
This story just keeps growing.
SonWon
-
"But we shouldn't miss the fact that Sony's behavior with both its XCP
and MediaMax implementations matches another pattern we've seen many
times before. It's the serial DRM offender profile that Microsoft,
Symantec, Intuit, and lesser lights in the software industry have
exhibited. Their product activation and other forms of copy protection
also aren't really about stopping piracy - they admit their DRM won't
stop the software counterfeiters. It's about giving the vendors control
over your usage of the products you buy, so they can decide if you're
using it in ways they don't like, or that they ought to force you to
upgrade, or that it's time to start selling the information they've
collected about you to the highest bidder."
From an Ed Foster's GripeLog newsletter, titled 'Sony's DRM Profile'. http://www.gripe2ed.com/scoop/story/2005/11/10/03956/517 (http://www.gripe2ed.com/scoop/story/2005/11/10/03956/517)
Notice DRM software does nothing to stop counterfeiters just honest users.
SonWon
-
Thank you for alerting us Igor, and thank you to all who've kept us up to date on this dangerous issue. Many are following this thread and appreciate your input.
I've never illegally ripped and burned - I was a musician. Looks like I'm going to HAVE to. I certainly won't be buying more CDs until I can be sure there are no rootkits on them. Look at Sony shooting themselves in the foot! Both feet?!
Thank you friends.
-
Look at Sony shooting themselves in the foot! Both feet?!
Much more than their own feet ;D ;D ;D
-
Look at Sony shooting themselves in the foot! Both feet?!
Much more than their own feet ;D ;D ;D
They shot themselves in their own wallet and that could hurt depending on where they keep their wallet. ;D ;D ;D
-
Hi webforum members,
To see if you are affected and how to check your CD's go here for information:
http://www.eff.org/IP/DRM/Sony-BMG/guide.php or check yourself according these instructions:
http://www.microsoft.com/security/encyclopedia/details.aspx?name=WinNT%2fF4IRootkit
greets.
polonus