Slashdot Mirror

Here's another link that give a breakdown of what this thing is really doing.

I long for the good old days (late 90's) when music was free.

There's mixed reports on wether or not these CD's are in the european market or not, so I can't give a straight answer on the second question.

On the first - there's an EULA tied to a custom music player included on the CD which Sony are trying to use as a catch-all.
Mark has the full EULA copied onto Sysinternals. Linky

From the article: "Sony's move is the latest effort by the entertainment companies to rely on controversial 'digital rights management' (DRM) technologies to reverse a steady drop in sales that the industry attributes in large part to piracy facilitated by online music and movie file-sharing networks like Kazaa and Limewire."

Yeah, because installing secretive, privacy-invading software on your computer is sure to stimulate CD sales.

And the uninstall process is a privacy invasion too... you gotta fill out an online form, check your email for a URL to ANOTHER online form, then get the uninstaller. And while the uninstaller gets rid of the XCP2 Aurora, it simultaneously installs another DRM (MediaJam). Nice. Sony, how I love thee. You're so sinister.

Looks like Sony aren't making it easy to get rid of their rootkit.

Most Spyware has fewer hoops to jump through to uninstall it.

Right, because CDs never have anything related to DRM...

(Just to list a few)

Also Age of Empires III won't run on anything below XP, but there's no reason I can think of for such a restriction, esp. against Windows 2000, except to push towards the newer platforms.

First of all, how are you sure that the disk activity you are seeing is actually paging? Lots of stuff loads at boot time, hence the name. Get Filemon and set the filter to show only IO on pagefile.sys.

Second, let me introduce you to the concept of standby pages: memory that has copies both in memory and on disk. This way, if the memory is needed for something else it can be taken immediately without accessing the disk (since there's already a copy there), and if the memory is needed back where it came from (a soft fault), it's already in memory. Windows does agressively put pages into the standby list, and Task Manager double counts them in Availaible Memory and System Cache. Availaible memory includes both free memory and standby memory; it's the memory that is availaible for any use without accessing the disk. This preemptive paging does disk activity now so that it might be avoided in the future when the disk is busy with something more important.

HA! Admit it! It's Sony and they've come with their so-called proprietary CD-Rom driver.

Please give Sony a stable kernel API so that they can hook your kernel system calls!

DRM: playing soon at a Linux distribution near you!

Right that does it.

I've just sent in some feedback on the some of the forms offered on the Sony website. I've provided links to the blog articles for their information. I also let them know:
- I will not buying any Sony products in the forseeable future
- I will be emailing friends, acquaintances and family explaining what is ocurring and recommending a boycott of all Sony products.

I recommend that others do the same.

FWIW, the text of the email I am sending out is:

A furore has erupted online recently over some software that Sony has
shipped with some music CDs.

Effectively in an attempt to stop people from copying CDs to their
computers, Sony CDs will install some software onto your computer when a
music CD is first put into the drive. This software alters windows in a
way that makes it less secure. It also hides itself and is next to
impossible to remove. Also each time a CD us put into the drive it
"phones home" to Sony tell them what CD you are playing.

There are many concerns with this. In the first place it is not clear
that software is being installed on your machine when the CD is
inserted. Secondly it is deceptive by hiding the software. Thirdly no
means of uninstalling the software is provided. Finally there are
privacy concerns with software that tracks how you use your computer.

One week after this was revealed, Sony has failed to respond to these
concerns.

I am writing to recommend that you boycott all Sony products. The Sony
family of companies are:
- Sony
- Sony BMG
- Sony Erickson
- Sony Computer Entertainment

I also suggest that you take a moment to let Sony know that you are
unhappy with their actions at one of the following feedback forms:
http://www.sonybmg.com.au/misc/contact.do
http://www.sonyericsson.com/spg.jsp?cc=global&lc=e n&ver=4001&template=ph1_2&zone=ph
http://www.sony.com.au/support/contactus/contactUs .jsp?categoryId=22847

For further technical details on how the Sony CDs operate:
http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html
http://www.sysinternals.com/blog/2005/11/more-on-s ony-dangerous-decloaking.html

Right that does it.

I've just sent in some feedback on the some of the forms offered on the Sony website. I've provided links to the blog articles for their information. I also let them know:
- I will not buying any Sony products in the forseeable future
- I will be emailing friends, acquaintances and family explaining what is ocurring and recommending a boycott of all Sony products.

I recommend that others do the same.

FWIW, the text of the email I am sending out is:

A furore has erupted online recently over some software that Sony has
shipped with some music CDs.

Effectively in an attempt to stop people from copying CDs to their
computers, Sony CDs will install some software onto your computer when a
music CD is first put into the drive. This software alters windows in a
way that makes it less secure. It also hides itself and is next to
impossible to remove. Also each time a CD us put into the drive it
"phones home" to Sony tell them what CD you are playing.

There are many concerns with this. In the first place it is not clear
that software is being installed on your machine when the CD is
inserted. Secondly it is deceptive by hiding the software. Thirdly no
means of uninstalling the software is provided. Finally there are
privacy concerns with software that tracks how you use your computer.

One week after this was revealed, Sony has failed to respond to these
concerns.

I am writing to recommend that you boycott all Sony products. The Sony
family of companies are:
- Sony
- Sony BMG
- Sony Erickson
- Sony Computer Entertainment

I also suggest that you take a moment to let Sony know that you are
unhappy with their actions at one of the following feedback forms:
http://www.sonybmg.com.au/misc/contact.do
http://www.sonyericsson.com/spg.jsp?cc=global&lc=e n&ver=4001&template=ph1_2&zone=ph
http://www.sony.com.au/support/contactus/contactUs .jsp?categoryId=22847

For further technical details on how the Sony CDs operate:
http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html
http://www.sysinternals.com/blog/2005/11/more-on-s ony-dangerous-decloaking.html

> Most ony customers care little for this Sony solution. My 12 year old sister doesn't seem to care one bit. Sony has the "right" to provide this feature as you're not being forced to buy it.

A president of one of Sony's divisions agrees with you: "Most people, I think, do not even know what a Rootkit is, so why should they care about it?"

Source: http://www.sysinternals.com/blog/2005/11/more-on-s ony-dangerous-decloaking.html#113113836431821799

I did some looking and found the EULA online. To answer my own question, it doesn't seem to mention the "phoning home".

SysInternal's Mark Russinovich has posted a new entry about Sony's XCP DRM technology.

According to his post, it seems Sony's fix "patch" makes a little "contact home" contacting Sony servers. This even when sony claims that their software didnt made contact with them.

Slashdot covered previously the intial XCP rootkit story.

The inquirer has an interesting article on the Sony DRM technology overall.

And it seems community have found several alternate uses for the XCP technology which include hiding game cheating software and even to bypass DRM technology

SysInternal's Mark Russinovich has posted a new entry about Sony's XCP DRM technology.

According to his post, it seems Sony's fix "patch" makes a little "contact home" contacting Sony servers. This even when sony claims that their software didnt made contact with them.

Slashdot covered previously the intial XCP rootkit story.

The inquirer has an interesting article on the Sony DRM technology overall.

And it seems community have found several alternate uses for the XCP technology which include hiding game cheating software and even to bypass DRM technology

Actually, if you look further down the comments, you'll find another post by Matt Nikki saying that he tried it again and it didn't work, so either he got lucky one time or something strange is going on.

See here

Mark has also just posted how First 4 Internet, the creators of the rootkit, have made a rebuttle on Mark's claims: http://www.sysinternals.com/blog/2005/11/sonys-roo tkit-first-4-internet.html

I use hardlinks for this. It's also a nice way of moving your "documents and settings" folder or similar if you forgot to put it on another partition when you installed the OS.

To hardlink a folder, either roll an app yourself or use russinovich's excellent junction tool.
sysinternals.com

To do it for a single file, "fsutil hardlink create" should do the trick.

Ha! Given Sony's latest DRM & PR faux pas with the rootkit, I'd say I'm a little gun shy about pulling the trigger on downloading anything from those dorks.

Maybe the $8 is going toward their new legal fund? :-)

I submitted a story that got rejected regarding this type of "rootkit." Somehow (my girlfriend's daughter uses this system in a reletively locked-down mode) I got something installed on my system that slipped past the Spybot S&D, MS AntiSpyware, AVG antivirus, and ewido.
It was a total b*tch just to find. The thing would build its directory/itself on shutdown (it seemed) and load then delete any trace of itself at startup, even in Safe Mode. It hid itself from Windows Task Manager and every other scan a could run. I ran some Sysinternals apps such as RootkitRevealer and Autoruns, and showed nothing over and above anything I could account for. Suspecting it was a rootkit anyway, I found some good apps such as Process Guard, and F-Secure's Blacklight(stand-alone executable, pretty nice), and a CLI app called RkDetector. Once I had ran PG I could see what was happenning to my poor little PC. Explorer launches a program called ddrssapi.exe from System32, then would go onto to launch mchshisn.exe every 3 seconds or so. At one point Process Guard counted mchshisn.exe loading over 350 times before grinding to a crashing halt!
Googling ddrssapi.exe or mchshisn.exe yields no hits (or at least didn't, now it'll probably link to this thread), so I renamed the former (because I knew where it was). I was hoping that was the app that created the directory at startup so I rebooted to see if things calmed down.
Process Guard makes no mention of ddrssapi, but is still continuously launching mchshisn, and I notice that it says it's launching from Program Files/Weslorer... Takes about 4 minutes to bring the box down to it's knees, but that gave me enough time to realize that I could do nothing to find this mysterious directory (Weslorer).
I boot into Knoppix 4.0 and low and behold there is PF/Weslorer. Unfortunately for me, Knoppix didn't want to play nice with NTFS, so I couldn't delete the dir. Then I remembered that I had build the Windows Ultimate Boot Disk based on BartPE a few weeks ago. Booted into it and removed the Weslorer (which also shows no google hits) directory and ran a Spybot S&D scan for good measure. I rebooted into my XP install and all was well. No more popups (which caused the autopsy in the first place), no more stray process launching hundreds of times. Just a new systray icon for Process Guard. That things going onto every removable media I have.
I know I still don't really know how it got in and what process it was using to launch itself initially, and that bothers me; but I do not have any symtoms and will have to live with the thought that I got pwned.

Wrong! How can you say Sony and First4Internet are no way responsible???

Taken from the original article from Mark's blog over at Sysinternals And here is the URL again in case you want to read the whole thing again. http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html

I studied the driver's initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with "$sys$". To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.

If that does not compromise security what does?

And, if we're going by Security Now's definition of a "rootkit", Norton SystemWorks is a rootkit because its Undelete component hides files from the operating system that are really still there, SystemWorks just fools all applications into thinking they're not there.

Any program that uses the operating system hooks to find out what is going on risks being fooled. The only way around it is to do what RootkitRevealer does, ignore what the OS is saying and go byte-level reading the disk to see what you get, then if you like compare it with what the OS is reporting to see if there's any differences.

Anyways, nothing is the EULA says that I can't just go and delete it.

Except that, if you read through Mark Russinovich's blog, you'll see that it cripples your system when you do this.

When I logged in again I discovered that the CD drive was missing from Explorer. Deleting the drivers had disabled the CD [drive]. Now I was really mad... I know from my past work with device driver filter drivers that if you delete a filter driver's image, Windows fails to start the target driver.

He goes on to detail the steps that were necessary to bring his computer back to fully-functional condition. It's not for Joe Q. Public.

It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs

I assume that you were trying to somehow infer that I didn't read the EULA? Well, I did, but I'll post the important part of it here because it's fairly apparent that you did not, or at least didn't fully comprehend what it said:

As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.

See that part about "the SOFTWARE will reside on YOUR COMPUTER until removed or deleted"? That's what people agree to when they click "I agree" on the EULA screen.

As far as being able to uninstall it via "add/remove programs", I wasn't aware that this made software dismissable via legal grounds. I thought it just meant that you could proudly wear the "Made for Microsoft Windows" on your retail box.

Mark Russinovich's blog has a lot of detail about this particular package, including some info on how to get rid of it...

Here is my 2 Cents on what is so Dangerous that Sony should be sued for it!

When Sony Installed this Root kit according to mark's Sysinternals Blog - http://www.sysinternals.com/blog/

I quote:

I studied the driver's initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with "$sys$".

To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.

This means that ANYONE who has this ("Sony Root Kit") installed ("And not looking for Root Kits 24/7, The person that found it, Mark, did not even know it was there, and would have not found it had he not been testing the latest version of RootkitRevealer") CANNOT view ANY file, directory, Registry key or process whose name begins with "$sys$" in Windows Explorer or the registry, or process viewer and actually files and directories may not be seen from the command prompt as well, in some cases, I quote from Mark's Blog:

I therefore checked to see if I could examine the files within the hidden directory by opening a command prompt and changing into the hidden directory. Sure enough, I was able to enter and access MOST of the hidden files

From the Sony EULA, the ONLY reference to any software being installed http://www.sysinternals.com/blog/sony-eula.htm I quote:

As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise

Hmmm, well they just created a BACK-DOOR for anyone who has this root kit of theirs to get ("Personal Information").

Sony even made sure the Root Kit would Load in Safe Mode as well, I quote from Mark's Blog:

As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.

For all Practical purposes Sony has disabled ALL protection from Viri, Spyware, Trojans and Root Kits on the computers that installed their Root Kit IF that Malware uses a $sys$ cloak! for the vast majority of Microsoft Windows computer users.

So IF/WHEN someone creates OTHER Root kits, Viri, Trojans, Spyware that uses this $sys$ cloaking ("Installed Courtesy of Sony") and ANY damage is done to a system because of it, who is responsible for said damage?

Any comments?

Here is my 2 Cents on what is so Dangerous that Sony should be sued for it!

When Sony Installed this Root kit according to mark's Sysinternals Blog - http://www.sysinternals.com/blog/

I quote:

I studied the driver's initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with "$sys$".

To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.

This means that ANYONE who has this ("Sony Root Kit") installed ("And not looking for Root Kits 24/7, The person that found it, Mark, did not even know it was there, and would have not found it had he not been testing the latest version of RootkitRevealer") CANNOT view ANY file, directory, Registry key or process whose name begins with "$sys$" in Windows Explorer or the registry, or process viewer and actually files and directories may not be seen from the command prompt as well, in some cases, I quote from Mark's Blog:

I therefore checked to see if I could examine the files within the hidden directory by opening a command prompt and changing into the hidden directory. Sure enough, I was able to enter and access MOST of the hidden files

From the Sony EULA, the ONLY reference to any software being installed http://www.sysinternals.com/blog/sony-eula.htm I quote:

As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise

Hmmm, well they just created a BACK-DOOR for anyone who has this root kit of theirs to get ("Personal Information").

Sony even made sure the Root Kit would Load in Safe Mode as well, I quote from Mark's Blog:

As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.

For all Practical purposes Sony has disabled ALL protection from Viri, Spyware, Trojans and Root Kits on the computers that installed their Root Kit IF that Malware uses a $sys$ cloak! for the vast majority of Microsoft Windows computer users.

So IF/WHEN someone creates OTHER Root kits, Viri, Trojans, Spyware that uses this $sys$ cloaking ("Installed Courtesy of Sony") and ANY damage is done to a system because of it, who is responsible for said damage?

Any comments?

I just created a CMT acct and posted the following. We will see what happens.

Tapeworm

Van Zant CD installs spyware on your computer

If you put the Van Zant CD "Get Right with the Man" into your computer it will install harmful software that you cannot remove. It does not ask if you want to install this software, called a Rootkit, which allows Sony to do things to your computer. This is called spyware and it should be illegal... Here is more information http://www.theregister.co.uk/2005/11/01/sony_rootk it_drm/ and http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html The man that wrote the second article is a Windows genius and he was not able to fix his computer after this evil Sony software installed itself WITHOUT HIS PERMISSION. Please let the artists who are creating the music we want to buy that this is an unacceptable practice. I buy music. I don't want any software that breaks my computer on the same cd as music. Do you?

You can always use RootkitRevealer. I have not tried this myself, but it looks like a good tool. I was also poking around looking for rootkit information when I found this.

You may also want to check out this interesting story from Mark Russinovich, Sony Music CDs installing DRM rootkit.

You can always use RootkitRevealer. I have not tried this myself, but it looks like a good tool. I was also poking around looking for rootkit information when I found this.

You may also want to check out this interesting story from Mark Russinovich, Sony Music CDs installing DRM rootkit.

Taking into account this warden software 'only' computes a hash of the running program and the effects are narrowed to WoW players, I think the software Sony installs on windows computers while running one of their DRM protected CD's is more troublesome. More info can be found at http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html

The following was jusst sent to the EFF.

There's a lot of out there tin-foil hat stuff that get's thrown around due to things like the DMCA that is just not that important to Joe Consumer. This has real potential to fusk people up NOW for doing nothing more than being the docile consumer that society wants them to be.

I'm not an activist, but this is getting out of hand, and I want to do something about this.

I'm sure you've seen all the stories on this popping up everywhere. Here's a good example:

http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html

I find it hard to believe that with all the laws being passed that punish individuals for doing this exact same thing, that they can't also be applied to corporations like Sony.

This needs to be stopped, and punished severely, sooner than later so it gets stopped ASAP.

What can I do?

Writing Sony ain't gonna do anything. Ditto congress.

Mainstream media is ignoring this issue, yet it does, or will very soon if it keeps going, affect everyone that's a good little consumer.

I want this stamped out before I have to restore my Mom's PC after she tried to play her latest Keith Urban CD or whatever.

What can I do? Do you have a list of Law Firms I can contact to sue Sony for this? There are very real and potential damages that can be easily demonstrated. Very soon someone is going to write a virus/trojan that takes advantage of systems compromised by this "DRM". Why do we need to wait until someone's life is ruined by identity theft caused by these actions before we act?

So, what can I do?!

So, you want to create a Function entry point to return a table of ULTIMATE_PROCESS information.
What do you think happens when some miscreant (with root access) replaces that jumppoint in memory with one of his own UTLIMATE_PR0CESS function?
Remember, we are not talking about ROM systems here, all system commands are loaded into RAM.

Consider a much simpler situation:

You use the dir command to list the contents of a folder.

Somebody could replace that command on disk with a dodgy one that runs the original dir command, but filters its results and hides all files starting with "hax0r_".

The only real way to be able to check and identify if a system has been rooted is to examine from the outside.
Keep a boot cd handy.
Currently however, rootkits have bugs and limitations in their scope and do not cover every track, hence rootkit detection is semi feasible for now (in Windows at least).

The most sneaky bit of malware I have heard about recently is the semirootkit included inside some Sony protected CDs.
Have a read here for an investigation (this story may explode in the next few days - it looks really telling).

For reference, Mark posted the full EULA. Yep, it does have the exclusion but what is even more interesting is the line much earlier. "Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted." Which is interesting since they went out of their way to insure that you can't uninstall or delete it unless you are a fellow practioner in the Mark Russinovich school of black-belt system administration.

Ironicly, you just provided the right and easy answer... the guys from Sysinternals, the ones who did the Sony Drm analisys have a RootkitRevealer that may give a partial answer (it's the screenshot in the Sony article): http://www.sysinternals.com/Utilities/RootkitRevea ler.html

Still at http://www.sysinternals.com/blog/2005_10_01_archiv e.html

For the moment at least, Mark's Sysinternals Blog main page ( http://www.sysinternals.com/blog/ ) will get you there. The funny thing is that the permalink is http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html , which is exactly the same link quoted in the /. entry, and is (as you noted) broken.

For the moment at least, Mark's Sysinternals Blog main page ( http://www.sysinternals.com/blog/ ) will get you there. The funny thing is that the permalink is http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html , which is exactly the same link quoted in the /. entry, and is (as you noted) broken.

... the little guys are more likely to crumble. Why not target the source of this crap? I did. Though, admittedly I'm sure SONY keeps their wallets fat enough to ignore us. See below:

===

Mail-To: info@xcp-aurora.com, info@first4internet.co.uk

Subject: attn: Mathew, Tony, Peter, Nick; re: Extreme displeasure with your XCP product.

To Whom it may concern:

I would like to address the outstanding issue regarding the software your company licensed to SONY BMG here in the United States. This software proposes to be a harmless DRM solution for the corporate customer as a method of protection against malicious users. However, what your software critically FAILS at is conscientiously protecting the end user against exploits of your poorly, shit-house written utilities.
Personally, I'm glad that your nasty parlour tricks were recently exposed by SysInternals.com (http://www.sysinternals.com/blog/2005/10/sony-roo tkits-and-digital-rights.html) for the disreputable practices they are, and for identifying "First 4 Internet" (sounds like a shoddy store-front operation for a bunch of Black Hat rejects) as the company directly responsible for the most vile intrusion my system has ever received. And the fact that your ill-conceived product leaves my system open to additional intrusions of this nature is unforgivable.
May whatever sink-hole from whence you rose quickly swallow you back. You have no right to voilate my computer's integrity. You have no right to scan the contents of my computer. You may have the right to hide in the darkness of Windows' subsystem like cowards, but that does not mean you won't be seen. You have no right to abuse the trust garnered by SONY from the citizens it regularly calls customers (or, perhaps more appropriately, "guinea pigs"). I hope the light of truth sends you roaches scurrying.

With the wretched taste of bile at the back of my throat,

[my name]
[my email addy]

===

Personally, I purchased "The Dead 60s" latest album, and sure enough it had the exact same copy-protection crap as described on sysinternals.com. That article sure shed some light on the behavioral difference in my system since I got that CD (significantly slower start up and execution times on a 1.2 GHz, and constant 5 - 10% CPU usage with almost nothing running). Fuck them. Fuck them right in the ear.

It was stated before, and I'll reinforce it: This kind of DRM ADVOCATES piracy. You are safer without DRM. I intend to zap my Windows machine and go to Debian (as I've been considering, but now have good reason for security purposes), and return this CD by mail to SONY BMG in a thousand tiny pieces, but not before I copy it and distribute out of sheer spite.

Go here and download Rootkit Revealer. If that doesn't find anything, and you've tried everything you said, you got some smart malicious rootkit-usin' virus that knows how to trick Revealer, or your system is the proto for some new form of evilness.

http://www.sysinternals.com/Utilities/rootkitrevea ler.html

Since spyware WITH a proper EULA has been held to be in violation by the FTC, and since this EULA doesn't really mention the rootkit's difficulty of removal, this might be litigatable.

Of course, Mark Russinovich did (inadvertantly) dissasemble content protected by the EULA.

http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html

kthx

Windows 2k and above have both hardlinks (which are available via standard tools) as well as symlinks, restricted to directories only and not available via the OS' tools.

Check Juctions for the creation and handling of symlinks.

Symlinks do exist in W2k and above - only as directory symlinks though and not as file ones, but aren't available through standard tools.

They're called Junctions, and Mark Russinovich from Sysinternals created a small util to handle them.

"Microsoft 'innovating' once again" - by el_womble (779715) on Monday October 31, @06:41AM

And, more "F.U.D." attempts by the 'pro-Unix/Linux/BSD' brothers @ "/.", as-per-usual... or, the usual "partially informed/incomplete data spouting rumor mill" is @ work here again, as-per-usual.

Take a read, so you are better informed:

http://www.sysinternals.com/Utilities/Junction.htm l

-----

Win2K's version of NTFS supports directory symbolic links, where a directory serves as a symbolic link to another directory on the computer.

For example, if the directory D:\SYMLINK specified C:\WINNT\SYSTEM32 as its target, then an application accessing D:\SYMLINK\DRIVERS would in reality be accessing C:\WINNT\SYSTEM32\DRIVERS.

Directory symbolic links are known as NTFS junctions in Win2K.

Unfortunately, Win2K comes with no tools for creating junctions - you have to purchase the Win2K Resource Kit, which comes the linkd program for creating junctions.

I therefore decided to write my own junction-creating tool: Junction.

Junction not only allows you to create NTFS junctions, it allows you to see if files or directories are actually reparse points.

Reparse points are the mechanism on which NTFS junctions are based, and they are used by Win2K's Remote Storage Service (RSS), as well as volume mount points.

If you want to view reparse information, the usage for Junction is the following:

Usage: junction [-s]
-s
Recurse subdirectories.

If you want to create or delete a junction, use Junction like this:

Usage: junction [-d] []

To delete a junction specify the -d switch and the junction name.

-----

(NT's been there, & done that, ages ago already for DIRECTORY SYMBOLIC LINKS @ least... + the resource kit tools mentioned above, OR the tools offered by Dr. Russinovich & Bryce Cogswell @ SysInternals do the job in this matter as well as alternate methods of using what's already been in NTFS for ages now)

APK

P.S.=> "and giving the people what the want (10 years after everyone else). Go Redmond!" - by el_womble (779715) on Monday October 31, @06:41AM

They surely have, now, haven't they & for the last 12 years or more @ desktop/laptop levels up to Server OS + backoffice/industrial strength tools to match their Office Suite offerings + development tools?

So, with that statement of yours, I must agree:

Plus, 95%++ of the world's computers running Windows NT-based Operating Systems by now (e.g.-> NT/2000/XP/Server 2003), which run tons more hardwares than UNIX of any type does, + with more peripheral surrounding softwares for any imaginable purpose (thus, Win32 Os are far more ubiquitous + flexible) can't be TOO far wrong to second your statement now, can they? apk

which let you implement symlink behavior has been around since Windows 2000.

In order to create them you can use junction.exe:

http://www.sysinternals.com/Utilities/Junction.htm l

They are just not accesible from the shell. You need 3rd party utils to use them.. http://www.sysinternals.com/Utilities/Junction.htm l

See here :

http://www.sysinternals.com/Utilities/Junction.htm l

Any feature new in Vista but the look and feel ? ;-)

What about booting the OS with less than about 20 services started and 256MB of memory used ? :(

All that is required for Administrators to gain Localsystem (what you referred to as SYSTEM) privileges is to start a particular executable as a service. At that point, the executable has *complete* access to the machine, as root would on Linux.

It is trivial, for example, to start even a command shell with such privileges. I'd provide a link, but I have to leave shortly :) Check http://www.sysinternals.com/ for examples, I'm sure they have one.

Or... just tell people not to download crap from 'teh interweb'.