Slashdot Mirror
Real Story of the Rogue Rootkit
BokLM writes "Wired has an interesting article from Bruce Schneier about what's happening with the Sony Rootkit, and criticizing the anti-virus companies for not protecting its users. From the article: 'Much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.'"
... the malware was not made by the anti virus companies so how could we expect them to make the antidote?
Now don your tin foil hats!
Wired's webserver was borked before this even hit the front page. A functional mirror for everyone's perusal.
It's a shame what big companies can get away with. I mean, no matter how you look at this, a rootkit is a rootkit, there was nothing subjective about this. Yet, the fact that it was by Sony made people keep their mouths shut. It's a shame.
Send email from the afterlife! Write your e-will at Dead Man's Switch.
What the heck is this?
The AV companies are just gunshy of Sony's squad of legal attack ninjas. Not surprising given that this is grey area. I think the author makes a decent point (that the AV companies moved slowly), but the real failing here is the draconian legislation that made this a grey area in the first place. Hopefully these wee little gaps in consumer protection get plugged as a result of this.
I have to ask... If you were infected by this thing, then why not call law enforcement? You know it is malware of the worst kind and you know exactly who did it to you. Why not call the FBI or your Attorney General and file a criminal report? Couldn't you list Sony or the record store/online store you got it from as the source? I don't know. Seems like a good form of civil disobedience at the very least.
Isn't that what we're supposed to do?
Of course, all Slashdotters were not infected because we all boycott music companies anyway. Right?? Or did I miss a memo?
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
AV companies can't afford to take the threat of a libel lawsuit lightly. They have to step carefully whenever someone with backing installs malicious software on your box. Why do you think it took them so long to get into the spyware removal business? Lawsuits.
vi is my shepard, I shall not font.
No shit no one touched it..
They are Scared Shitless...
Until Now.
What happens when Sony's rootkit hides under the protection of Windows Vista's NGSCB? Will antivirus vendors be able to remove bad code that ends up in the NGSCB? Given that Window's kernel in insecure enough to allow itself to be rootkitted, what is the chance that NGSCB itself will be subverted? Doesn't the fact that NGSCB is designed to hide code from normal users and knowledgable debuggers alike mean that it's somewhat similar to what the Sony rootkit tries to do?
& wich flavours of UNIX/Linux is it for ? ...and what are the symptoms ?
i'm still shocked that a "legitimate" company that's widely purchased from, and is a household name, would distribute software that anti-virus companies would consider to be malware. i'm still shocked that sony let this kind of thing slide, it's so obvious that they didn't even check to see what they were doing before they did it.
Sony offended precisely the wrong people, the nerds that would eventually detect this thing. Once they did, they were appalled. Nerds were good Sony customers, once... Nerds buy hardware for non-nerds, sometimes.
Dark Reflection
Guess who wins every time?
Not to mention that if warez/pirated music, etc were found on your computer by the law enforcement you called in, you'd be in deep shit.
Obligatory Soundbite Catchphrase
When news of the criminal root kit hit full blast, I figured it would immediately get nuked by the AV companies. As things progressed and no one but MSFT came to the rescue, it made wonder if there was fear or maybe even collusion.
Yet the bigger story here in the fact that a blogger was the breaking source.
My media is 75% blogs now. Many use links to back their opinions (I'd love to see a standard bibliogtaphical Wiki for referencing). They're faster than the daily news and less likely to be afraid of corporate threats.
BTW, anyone know a way for me to toggle link text format fron standard (blue w/ underline) to normal (black no underline) and back, quickly?
Yeah that has been my reaction. When I heard about it the first thing I began doing was searching for detection and removal software. I found nothing. I could not believe that Mcafee was not publishing a fix.
Insert Generic Sig Here:
It was very hard, even for Microsoft to figure out how to remove the damn thing without disabling the CD/DVD drive entirely. The first anti-virus patches that thought they fixed this was actually disabling peoples drives without knowing it. Microsoft had to work with Sony to figure out what the hell they had actually done. It really sucks.
They don't exist to make gigantic corporate enemies.
Like it or not, detecting and removing Sony's malware puts them at series risk for DMCA lawsuits and the like and is thus a bad business decision. Anyone who thinks they're in it to actually better their customers and not their bottom line is living in fantasy land.
She seems to have the knack for getting the first post, though!
Dark Reflection
Microsoft is treating the program as malware and are working on way to let users safely get rid of the rootkit. The only problem is the ETA for this is sometime in January.
As for the lawsuits, it seems like it is the only way Sony is actually going to have to go to court for all the evil crap they did with this.
What is wrong with the world?
Man, all this just in time for Christmas. When I'm shopping this Holiday Season, I think I'll just run up to store clerks and ask them if they carry Sony products and if they say yes, ask "For the love of God, WHY???" and then run away laughing.
If the Antivirus companies start destroying Sony copy-protection technologies, they're almost certain to get in trouble. Surely they don't want to violate the DMCA.
Sony won't need to install a rootkit, because the Microsoft DRM will be designed specifically to help enforce things like Sony's EULA. Why should Sony bother with a rootkkit when the OS itself will impose the limits by design?
Imagine this: a brick comes sailing through your window, smashing glass everywhere. You pick it up and wrapped around the brick is a flyer for a glass replacement company.
This is how I've viewed the major AV companies for quite some time. Sure, there are non-affiliated virus threats out there, but they perpetuate their own business as well.
I didn't think that my opinion of McAffee and Norton could sink any lower... but I was wrong.
-Those who dance are considered insane by those who can't hear the music.
Companies are so worried about piracy that they go to these extremes. What they need to look at is why are people pirating. Many people pirate because the thought of spending $17 for a cd is rediculous considering that only a few songs are worth a damn. Secondly, DRM makes it worse because people can't rip the audio for their mp3 player. This drives people to piracy and the DRM makes it worse and drives the consumer away. Just lower the damn prices and let me burn it, rip, or do anything else I want with it because it's mine!
gasmonso http://religiousfreaks.com/calling law enforcement would lead to a court case: YOU vs SONY.
Not necessarily. It might lead to PEOPLE v. SONY, if you can help the police prove that a crime was committed.
It's their "rootkit," our "DRM enforcement agent." The same sort of nonsense about their "terrorist," our "freedom fighter." that were promoted by the whitehouse in 80's.
ELOI, ELOI, LAMA SABACHTHANI!?
I'm in the UK. Do the US-centric have anything to report on this?
No, actually, it's a troll who's re-posting blog entries (he/she) did not write in an effort to get people to troll the blog site they came from.
I don't care what the rest of you hip 1334 types think, this post (though slightly incoherant) trys to bring a real point to the table, and actually offers (albeit painfully) what I consider to be the most valid reason this didn't get taken care of earlier. You are NOT to question the corporate masters when they tell you how to use the software you bought, you are NOT to question when they force you to use your own property (your computer's clockticks) to make sure you don't cross the line they have placed for you. Why do we take this? Read the post again, and try THINKING (I know, I know, it's dangerous) about what this person said. It's spot on as far as I'm concerned. Sony is one of the masters (one of the High Masters of Entertainment), and if master says shoot myself in the foot for his amusement, then master gets what master wants. We've been willingly bent over so long that we didn't even notice that they stopped giving us the courtesy of a reach-around.
3-Pages of Wired goodness
Reminds me of the good old days when computer viruses were spread around on 3 1/2 floppy disks. Nothing like a boot sector virus to spoil your day.
Links From The Article
Apparently there is a criminal investigation going on...
In Italy
Class action lawsuit
Apparently step 3 is that you have to "reside in either California or New York." Sadly, step 4 is not Profit!
[Fuck Beta]
o0t!
While it is a good article, it leaves out what was just recently posted on Slashdot - the use of open source software to create it. That's another important part of the legal quandry. Also the article really seems to minimize the fact that it also effects Macs. While it is true that the user must provide a password (on the Mac), Sony insisted it did not effect Mac and Linux computers.
The double standard of the security companies is troubling... If I released this application (sony's rootkit) it would be considered malware immediately. The fact that they only remove a portion of it is also strange. That is like removing the part of a spam generating worm that sends emails to others but leaving the rest of it to waste CPU time scavanging my address book. Also... What I wonder is, is what consequences will come from the alleged GPL violations? Is anyone suing Sony or first4Internet for copyright infringment? If not, does this send a signal to big corps that it's ok to steal code that is GPL'd because the parties that wrote it probably don't have the time/money to do anything about it anyway?
That can be a great anti-Vista publicity.
"With Vista you don't have to worry about shit like the Sony rootkit, because he is already in!"
At least, not purchasing their electronic products is very simple. There are lots of competing companies. As to CDs --- well, get one and rip it, on Linux, of course :-).
the antivirus companies are afraid to get sued for providing software to remove DRM software
It does not work and cannot work when it warns the user, as the Rootkit DRM program has to ask for an administrator password before you install.
On a Macintosh running OS X.
Gods don't kill people, people with gods kill people.
Sony Feels Badly :P
In Soviet Russia you can always find a way to cloak illegal activities. In corporate America, the way to cloak illegal activities finds you!
The weak non-response by AV companies isn't the REAL story, either...
The REAL story is why aren't elected officials falling all over themselves to make what SONY did a criminal offense?
Your computer is infected with the Sony DRM Rootkit.
It compromises the security of your machine, leaving
it open to various attacks.
Due to legal restrictions imposed by the DMCA, the
infection can not be removed. It is recommended to
disconnect the computer from the internet and
reinstall the operating system.
The biggest surprise for me was that Microsoft, who usually pisses me off, actually was the only company to step up to the plate in a meaningful way. I expected far, far better from the antivirus/spyware vendors. If you're going to tell me that you're going to protect my system, make me pay a subscription to keep my definitions current, and, on top of that, consume some of my system resources to do it, you'd damn well better step up to the plate when it comes to something as blatantly dangerous to my security as a rootkit.
Is it me, or is Sony the first vendor to make (or spread) a Mac OS X Root Kit?
when the spyware/malware people start bundling rootkits as part of the infection? I'm not really worried much about the responce of the anti-virus people as much as I'm worried about the responce I'll get from Microsoft when I ask: How can I keep code from installing this type of code into windows.
I'm afraid the answer I'm going to get is: We don't know.
It is my meager understanding the AV companies detect _viruses_. That they've forayed into spyware detection is perhaps a natural/logical path, albeit, that has still not become their primary avenue of business.
/.ers you know what you use on your friends'/family's boxes to get rid of such helpful toolbars ;) as ones that mom installed so she'd know when it's raining outside.
/. crowd has the capability to shine. The onslaught of Windows rootkits may unveil a shadowy niche in computer security to the general population, however, isn't it the rootkit and it's purveyors we should be disgusted with? Author of TFA seems to think otherwise.
/. comment sections. Save the other bandwidth for pertinent _investigative_ journalism.
Some of the most popular spyware-detection tools aren't from the big AV players --
That said, there are explicit differences between terms in TFA that should be noted. Though I am no expert in the field, it's generally agreed upon that virus != spyware. (How many of you cringe when you hear "hacker" used pejoratively? Are they really a cracker/script kiddie/etc...) Let's get our diction correct.
Ok, so what are rootkits? This is where the
Do we blame the ambulance responding to the scene of a fire for our house burning down? Nay, the fire department? Suppose the fire department responded lethargicly. Then, might we play the blame game. What if the fire department arrives to confront an unknown, previously unfaced force destroying your building?
The tongue-lashing poured out by Author should best be kept to his blog, which he has proudly boasted to you, the reader, about already. Let him keep his opinions and bashing there and in
I suspect that the security companies don't fear lawsuits from spammers. On the other hand, one can easily imagine a company like Sony threatening lawsuits for having their DRM labelled a "virus" even if it damn-well is.
The cake is a pie
I won't be surprised when in a few days there will be an announcement how Sony's rootkit causes world hunger, rapes dogs, and hides one sock out of every pair every once and awhile.
Damn you Sony !... Oooh, shiny PS3 !
BTW, anyone know a way for me to toggle link text format fron standard (blue w/ underline) to normal (black no underline) and back, quickly?
Yes, use Opera. You can set a "user" CSS for yourself and switch back and forth from "author" mode to "user" mode with a button or keypress (shift-g).
Hope that helps.
It's interesting how some of the vendors are listing information about the rootkit, but see uninterested in adding a signature, claiming that it's not really a virus (which is true) because it doesn't self-replicate. That's fine, I guess, because if they started detecting rootkits, they'd have a lot more work to do, but I think it's kind of shortsighted of them to think that people won't get angry that they paid for a $40/year subscription for a product that doesn't detect when their system gets totally rooted.
(I'm always tempted to spell it r00tk1t, but I'm trying to act more mature these days...)
Free music from Jack Merlot.
In this case, the producer of the malware is question is Sony. Most people with less money than Sony (read MS, Warren Buffett) aren't going to a) claim their software (obviously) is malware or b) find some way to make it safe. They probably considered that "Sony's Job" to get all the bugs out.
:p
The first clue that this wasn't going to happen was of course the fact that said rootkit contains GPL code, which has been widely publicized here and other places. In theory, Sony must now release the source to this, or write their own damn dvd code (as i take it). This probably will not happen
My main concern with this is that IF Sony decides that the best thing to do here is to release the code is that we are going to have a RUSH of really nasty worms out there. I think I'm just going to leave my home computer off and play Doom on my work box. Seems safe. Then again, I'm a paranoid bastard, and probably shouldn't own a computer. I like etch-a-sketches.
.cig - what you do after winning a good flame war
With Vista you don't have to worry about shit like the Sony rootkit, because he is already in!
Yet another example of over-agressive bundling.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Call your local agent today and see what they can do for you!
http://www.fbi.gov/contact/fo/fo.htm
-Valiss
CNet published a story about this.
Their original story also mentioned that first4internet worked "closely" with Symantec and others.
Interesting how this has been removed from the current version of the article, without any notes re: changes.
one word:
Bhopal
.
music lover since 1969
After seeing this story all week, I still can't get past the most basic question in my head: Why the hell is Windows executing software from an audio CD?
A Government Is a Body of People, Usually Notably Ungoverned
At least in Symantec's case, Sony is a multi-million dollar customer. They were protecting their customers. Do you really think that the kit harmed 200,000+ $50 a pop Norton customers?
I can understand that from a legal perspective that they may not be able to remove it but what they can do is:
/\/\ -
1) Stop these types of software from being installed in the first place, and warning you that an attempt was made.
2) In the case that it finds these types of software on you computer, it should alert you about its existence and the danger therein.
This is the LEAST they can do.
-
Schneier has said several times that "half a million computers were infected". However, I saw that famous graph that said half a million networks were infected. Who is right?
Is to detect and stop threats, regardless of the source. Something like the Cisco Security Agent would have noticed this, I'd expect nothing less from an up to date virus scanner. When our contract here runs out and we are taking bids on our next provider, one thing I will consider is the handling of the Sony situation. I need to know I have an AV vendor that will address threats to my systems regardless of the source. People bring in music CDs all the time, and many have admin access on their computers for one reason or another. So I need to know that their virus scanner will work to the best of it's ability to keep the system free of threats. Dismissing a threat because a company wrote the rootkit instead of a random kid is not valid in my opinion. A rootkit is a rootkit and it should not be allowed on to the system.
What did he do, steal your girlfriend or something?
Bruce didn't claim that he found it, he had something to say about it, and he did a fine job of writing about it for the non-technical audience that reads Wired.
I swear to god that guy [Bruce] hasn't contributed anything meaningful to the public since 1998 and yet he's still fucking there.
Even if you were right about that, so what? What have you done that tops Applied Cryptography?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
The DOD pays big dollars to get a corporate license for both McAfee and Norton, which includes permission for users to use on their home computers. Considering the numer of DOD computers that got infected by the Sony DRM application, I think the people who oversee those contracts would be negligent if they did not "seek consideration" for the failure to perform.
because all the music I download comes from DRM-free, regular MP3 files using bittorrent and the like. In other word, pirating music. What a strange circle this story has completed...the only way to know for sure what you are getting when you download DRM-free
While Sony could be prosecuted under U.S. cybercrime law, no one thinks it will be.
What I want to know is why the fuck shouldn't a corporation be held to the same rules the rest of us are? As the line above illustrates, people now assume that companies can abuse the law as they see fit and not get reprimanded.
While the rest of us (AKA as not rich) get sued into oblivion or prosecuted to the fullest for downloading a shitty CD that should only be $5.
what are "hip 1334"'s? lol...before trying to insult people make sure you know the proper terms
There are 10 kinds of people in the world - those who understand binary and those who don't
So, while the anti-virus companies were slow with code to detect and remove Sony's rootkit, they were much faster in releasing updates that detected and quarantined the various exploits that allowed PSP owners to downgrade their firmware from 2.0 to 1.5 so that they could run homebrew/warez - Sure there was Trojan.PSPBrick which actually did damage if it was installed on your PSP and viewed, but most anti-virus vendors were happy to tar 'useful' exploit code with the same brush.
I'm sure Sony had nothing to do with it.
Read http://www.groklaw.net/article.php?story=200511131 64717817
The creator of the rootkit (First 4 Internet) apparently worked with Symantec and other major antivirus companies to make sure that it would neither be detected nor removed by their software according to CNET.
This is a very damning accusation.
LedgerSMB: Open source Accounting/ERP
Go here for the blog.
I wrote a response, pending moderation, as follows:
It will be interesting to see how they respond, if they bother to do so.
If you are unfamiliar with them, they make Ad-aware, which is a popular utility for detecting and removing trojans, malware, etc., on Windows machines.
Aside from the value of getting publicity for security issues:
1999: Solitaire algorithm published. An output-feedback mode stream cipher which can be easily calculated using a pen, paper, and a deck of cards, allowing people without computers to use strong encryption in their communications. This system was featured in Neal Stephenson's Cryptonomicon.
2003: Helix algorithm published. A fast stream cipher comparable in speed to RC4 and with low per-message overhead, making it suitable for very small messages.
2004: Phelix algorithm published, a refinement of the earlier Helix algorithm.
rage, rage against the dying of the light
Sony paid for it. Sony included it. But first4internet wrote the code.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
Does anyone know if Sony built computers, such as the VAIO, come preinstalled with the rootkit? I really wouldn't be suprised if it did.
Except that reports say the rootkit kills Vista. Or at least crashes it.
But you're not bitter.
This sig intentionally left blank.
Norton Internet Security 2005 AntiSpyware Edition
McAfee AntiSpyWare 2005
Microsoft Windows AntiSpyware (Beta)
This is their business. Period.
What I say does not represent the views of my employers, my friends, my cats, or myself.
I don't know what brand of CD burning software you use, but I've had Autorun disabled on my computers for the last 7-8 years and never had a problem burning a CD.
he is wrong, wrong, wrong
I had removed all the DRM files and all the registry entries from my sister's computer, but that stupid "lower filter" kept re-appearing when I tried to reload her DVD drivers. After a couple of hours, I gave up because I discovered that since her computer was new, I hadn't yet disabled rollback on it. (Nor, obviously, had I had a chance to disable autoplay)
She had a save point from the day before she played the CD, so I used rollback, which surprisingly mostly worked, and her driver was restored. And then I spent a lot of time reinstalling all the software I had installed before discovering she had played that stupid CD.
She hates Sony, now, because I no longer had time to migrate her files from her old dying laptop over before she went home, having to spend it all doing this. She's a college student and a teacher, so this affects her studies and her work, until she can make it back over. You can bet, if there is a class action lawsuit for Texans, I'll sign up.
They should add they're rootkit software to the Blu-Ray standard!
No CD sticker on thaose cases. It is an application that plays music.
Just becasue it's round, shiney and plays music, does not make ti a red book standard. i.e. CD
The Kruger Dunning explains most post on
They are scared of breaking the DMCA. Do you honestly think any big antivirus company or even Microsoft is going to have the guts to provide software go in and remove a copyright-protection mechanism, something the DMCA explicity states you cannot do?
The only thing about Sony's size that matters is their ability to litigate.
Did you ever notice that *nix doesn't even cover Linux?
"this rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software."
Baloney. Any application installed on my computer under false colors that is hidden from me is not a legitimate application. Sorry, Symantec.
The higher the technology, the sharper that two-edged sword.
Mod parent up.
He is referring to the bhopal gas tragedy of 1984, http://en.wikipedia.org/wiki/Bhopal_gas_tragedy/ where thousands of people were killed and Union Carbide pretty much got away with it. The CEO Warren Anderson is a fugitive and is on the wanted list of CBI India.
Because it already is?
the big AV companies get moeny from companies to not list their products.They were just trying to get Sony to pay them not to list it. Or Sony had already done so.
There was no risk of being sued. The publicity would have stopped Sony, regardless of the DMCa interpetation. I noticed MS is removing it, where is the big fat lawsuit?
It is illegal for me to run a stop sign, but if I do so to get out of the away of an ambulance, nobody is going to prosecute me.
The Kruger Dunning explains most post on
You're right that people download music because CDs are really expensive, and because they insist on being able to use their iPods.
But now there's an even more obvious reason to download music in an open format like MP3: MP3s cannot suddenly turn on you and break your computer.
I'm sure I'm not alone when I state that I will never buy a Sony or BMG CD again, ever, unless it comes with a bold-printed, legally-binding guarantee that the damn thing is a plain-Jane, Red-Book-compatible, fully-rippable CD. And I'm never again going to insert a music CD into Windows, no matter who sells it to me. I'll rip the things in Linux, where it's safe.
This is independent of my desire to punish Sony by boycotting their products. This is legitimate fear. No individual music CD is worth the risk of having to reinstall Windows, to say nothing of the risk of being 0wned or losing some of my data.
Quite simple - do not purchase any Sony products. Spread the word - Just say No to Sony. Follow up with an e-mail to your favourite Sony published Artists that indicates your boycott of Sony products and they might want to think about changing labels. Combined with the previously mentioned class action suits we might just send a message the big business understands.
3 1/2? Ha. My first virus was "Stoned" on a 5 1/4. The best part was the cure program was called "aspirin".
But, yes, the boot sector virus spoiled many a day. Also, does anyone even remeber when Michaelangelo Day is anymore?
In theory there is no difference between theory and practice.
In practice, however, there is.
So does this mean that Sony employees can no longer listen to Sony CDs on Sony Corporate computers for fear of "DRM"ing the entire Sony intranet?
There are two kinds of people in the world: those with loaded guns, and those who dig.
Of course, since 1st4$ is located in the UK, the possibility exists that they may be UK 'major Record Labels' which are smaller than their North American equivalents.
I mean, it's not like Virgin has massive stores all over North America or anything...
Quidquid latine dictum sit, altum sonatur. . . . . . . .
Not sure what you want, but if the html/css is yours, you can add css sections to cover the :hover attribute (like a:link:hover, etc.). Using a global :hover isn't usually all that helpful though (for color changes anyways).
Let S_n = {nst+us+vt : s,t in Z \ {0}, u,v in {-1,1}}. For all n in Z where |n| > 2, Z \ S_n is infinite... right?
If I had to make my money by selling Music CDs through a vendor who not only thought of my customers with enough contempt to do this in the first place but also believing they are too stupid to know they're infecting their computers (which amounts to corporate espionage), I would be very afraid.
It makes me very happy I haven't purchased a single RIAA endorsed CD in years.
And for those who condone Pirate2Pirate filesharing this only goes to further their arguments.
I'm not against the content of the article itself, nor do I question the author's technical merits. I'm against the misleading title. I surely expected more info on First4internet, or who decided to make the deal, youknow, the "behind-the-screens" action and stuff.
But all it was, was a hyperlinked editorial a-la 60 minutes commentary. Perhaps the article should have been named "The unasked question behind the Rogue Rootkit", or something.
You may ask, "Oh well, if you weren't against the article itself, but just the title, why was your post entitled 'Article sucks!'"?
And that's exactly my point. Misleading titles.
Correct URL: http://en.wikipedia.org/wiki/Bhopal_gas_tragedy (no trailing slash).
-- Argel
Don't put this on MS in any way. Autorun is a feature that the users want to see.
Just because a user want's a Program to intall automaticaly, doesn't mean they deserve a root kit install. It is not an exploit becasue auotrun works as designed.
I am not a MS apologist, but don't blame MS for this, it is SONYs doing, and SONY bears 100% of the blame.
If I thought a brick through your window, is it the home builders fault for putting windows in your home? Is it your fault because you use glass windows? No.
The Kruger Dunning explains most post on
Your link is broken, you meant http://en.wikipedia.org/wiki/Bhopal_gas_tragedy without the trailing slash.
Looks like Sony's a PR client of this crazy bitch.
She's got a track record of PR disasters all her own.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
...or not
e &pg=qu&sid=4526&symb=SNE&shownav=true%2C&time=1mo& uf=0
http://money.cnn.com/quote/quote.html?shownav=tru
up about a point and half since 10/31. 5% gain or so.
If you nuke your hard drive and reinstall Windows after you get the rootkit, aren't you circumventing a copy-protection system and violating the DMCA?
Just "gittin-r-done," day after day.
Tested under Firefox as a bookmark.
(originally a ingle line, to make it shorter, but now with spaces for /.)
Sony BMG is 50% owned by Sony Corporation of America and 50% owned by Bertelsmann AG. Sony is still a Japanese company, although Sony Corp. of America is US-based. Bertelsmann is a German company. The UK market and the German market are not that different. You see, even small countries may be major players in certain markets. Say "Supashi bo", "Thank you" and "Danke schön" to Sony worldwide.
/.
Anyway, I think your point is well taken. Who are the other companies using XCP? I do not understand why such a good question is being rated "overrated". Maybe because this is
I think the point was to intentionally get it wrong. It's mildly humorous.
That's right. All your base.
It seems that everyone is sleeping with everyone nowadays. Microsoft creates a shitty OS full of bugs. Then virus writers load it with worms, rootkits, and other malware over time. Then all these security companies get into the business of cleaning up after M$'s crap. As long as M$ keeps creating crap these guys are in business. You can think of anti-virus companies as digital refuse workers for M$. if there is no trash to take out, then these guys don't have a job.
So now Sony and F4I create a rootkit that will stick itself onto your system like a parasite (does this happen if the user is not running as admin? Can the rootkit work then in regular user mode?). As this excellent article pointed out, M$ would love to be in bed with Sony as the OS/digital content distributor of choice. Currently this happens to be Apple and M$ would love to grab a hefty share of the profits. They don't care about the majority of home users. If you aren't running a production system and paying them oodles of cash, they won't give you the time of the day. Why should they care about your security when most users don't care about their security. In all honesty your average joe doesn't know what a rootkit is (the CEO was right about that), he doesn't care, as long as his computer "isn't running slowly" and popups aren't flooding his desktop. In the end he doles out the job of fixing his computer to some neighborhood geek or tech support dude.
Well I for one have had enough of this crap. I refuse to fix your computer if its broken! If you want me to fix it, I'm going to install an open source system created by users for users.
Sure virus writers can start attacking there also, but as long as I know what's going on under the hood I can protect myself better. The average Joe can take advantage of this protection because if it's good for me it's good for him. I'm staking my reputation on the code i've written, there's a sense of pride in it. I'm not just in it for the money.
Now you have to think that if MS and co have had done thier homework to make this work for such a time, that Vista probably bad been enabled for such things as well.
I had recently been hoping Vista would be a 'Good Thing' for those I have to help with broken violated Windows systems, but now I'm really thinking that may not be the case any more.
Sony, Microsoft, Symantec, McAfee, you all have some 'splainin to do!
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
I see lots of discussion about windows Autorun CD feature. Those of us that were Mac users in 1998 (all 12 of us) learned this lesson from the Quicktime Autostart worm. QT used to have a autoplay cd option that was exploited pre OS X to install an annoying but harmless worm. I caught it from The CD that shipped with MacAddict magazine. Autorun should not be enabled.
The U.S. Attorney apparently does not think that it is "worthwhile" case and will not extradite him. See: http://www.bhopal.com/opinion.htm
I guess it's a different story when the shoe is on the other foot, then the US just kidnaps the suspect (from another country), exports them for torture and then puts them in prison for years and denies them the right to a fair trial etc.
It doesn't matter if it is Sony or Union Carbide, if it's a company it's OK in the USA.
Hmmm ...
1) build a rootkit.
2) make deal with major AV companies to not detect it.
3) Sell my rootkit to Microsoft.
4) ?
5) Take over the worldwide net!
6) Declare myself Lord God Emperor of the 'Net.
7) Force all 'net users to bow to the Lord God Emperor of the 'Net!
8) Start my own religion.
9) PROFIT!
It's no wonder that Symantec and other AV companies were reluctant to react - they produce software that's almost as intrusive.
/Windows. Only exceptions are hardware drivers and the registry entry.
For example, ZoneAlarm installs a low level network filter that listens to all network traffic. It also just so happens to break a few things it should not break, like Ruby networking. The driver sits at such a low level that turning off ZoneAlarm doesn't disable it - you have to uninstall the software to get rid of it.
Name any Symantec product - even backup software - and it requires you to restart the system. I wonder why. I want to have software that does its job, without side-effects.
If Microsoft were not the worst offender itself (Visio update installed - please restart the system!) it should release a code of conduct for software:
- Application programs shall not install themselves anywhere in
- Applications shall not require a restart to be installed.
- Users can stop applications via the GUI, and all aspects of the software will shut down
The problem with Windows is that it encourages programs to install themselves all over the system. MS provides the worst example with the ball of hair that is Office.
Am I the only one to think something is wrong here? Sudenly sony is exposed, news appear daily showing sony as the "bad guy", and as someone else said in a previous comment, microsoft is the one with a "good atitude".
I'm starting to think the relelase of PS3 has something to do with all this anti-sony campaign!
I tried disabling Autorun on both DVD drives -- both still pop up that 'what do you want to do with' boxes every time I insert a disk.
Tried to put 'do nothing' beside every damn action in the pop up boxes described above. Still get the damn pop up box.
Inserted a Leahy cd with the Suncomm version of DRM on it. Yes, my sound drivers were overridden by default. Damn thing never ASKED my permission, never popped up a box asking me if I wanted to install the software.
So now I'm looking for a linux cd that comes with just enough programs to rip mp3s and dvd vob files to divx, but ignores any drm software on the disks.
TrendMicro appears to have added it Nov 12. Looks like they just removed the cloaking, and leave the rest, like many of the others.
Styrofoam IS biodegradable, you're just impatient!
Here's something funny... Sony's rootkit/DRM provider's, First4Internet, XCP's press release links on their website suddenly start to slow down in October 2005...
http://www.xcp-aurora.com/press.aspx
Do you think they're in a panic, too busy to toot their own horns?
March 6
or
Whenever that virus from the movie Hackers was set to go off
take your pick
[Fuck Beta]
o0t!
So I am guessing now that pirating music is safer??
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Maybe the questions were too uncomfortable.