dave Premium Member join:2000-05-04 not in ohio |
to ZOverLord
Re: SONY throws in the towel ... for now.How can you say that Symantec is playing 'head games' ? They clearly spell out that the risk is in the cloaking stuff, i.e., the rootkit parts of the Sony software package. When SecurityRisk.First4DRM is executed, it performs the following actions:
1. Copies itself as the following file:
%System%\$sys$filesystem\aries.sys.
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
2. Creates the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\$sys$aries
which loads the risk as a device driver when the compromised computer is started.
3. Hides any processes, files, folders, or registry subkeys that begin with the following string:
$sys$
4. Checks the name of all processes attempting to access these processes, files, folders, or registry subkeys. If the name of the process begins with the following string, it allows access:
$sys$
Otherwise, the risk prevents access to the process, file, folder, or registry subkey. They will remove the 'risk' part. They are not in the business of disabling Sony's rights management software. You'd have to be pretty gung-ho to do that - Sony's lawyers will have your balls in a bench vise in no time flat. Whether we like it or not, the use of DRM software appears to be legitimate. |
|
|
to ZOverLord
Oh Joy!
Thanks for the information...!
(Well, at least 'Yahman' could see if he has it or not..?) |
|
ZOverLord Premium Member join:2003-10-20 Minneapolis, MN |
to dave
said by dave:How can you say that Symantec is playing 'head games' ? They clearly spell out that the risk is in the cloaking stuff, i.e., the rootkit parts of the Sony software package. When SecurityRisk.First4DRM is executed, it performs the following actions:
1. Copies itself as the following file:
%System%\$sys$filesystem\aries.sys.
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
2. Creates the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\$sys$aries
which loads the risk as a device driver when the compromised computer is started.
3. Hides any processes, files, folders, or registry subkeys that begin with the following string:
$sys$
4. Checks the name of all processes attempting to access these processes, files, folders, or registry subkeys. If the name of the process begins with the following string, it allows access:
$sys$
Otherwise, the risk prevents access to the process, file, folder, or registry subkey. They will remove the 'risk' part. They are not in the business of disabling Sony's rights management software. You'd have to be pretty gung-ho to do that - Sony's lawyers will have your balls in a bench vise in no time flat. Whether we like it or not, the use of DRM software appears to be legitimate. Having 2 choices, I would much rather have a system that cloaks anything that starts with $sys$ than have a filter that sits between my CD Drive and Computer and is receiving Every Byte of Data sent to/from this device for ANY CD, which includes sensitive data, backup data and has the ability to Call Home using ANY accounts limited or otherwise on my systems. Since the capabilities, commands, and other features of this Wire Tap have not been disclosed, I feel this portion of the software is a much greater security risk than the "Root-Kit" portion, call me STUPID ;-( |
|
dave Premium Member join:2000-05-04 not in ohio |
dave
Premium Member
2005-Nov-13 9:49 pm
I wasn't saying I'd want it either. I was simply disputing whether or not Symantec could be said to be playing 'head games' with you, and whether it was reasonable to expect them to remove someone else's DRM code - esp. since there are US laws about that sort of thing. |
|
EGeezer Premium Member join:2002-08-04 Midwest |
to ZOverLord
Re: ListWell, thare's no one in that list I can't do without. I have better places to spend my money than on crap the screws up my system. BMG and Sony and those music product makers are off my list of things I need, want or will obtain free or paid.
Kind of a shame, I always liked Sony's hardware and BMG's jazz music catalog. Too bad I can't trust 'em anymore.
Now there's a thought. Wonder how many people have informed the people on that recording list of discontent with their chosen method of distributing their product? |
|
ZOverLord Premium Member join:2003-10-20 Minneapolis, MN 1 edit |
to dave
Re: SONY throws in the towel ... for now.said by dave:I wasn't saying I'd want it either. I was simply disputing whether or not Symantec could be said to be playing 'head games' with you, and whether it was reasonable to expect them to remove someone else's DRM code - esp. since there are US laws about that sort of thing. Calling something a REMOVAL TOOL when words like Un-Cloaker and De-Cloaker tool could be used, give false hope to the non-seasoned computer user. In some ways it's just as bad as what Sony did, claiming their software only does this or that, when in fact it did much more, in this case, it does much less. No Difference in my mind. |
|
B04 Premium Member join:2000-10-28 |
to EGeezer
Re: List Luckily for me, I've never liked any Sony hardware (every product I've tried, from a clock radio to a Vaio, has been a big disappointment) and I don't listen to much music.
-- B
P.S. Okay I had a Walkman once that was decent, until it failed.
|
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA
1 recommendation |
said by B04:Luckily for me, I've never liked any Sony hardware (every product I've tried, from a clock radio to a Vaio, has been a big disappointment) and I don't listen to much music. -- B P.S. Okay I had a Walkman once that was decent, until it failed. I've had the exact opposite experience, everything else that I have tried... died! All of my Sony hardware is still working like a champ. |
|
dave Premium Member join:2000-05-04 not in ohio |
to ZOverLord
Re: SONY throws in the towel ... for now.As far as I can tell, they remove the frigging aries device driver. That's the risk, and they remove it. I don't see why they should have to use made-up words like "decloaking". They removed the dangerous code. |
|
|
to gwion
said by gwion:By the way... am I the only one missing the sheer irony? The company that introduced the BetaMax VCR way back when, and found themselves defending "personal use" copying, as content owners roiled over the new technology, that they thought would bury them. Then. Funny how technological history never seems to follow expectations... That was before they got borged by their entertainment unit said by ZOverLord:...it is a Partial List Sony has REFUSED to provide a List Why the refusal? Sure we can find out for ourselves (manual count), but they could just provide the list themselves and be done with it. This just makes them look more suspicious. Got something else to hide, Sony? said by antiserious:... where I live the Library has Cd's and DVD's to loan, just like books, and I'm sure many other libraries do as well ... Good idea, I forgot about the whole rental/borrow thing. Imagine how many innocent people are going to have their computers screwed up. Gonna call up my librarian friend, hopefully she'll get the word out. Damn... if this happens ("omg I got a rootkit from a CD I borrowed from the library!"), will the unfortunate library be held liable? I sure hope not. |
|
K McAleavey Premium Member join:2003-11-12 Voorheesville, NY
3 recommendations |
to Mowergun
There are actually several different SONY rootkits, all ya need to do is look over the list of covered nasties: » www.nsclean.com/trolist.html But yes, if you insert an infected CD, it goes byebye. And the rootkit actually installs BEFORE you click on the agreement. While AUTORUN.EXE is showing you the agreement, GO.EXE is busy installing the rootkit long before you even start reading. |
|
ZOverLord Premium Member join:2003-10-20 Minneapolis, MN 1 edit |
to dave
said by dave:As far as I can tell, they remove the frigging aries device driver. That's the risk, and they remove it. I don't see why they should have to use made-up words like "decloaking". They removed the dangerous code. Again, I think there is another Risk, and it is this filter. Also, they make no statement, that they leave ANYTHING behind, and if this "Wire-Tap" becomes an issue, and other tools are needed to remove IT, they may think they are ALREADY cured. It's a BAD move when someone labels something a REMOVER when it is ONLY a un-cloaker. The device driver they removed was used for Cloaking, and you can see ALL the other pieces still function, so is it removed, or un-cloaked? At least Microsoft is being HONEST about this, they state they will be REMOVING the "Root-Kit" Portion of this. |
|
1 recommendation |
to K McAleavey
Thank you. It is reassuring to hear that. Time after time BOClean keeps me safe even before I learn of a threat, and the folks of BBR inform me of threats long before I otherwise would hear of them. |
|
spy1Welcome to Amerika Premium Member join:2002-06-24 Charlotte, NC |
to K McAleavey
I hope everyone's level of discontent is still high enough to realize this:
The only way we're going to make an impact on stopping this kind of practice (intrusive DRM) is to continue a total boycott of -- ALL -- Sony products.
When - and only when - Sony starts feeling the impact of such a boycott will they change their ways.
Likewise, other manufacturer's/labels - when they see the inescapable, on-going penalty that that Sony has to pay for this little escapade - will learn that you don't lightly screw with people who will "vote with their pocketbooks" - and make it stick. Pete |
|
|
to K McAleavey
ZOverLord, is it really true that Sony has refused to provide the complete list?? How can they do that? |
|
|
cacrollEventually, Prozac becomes normal Premium Member join:2002-07-25 Martinez, CA |
cacroll
Premium Member
2005-Nov-14 12:32 am
said by Tony jr :
is it really true that Sony has refused to provide the complete list??
If they did, would you really trust them? Try the CDR list, for a more comprehensive list. I would trust that more than Sony. » ukcdr.org/issues/cd/bad/ |
|
|
Tony jr
Anon
2005-Nov-14 12:40 am
wow, thats a huge list cacroll,thanks! Its frightening because so many of my favourite artists CD's figure in this list. God im really going to have to pay close attention to the CD label from now on. Damn you Sony. |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN |
to K McAleavey
said by K McAleavey: And the rootkit actually installs BEFORE you click on the agreement. While AUTORUN.EXE is showing you the agreement, GO.EXE is busy installing the rootkit long before you even start reading. So... are you saying that even if one declines the agreement, you get some or all of the rootkit/DRM stuff installed?? That carries some pretty ominous legal implications (against Sony). Or does it then turn around after a "decline" and uninstall the nasties? |
|
iam xSungazer Premium Member join:2005-02-23 |
iam x
Premium Member
2005-Nov-14 1:19 am
said by Blackbird: So... are you saying that even if one declines the agreement, you get some or all of the rootkit/DRM stuff installed?? That carries some pretty ominous legal implications (against Sony). Or does it then turn around after a "decline" and uninstall the nasties? maybe Mark or any other security expert could explore this scenario as well and enlighten us. |
|
cacrollEventually, Prozac becomes normal Premium Member join:2002-07-25 Martinez, CA |
to Tony jr
said by Tony jr :wow, thats a huge list cacroll,thanks! Its frightening because so many of my favourite artists CD's figure in this list. God im really going to have to pay close attention to the CD label from now on. Damn you Sony. Yeah it sux. A lot of my favourite music is in there too. I'm not buying it though. |
|
your moderator at work
hidden :
|
|
to K McAleavey
Re: SONY throws in the towel ... for now.how does ANYDVD work to not be affected by this crap. Is it worth buying? |
|
catseyenuAck Pfft Premium Member join:2001-11-17 Fix East |
to K McAleavey
said by K McAleavey:And the rootkit actually installs BEFORE you click on the agreement. While AUTORUN.EXE is showing you the agreement, GO.EXE is busy installing the rootkit long before you even start reading. Whoa! You have to wonder at the hubris that brought on thinking this would fly in the first place... Indicative of our current political/business climate? |
|
brut7 join:2000-10-06 Babylon, NY
1 recommendation |
to K McAleavey
This rootkit junk only hurts sonys paying customers. The tech savy pirates get around it easily and pirated copys don't have it.
So sony hurts its PAYING customers only.
Brilliant!
Whats next? How about TV's that send out death rays if they detect a pirated movie. |
|
newviewEx .. Ex .. Exactly Premium Member join:2001-10-01 Parsonsburg, MD
1 recommendation |
to K McAleavey
|
|
John2gQui Tacet Consentit Premium Member join:2001-08-10 England
2 recommendations |
to K McAleavey
It seems to me that Sony have far from thrown in the towel. I've been reading about another piece of their malware that is installed without permission. » www.freedom-to-tinker.com/?p=925 |
|
John2g |
to K McAleavey
said by K McAleavey:And the rootkit actually installs BEFORE you click on the agreement. While AUTORUN.EXE is showing you the agreement, GO.EXE is busy installing the rootkit long before you even start reading. That is absolutely disgraceful. Whatever were Sony thinking of! |
|
|
to K McAleavey
what a joke, this crap is a virus .
And this is release in cds for like 6 motnh ? |
|
your moderator at work
hidden :
|
ZOverLord Premium Member join:2003-10-20 Minneapolis, MN |
to Tony jr
Re: SONY throws in the towel ... for now.said by Tony jr :ZOverLord, is it really true that Sony has refused to provide the complete list?? How can they do that? Yes it is true, here is one statement made by the Media and there are many more: » news.ft.com/cms/s/018223 ··· 340.htmlEasy, they don't think it's Your/Our Business to know. |
|