Author Topic: Rootkit by Sony  (Read 37396 times)

0 Members and 1 Guest are viewing this topic.

Offline Iso-G

  • Avast translator
  • Full Member
  • ***
  • Posts: 141
  • I'm a llama!
    • Grandpa's Notebook
Re: Rootkit by Sony
« Reply #15 on: November 03, 2005, 04:09:16 PM »
It's on secunia report now.
First4Internet XCP Content Management (SECUNIA ADVISORY ID: SA17408)
Windows XP Home SP3 / avast! 6.0 Free Antivirus (Japanese) / Microsoft Security  Essentials(v2,Japanese) / COMODO Firewall 5.3 (D+(full),English) / Secunia Personal Software Inspector (v2,English) / Opera / Thunderbird 3 / Open Office 3

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Rootkit by Sony
« Reply #16 on: November 03, 2005, 05:20:34 PM »
This whole issue sucks and I hope that now it has started to be aired in the public domain that those contemplating purchase of any Sony products don't purchase it. Not just Sony music products, but all Sony products. Show your distaste at this very underhand (pun intended) tactic by voting with their wallet and don't buy it. This is the only language these huge companies understand, the bottom line.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline kakapo

  • Sr. Member
  • ****
  • Posts: 200
  • Llamas are cool
Re: Rootkit by Sony
« Reply #17 on: November 03, 2005, 09:34:17 PM »
As an ex musician I don't "steal" music; I buy it, but this  latest trick from Sony is way OTT. Even tho' I've never stolen music they assume I will. I don't like that attitude.

ROOTKITS!!! A low blow to users. Did they really think we wouldn't notice? Care?
That's done it for me. No more Sony discs or for that matter Sony- anythings.

As  DavidR says, if we all boycott Sony they may re-think their strategies, but too late for me. Sony's become a dirty word here.  I'll never be able to trust them again.

Walks away muttering "ROOTKITS! Invasion of privacy! Dirrrrrty business.........grrrrr" and playing older music again........

But Happy Days to y'all and thanks for the heads-up!
All that it takes for the triumph of evil is for Good Men to do Nothing.


Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46295
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Rootkit by Sony
« Reply #18 on: November 03, 2005, 11:56:18 PM »
David
The boycott suggestion is a great idea. I shall pass it on. 
The more places are made aware of this, the better and the greater the effect will be.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #19 on: November 04, 2005, 12:26:19 AM »
Will Avast detect this now or in the future?  I didn't see the answer.

SonWon

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Rootkit by Sony
« Reply #20 on: November 04, 2005, 12:42:23 AM »
David
The boycott suggestion is a great idea. I shall pass it on.
The more places are made aware of this, the better and the greater the effect will be.
It really is the only language they understand.

When a company automatically brands everyone a possible thief, then perhaps we should consider them possible robbers.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Rootkit by Sony
« Reply #21 on: November 04, 2005, 12:55:00 AM »
Will Avast detect this now or in the future? I didn't see the answer.
SonWon,

The short answer at present would have to be no.

Rootkits by there nature are hidden from the operating system to avoid detection and are very hard to detect and even harder to remove once established.

Unless you are able to detect the file that installs the rootkit (and that requires a sample of the file once identified) and can either block or delete that then most AVs can't detect rootkits, much less remove them. This as far as I'm aware is no different for avast!.

Although this rootkit doesn't have any malicious intent (like the ones that mask malware), so in theory it shouldn't be detected by an AV. Although with the amount of publicity already given about this Sony Rootkit there is concern that malware writers will exploit the fact that it is likely to be present on many systems and use how it works to exploit your system.

Even though this rootkit is benign (no malicious payload), other than to stop your pirating software (even if you have not intention to do that), once installed it could leave your system vulnerable to exploit as is being reported in Secunia.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #22 on: November 04, 2005, 03:18:59 AM »
DavidR,

I respectfully disagree.  Here is a quote from http://www.theinquirer.net/?article=27426

"The prefix 'mal-' according to Merriam-Webster means 1) bad 2) abnormal 3) inadequate. -ware is short for software. This means malware is defined as bad software."

"If you look at the Sony rootkit, it does several things. It strips you of your rights, it potentially causes your computer harm, it breaks your computer if you remove it, and eats your CPU time. All of these things are bad, no question there. It also does the end user no good in any way, shape or form, not even by the most demented stretch of the imagination. It only hurts those who spent money to buy it."

I think this certainly qualifies as bad and abnormal.

SonWon

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Rootkit by Sony
« Reply #23 on: November 04, 2005, 03:28:09 AM »
"If you look at the Sony rootkit, it does several things. It strips you of your rights, it potentially causes your computer harm, it breaks your computer if you remove it, and eats your CPU time. All of these things are bad, no question there. It also does the end user no good in any way, shape or form, not even by the most demented stretch of the imagination. It only hurts those who spent money to buy it."
It will be certainly qualified as bad  :P
SonWon, you're right, why do we need this?
I use the Autorun feature on, but when I use a unknown CD, I disable it before. Use a non-administrator account then.

The best things in life are free.

Offline Cloussau

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 897
  • AVAST! antivirus with balls
Re: Rootkit by Sony
« Reply #24 on: November 04, 2005, 03:38:42 AM »
I would think the term MALWARE should be considered as short for malicous software in that it actively tries to create problems or damage.
This rootkit although it has the potential for misuse by others exploiting it,doesnt ceate any destructive action apart from the 1-2 percent of CPU that was reported in the original article.
Somewhere down the track im sure Sony will look back on this as a mistake and perhaps regret ever doing it as it hasnt made any difference to the availability of the music in question SEEhttp://forum.avast.com/index.php?topic=17187.0
Amazes me that Sony would opt to use this on such an obscure artist
sys- p4  3.0D ,  1024mb ddram ;arsenal :Avast IS 5.0 pro / Firefox / adblock /noscript : win xp/pro/sp3 32 bit

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Rootkit by Sony
« Reply #25 on: November 04, 2005, 03:53:34 AM »
Cloussau, isn't the behavior a malicous one?
I mean, a rootkit can't be a good software piece...
Anyway, who knows  8)
The best things in life are free.

Offline Umath

  • Sr. Member
  • ****
  • Posts: 204
Re: Rootkit by Sony
« Reply #26 on: November 04, 2005, 05:43:39 AM »
Somewhere down the track im sure Sony will look back on this as a mistake and perhaps regret ever doing it as it hasnt made any difference to the availability of the music in question SEE http://forum.avast.com/index.php?topic=17187.0
Amazes me that Sony would opt to use this on such an obscure artist

Famous artists may have rejected the copy protection.  Also, Sony may have calculated the impact of the news.  This is possibly a result of political gesture to content industry concerning their strategy on the next-gen format.

Different from some manufacturing companies, Sony has content industry inside.  As long as it cannot separate its manufacturing business form its content one, I don't think Sony can be trusted from users.  In fact, while it is trying to sell its not-exclusively-ATRAC Network Walkman advertising that it now thinks from the side of the users, it is trying to appeal content industry through its copy protection system for its new blue-ray disc format.  I am quite sure whatever Sony is making, they will have its copy-protection system inside.  Sony may think that it will be able to combine its businesses into one direction but I wonder if users are going to follow the road they are trying to pave.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31301
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Rootkit by Sony
« Reply #27 on: November 04, 2005, 06:45:02 AM »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Rootkit by Sony
« Reply #28 on: November 04, 2005, 02:57:39 PM »
DavidR,

I respectfully disagree. Here is a quote from http://www.theinquirer.net/?article=27426

"The prefix 'mal-' according to Merriam-Webster means 1) bad 2) abnormal 3) inadequate. -ware is short for software. This means malware is defined as bad software."

"If you look at the Sony rootkit, it does several things. It strips you of your rights, it potentially causes your computer harm, it breaks your computer if you remove it, and eats your CPU time. All of these things are bad, no question there. It also does the end user no good in any way, shape or form, not even by the most demented stretch of the imagination. It only hurts those who spent money to buy it."

I think this certainly qualifies as bad and abnormal.
You can disagree if you wish, I have no problem with that; you only need read my previous posts about this to gage my feeling about this issue and see I'm no supporter of Sony.

However what they have done shouldn't be classed as a rootkit virus, my use of the word malware is generic for thing picked up by anti-virus programs and in this context an AV I don't believe should pick it up.

Quote
It strips you of your rights, it potentially causes your computer harm, it breaks your computer if you remove it, and eats your CPU time.
None of which can be considered reason to be classed as a virus, after all that is what an AV has to do. Your rights aren't stripped (you have a choice, don't use Sony music or products), removal is only a problem if you install it in the first place (if you did you are accepting it), CPU time as I see it would only be used when you try to do something that is likely to be classed as piracy, e.g burning copies of the CD, etc. (so if you don't do that the hit on CPU time would be negligible).

It doesn't really matter if it is bad or abnormal, what matters is if it qualifies as a virus for an Anti-Virus program to do something about it. Not to mention if an AV did remove it incorrectly, it could screw up your system as been reported by a number of the articles. Then people would be all over the AV for screwing up their system.

So I guess we will have to agree to disagree.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Rootkit by Sony
« Reply #29 on: November 04, 2005, 03:10:19 PM »
The patch Eddy mentions, just unmasks what it does, it doesn't completely remove the function, it still installs copyright protection software to stop piracy.

What strikes me as weird is that the patch to remove the rootkit component is a 3.4MB zip file. I couldn't see anything about the content of the Service Pack to warrant it being 3.4MB.

Colour me suspicious when a tool to remove something is 3.4MB, I wonder if the patch comes with an EULA for I believe it must be completely replacing it with a different copyright protection program.

Quote
November 2, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security