dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
20329
dave
Premium Member
join:2000-05-04
not in ohio

dave to ZOverLord

Premium Member

to ZOverLord

Re: SONY throws in the towel ... for now.

How can you say that Symantec is playing 'head games' ?

They clearly spell out that the risk is in the cloaking stuff, i.e., the rootkit parts of the Sony software package.
When SecurityRisk.First4DRM is executed, it performs
the following actions:

1. Copies itself as the following file:

%System%\$sys$filesystem\aries.sys.

Note: %System% is a variable that refers to the
System folder. By default this is C:\Windows\System
(Windows 95/98/Me), C:\Winnt\System32 (Windows
NT/2000), or C:\Windows\System32 (Windows XP).

2. Creates the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\$sys$aries

which loads the risk as a device driver when the
compromised computer is started.

3. Hides any processes, files, folders, or registry
subkeys that begin with the following string:

$sys$

4. Checks the name of all processes attempting to
access these processes, files, folders, or registry
subkeys. If the name of the process begins with the
following string, it allows access:

$sys$

Otherwise, the risk prevents access to the
process, file, folder, or registry subkey.

They will remove the 'risk' part.

They are not in the business of disabling Sony's rights management software. You'd have to be pretty gung-ho to do that - Sony's lawyers will have your balls in a bench vise in no time flat.

Whether we like it or not, the use of DRM software appears to be legitimate.

Rusty Dusty
join:2002-11-23

Rusty Dusty to ZOverLord

Member

to ZOverLord
Oh Joy!

Thanks for the information...!

(Well, at least 'Yahman' could see if he has it or not..?)

ZOverLord
Premium Member
join:2003-10-20
Minneapolis, MN

ZOverLord to dave

Premium Member

to dave
said by dave:

How can you say that Symantec is playing 'head games' ?

They clearly spell out that the risk is in the cloaking stuff, i.e., the rootkit parts of the Sony software package.
When SecurityRisk.First4DRM is executed, it performs
the following actions:

1. Copies itself as the following file:

%System%\$sys$filesystem\aries.sys.

Note: %System% is a variable that refers to the
System folder. By default this is C:\Windows\System
(Windows 95/98/Me), C:\Winnt\System32 (Windows
NT/2000), or C:\Windows\System32 (Windows XP).

2. Creates the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\$sys$aries

which loads the risk as a device driver when the
compromised computer is started.

3. Hides any processes, files, folders, or registry
subkeys that begin with the following string:

$sys$

4. Checks the name of all processes attempting to
access these processes, files, folders, or registry
subkeys. If the name of the process begins with the
following string, it allows access:

$sys$

Otherwise, the risk prevents access to the
process, file, folder, or registry subkey.

They will remove the 'risk' part.

They are not in the business of disabling Sony's rights management software. You'd have to be pretty gung-ho to do that - Sony's lawyers will have your balls in a bench vise in no time flat.

Whether we like it or not, the use of DRM software appears to be legitimate.
Having 2 choices, I would much rather have a system that cloaks anything that starts with $sys$ than have a filter that sits between my CD Drive and Computer and is receiving Every Byte of Data sent to/from this device for ANY CD, which includes sensitive data, backup data and has the ability to Call Home using ANY accounts limited or otherwise on my systems.

Since the capabilities, commands, and other features of this Wire Tap have not been disclosed, I feel this portion of the software is a much greater security risk than the "Root-Kit" portion, call me STUPID ;-(
dave
Premium Member
join:2000-05-04
not in ohio

dave

Premium Member

I wasn't saying I'd want it either. I was simply disputing whether or not Symantec could be said to be playing 'head games' with you, and whether it was reasonable to expect them to remove someone else's DRM code - esp. since there are US laws about that sort of thing.

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to ZOverLord

Premium Member

to ZOverLord

Re: List

Well, thare's no one in that list I can't do without. I have better places to spend my money than on crap the screws up my system. BMG and Sony and those music product makers are off my list of things I need, want or will obtain free or paid.

Kind of a shame, I always liked Sony's hardware and BMG's jazz music catalog. Too bad I can't trust 'em anymore.

Now there's a thought. Wonder how many people have informed the people on that recording list of discontent with their chosen method of distributing their product?

ZOverLord
Premium Member
join:2003-10-20
Minneapolis, MN

1 edit

ZOverLord to dave

Premium Member

to dave

Re: SONY throws in the towel ... for now.

said by dave:

I wasn't saying I'd want it either. I was simply disputing whether or not Symantec could be said to be playing 'head games' with you, and whether it was reasonable to expect them to remove someone else's DRM code - esp. since there are US laws about that sort of thing.
Calling something a REMOVAL TOOL when words like Un-Cloaker and De-Cloaker tool could be used, give false hope to the non-seasoned computer user.

In some ways it's just as bad as what Sony did, claiming their software only does this or that, when in fact it did much more, in this case, it does much less.

No Difference in my mind.
B04
Premium Member
join:2000-10-28

B04 to EGeezer

Premium Member

to EGeezer

Re: List


Luckily for me, I've never liked any Sony hardware (every product I've tried, from a clock radio to a Vaio, has been a big disappointment) and I don't listen to much music.

-- B

P.S. Okay I had a Walkman once that was decent, until it failed.

dadkins
Can you do Blu?
MVM
join:2003-09-26
Hercules, CA

1 recommendation

dadkins

MVM

said by B04:

Luckily for me, I've never liked any Sony hardware (every product I've tried, from a clock radio to a Vaio, has been a big disappointment) and I don't listen to much music.

-- B

P.S. Okay I had a Walkman once that was decent, until it failed.
I've had the exact opposite experience, everything else that I have tried... died! All of my Sony hardware is still working like a champ.
dave
Premium Member
join:2000-05-04
not in ohio

dave to ZOverLord

Premium Member

to ZOverLord

Re: SONY throws in the towel ... for now.

As far as I can tell, they remove the frigging aries device driver. That's the risk, and they remove it. I don't see why they should have to use made-up words like "decloaking". They removed the dangerous code.

Vvian Kalyss
join:2003-10-14
Stage 5.0

Vvian Kalyss to gwion

Member

to gwion
said by gwion:

By the way... am I the only one missing the sheer irony? The company that introduced the BetaMax VCR way back when, and found themselves defending "personal use" copying, as content owners roiled over the new technology, that they thought would bury them. Then. Funny how technological history never seems to follow expectations...
That was before they got borged by their entertainment unit
said by ZOverLord:

...it is a Partial List Sony has REFUSED to provide a List
Why the refusal? Sure we can find out for ourselves (manual count), but they could just provide the list themselves and be done with it. This just makes them look more suspicious. Got something else to hide, Sony?
said by antiserious:

... where I live the Library has Cd's and DVD's to loan, just like books, and I'm sure many other libraries do as well ...
Good idea, I forgot about the whole rental/borrow thing. Imagine how many innocent people are going to have their computers screwed up. Gonna call up my librarian friend, hopefully she'll get the word out.

Damn... if this happens ("omg I got a rootkit from a CD I borrowed from the library!"), will the unfortunate library be held liable? I sure hope not.

K McAleavey
Premium Member
join:2003-11-12
Voorheesville, NY

3 recommendations

K McAleavey to Mowergun

Premium Member

to Mowergun
There are actually several different SONY rootkits, all ya need to do is look over the list of covered nasties:

»www.nsclean.com/trolist.html

But yes, if you insert an infected CD, it goes byebye.

And the rootkit actually installs BEFORE you click on the agreement. While AUTORUN.EXE is showing you the agreement, GO.EXE is busy installing the rootkit long before you even start reading.

ZOverLord
Premium Member
join:2003-10-20
Minneapolis, MN

1 edit

ZOverLord to dave

Premium Member

to dave
said by dave:

As far as I can tell, they remove the frigging aries device driver. That's the risk, and they remove it. I don't see why they should have to use made-up words like "decloaking". They removed the dangerous code.
Again, I think there is another Risk, and it is this filter.

Also, they make no statement, that they leave ANYTHING behind, and if this "Wire-Tap" becomes an issue, and other tools are needed to remove IT, they may think they are ALREADY cured.

It's a BAD move when someone labels something a REMOVER when it is ONLY a un-cloaker.

The device driver they removed was used for Cloaking, and you can see ALL the other pieces still function, so is it removed, or un-cloaked?

At least Microsoft is being HONEST about this, they state they will be REMOVING the "Root-Kit" Portion of this.
Mowergun
join:2004-02-15
Charleston, IL

1 recommendation

Mowergun to K McAleavey

Member

to K McAleavey
Thank you. It is reassuring to hear that. Time after time BOClean keeps me safe even before I learn of a threat, and the folks of BBR inform me of threats long before I otherwise would hear of them.

spy1
Welcome to Amerika
Premium Member
join:2002-06-24
Charlotte, NC

spy1 to K McAleavey

Premium Member

to K McAleavey
I hope everyone's level of discontent is still high enough to realize this:

The only way we're going to make an impact on stopping this kind of practice (intrusive DRM) is to continue a total boycott of -- ALL -- Sony products.

When - and only when - Sony starts feeling the impact of such a boycott will they change their ways.

Likewise, other manufacturer's/labels - when they see the inescapable, on-going penalty that that Sony has to pay for this little escapade - will learn that you don't lightly screw with people who will "vote with their pocketbooks" - and make it stick. Pete

Tony jr
@61.8.x.x

Tony jr to K McAleavey

Anon

to K McAleavey
ZOverLord, is it really true that Sony has refused to provide the complete list??

How can they do that?

cacroll
Eventually, Prozac becomes normal
Premium Member
join:2002-07-25
Martinez, CA

cacroll

Premium Member

said by Tony jr :

is it really true that Sony has refused to provide the complete list??


If they did, would you really trust them?

Try the CDR list, for a more comprehensive list. I would trust that more than Sony.
»ukcdr.org/issues/cd/bad/

Tony jr
@61.8.x.x

Tony jr

Anon

wow, thats a huge list cacroll,thanks! Its frightening because so many of my favourite artists CD's figure in this list.

God im really going to have to pay close attention to the CD label from now on. Damn you Sony.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird to K McAleavey

Premium Member

to K McAleavey
said by K McAleavey:

And the rootkit actually installs BEFORE you click on the agreement. While AUTORUN.EXE is showing you the agreement, GO.EXE is busy installing the rootkit long before you even start reading.
So... are you saying that even if one declines the agreement, you get some or all of the rootkit/DRM stuff installed?? That carries some pretty ominous legal implications (against Sony). Or does it then turn around after a "decline" and uninstall the nasties?

iam x
Sungazer
Premium Member
join:2005-02-23

iam x

Premium Member

said by Blackbird:

So... are you saying that even if one declines the agreement, you get some or all of the rootkit/DRM stuff installed?? That carries some pretty ominous legal implications (against Sony). Or does it then turn around after a "decline" and uninstall the nasties?
maybe Mark or any other security expert could explore this scenario as well and enlighten us.

cacroll
Eventually, Prozac becomes normal
Premium Member
join:2002-07-25
Martinez, CA

cacroll to Tony jr

Premium Member

to Tony jr
said by Tony jr :

wow, thats a huge list cacroll,thanks! Its frightening because so many of my favourite artists CD's figure in this list.

God im really going to have to pay close attention to the CD label from now on. Damn you Sony.


Yeah it sux. A lot of my favourite music is in there too. I'm not buying it though.
Expand your moderator at work
bastone0
join:2004-08-29

bastone0 to K McAleavey

Member

to K McAleavey

Re: SONY throws in the towel ... for now.

how does ANYDVD work to not be affected by this crap. Is it worth buying?

catseyenu
Ack Pfft
Premium Member
join:2001-11-17
Fix East

catseyenu to K McAleavey

Premium Member

to K McAleavey
said by K McAleavey:

And the rootkit actually installs BEFORE you click on the agreement. While AUTORUN.EXE is showing you the agreement, GO.EXE is busy installing the rootkit long before you even start reading.
Whoa!
You have to wonder at the hubris that brought on thinking this would fly in the first place...
Indicative of our current political/business climate?

brut7
join:2000-10-06
Babylon, NY

1 recommendation

brut7 to K McAleavey

Member

to K McAleavey
This rootkit junk only hurts sonys paying customers.
The tech savy pirates get around it easily and pirated copys don't have it.

So sony hurts its PAYING customers only.

Brilliant!

Whats next? How about TV's that send out death rays if they detect a pirated movie.

newview
Ex .. Ex .. Exactly
Premium Member
join:2001-10-01
Parsonsburg, MD

1 recommendation

newview to K McAleavey

Premium Member

to K McAleavey
Truth in humor .. .

John2g
Qui Tacet Consentit
Premium Member
join:2001-08-10
England

2 recommendations

John2g to K McAleavey

Premium Member

to K McAleavey
It seems to me that Sony have far from thrown in the towel. I've been reading about another piece of their malware that is installed without permission.

»www.freedom-to-tinker.com/?p=925
John2g

John2g to K McAleavey

Premium Member

to K McAleavey
said by K McAleavey:

And the rootkit actually installs BEFORE you click on the agreement. While AUTORUN.EXE is showing you the agreement, GO.EXE is busy installing the rootkit long before you even start reading.
That is absolutely disgraceful. Whatever were Sony thinking of!

MAT777
join:2002-02-02
Montreal

MAT777 to K McAleavey

Member

to K McAleavey
what a joke, this crap is a virus .

And this is release in cds for like 6 motnh ?
Expand your moderator at work

ZOverLord
Premium Member
join:2003-10-20
Minneapolis, MN

ZOverLord to Tony jr

Premium Member

to Tony jr

Re: SONY throws in the towel ... for now.

said by Tony jr :

ZOverLord, is it really true that Sony has refused to provide the complete list??

How can they do that?
Yes it is true, here is one statement made by the Media and there are many more:

»news.ft.com/cms/s/018223 ··· 340.html

Easy, they don't think it's Your/Our Business to know.