Author Topic: Rootkit by Sony (Read 42469 times)

DavidR · « **Reply #60 on:** November 18, 2005, 11:39:06 PM »

Quote from: dr pat on November 18, 2005, 10:03:09 PM

Yes, I agree with the fact that the anti-virus program may not be able to detect it (initally) on installation, BUT once the code of the rootkit has been established, I would have thought AVAST would be able to at least disable the 'cloaking' element (so other files and viruses can not hide in the $sys$ directory that the rootkit creates).

The problem is what Sony has done is underhand, devious and down right nasty, the problem is it can't be truly classed as a virus or potentially malware is the intent isn't malicious, stupid, arrogant and ignorant to treat all its customers as potential thieves but not with malicious intent.

So it is hard for AVs to not only categorise this rootkit protecting/hidding the DRM process, but what to do about it if they add it to their detections. If they only remove some of it it could effectively disable your CD/DVD, you wouldn't be pleased about that.

If it did manage to remove everything including the DRM software (which you had to agreed to in the EULA) without harming your system, then Sony might not like that, as Sony could say you (Alwil) are encouraging or condoning the piracy of copyrighted material.

So it is not a simply clear cut decision, but one knowing how much Financial and legal clout Sony have, it could be very costly for Alwil.

The best thing by far is don't buy another thing that has anything to do with Sony from a CD to an LCD TV. If they treat all potential customers as thieves then don't be a customer, hit them where it hurts, in the bottom line.

bob3160 · « **Reply #61 on:** November 19, 2005, 05:01:30 AM »

When Sony has finished making a working removal link, this will take you to the removal tool.

bob3160 · « **Reply #62 on:** November 19, 2005, 07:16:19 AM »

This may not make me very popular but it needs to be said...

Sony's rootkit infected half a million computers - why didn't the major
antivirus companies notice? (F-Secure is only security company that
deserves praise.)

Symantec later came out with a statement saying "this rootkit was
designed to hide a legitimate application."

The only thing that makes this rootkit legitimate is that a
multinational corporation put it on your computer, not a criminal
organization.

It wasn't until public pressure was just too great to ignore, that
Microsoft announced it would update its security tools to detect and
remove the cloaking portion of the rootkit.

Who are the security companies really working for? It's unlikely that
this Sony rootkit is the only example of a media company using this
technology. What will they do the next time some multinational company
decides that owning your computers is a good idea?
Real Story of the Rogue Rootkit

bob3160 · « **Reply #63 on:** November 19, 2005, 07:24:20 AM »

We have to ask why any operating system would allow a hook (rootkit) to
hide an entire class of processes from user view. Normally such a
"feature" would be called an exploit.

Amazon is offering refunds to customers that bought Sony CDs that use
controversial anti-copy software.

If you still trust Sony... you may want to use their phone system.

Sony Corp. on Wednesday announced a free Internet-based phone service
similar to the popular computer-to-computer calling provided by Skype,
but with an emphasis on video conferencing.
http://www.washingtonpost.com/wp-dyn/content/article/2005/11/16/AR2005111601914.html

SonWon · « **Reply #64 on:** November 21, 2005, 08:55:35 PM »

Sony Rootkits: A Sign Of Security Industry Failure
http://www.techweb.com/wire/security/174400286?sssdmh=dm4.158635

I agree the security industry has failed us.

"The Sony software is, plain and simple, spyware, by any reasonable standard of the word. It installs itself without users' knowledge, it runs in stealth mode, it damages the user's system, and it resists removal." http://www.informationweek.com/blog/main/archives/2005/11/sony_is_just_as.html

Pretty plain and simple to me.

SonWon

Yinyang4evry1 · « **Reply #65 on:** November 21, 2005, 09:24:20 PM »

[edit] after reading the link and finally finding out more of the sony rootkit, i feel outraged, even though i think i dont have it grr.... http://www.wired.com/news/print/0,1294,69601,00.html ...angry

i mean, since some anti's don't detect rootkits, i should get one that does
speaking of this...is this software legitimate so that i may use it for the detection of rootkits?
i just realize i have a lot of sony software installed on my computer
and was just checking...

the software is here, but i'm unsure if it is rogue or not
http://www.sysinternals.com/utilities/rootkitrevealer.html

thanks,
tim

SonWon · « **Reply #66 on:** November 21, 2005, 09:56:09 PM »

If you are a very knowledgable computer person you can use antihook. But it does have some downsides. For example if you load new software you must put it back into training mode for a few days or else you will likely bluescreen your PC.

Several anti-virus companies have stepped forward and said they will detect this in the future and are working on an upgrade to make this happen.

I haven't heard anything from avast but maybe it is on their webpage somewhere?

SonWon

SonWon · « **Reply #67 on:** November 21, 2005, 10:24:29 PM »

Editor's Note: Putting Away the Welcome Mat
"AV software for Linux is only going to provide hackers more ways into my system, not less."

"Ultimately, the blame for this lies at Sony's feet. But what I want to know is, why didn't the firewalls, spyware detectors, and AV clients catch this in the first place? The fact that no AV appliance or client caught this implies that these companies are either (a) incompetent or (b) letting this stuff slide by all in the name of digital rights management. Either option is inexcusable, but (b) sends chills down my spine."

http://linuxtoday.com/security/2005111802326OPSWNT

I've been thinking Linux is the long term answer.

I report you decided.

SonWon

Delta · « **Reply #68 on:** November 21, 2005, 10:33:58 PM »

I apologize if this has already been posted but manual removal instructions are here:
www.dslreports.com/forum/remark,14817570

lol It can't hide from the command prompt.

Mastertech · « **Reply #69 on:** November 22, 2005, 04:34:32 AM »

I repeat anyone serious worried about this should simply turn off autoruns. Problem solved.

Yinyang4evry1 · « **Reply #70 on:** November 22, 2005, 04:41:19 AM »

gee...this is really becoming a hot topic
i wonder if they company is gonna get sued?

tim

bob3160 · « **Reply #71 on:** November 22, 2005, 02:07:24 PM »

If you own any of these CDs, follow these Instructions for Exchanging Your Sony BMG CDs with Rootkit for Safe CDs

SonWon · « **Reply #72 on:** November 22, 2005, 02:53:49 PM »

Sony is being sued in at least three states with Texas the newest.

Sony rootkit: The untold story
"In his column on Wired.com, Schneier makes his own hay because of the way that the anti-malware providers may have been co-conspirators in the rootkit fiasco. They apparently gave First4Internet (and by way of inheritance, Sony) a hall pass to surreptitiously install and run the rootkit on users' PCs. Now you know why I called it a Trojan horse when I first wrote about it. Dan Gillmor picked up on Schneier's report. Indeed, if the anti-malware companies have been lured into becoming foxes that watch the henhouse, that's a major problem." http://blogs.zdnet.com/BTL/?p=2177&tag=nl.e589

This story just keeps growing.

SonWon

SonWon · « **Reply #73 on:** November 22, 2005, 07:42:29 PM »

"But we shouldn't miss the fact that Sony's behavior with both its XCP
and MediaMax implementations matches another pattern we've seen many
times before. It's the serial DRM offender profile that Microsoft,
Symantec, Intuit, and lesser lights in the software industry have
exhibited. Their product activation and other forms of copy protection
also aren't really about stopping piracy - they admit their DRM won't
stop the software counterfeiters. It's about giving the vendors control
over your usage of the products you buy, so they can decide if you're
using it in ways they don't like, or that they ought to force you to
upgrade, or that it's time to start selling the information they've
collected about you to the highest bidder."

From an Ed Foster's GripeLog newsletter, titled 'Sony's DRM Profile'. http://www.gripe2ed.com/scoop/story/2005/11/10/03956/517

Notice DRM software does nothing to stop counterfeiters just honest users.

SonWon

kakapo · « **Reply #74 on:** November 22, 2005, 09:45:59 PM »

Thank you for alerting us Igor, and thank you to all who've kept us up to date on this dangerous issue. Many are following this thread and appreciate your input.

I've never illegally ripped and burned - I was a musician. Looks like I'm going to HAVE to. I certainly won't be buying more CDs until I can be sure there are no rootkits on them. Look at Sony shooting themselves in the foot! Both feet?!

Thank you friends.

Author Topic: Rootkit by Sony (Read 42469 times)

DavidR

Re: Rootkit by Sony

bob3160

Re: Rootkit by Sony

bob3160

Re: Rootkit by Sony

bob3160

Re: Rootkit by Sony

SonWon

Re: Rootkit by Sony

Yinyang4evry1

Re: Rootkit by Sony

SonWon

Re: Rootkit by Sony

SonWon

Re: Rootkit by Sony

Delta

Re: Rootkit by Sony

Mastertech

Re: Rootkit by Sony

Yinyang4evry1

Re: Rootkit by Sony

bob3160

Re: Rootkit by Sony

SonWon

Re: Rootkit by Sony

SonWon

Re: Rootkit by Sony

kakapo

Re: Rootkit by Sony