Slashdot Mirror
Real Story of the Rogue Rootkit
BokLM writes "Wired has an interesting article from Bruce Schneier about what's happening with the Sony Rootkit, and criticizing the anti-virus companies for not protecting its users. From the article: 'Much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.'"
... the malware was not made by the anti virus companies so how could we expect them to make the antidote?
Now don your tin foil hats!
Wired's webserver was borked before this even hit the front page. A functional mirror for everyone's perusal.
It's a shame what big companies can get away with. I mean, no matter how you look at this, a rootkit is a rootkit, there was nothing subjective about this. Yet, the fact that it was by Sony made people keep their mouths shut. It's a shame.
Send email from the afterlife! Write your e-will at Dead Man's Switch.
The AV companies are just gunshy of Sony's squad of legal attack ninjas. Not surprising given that this is grey area. I think the author makes a decent point (that the AV companies moved slowly), but the real failing here is the draconian legislation that made this a grey area in the first place. Hopefully these wee little gaps in consumer protection get plugged as a result of this.
I have to ask... If you were infected by this thing, then why not call law enforcement? You know it is malware of the worst kind and you know exactly who did it to you. Why not call the FBI or your Attorney General and file a criminal report? Couldn't you list Sony or the record store/online store you got it from as the source? I don't know. Seems like a good form of civil disobedience at the very least.
Isn't that what we're supposed to do?
Of course, all Slashdotters were not infected because we all boycott music companies anyway. Right?? Or did I miss a memo?
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
No shit no one touched it..
They are Scared Shitless...
Until Now.
What happens when Sony's rootkit hides under the protection of Windows Vista's NGSCB? Will antivirus vendors be able to remove bad code that ends up in the NGSCB? Given that Window's kernel in insecure enough to allow itself to be rootkitted, what is the chance that NGSCB itself will be subverted? Doesn't the fact that NGSCB is designed to hide code from normal users and knowledgable debuggers alike mean that it's somewhat similar to what the Sony rootkit tries to do?
i'm still shocked that a "legitimate" company that's widely purchased from, and is a household name, would distribute software that anti-virus companies would consider to be malware. i'm still shocked that sony let this kind of thing slide, it's so obvious that they didn't even check to see what they were doing before they did it.
When news of the criminal root kit hit full blast, I figured it would immediately get nuked by the AV companies. As things progressed and no one but MSFT came to the rescue, it made wonder if there was fear or maybe even collusion.
Yet the bigger story here in the fact that a blogger was the breaking source.
My media is 75% blogs now. Many use links to back their opinions (I'd love to see a standard bibliogtaphical Wiki for referencing). They're faster than the daily news and less likely to be afraid of corporate threats.
BTW, anyone know a way for me to toggle link text format fron standard (blue w/ underline) to normal (black no underline) and back, quickly?
It was very hard, even for Microsoft to figure out how to remove the damn thing without disabling the CD/DVD drive entirely. The first anti-virus patches that thought they fixed this was actually disabling peoples drives without knowing it. Microsoft had to work with Sony to figure out what the hell they had actually done. It really sucks.
They don't exist to make gigantic corporate enemies.
Like it or not, detecting and removing Sony's malware puts them at series risk for DMCA lawsuits and the like and is thus a bad business decision. Anyone who thinks they're in it to actually better their customers and not their bottom line is living in fantasy land.
Man, all this just in time for Christmas. When I'm shopping this Holiday Season, I think I'll just run up to store clerks and ask them if they carry Sony products and if they say yes, ask "For the love of God, WHY???" and then run away laughing.
If the Antivirus companies start destroying Sony copy-protection technologies, they're almost certain to get in trouble. Surely they don't want to violate the DMCA.
Sony won't need to install a rootkit, because the Microsoft DRM will be designed specifically to help enforce things like Sony's EULA. Why should Sony bother with a rootkkit when the OS itself will impose the limits by design?
Because calling law enforcement would lead to a court case: YOU vs SONY. Guess who wins every time?
What are you talking about? Making a report to law enforcement is not going to get you into a civil suit. It will be the state vs. Sony in a criminal case should they pursue it. The trouble is getting them to do so. Try calling the FBI sometime. If it isn't easily demonstrable as several grand worth of damage they will just ignore you.
Imagine this: a brick comes sailing through your window, smashing glass everywhere. You pick it up and wrapped around the brick is a flyer for a glass replacement company.
This is how I've viewed the major AV companies for quite some time. Sure, there are non-affiliated virus threats out there, but they perpetuate their own business as well.
I didn't think that my opinion of McAffee and Norton could sink any lower... but I was wrong.
-Those who dance are considered insane by those who can't hear the music.
Companies are so worried about piracy that they go to these extremes. What they need to look at is why are people pirating. Many people pirate because the thought of spending $17 for a cd is rediculous considering that only a few songs are worth a damn. Secondly, DRM makes it worse because people can't rip the audio for their mp3 player. This drives people to piracy and the DRM makes it worse and drives the consumer away. Just lower the damn prices and let me burn it, rip, or do anything else I want with it because it's mine!
gasmonso http://religiousfreaks.com/It's their "rootkit," our "DRM enforcement agent." The same sort of nonsense about their "terrorist," our "freedom fighter." that were promoted by the whitehouse in 80's.
ELOI, ELOI, LAMA SABACHTHANI!?
3-Pages of Wired goodness
Reminds me of the good old days when computer viruses were spread around on 3 1/2 floppy disks. Nothing like a boot sector virus to spoil your day.
Links From The Article
Apparently there is a criminal investigation going on...
In Italy
Class action lawsuit
Apparently step 3 is that you have to "reside in either California or New York." Sadly, step 4 is not Profit!
[Fuck Beta]
o0t!
While it is a good article, it leaves out what was just recently posted on Slashdot - the use of open source software to create it. That's another important part of the legal quandry. Also the article really seems to minimize the fact that it also effects Macs. While it is true that the user must provide a password (on the Mac), Sony insisted it did not effect Mac and Linux computers.
The double standard of the security companies is troubling... If I released this application (sony's rootkit) it would be considered malware immediately. The fact that they only remove a portion of it is also strange. That is like removing the part of a spam generating worm that sends emails to others but leaving the rest of it to waste CPU time scavanging my address book. Also... What I wonder is, is what consequences will come from the alleged GPL violations? Is anyone suing Sony or first4Internet for copyright infringment? If not, does this send a signal to big corps that it's ok to steal code that is GPL'd because the parties that wrote it probably don't have the time/money to do anything about it anyway?
That can be a great anti-Vista publicity.
"With Vista you don't have to worry about shit like the Sony rootkit, because he is already in!"
It does not work and cannot work when it warns the user, as the Rootkit DRM program has to ask for an administrator password before you install.
On a Macintosh running OS X.
Gods don't kill people, people with gods kill people.
Sony Feels Badly :P
Your computer is infected with the Sony DRM Rootkit.
It compromises the security of your machine, leaving
it open to various attacks.
Due to legal restrictions imposed by the DMCA, the
infection can not be removed. It is recommended to
disconnect the computer from the internet and
reinstall the operating system.
The biggest surprise for me was that Microsoft, who usually pisses me off, actually was the only company to step up to the plate in a meaningful way. I expected far, far better from the antivirus/spyware vendors. If you're going to tell me that you're going to protect my system, make me pay a subscription to keep my definitions current, and, on top of that, consume some of my system resources to do it, you'd damn well better step up to the plate when it comes to something as blatantly dangerous to my security as a rootkit.
I won't be surprised when in a few days there will be an announcement how Sony's rootkit causes world hunger, rapes dogs, and hides one sock out of every pair every once and awhile.
Damn you Sony !... Oooh, shiny PS3 !
It's interesting how some of the vendors are listing information about the rootkit, but see uninterested in adding a signature, claiming that it's not really a virus (which is true) because it doesn't self-replicate. That's fine, I guess, because if they started detecting rootkits, they'd have a lot more work to do, but I think it's kind of shortsighted of them to think that people won't get angry that they paid for a $40/year subscription for a product that doesn't detect when their system gets totally rooted.
(I'm always tempted to spell it r00tk1t, but I'm trying to act more mature these days...)
Free music from Jack Merlot.
With Vista you don't have to worry about shit like the Sony rootkit, because he is already in!
Yet another example of over-agressive bundling.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
one word:
Bhopal
.
music lover since 1969
After seeing this story all week, I still can't get past the most basic question in my head: Why the hell is Windows executing software from an audio CD?
A Government Is a Body of People, Usually Notably Ungoverned
The DOD pays big dollars to get a corporate license for both McAfee and Norton, which includes permission for users to use on their home computers. Considering the numer of DOD computers that got infected by the Sony DRM application, I think the people who oversee those contracts would be negligent if they did not "seek consideration" for the failure to perform.
Read http://www.groklaw.net/article.php?story=200511131 64717817
The creator of the rootkit (First 4 Internet) apparently worked with Symantec and other major antivirus companies to make sure that it would neither be detected nor removed by their software according to CNET.
This is a very damning accusation.
LedgerSMB: Open source Accounting/ERP
No CD sticker on thaose cases. It is an application that plays music.
Just becasue it's round, shiney and plays music, does not make ti a red book standard. i.e. CD
The Kruger Dunning explains most post on
Mod parent up.
He is referring to the bhopal gas tragedy of 1984, http://en.wikipedia.org/wiki/Bhopal_gas_tragedy/ where thousands of people were killed and Union Carbide pretty much got away with it. The CEO Warren Anderson is a fugitive and is on the wanted list of CBI India.
Correct URL: http://en.wikipedia.org/wiki/Bhopal_gas_tragedy (no trailing slash).
-- Argel
Don't put this on MS in any way. Autorun is a feature that the users want to see.
Just because a user want's a Program to intall automaticaly, doesn't mean they deserve a root kit install. It is not an exploit becasue auotrun works as designed.
I am not a MS apologist, but don't blame MS for this, it is SONYs doing, and SONY bears 100% of the blame.
If I thought a brick through your window, is it the home builders fault for putting windows in your home? Is it your fault because you use glass windows? No.
The Kruger Dunning explains most post on