Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blizzard's Warden Thwarted by Sony's DRM Rootkit

Posted by CmdrTaco on from the why-openness-matters dept.

shotfeel writes "First, news of Warden -a bit of code from Blizzard's WoW to trounce game cheats. Then, a Sony rootkit to make your computer safe for music. Now, news that you can use the Sony rootkit to make your game cheats safe from the Warden."

18 of 418 comments (clear)

  1. Just goes to show.. by Heem · · Score: 5, Insightful

    Just goes to show that there is indeed a good use for everything.

    --
    Don't Tread on Me
    1. Re:Just goes to show.. by Jonny_eh · · Score: 4, Insightful

      How is people cheating in an online game a good thing?

    2. Re:Just goes to show.. by B'Trey · · Score: 5, Insightful

      Good or bad depends on your point of view, of course. Wouldn't it be trivial to modify existing worms or viruses to take advantage of the exact same concept, hiding themselves from virus scanners?

      --

      "The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.

    3. Re:Just goes to show.. by Anonymous Coward · · Score: 5, Insightful

      A better question is, why don't Antivirus Software remove the Sony Virus(TM) in the first place?

    4. Re:Just goes to show.. by Tim+C · · Score: 5, Insightful

      No. The Sony rootkit isn't deployed in order to thwart The Warden, just like the knives in my kitchen weren't created and sold to kill humans with.

      If I create something to beat The Warden, that uses Sony's rootkit to hide, then *I* am the one liable, not Sony, just like Kitchen Devil aren't liable for any psychotic killing sprees I may go on with their products.

      Unfortunately.

      --
      It's official. Most of you are morons.
    5. Re:Just goes to show.. by netcrusher88 · · Score: 3, Insightful
      I doubt that's a large enough population [Sony DRM installed] for the technique to be considered useful, though.
      Are you sure? Remember, anyone who wants to listen to one of Sony's recent CDs on their computer (unless they have used workarounds) has this rootkit. Be careful in assuming how many people know these workarounds - there are a lot of end users out there, and would you like to be slashdotted by a bunch of zombie end-users because they have a worm that virus scanners can't detect?
      --
      There's an old saying that says pretty much whatever you want it to.
    6. Re:Just goes to show.. by spdt · · Score: 4, Insightful

      anybody who has installed the Sony DRM app (in particular, WoW cheaters)

      Of course, the 31337 WoW cheaters write their own DRM software... Um, I mean, "rootkits"

      It's funny how quickly words can become synonyms of another.

    7. Re:Just goes to show.. by Buran · · Score: 3, Insightful

      Uninstalling undesired software isn't illegal. Software that snoops on what you run isn't a "protection device". It's merely unethical software that interferes with the operation of your computer in a way that removes the user from control. I'll sure as hell remove anything that does THAT with extreme prejudice. Sue me for it? Well, I rejected the terms of the license and removed the software, so what are you going to sue me for? Breach of contract? I terminated any obligations to you when I stopped using your app.

      --
      i am a soviet space shuttle
    8. Re:Just goes to show.. by lgw · · Score: 3, Insightful

      Liability and copyright are unrelated. McDonalds sold coffe with complete indifference to causing 3rd degree burns, and they paid for lack of concern for safety. Eventually a virus will piggyback on Sony's rootkit, and Sony will be smacked around for lack of concern for the side effects of their actions. And it still won't have anything to do with copyright.

      --
      Socialism: a lie told by totalitarians and believed by fools.
  2. Let's bash Sony by LordSnooty · · Score: 5, Insightful

    OK, so I understand that Sony did a bad thing with the rootkit. But I don't immediately understand the link to Blizzard. Surely there are other "rootkits" around (think Hacker Defender) which can hide files? Why has this suddenly become a problem with the release of the Sony rootkit? Is it a case of "yes, this is definitely bad... now quick, find some way of demonstrating how bad it is!"

    Do other cheat protection systems use similar methods to look for files? If so, why are they not affected? Why am I only hearing about Warcraft?

    1. Re:Let's bash Sony by bleckywelcky · · Score: 5, Insightful

      This is newsworthy because someone can legitimately use the Sony CD and have the rootkit installed, and then play WoW. So blizzard can't just look for signs of the rootkit and ban that account - people will be pissed for a non-legit ban. At the same time, people can do the same thing AND initiate a cheat on WoW and claim to be pissed for the same "non-legit" ban.

    2. Re:Let's bash Sony by HavokDevNull · · Score: 4, Insightful

      Wrong! How can you say Sony and First4Internet are no way responsible???

      Taken from the original article from Mark's blog over at Sysinternals And here is the URL again in case you want to read the whole thing again. http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html

      I studied the driver's initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with "$sys$". To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.

      If that does not compromise security what does?

      --
      Sig
  3. Re:YRO? by Experiment+626 · · Score: 5, Insightful

    Are we suddenly interested in the rights of game cheaters? Whose rights are being impacted here?

    The "rights" issue is with peoples' right to listen to music they've bought without the CD compromising their system and infecting it with rootkits. This article is signifigant more as a new development in that story, than as a "a victory for the rights of online cheaters everywhere!" thing.

    To underscore the point, consider that yesterday on GlobeAndMail.com, we have:

    The company dismissed the prospect of hackers exploiting its rootkits for their own purposes as an "academic" concern.

    I guess it isn't so academic anymore.

  4. Only slightly OT by Nom+du+Keyboard · · Score: 5, Insightful
    It should be only slightly OT to ask:

    1: Why are people celebrating victory because Sony announced they will remove the cloak, they're still leaving all the rest of the crap on your system - including the memory and cpu wasting scan that runs continually, even when you're not playing their DRM infested CD's.

    2: Now that the cloak is removed, what was that registry key that keeps track of how many CD's you've burned under their DRM system?

    3: Don't you think you're celebrating a bit early since Warden 2.0 should be able to use the same tricks as RootKitRevealer to diagnose your system? And how long will this take to appear?

    4: If you detecting and removing this software from your computer violates the DMCA, then the DMCA is so cleary wrong that it should be repealed this afternoon.

    5: Profit! Or in other words, who is profiting from this now? I don't see Sony going broke yet.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  5. Re:I pray for the day by interiot · · Score: 4, Insightful
    Well, once Microsoft's NGSCB ccomes along, games like Warcraft will have two choices:
    1. live outside the trusted comping base, and be vulnerable to anybody who manages to crack the NGSCB and run their code in a place that can't be examined by Warcraft, or:
    2. convince Microsoft to let WoW cheat-detectors run inside the NGSCB so they can detect everything
    First4Internet vs. Warden seems like it's the only possible crazy example of this, but if NGSCB is vulnerable to either crackers or corporate influence, this will only be the beginning.
  6. This is silly by Locke2005 · · Score: 5, Insightful

    Much as I detest the Sony DRM, this is not a valid criticism of it. Anybody wanting to implement cheats will just use the same method as the Sony DRM directly to hide the cheats, not rely on the Sony DRM having been installed first! This is a flaw in Warden that is independent of the fact that the Sony DRM is a bad thing. It also points out the flaw in the anti-cheat arms race -- since you don't own your customer's machines, any anti-cheating technology you deploy can be quickly circumvented by determined individuals.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  7. Re:Came up fine for me. by HTH+NE1 · · Score: 4, Insightful

    detecting it would be a bit troublesome...

    Not really. The presence of the rootkit has a measureable effect. They just have to have Warden create a file with a name starting with $sys$ and then test to see if it is still there. If it has disappeared, it has detected the presence of the rootkit.

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  8. This is the Future of Trusted Computing by darkonc · · Score: 4, Insightful
    Trusted computing means that other companies (e.g. Sony) can trust your computer to do what they want it to do -- whether you're happy with that idea or not.

    Sony just jumped the gun. They weren't willing to wait until Microsoft put a formal system for this kind of bullshit to take place. The only difference between this and 'trusted' computing is that there's no formalized mechanism in place .... yet.

    --
    Sometimes boldness is in fashion. Sometimes only the brave will be bold.