Author Topic: Rootkit by Sony  (Read 37394 times)

0 Members and 1 Guest are viewing this topic.

Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #30 on: November 04, 2005, 07:12:35 PM »
I want my anti-virus program to stop the loading of any rootkit without my permission.  Or in that case any software that I didn't give the okay.  In Sony's case they do not inform the user that they are loading a rootkit just a music player and anti-copy software.  But they do not inform me that I cannot uninstall thier software when I am through with playing the CD.  I see this as wrong and therefore malware.

Maybe I am expanding the coverage I expect from an anti-virus product but why should I have to load anti-virus, anti-spyware, anti-rootkit, anti-etc. to protect my PC.  I just want to load one software product (anti-malware) that covers it all.  The first company that does an excellent job at this will get my money.

Although, I just may move to Linux and keep Windows XP around for a gaming platform.

SonWon

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Rootkit by Sony
« Reply #31 on: November 04, 2005, 07:34:54 PM »
1. How is an anti-virus to know that you gave your permission, for the loading of software or a rootkit, it can't know this. All it has to go on is anything loaded on to your system is scanned and if it is recognised as a virus then it is dealt with, the difficulty is the definition of the virus.

I would say that the Sony Rootkit issue (now negated by there revokation of the rootkit element) was more of a spyware issue, now there are companies out there that have been legally forced to remove some software that they classed as spyware from their detections. I don't believe it would have been any different in the case of Sony and the amount of financial and legal clout they have.

2. In Sony's case they do notify you in the ubiquitous  EULA it is in there, you have to find it and agree to it otherwise you can't use the software. If you simply click and agree on the EULA agreement then you have to accept that EULA no matter how erroneous it is.

The easiest option IMHO is if you don't like the way Sony Play the game then don't play it, don't buy their products.

3. It is unlikely one piece of software will detect everything, so a multi level approach is better. Not to mention we don't want to see avast become a bloated tool like Norton. I would much rather choose the best in a particular arena than accept a jack of all trades, master of none Suite of programs.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #32 on: November 04, 2005, 07:51:31 PM »
Hi DavidR,

Good questions and actually quite simple.

1. I'll turn off the anti-Virus software when I choose to.  In Sony's case the anti-virus program should come up with a dialog window warning the user that the program has a rootkit and ask if I want to continue or block the program.

Sony should also provide removal instructions.  I know you can get them over the phone but that is not good enough.  The progam should have included an uninstaller.

2. Correct me if I am wrong but the EULA does not say that you cannot uninstall the software does it?  This is wrong.  Don't buy Sony which is what I am doing in the future for all of their products.

3. I agree I also do not want a bloat product.  However a well written product would work.  Many of the functions for anti virus, spyware and rootkits are the same.  There are also some differences but the code for a single product would be smaller that three different products.

Another interesting fact is the Sony rootkit software does not even work on a MacIntosh?  Mac owners play the CD like any other music CD.  So why is Sony only penalizing PC owners?  None of this makes any sense from a business prospective.  There is money to be made from the first company that puts it all together and stands up to the companies that distribute viruses, rootkits and spyware.

SonWon

Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #33 on: November 04, 2005, 07:54:33 PM »
Just out on CNET, http://www.cnet.com/4520-6033_1-6376177.html?tag=nl.e501

So, let's make this a bit more explicit. You buy a CD. You put the CD into your PC in order to enjoy your music. Sony grabs this opportunity to sneak into your house like a virus and set up camp, and it leaves the backdoor open so that Sony or any other enterprising intruder can follow and have the run of the place. If you try to kick Sony out, it trashes the place. And what does this software do once it's on your PC? Well, here is (via David Berlind's excellent breakdown of the issue) what Amazon's CD listing page has to say on the subject:

"This product limits your ability to make multiple digital copies of its content, and you will not be able to play this disc or make copies onto devices not listed as compatible. Content/copy protected CDs should allow limited burning, as well as ripping into secure Windows Media Audio formats for playback with most compatible media players and portable devices. In rare cases, these CDs may not be compatible with computer CD-ROM players, DVD players, game consoles, or car CD stereos, and often are not transferable to other formats like MP3."

So it's not just the black hat tactics. The DRM itself is almost unbelievably restrictive...

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Rootkit by Sony
« Reply #34 on: November 04, 2005, 08:06:05 PM »
In Sony's case the anti-virus program should come up with a dialog window warning the user that the program has a rootkit and ask if I want to continue or block the program.
Now all companies have to make a security warning about this, increase detection... s*it

None of this makes any sense from a business prospective.  There is money to be made from the first company that puts it all together and stands up to the companies that distribute viruses, rootkits and spyware.
Oh, I'm just stating to hate Sony  :(
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Rootkit by Sony
« Reply #35 on: November 04, 2005, 10:01:23 PM »
Good questions and actually quite simple.

1. I'll turn off the anti-Virus software when I choose to. In Sony's case the anti-virus program should come up with a dialog window warning the user that the program has a rootkit and ask if I want to continue or block the program.

Sony should also provide removal instructions. I know you can get them over the phone but that is not good enough. The progam should have included an uninstaller.
The fact that Sony now has a Service Pack available to remove the rootkit element on-line , rather makes this thread redundant.

2. Correct me if I am wrong but the EULA does not say that you cannot uninstall the software does it? This is wrong. Don't buy Sony which is what I am doing in the future for all of their products.
It is contained in the EULA, following this thread and following the first link in the first post will give a link to a copy of the EULA. http://www.sysinternals.com/blog/sony-eula.htm

extract:
Quote
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the “SOFTWARE”) onto YOUR COMPUTER.  The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT.  Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted.  However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.
...
...

3.
...
...
Another interesting fact is the Sony rootkit software does not even work on a MacIntosh? Mac owners play the CD like any other music CD. So why is Sony only penalizing PC owners? None of this makes any sense from a business prospective. There is money to be made from the first company that puts it all together and stands up to the companies that distribute viruses, rootkits and spyware.
Something that in the fullness of time they will probably get around to, but with such a small market share doing the same for the Mac may not seem worth it.

Personally I won't spend any further time on the Sony rootkit issue as it is a dead issue now, the copy protection is a totally different issue and like you I won't be buying anything Sony in the future. Watch out for Blu Ray a new DVD format as this is likely to have strong copyright protection built in.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #36 on: November 04, 2005, 10:47:06 PM »
Quote
The fact that Sony now has a Service Pack available to remove the rootkit element on-line , rather makes this thread redundant.

Not really since it still does not allow you to uninstall but that is a difference of opinin and I respect yours.

From the Sony EULA,
Quote
"...the SOFTWARE will reside on YOUR COMPUTER until removed or deleted."

Deleting breaks the PC CDROMs and there is no tool for removal.

I agree, no more Sony and watch out for Blu Ray.


SonWon

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33374
  • malware fighter
Re: Rootkit by Sony
« Reply #37 on: November 07, 2005, 03:05:07 PM »
Hi SonWon,

This goes to show that rootkits are that very easily installed through the autoplay functionality of Windows. Only Windows has this. It is nice and handy, but it means you are immediately infected whenever you load a CD with malicious code  into your drive.
You have no "no exec"-option with Windows.
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #38 on: November 07, 2005, 03:58:32 PM »
Since we can no longer trust large corporations autoplay is now turned off on my PC.   :)

BTW, there are now some game companies loading copy protection when you load the game.  At least the removal does not break the CDROM drive, yet.   :-\

SonWon

Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #39 on: November 08, 2005, 01:05:52 AM »
More discussion on /. and Mark R. received a replay from First 4 Internet.


http://games.slashdot.org/games/05/11/07/1221209.shtml?tid=233&tid=207&tid=10

http://www.sysinternals.com/blog/2005/11/sonys-rootkit-first-4-internet.html

My take is none of this bodes well for Sony and First 4 Internet.  Malware?  I report you decide.   ;)

SonWon

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33374
  • malware fighter
Re: Rootkit by Sony
« Reply #40 on: November 08, 2005, 02:21:40 PM »
Hi ye all,

Sony's rootkit will be detected by AV software, see here:
http://news.com.com/Sonys+antipiracy+may+end+up+on+antivirus+hit+lists/2100-1029_3-5933428.html

greets,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #41 on: November 09, 2005, 07:32:12 PM »
Tom's Hardware now has something to say, http://www.tgdaily.com/2005/11/09/sony_music_sounds_off_key/index.html

SonWon

Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #42 on: November 09, 2005, 11:25:11 PM »

Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #43 on: November 10, 2005, 04:40:54 AM »
It keeps getting worst for Sony.  Hey, Avast isn't it time to make a public statement on this mess?  This will probably be my last post on this subject unless you all want me to continue?  Here is a summary from Mark Russinovich's website http://www.sysinternals.com/blog/2005/11/sony-you-dont-reeeeaaaally-want-to_09.html:

The DRM software Sony has been shipping on many CDs since April is cloaked with rootkit technology:

    * Sony denies that the rootkit poses a security or reliability threat despite the obvious risks of both
    * Sony claims that users don’t care about rootkits because they don’t know what a rootkit is
    * The installation provides no way to safely uninstall the software
    * Without obtaining consent from the user Sony’s player informs Sony every time it plays a “protected” CD

Sony has told the press that they’ve made a decloaking patch and uninstaller available to customers, however this still leaves the following problems:

    * There is no way for customers to find the patch from Sony BMG’s main web page
    * The patch decloaks in an unsafe manner that can crash Windows, despite my warning to the First 4 Internet developers
    * Access to the uninstaller is gated by two forms and an ActiveX control
    * The uninstaller is locked to a single computer, preventing deployment in a corporation

Consumers and antivirus companies are responding:

    * F-Secure independently identified the rootkit and provides information on its site
    * Computer Associates has labeled the Sony software “spyware”
    * A lawfirm has filed a class action lawsuit on behalf of California consumers against Sony
    * ALCEI-EFI, an Italian digital-rights advocacy group, has formally asked the Italian government to investigate Sony for possible Italian law violations



Offline SonWon

  • Jr. Member
  • **
  • Posts: 27
Re: Rootkit by Sony
« Reply #44 on: November 10, 2005, 10:21:28 PM »
Sophos has a removal tool for the Sony DRM infection, ah feature.   :)

http://www.sophos.com/support/disinfection/rkprf.html

Actually the tool says disables, not sure if it removes?  Can someone test?  I ran this on my system but I have no known infections.   :D

SonWon