Broadband Tech > Security > Security > Microsoft will wipe Sony's 'rootkit' and more

reply to K McAleavey

Re: Microsoft will wipe Sony's 'rootkit' and more

And again, I'm not a lawyer, just an "evil vendor" (heh) ... but as I see it (and as observed in the lab) in THIS case, if the software is not installed, then the player doesn't play. Put as simply as possible (so lawyers comprehend) there is NO circumvention at ALL if the "software" is removed ... however, the VAGUENESS of "1201" clearly fails to differentiate, and if SONY decides to sue as a result of the vagueness, then they WIN.

Reality is, it all comes down to presentation before a technically clueless jury, and an even more clueless judiciary and that's what the lawyers are worried about. I can understand ours since we're nowhere near Symantec or Microsoft in size or income, it just becomes difficult indeed to realize that we stand to face all this ALONE and no one with far more resources and money than we have has already chucked the issue and is willing to comply with this foolishness.

Legally, it's perfectly OK for us to STOP you from being infected in the first place, and by nature of our legal precendents, stop an already existing infection - the PROBLEM is that we can't provide the solution to the general public for FREE because *THAT* would expose us to harm. Madness!
--
Kevin McAleavey support@nsclean.com (Makers of BOClean - BOClean means never having to do an HJT log again)»www.nsclean.com

Why does it matter if the solution is free or for-pay? I don't see anything in the law that differentiates based on whether or not there is money charged.

Strange legal situation for us under New York State law - we got sued a number of years ago over a backdoor turned "commercial" called "Netbus" ... every other vendor caved to their "do not detect us" demand whereas we stood up to them in agreeing to offer removal as an "option" rather than a promise. Our legal basis for the precedent was that we were not legally considered a "common carrier" by nature of our not distributing our software to the "general public" and legally, that constituted the equivalent of a "private club" wherein we were required to satisfy the requirements of our "members" as to what we covered. Long and thin of it was that we are not held to the same legal standards as "publicly available" software. That's always been our ace in the hole over the years, and the reason why when certain "spyware" companies threatened us, we could legally thumb our noses at their requests NOT to detect them on the basis of "our customers can choose to exclude and not detect."

To our lawyers, if we cross that line and "go public" with a freebie, then that precedent could be eroded.
--
Kevin McAleavey support@nsclean.com (Makers of BOClean - BOClean means never having to do an HJT log again)»www.nsclean.com

Suppose you were to market the uninstaller separate from BOClean, but not free, perhaps a nominal price of one dollar with a EULA specifically prohibiting the distribution or use of the uninstaller on other than the license holder's computer. Would your current precedent under NY law apply, while at the same time not endangering the protection that BOClean enjoys?

MY whole point is that since what I wrote ISN'T BOClean, and ISN'T anything we currently do (no need for it for our customers) the concern among the lawyers is that it would expose the COMPANY to risk. In other words, what BOClean does, and this unique, unrelated code does aren't connected in any way other than the risk of violating DCMA and WIPO in the first place by offering a "defeat mechanism to copy protection." It's the whole interpretation of "defeating copy protection" that is the issue to our lawyers BECAUSE WIPO and DCMA are so legally VAGUE. Has nothing to do with BOClean, has to do with *US*.

The concern of course is that if we get sued for releasing, then that could harm our existing customers, thus the prohibition on the release. And according to the latest "Kevin, SHUT UP!" from them, they're discussing the theoreticals and still aren't satisfied that there's no risk. I continue to disagree because the LAW says that circumventing the encryption is the issue, whereas my OWN belief is that we're not circumventing ANYTHING by removing the DRM stuff - that any DRM software would recognize the lack of DRM "protection" and would fail to operate as the distributors intended and therefore, it would function as designed if we were to remove the surreptitiously-installed malware. My point being that this point is being lost in the continuing arguments. But I've just been RE-reminded that WE don't want to be the "test case" ... agggh.

But I *do* see why NOBODY else, including Microsoft, has the STONES to call a shovel a shovel.
--
Kevin McAleavey support@nsclean.com (Makers of BOClean - BOClean means never having to do an HJT log again)»www.nsclean.com

reply to K McAleavey
Isn't "Computer Intrusion" a felony.

»www.usdoj.gov/criminal/cybercrim···aws.html

So in essence, Sony is "intruding" my PC by knowingly installing malicous software, which it knows can cause security risk... lawyers read "intent".

Do they say in the EULA, that they are installing "rootkit" software ?

Do I agree to have my computer monitored by their software? If the software phones home, isn't that wiretapping, and thus without a search warrant and probable cause thus illegal.

Man, you need to get some real lawyers with some balls. Hey, you in the pressed suit, grab some balls, and call their bluff.

Some more reads:

»www.cdt.org/wiretap/wiretap_overview.html

"(b) intentionally uses, endeavors to use, or procures any other person to use or endeavor to use any electronic, mechanical, or other device to intercept any oral communication when--

(i) such device is affixed to, or otherwise transmits a signal through, a wire, cable, or other like connection used in wire communication; or"

§ 2512. Manufacture, distribution, possession, and advertising of wire, oral, or electronic communication intercepting devices prohibited

"(1) Except as otherwise specifically provided in this chapter, any person who intentionally--

(a) sends through the mail, or sends or carries in interstate or foreign commerce, any electronic, mechanical, or other device, knowing or having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications;

So in essence to install their rootkit, don't they need a court order.
--
"Silent leges inter arma" Float like a butterfly, sting like warm tea.

reply to K McAleavey
Was just contemplating this, and based on your statements about forming a club with your customers, couldn't a forum be setup, where there was a very clear "member agreement" and also so that every member who signed up would need to be verified? I.E. by email address, or thru a manual "Allow user" process. Would this not then create an online club, where members were allowed access based on a predefined criteria?

Could you not then offer this service to these aforementioned members? I'm no lawyer, but it seems to jive with what you were mentioning above. Its still free, you just have to be a member.

reply to Maggs
My Morning Jacket..... NEVER BUY THEIR CD!!!!!!!!