z12Premium
join:2004-01-26 | reply to dave
Re: DRM implementors == black hats said by "jansson_mark" :
1) Who the heck allows autoruns in dvd/cd drives?!?
hmmm... XP PRO SP2, I don't see any way to disable autorun for audio cd's.
ran gpedit.msc -->Computer Configuration-->Administrative Templates-->System-->Turn Off Autoplay
quote:
Description: Turns off the Autoplay feature.
...
Note: This setting does not prevent Autoplay for music CDs.
What am I missing? |
|
 ZOverLordPremium
join:2003-10-20
Minneapolis, MN | reply to cosmicvoid
said by cosmicvoid:said by ZOverLord:If you are running an ADMIN ID already, you receive NO prompt of any kind, and the installation is done SILENTLY. Thank goodnes for tools like Process Guard, to alert you to attempted execution of stuff not on your whitelist, and preventing driver install. But this whole episode tells me never to buy Sony multimedia products. Well, the ROOTKIT is a new twist but several of the DVD/CD publishers are also installing spyware without a EULA or warning to the end-user, Sony just decided to take it to a new level with the ROOTKIT. --
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
ZOverLordPremium
join:2003-10-20
Minneapolis, MN | reply to z12
said by z12: said by "jansson_mark" :
1) Who the heck allows autoruns in dvd/cd drives?!?
hmmm... XP PRO SP2, I don't see any way to disable autorun for audio cd's. ran gpedit.msc -->Computer Configuration-->Administrative Templates-->System-->Turn Off Autoplay quote:
Description: Turns off the Autoplay feature.
...
Note: This setting does not prevent Autoplay for music CDs.
What am I missing? Older OS's would autoplay a CD that has music or software to install
XP goes a step further and display or find another way to present the data. This can be rather annoying everytime you want to insert a CD.
Double-Left-Click on My Computer
Right-Click on your CD-ROM icon and click Properties
Click AutoPlay to bring up the options for this selection
Select the content-type from the drop-down list
Click the radio button for Select An Action To Perform and choose your desired action.
NOTE: By selecting Take No Action with a data CD, the CD will no longer open when you are installing new software.
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
|
|
z12Premium
join:2004-01-26 | Thanks ZOverLord. Don't know how I missed that  |
|
ZOverLordPremium
join:2003-10-20
Minneapolis, MN | said by z12:Thanks ZOverLord. Don't know how I missed that Your very welcome, XP sometimes has Odd options compared to the past, lol
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
sheiny
join:2005-03-13
Turlock, CA
1 edit | reply to dave
from: »www.xcp-aurora.com/xcp1.aspx
XCP1 is designed for CD Audio and PC & MAC playability. Levels of protection are very high and recipients of XCP1 copy protected CDs will find it difficult to digitally rip or burn the Red Book content of the CD.
So PC users get a root-kit. What do the MAC folks get?
from: »www.xcp-aurora.com/press_article···xcp_art8
Furthermore, each run of manufactured discs has its own unique copy protection, so a crack on one run won't affect any others.
and
But there are other types of data that need to be protected, and our technology can be applied to video, for example, and to games. We've got lots of plans for the future. So it's all exciting times really.
|
|
BananasPremium
join:2004-08-18
Santa Barbara, CA | reply to dave
Screw em... I already got my music, more than I will ever listen to in my lifetime. They can go jump in a lake for all I care. |
|
 iam xSungazerPremium
join:2005-02-23
ॐ | reply to Rmus
ah, that felt better!
expressing myself, that is.  |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 | reply to dave
FWIW, the story has appeared in
The Register today. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4
1 edit | reply to Anon
said by ZOverLord:The first question that comes to mind: How will AV companies respond to this? KAV will be able to stop, or otherwise affect it, according to grnic, the project manager for KAV/KIS 2006, who replied to just such a question with the the words "in progress..."
»forum.kaspersky.com/index.php?s=···pic=5767
edit: typo
--
Around 2005 a sudden spark will catalyze a Crisis mood. The very survival of the nation will seem to be at stake.Sometime before 2025, America will pass through a great gate in history. The risk and promise will be very high. The Fourth Turning Wm. Straus |
|
1 edit | reply to ZOverLord
said by ZOverLord:If you are running an ADMIN ID already, you receive NO prompt of any kind, and the installation is done SILENTLY. Russinovich deliberately installed the software. If I understood him correctly, he clicked "Agree" on the EULA. The EULA did not disclose the malware. So we know what happens in this alternative.
I'd like to know what happens in each of the other two alternatives: (b) run the installer (maybe inadvertently, by autorun) - does this install anything even before user interaction? and (c) User chooses not to agree to the EULA. Does it install the covert part of the software in this case?
ZOverLord, I was not clear on whether you have personal experience with this DRM, and if so, whether you are addressing (b) or (c), or only the case of agreeing to the EULA. Anyone?
(To be clear, I do not mean to imply that the EULA justifies the malware. However, there is likely criminal conduct on the part of the vendor if it installs in case (b) or (c), but not so clearly if the user clicks "Agree".) |
|
| reply to B
Sony has already paid with me ,some years ago I bought a mini disk read/writer for wife -nice little thing ,kinda slow converting MP3 to their format but no problem!! Until I found that it (Sony) was attempting to take over all my files- now I will buy nothing Sony and I try to not even go to a Sony movie but that is sometimes hard. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to dave
F-Secure Blog claims that if you write Sony using the form from their link that Sony will provide you with the proper tools to safely remove the rootkit. FSecure warns that no one should try to remove the rootkit without the Sony tools.
"F-Secure has implemented an anti-rootkit scanner in F-Secure Internet Security 2006. The F-Secure BlackLight scanner is able to detect both this Sony DRM rootkit system and any malware that hides using it."
This is the link to FSecure's virus information paper on Sony's rootkit.
»www.europe.f-secure.com/v-descs/···rm.shtml
»www.f-secure.com/weblog/
--
Around 2005 a sudden spark will catalyze a Crisis mood. The very survival of the nation will seem to be at stake.Sometime before 2025, America will pass through a great gate in history. The risk and promise will be very high. The Fourth Turning Wm. Straus |
|
| reply to dave
The only reason why RIAA members can get away with this crap is because folks keep buying their products. It is time to quit buying copy protected CD's, period. |
|
 boltEnd of the line DSL sucks.Premium
join:2003-11-11
Charlestown, IN
kudos:1 | reply to EGeezer
Re: How do we prevent installation of this crapwar You could always just not buy the product. |
|
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
| said by bolt:You could always just not buy the product. Assuming you're not being facetious, that's a given, of course. I don't intend to knowingly buy or use any product that would install surreptitious, malicious or uninstallable code on any of my systems.
However, there remains the trend toward silent installs and deceptive language or no notification in pre-purchase of products. This applies to music CDs, DVDs, PC "accessories" like an optical mouse.
Although this particular CD in the OP had a "copy protected" notice, it failed to say that there would be uninstallable code that would install silently and hose up one's system if the user wishes to uninstall because he/she no longer wishes to use the product or the copy limits have been reached.
Installation of software or other code should be an informed choice made by the purchaser prior to sale, not a coolwebsearch or botnet style infection process where the user finds out afterward that his system has been breached.
I no longer purchase or trust newer media being loaded or played on my PC based systems. I only play my old trusted CDs on them. My Bose acoustimass system and old Onkyo amp is far better than what my PC has anyway.
Since unhooking myself from the industry, I've also found the money I spend on alternative entertainment is well spent and I don't miss the new dubiously artistic crap being purveyed by the industry.
My concern about CD installed crapware like this is with other CD based products, utilities or software I might buy that uses these techniques to infect systems.
Any positive solutions welcome
--
Every Good Electrical Engineer Zeroes Each Register |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH | said by EGeezer:Any positive solutions welcome Time for me to write my killer security app... RIAA-Aware!
Complete with resident protection that blocks the installation of malware from infected CDs.
I better get cracking. Step 1, move to a country where the F'in DMCA need not apply... 
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages. |
|
 dadkinsCan you do Blu?Premium,MVM
join:2003-09-26
Hercules, CA
kudos:18 | reply to dave
Re: DRM implementors == black hats Will ProcessGuard prevent this crap? |
|
| reply to kpatz
Re: How do we prevent installation of this crapwar How about some nice virus writers, writing something that will attack RIAA companies' systems. Since they want to attack our computers, I say we repay the favor... |
|
 antiseriousThe Future ain't what it used to bePremium
join:2001-12-12
Scranton, PA | reply to Rmus
Re: DRM implementors == black hats
... here's my little 'love note' to Sony - thanks for posting the 'reply to' link ...
Your use of the DRM software from 'First 4 Internet' uses rootkit techniques to hide various kernel objects from view. This is a despicable 'solution' to an ongoing problem that you and the RIAA have made worse at every turn, and marks a new low, even for bottom-feeders such as you. I can only hope the major Security Software vendors will quickly become aware of this abuse on your part, and devise safe and thorough means of removal without further damage to 'infected' systems. Perhaps a nice, juicy class-action lawsuit will get your attention, since I'm sure you don't give a rat's ass about the public outcry this will engender. Shame, since you were once a respected company - now you're just another gaggle of corporate scumbags, whose behavior is quite a bit worse than the fair-rights users you've targeted with this malware.
Here's wishing you all the worst - you've earned it.
--
... "Do You Know Where Your Towel Is ?" ... |
|
