Slashdot Mirror

← Back to Stories (view on slashdot.org)

Real Story of the Rogue Rootkit

Posted by Zonk on from the when-good-rootkits-go-bad-on-fox dept.

BokLM writes "Wired has an interesting article from Bruce Schneier about what's happening with the Sony Rootkit, and criticizing the anti-virus companies for not protecting its users. From the article: 'Much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.'"

9 of 427 comments (clear)

  1. Clearly by Trails · · Score: 5, Insightful

    The AV companies are just gunshy of Sony's squad of legal attack ninjas. Not surprising given that this is grey area. I think the author makes a decent point (that the AV companies moved slowly), but the real failing here is the draconian legislation that made this a grey area in the first place. Hopefully these wee little gaps in consumer protection get plugged as a result of this.

  2. Thats because this virus was nasty as hell. by Viewsonic · · Score: 5, Insightful

    It was very hard, even for Microsoft to figure out how to remove the damn thing without disabling the CD/DVD drive entirely. The first anti-virus patches that thought they fixed this was actually disabling peoples drives without knowing it. Microsoft had to work with Sony to figure out what the hell they had actually done. It really sucks.

  3. Uh, antivirus companies are out to make money. by Spazntwich · · Score: 5, Insightful

    They don't exist to make gigantic corporate enemies.

    Like it or not, detecting and removing Sony's malware puts them at series risk for DMCA lawsuits and the like and is thus a bad business decision. Anyone who thinks they're in it to actually better their customers and not their bottom line is living in fantasy land.

  4. Built-in DRM by dereference · · Score: 5, Insightful
    That's a great point, although I suspect the reality will be even more bleak.

    Sony won't need to install a rootkit, because the Microsoft DRM will be designed specifically to help enforce things like Sony's EULA. Why should Sony bother with a rootkkit when the OS itself will impose the limits by design?

  5. Re:Why not call law enforcement? by 99BottlesOfBeerInMyF · · Score: 5, Insightful

    Because calling law enforcement would lead to a court case: YOU vs SONY. Guess who wins every time?

    What are you talking about? Making a report to law enforcement is not going to get you into a civil suit. It will be the state vs. Sony in a criminal case should they pursue it. The trouble is getting them to do so. Try calling the FBI sometime. If it isn't easily demonstrable as several grand worth of damage they will just ignore you.

  6. Never in my wildest dreams by SlashAmpersand · · Score: 5, Insightful

    The biggest surprise for me was that Microsoft, who usually pisses me off, actually was the only company to step up to the plate in a meaningful way. I expected far, far better from the antivirus/spyware vendors. If you're going to tell me that you're going to protect my system, make me pay a subscription to keep my definitions current, and, on top of that, consume some of my system resources to do it, you'd damn well better step up to the plate when it comes to something as blatantly dangerous to my security as a rootkit.

  7. Re:Bah... by LiquidCoooled · · Score: 5, Insightful

    What is a (better informed) user wants to play the CD despite the rootkit?

    Rule #1: Disable Autorun.

    If microsoft had disabled this action by default, it would have prevented this being a widespread problem in the firstplace.

    AUdio CDs should be nothing more than data. A media player is installed on every single computer that can play audio CDs.

    Sony should not have messed with that, and if MS had defaulted it then 1st$ wouldn't have exploited it.

    --
    liqbase :: faster than paper
  8. Re:Bah... by nigelo · · Score: 5, Insightful

    TFA points out that this has been out there for over a year, not just "a few days".

    Just because the symptoms are barely noticeable does not make it acceptable.

    Just because it comes from a CD does not make it acceptable, either.

    If the "(cluelss) user" inserts the CD again, the AV software should do what it should have done the first time - issue a large warning and block the activity. If this had happened a year ago, there wouldn't be several hundred thousand machines with it installed today.

    --
    *Still* negative function...
  9. Re:Bah... by SilverspurG · · Score: 5, Insightful

    You did notice from '95 to '98 nearly every CD enabled application would annoy you with the "it is recommended to enable Autorun by going to the Control Panel... etc. etc. etc" Oh wait? You didn't notice that? Probably because you didn't think to disable autorun 'til now so that you could take part in the brow-beating.

    You did notice that, from '98-'02, nearly every CD burning application on Windows began to annoy you with the "It is required for this application to function properly that you enable the Autorun feature of the CD drive by going to the Control Panel... etc. etc. etc." Oh? What's that? You didn't notice these error boxes? Probably because you didn't think to disable autorun until now so that you could take part in the brow-beating.

    I, on the other hand (am an arrogant prick), and I did spend all of those years turning off Autorun until it just became impossible to use any CDROM enabled Windows software without it.

    By the way, I like most of your posts. I've just been waiting for the last two weeks to slam someone on the "just disable autorun" issue and you happened to be the poster of the day. :)

    --
    fast as fast can be. you'll never catch me.