Slashdot Mirror

← Back to Stories (view on slashdot.org)

Real Story of the Rogue Rootkit

Posted by Zonk on from the when-good-rootkits-go-bad-on-fox dept.

BokLM writes "Wired has an interesting article from Bruce Schneier about what's happening with the Sony Rootkit, and criticizing the anti-virus companies for not protecting its users. From the article: 'Much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.'"

10 of 427 comments (clear)

  1. Bah... by Poromenos1 · · Score: 4, Interesting

    It's a shame what big companies can get away with. I mean, no matter how you look at this, a rootkit is a rootkit, there was nothing subjective about this. Yet, the fact that it was by Sony made people keep their mouths shut. It's a shame.

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
  2. NGSCB? by interiot · · Score: 5, Interesting

    What happens when Sony's rootkit hides under the protection of Windows Vista's NGSCB? Will antivirus vendors be able to remove bad code that ends up in the NGSCB? Given that Window's kernel in insecure enough to allow itself to be rootkitted, what is the chance that NGSCB itself will be subverted? Doesn't the fact that NGSCB is designed to hide code from normal users and knowledgable debuggers alike mean that it's somewhat similar to what the Sony rootkit tries to do?

  3. Fear? by dada21 · · Score: 5, Interesting

    When news of the criminal root kit hit full blast, I figured it would immediately get nuked by the AV companies. As things progressed and no one but MSFT came to the rescue, it made wonder if there was fear or maybe even collusion.

    Yet the bigger story here in the fact that a blogger was the breaking source.

    My media is 75% blogs now. Many use links to back their opinions (I'd love to see a standard bibliogtaphical Wiki for referencing). They're faster than the daily news and less likely to be afraid of corporate threats.

    BTW, anyone know a way for me to toggle link text format fron standard (blue w/ underline) to normal (black no underline) and back, quickly?

  4. DMCA risks. by Anonymous Coward · · Score: 5, Interesting

    If the Antivirus companies start destroying Sony copy-protection technologies, they're almost certain to get in trouble. Surely they don't want to violate the DMCA.

  5. DRM is useless by gasmonso · · Score: 5, Interesting

    Companies are so worried about piracy that they go to these extremes. What they need to look at is why are people pirating. Many people pirate because the thought of spending $17 for a cd is rediculous considering that only a few songs are worth a damn. Secondly, DRM makes it worse because people can't rip the audio for their mp3 player. This drives people to piracy and the DRM makes it worse and drives the consumer away. Just lower the damn prices and let me burn it, rip, or do anything else I want with it because it's mine!

    gasmonso http://religiousfreaks.com/
  6. double standards, no standards? by z0I!) · · Score: 5, Interesting

    The double standard of the security companies is troubling... If I released this application (sony's rootkit) it would be considered malware immediately. The fact that they only remove a portion of it is also strange. That is like removing the part of a spam generating worm that sends emails to others but leaving the rest of it to waste CPU time scavanging my address book. Also... What I wonder is, is what consequences will come from the alleged GPL violations? Is anyone suing Sony or first4Internet for copyright infringment? If not, does this send a signal to big corps that it's ok to steal code that is GPL'd because the parties that wrote it probably don't have the time/money to do anything about it anyway?

  7. Re:Thats because this virus was nasty as hell. by Daedala · · Score: 4, Interesting

    Well, then, why didn't they say, "We can't do anything yet because this is nasty. We are working on a fix."

    Instead, they're saying the DRM software that hijacks your device driver is legitimate, and the rootkit was really only kinda bad because it hid legitimate software....

    --
    What I say does not represent the views of my employers, my friends, my cats, or myself.
  8. DOD Twist by TuballoyThunder · · Score: 4, Interesting

    The DOD pays big dollars to get a corporate license for both McAfee and Norton, which includes permission for users to use on their home computers. Considering the numer of DOD computers that got infected by the Sony DRM application, I think the people who oversee those contracts would be negligent if they did not "seek consideration" for the failure to perform.

  9. Actually by einhverfr · · Score: 5, Interesting

    Read http://www.groklaw.net/article.php?story=200511131 64717817

    The creator of the rootkit (First 4 Internet) apparently worked with Symantec and other major antivirus companies to make sure that it would neither be detected nor removed by their software according to CNET.

    This is a very damning accusation.

    --

    LedgerSMB: Open source Accounting/ERP
  10. Re:Clearly by ZachPruckowski · · Score: 4, Interesting

    It's a gray area because Sony claims it is DRM, which is illegal to remove. If this went the other way, and an AV company started removing it before it got out to the public fully, then the AV company is removing DRM, and Sony sues, and noone backs them (except EFF and a few nerds). The AV companies were powerless until they had the mob behind them.