Slashdot Mirror
Real Story of the Rogue Rootkit
BokLM writes "Wired has an interesting article from Bruce Schneier about what's happening with the Sony Rootkit, and criticizing the anti-virus companies for not protecting its users. From the article: 'Much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.'"
... the malware was not made by the anti virus companies so how could we expect them to make the antidote?
Now don your tin foil hats!
Wired's webserver was borked before this even hit the front page. A functional mirror for everyone's perusal.
It's a shame what big companies can get away with. I mean, no matter how you look at this, a rootkit is a rootkit, there was nothing subjective about this. Yet, the fact that it was by Sony made people keep their mouths shut. It's a shame.
Send email from the afterlife! Write your e-will at Dead Man's Switch.
What the heck is this?
The AV companies are just gunshy of Sony's squad of legal attack ninjas. Not surprising given that this is grey area. I think the author makes a decent point (that the AV companies moved slowly), but the real failing here is the draconian legislation that made this a grey area in the first place. Hopefully these wee little gaps in consumer protection get plugged as a result of this.
I have to ask... If you were infected by this thing, then why not call law enforcement? You know it is malware of the worst kind and you know exactly who did it to you. Why not call the FBI or your Attorney General and file a criminal report? Couldn't you list Sony or the record store/online store you got it from as the source? I don't know. Seems like a good form of civil disobedience at the very least.
Isn't that what we're supposed to do?
Of course, all Slashdotters were not infected because we all boycott music companies anyway. Right?? Or did I miss a memo?
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
No shit no one touched it..
They are Scared Shitless...
Until Now.
What happens when Sony's rootkit hides under the protection of Windows Vista's NGSCB? Will antivirus vendors be able to remove bad code that ends up in the NGSCB? Given that Window's kernel in insecure enough to allow itself to be rootkitted, what is the chance that NGSCB itself will be subverted? Doesn't the fact that NGSCB is designed to hide code from normal users and knowledgable debuggers alike mean that it's somewhat similar to what the Sony rootkit tries to do?
& wich flavours of UNIX/Linux is it for ? ...and what are the symptoms ?
i'm still shocked that a "legitimate" company that's widely purchased from, and is a household name, would distribute software that anti-virus companies would consider to be malware. i'm still shocked that sony let this kind of thing slide, it's so obvious that they didn't even check to see what they were doing before they did it.
When news of the criminal root kit hit full blast, I figured it would immediately get nuked by the AV companies. As things progressed and no one but MSFT came to the rescue, it made wonder if there was fear or maybe even collusion.
Yet the bigger story here in the fact that a blogger was the breaking source.
My media is 75% blogs now. Many use links to back their opinions (I'd love to see a standard bibliogtaphical Wiki for referencing). They're faster than the daily news and less likely to be afraid of corporate threats.
BTW, anyone know a way for me to toggle link text format fron standard (blue w/ underline) to normal (black no underline) and back, quickly?
Yeah that has been my reaction. When I heard about it the first thing I began doing was searching for detection and removal software. I found nothing. I could not believe that Mcafee was not publishing a fix.
Insert Generic Sig Here:
It was very hard, even for Microsoft to figure out how to remove the damn thing without disabling the CD/DVD drive entirely. The first anti-virus patches that thought they fixed this was actually disabling peoples drives without knowing it. Microsoft had to work with Sony to figure out what the hell they had actually done. It really sucks.
They don't exist to make gigantic corporate enemies.
Like it or not, detecting and removing Sony's malware puts them at series risk for DMCA lawsuits and the like and is thus a bad business decision. Anyone who thinks they're in it to actually better their customers and not their bottom line is living in fantasy land.
Man, all this just in time for Christmas. When I'm shopping this Holiday Season, I think I'll just run up to store clerks and ask them if they carry Sony products and if they say yes, ask "For the love of God, WHY???" and then run away laughing.
If the Antivirus companies start destroying Sony copy-protection technologies, they're almost certain to get in trouble. Surely they don't want to violate the DMCA.
Sony won't need to install a rootkit, because the Microsoft DRM will be designed specifically to help enforce things like Sony's EULA. Why should Sony bother with a rootkkit when the OS itself will impose the limits by design?
Because calling law enforcement would lead to a court case: YOU vs SONY. Guess who wins every time?
What are you talking about? Making a report to law enforcement is not going to get you into a civil suit. It will be the state vs. Sony in a criminal case should they pursue it. The trouble is getting them to do so. Try calling the FBI sometime. If it isn't easily demonstrable as several grand worth of damage they will just ignore you.
Imagine this: a brick comes sailing through your window, smashing glass everywhere. You pick it up and wrapped around the brick is a flyer for a glass replacement company.
This is how I've viewed the major AV companies for quite some time. Sure, there are non-affiliated virus threats out there, but they perpetuate their own business as well.
I didn't think that my opinion of McAffee and Norton could sink any lower... but I was wrong.
-Those who dance are considered insane by those who can't hear the music.
Companies are so worried about piracy that they go to these extremes. What they need to look at is why are people pirating. Many people pirate because the thought of spending $17 for a cd is rediculous considering that only a few songs are worth a damn. Secondly, DRM makes it worse because people can't rip the audio for their mp3 player. This drives people to piracy and the DRM makes it worse and drives the consumer away. Just lower the damn prices and let me burn it, rip, or do anything else I want with it because it's mine!
gasmonso http://religiousfreaks.com/It's their "rootkit," our "DRM enforcement agent." The same sort of nonsense about their "terrorist," our "freedom fighter." that were promoted by the whitehouse in 80's.
ELOI, ELOI, LAMA SABACHTHANI!?
I'm in the UK. Do the US-centric have anything to report on this?
I don't care what the rest of you hip 1334 types think, this post (though slightly incoherant) trys to bring a real point to the table, and actually offers (albeit painfully) what I consider to be the most valid reason this didn't get taken care of earlier. You are NOT to question the corporate masters when they tell you how to use the software you bought, you are NOT to question when they force you to use your own property (your computer's clockticks) to make sure you don't cross the line they have placed for you. Why do we take this? Read the post again, and try THINKING (I know, I know, it's dangerous) about what this person said. It's spot on as far as I'm concerned. Sony is one of the masters (one of the High Masters of Entertainment), and if master says shoot myself in the foot for his amusement, then master gets what master wants. We've been willingly bent over so long that we didn't even notice that they stopped giving us the courtesy of a reach-around.
3-Pages of Wired goodness
Reminds me of the good old days when computer viruses were spread around on 3 1/2 floppy disks. Nothing like a boot sector virus to spoil your day.
Links From The Article
Apparently there is a criminal investigation going on...
In Italy
Class action lawsuit
Apparently step 3 is that you have to "reside in either California or New York." Sadly, step 4 is not Profit!
[Fuck Beta]
o0t!
While it is a good article, it leaves out what was just recently posted on Slashdot - the use of open source software to create it. That's another important part of the legal quandry. Also the article really seems to minimize the fact that it also effects Macs. While it is true that the user must provide a password (on the Mac), Sony insisted it did not effect Mac and Linux computers.
The double standard of the security companies is troubling... If I released this application (sony's rootkit) it would be considered malware immediately. The fact that they only remove a portion of it is also strange. That is like removing the part of a spam generating worm that sends emails to others but leaving the rest of it to waste CPU time scavanging my address book. Also... What I wonder is, is what consequences will come from the alleged GPL violations? Is anyone suing Sony or first4Internet for copyright infringment? If not, does this send a signal to big corps that it's ok to steal code that is GPL'd because the parties that wrote it probably don't have the time/money to do anything about it anyway?
That can be a great anti-Vista publicity.
"With Vista you don't have to worry about shit like the Sony rootkit, because he is already in!"
It does not work and cannot work when it warns the user, as the Rootkit DRM program has to ask for an administrator password before you install.
On a Macintosh running OS X.
Gods don't kill people, people with gods kill people.
Sony Feels Badly :P
The weak non-response by AV companies isn't the REAL story, either...
The REAL story is why aren't elected officials falling all over themselves to make what SONY did a criminal offense?
Your computer is infected with the Sony DRM Rootkit.
It compromises the security of your machine, leaving
it open to various attacks.
Due to legal restrictions imposed by the DMCA, the
infection can not be removed. It is recommended to
disconnect the computer from the internet and
reinstall the operating system.
The biggest surprise for me was that Microsoft, who usually pisses me off, actually was the only company to step up to the plate in a meaningful way. I expected far, far better from the antivirus/spyware vendors. If you're going to tell me that you're going to protect my system, make me pay a subscription to keep my definitions current, and, on top of that, consume some of my system resources to do it, you'd damn well better step up to the plate when it comes to something as blatantly dangerous to my security as a rootkit.
when the spyware/malware people start bundling rootkits as part of the infection? I'm not really worried much about the responce of the anti-virus people as much as I'm worried about the responce I'll get from Microsoft when I ask: How can I keep code from installing this type of code into windows.
I'm afraid the answer I'm going to get is: We don't know.
It is my meager understanding the AV companies detect _viruses_. That they've forayed into spyware detection is perhaps a natural/logical path, albeit, that has still not become their primary avenue of business.
/.ers you know what you use on your friends'/family's boxes to get rid of such helpful toolbars ;) as ones that mom installed so she'd know when it's raining outside.
/. crowd has the capability to shine. The onslaught of Windows rootkits may unveil a shadowy niche in computer security to the general population, however, isn't it the rootkit and it's purveyors we should be disgusted with? Author of TFA seems to think otherwise.
/. comment sections. Save the other bandwidth for pertinent _investigative_ journalism.
Some of the most popular spyware-detection tools aren't from the big AV players --
That said, there are explicit differences between terms in TFA that should be noted. Though I am no expert in the field, it's generally agreed upon that virus != spyware. (How many of you cringe when you hear "hacker" used pejoratively? Are they really a cracker/script kiddie/etc...) Let's get our diction correct.
Ok, so what are rootkits? This is where the
Do we blame the ambulance responding to the scene of a fire for our house burning down? Nay, the fire department? Suppose the fire department responded lethargicly. Then, might we play the blame game. What if the fire department arrives to confront an unknown, previously unfaced force destroying your building?
The tongue-lashing poured out by Author should best be kept to his blog, which he has proudly boasted to you, the reader, about already. Let him keep his opinions and bashing there and in
I suspect that the security companies don't fear lawsuits from spammers. On the other hand, one can easily imagine a company like Sony threatening lawsuits for having their DRM labelled a "virus" even if it damn-well is.
The cake is a pie
I won't be surprised when in a few days there will be an announcement how Sony's rootkit causes world hunger, rapes dogs, and hides one sock out of every pair every once and awhile.
Damn you Sony !... Oooh, shiny PS3 !
It's interesting how some of the vendors are listing information about the rootkit, but see uninterested in adding a signature, claiming that it's not really a virus (which is true) because it doesn't self-replicate. That's fine, I guess, because if they started detecting rootkits, they'd have a lot more work to do, but I think it's kind of shortsighted of them to think that people won't get angry that they paid for a $40/year subscription for a product that doesn't detect when their system gets totally rooted.
(I'm always tempted to spell it r00tk1t, but I'm trying to act more mature these days...)
Free music from Jack Merlot.
With Vista you don't have to worry about shit like the Sony rootkit, because he is already in!
Yet another example of over-agressive bundling.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
one word:
Bhopal
.
music lover since 1969
After seeing this story all week, I still can't get past the most basic question in my head: Why the hell is Windows executing software from an audio CD?
A Government Is a Body of People, Usually Notably Ungoverned
The DOD pays big dollars to get a corporate license for both McAfee and Norton, which includes permission for users to use on their home computers. Considering the numer of DOD computers that got infected by the Sony DRM application, I think the people who oversee those contracts would be negligent if they did not "seek consideration" for the failure to perform.
because all the music I download comes from DRM-free, regular MP3 files using bittorrent and the like. In other word, pirating music. What a strange circle this story has completed...the only way to know for sure what you are getting when you download DRM-free
And I can't afford to consider recommending them lightly.
I'm not claiming that they are a *part* of a criminal conspiracy. But they were aware of it and did NOTHING to alert their customers. I.e., they intentionally did not perform the service that they were being paid money to perform. That looks to me like malfeasance, but perhaps only government employees can commit malfeasance. IANAL.
It certainly looks like fraud. They claimed and received money to provide a service that they intentionally did not perform.
I think we've pushed this "anyone can grow up to be president" thing too far.
I figure just posting a gripe about it here should be enough. After all, the FBI is already monitoring everything I do, right? Right?!?
<adjusts hat>
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
While Sony could be prosecuted under U.S. cybercrime law, no one thinks it will be.
What I want to know is why the fuck shouldn't a corporation be held to the same rules the rest of us are? As the line above illustrates, people now assume that companies can abuse the law as they see fit and not get reprimanded.
While the rest of us (AKA as not rich) get sued into oblivion or prosecuted to the fullest for downloading a shitty CD that should only be $5.
Read http://www.groklaw.net/article.php?story=200511131 64717817
The creator of the rootkit (First 4 Internet) apparently worked with Symantec and other major antivirus companies to make sure that it would neither be detected nor removed by their software according to CNET.
This is a very damning accusation.
LedgerSMB: Open source Accounting/ERP
Aside from the value of getting publicity for security issues:
1999: Solitaire algorithm published. An output-feedback mode stream cipher which can be easily calculated using a pen, paper, and a deck of cards, allowing people without computers to use strong encryption in their communications. This system was featured in Neal Stephenson's Cryptonomicon.
2003: Helix algorithm published. A fast stream cipher comparable in speed to RC4 and with low per-message overhead, making it suitable for very small messages.
2004: Phelix algorithm published, a refinement of the earlier Helix algorithm.
rage, rage against the dying of the light
Does anyone know if Sony built computers, such as the VAIO, come preinstalled with the rootkit? I really wouldn't be suprised if it did.
I don't know what brand of CD burning software you use, but I've had Autorun disabled on my computers for the last 7-8 years and never had a problem burning a CD.
No CD sticker on thaose cases. It is an application that plays music.
Just becasue it's round, shiney and plays music, does not make ti a red book standard. i.e. CD
The Kruger Dunning explains most post on
Mod parent up.
He is referring to the bhopal gas tragedy of 1984, http://en.wikipedia.org/wiki/Bhopal_gas_tragedy/ where thousands of people were killed and Union Carbide pretty much got away with it. The CEO Warren Anderson is a fugitive and is on the wanted list of CBI India.
You're right that people download music because CDs are really expensive, and because they insist on being able to use their iPods.
But now there's an even more obvious reason to download music in an open format like MP3: MP3s cannot suddenly turn on you and break your computer.
I'm sure I'm not alone when I state that I will never buy a Sony or BMG CD again, ever, unless it comes with a bold-printed, legally-binding guarantee that the damn thing is a plain-Jane, Red-Book-compatible, fully-rippable CD. And I'm never again going to insert a music CD into Windows, no matter who sells it to me. I'll rip the things in Linux, where it's safe.
This is independent of my desire to punish Sony by boycotting their products. This is legitimate fear. No individual music CD is worth the risk of having to reinstall Windows, to say nothing of the risk of being 0wned or losing some of my data.
Not sure what you want, but if the html/css is yours, you can add css sections to cover the :hover attribute (like a:link:hover, etc.). Using a global :hover isn't usually all that helpful though (for color changes anyways).
Let S_n = {nst+us+vt : s,t in Z \ {0}, u,v in {-1,1}}. For all n in Z where |n| > 2, Z \ S_n is infinite... right?
Correct URL: http://en.wikipedia.org/wiki/Bhopal_gas_tragedy (no trailing slash).
-- Argel
Don't put this on MS in any way. Autorun is a feature that the users want to see.
Just because a user want's a Program to intall automaticaly, doesn't mean they deserve a root kit install. It is not an exploit becasue auotrun works as designed.
I am not a MS apologist, but don't blame MS for this, it is SONYs doing, and SONY bears 100% of the blame.
If I thought a brick through your window, is it the home builders fault for putting windows in your home? Is it your fault because you use glass windows? No.
The Kruger Dunning explains most post on
Your link is broken, you meant http://en.wikipedia.org/wiki/Bhopal_gas_tragedy without the trailing slash.
Another idiot. Never in the history of the world has a corporation been charged with a criminal offense. It doesn't even make sense. You might charge the directors of a company or the executives of a company with a criminal offense but you don't charge the company.
How we know is more important than what we know.
-
Balfour Beatty were charged with Corporate Manslaughter over Hatfield. http://news.bbc.co.uk/1/hi/uk/4225877.stm
-
Barrow Council was charged with Corporate Manslaughter after a legionaires disease incident http://news.bbc.co.uk/1/hi/england/cumbria/447357
3 .stm
-
And I presume the law is on the statute books just for decoration. http://www.cps.gov.uk/legal/section5/chapter_b.ht
m l
Yes, there are lots of problems with the laws on Corporate Manslaughter, and I don't believe many prosecutions have succeeded. The standard of responsibility in the Health and Safety at Work act is high (I think you have to show reckless disregard or similar, which is very hard), and there's a lot of discussion about changing it. I can't remember the outcome of the most obvious case, which was the Herald of Free Enterprise disaster. But I suspect that the poster I'm replying to thinks ``history of the world'' means ``history of the USA''. I don't know enough about US law to comment on that.ian