how-to block ads
|
|
Uniqs:
39910 |
Share Topic
 |
 |
|
Reviews:
 ·Verizon Online DSL
| Microsoft will wipe Sony's 'rootkit' and more»news.com.com/Microsoft+will+wipe···nefd.top
By Joris Evers
Staff Writer, CNET News.com
Published: November 13, 2005, 12:15 AM PST
TalkBack E-mail Print TrackBack
Microsoft will update its security tools to detect and remove part of the copy protection tools installed on PCs when some music CDs are played.
The Redmond, Wash., software maker has determined that the "rootkit" piece of the XCP software on some Sony BMG Music Entertainment CDs can pose a security risk to Windows PCs, according to a posting Saturday to a Microsoft corporate Web log.
The Sony BMG software installs itself deeply inside a hard drive when a CD is played on a PC. The technology uses rootkit techniques to hide itself. Experts blasted the cloaking mechanism, saying it could be abused by virus writers. The first remote-control Trojan horses that take advantage of the veil provided by Sony BMG have surfaced.
To protect Windows users, Microsoft plans to update Windows AntiSpyware and the Malicious Software Removal Tool as well as the online scanner on Windows Live Safety Center to detect and remove the Sony BMG software, the software maker said in its blog.
===========================================================
An explanation is necessary from my own personal view as to what's going on here as I have PERSONAL experience in what these issues really are, and am frustrated by having coded a solution only to have the release delayed by arguing attorneys in our company, and external ones over this issue. There are other practicalities as well - you can remove all of the files, but the end user's system will end up BROKEN because of a behavior mentioned that didn't get as much attention as it deserved, notably the "filters" applied to various hardware that is capable of reading and writing data, such as hard drives and "removable media." This particular nasty will BREAK hard disks, CDROMs, DVD drives and other media and because each particular brand of hardware is different, it's almost impossible to repair registry entries automatically as our own software is intended to do, without human intervention. Remove the rootkit, and you BREAK the system. 
Now while SOME of us in the "vendor space" have had this covered for a while and it's certainly "newsworthy" that a number of antivirus companies have decided to pull the "aries.sys" rootkit driver, the reality is that NONE of the "vendors" has decided to provide an UNINSTALL for the entire package. That caused me to decide to put together one and I'm disappointed that Microsoft, with all of its MONEY has failed to attack the issue any more than the other "vendors" in what is a serious transgression against the public. Fact is, this is one of the most malicious packages we've seen in all our years as far as the devastation to a system if it's improperly removed. And it pains me that no vendor (other than myself) was willing to tackle the "whole package" and properly repair a system after its removal. That is why our lawyers and myself are in a rather serious disagreement. THEY see it as a liability, *I* see it as a necessity.
A few days ago, I had indicated that we at Privacy Software, makers of BOClean, intended to deliver an actual REMOVAL kit as FREEWARE because of the nefarious nature of this particular "copy protection scheme" and it numerous problems which rose clearly to the level of "malware" ... there have been developments as of that post, in particular our OWN lawyers spanking me HARD for "potential conspiracy to violate WIPO and DCMA, which is a FELONY!"
While most vendors have determined that the "aries.sys" rootkit is a threat because of exploitations, it is SOLELY this aries.sys file that is being removed, in order to "uncloak" any file which takes advantage of the rootkit's ability to hide ANY file which contains "$sys$" in its filename or its registry entries. However, any other files that are part of this "Digital Rights Management" collection have been placed "off limits" by ALL vendors, including Microsoft. NO vendor has stepped up to the plate and offered to completely eliminate these contents. And it is incredibly difficult to do so without system damage. And it's not like Nancy and I and the few folks here can match the resources of a Microsoft in terms of people.
There are reasons for this, as I was made too acutely aware of on Friday after presenting a solution which I'd hoped would be distributed by our company as a freebie. And I *still* hold out hope for us doing so, which is why I'm putting this out here.
There are SEVERAL issues which the "SONY rootkit" presents - it's incredibly easy to PREVENT it from installing, we've provided that solution for a long while now. However, we're also aware that by our design, folks may apply our software after they've been infected and removal is not as easy as preventing the installation in the first place. And removing an EXISTING infection presents some serious legal challenges, which is why apparently nobody else has done so or is planning to do so and thus this post.
What makes this situation "special" legally is that we have here "digital copyright management" in which SONY'S actions are SPECIFICALLY protected under WIPO (World Intellectual Property Organisation) as well as Title 17 of U.S. Copyright law, specifically section 2101 ...
The first prohibition, set out in section 1201(a)(1), prohibits the act of circumventing a technological measure used by copyright owners to control access to their works (“access controls”). So, for example, this provision makes it unlawful to defeat the encryption system used on DVD movies. This ban on acts of circumvention applies even where the purpose for decrypting the movie would otherwise be legitimate. As a result, if a Disney DVD prevents you from fast-forwarding through the commercials that preface the feature presentation, efforts to circumvent this restriction would be unlawful.
Second, sections 1201(a)(2) and 1201(b) outlaw the manufacture, sale, distribution or trafficking of tools and technologies that make circumvention possible. These provisions ban not only technologies that defeat access controls, but also technologies that defeat use restrictions imposed by copyright owners, such as copy controls. These provisions prevent technology vendors from taking steps to defeat the “copy-protection” now appearing on many music CDs, for example.
Section 1201 also includes a number of exceptions for certain limited classes of activities, including security testing, reverse engineering of software, encryption research, and law enforcement. These exceptions have been extensively criticized as being too narrow to be of real use to the constituencies who they were intended to assist.4
A violation of any of the “act” or “tools” prohibitions is subject to significant civil and, in some circumstances, criminal penalties.
So, by defeating anything BEYOND the dangerous "rootkit" itself, exposes any company to a FELONY for interfering with what SONY is doing. For anyone interested, google DCMA, and in particular the wikipedia information on DCMA and WIPO. It'll explain a lot about how out of hand this has gotten under our republican congress back when clinton was President. After all, an international treaty pushed by the RIAA and others IS international law.
Now where *I* differ from our own attorneys, and those of other companies is that by REMOVING this nonsense after it's been installed (there was never any legal issue with us stopping it GOING IN, only REMOVING it) is that technically, we'd be interfering with a protection scheme. MY position, which I am still arguing and documenting, is that if the "rootkit" and its elements are removed, there is no actual interference with the encryption scheme, it will detect the absence and refuse to play as intended.
But trying to explain technobabble to lawyers is a losing proposition. But here's WHY all responses have been limited to just removing the rootkit which has already proven to be a "clear and present danger."
I still want to release our freebie, and I'm hoping some folks will provide some legal and technical support to my standing here in hopes that we can convince OUR lawyers to allow our company to have the balls we've always had as far as responding to a threat without fear of being sued.
Anyone WITH me here on the basis of my argument? Does anyone actually BELIEVE we could be sued when we're NOT circumventing the protection, but simply planning on REMOVING it? We've always been mavericks on the issue of what is good and what is bad, and by nature of our NOT having a "public presence" with a "trial version" we've never been a "public utility." I'd like to be able to make that extra step and give away a solution for free since our software already handles this. But in order to give it away for free, there are all of these additional (in my mind spurious) additional hurdles to climb before I would be able to do so, and it angers me that code is being held for lawyers to approve.
But if anyone was curious as to why "de-cloaking" is all anyone ELSE is doing, it comes right down to abuse of what is considered "intellectual property law" and I for one, STRENUOUSLY disagree with the premise that removing this is somehow allowing "people to steal." And yet, the LAW says I'm wrong.
I am going to ask our attorneys to follow this thread in hopes that WCB will leave it alone for one, and secondly to allow them to gauge the reaction to my own opinions since their eyes glaze over when I try to explain it by purely technical means. *I* see this as absolute malware, particularly on a basis that if you REMOVE it, your system is hosed and you definitely cannot acces your CDROM or DVD any longer if removed, and in some cases, the system will no longer boot because it cannot find the hard disk in other variants of this bird. THAT makes it a VIRUS.
But DCMA challenges us with "circumventing protection" and I personally find the argument bogus. And like I said, we already prevent it from being installed. What happens to US when a NEW customer installs our stuff and we're prevented from legally removing it because it's already THERE?
--
Kevin McAleavey support@nsclean.com (Makers of BOClean - BOClean means never having to do an HJT log again)»www.nsclean.com | | |
|
 John2gQui Tacet ConsentitPremium
join:2001-08-10
England | I really wish you well in this battle Kevin. | |
BPremium,MVM
join:2000-10-28 | reply to K McAleavey
Thanks Kevin. I appreciate your work on this.
I have an innocent question though:
MY position, which I am still arguing and documenting, is that if the "rootkit" and its elements are removed, there is no actual interference with the encryption scheme, it will detect the absence and refuse to play as intended. Is that true? I haven't seen one of these disks, but my understanding was that the audio tracks themselves are not encrypted or protected, but rather wide open WAV files as is customary on a CD.
So by removing all of the rootkit, aren't you still effectively circumventing the intended DRM? No more so than a Linux user or a person capable of holding down a Shift key would, of course.
Don't get me wrong; I think Sony's software is odious and that you are doing good work, but I'm trying to directly address the subject you raised, in a devil's advocate fashion...
-- B
--
In a realm outside causality and function | |
Reviews:
·Verizon Online DSL
| My "hip shot" answer on this is that I don't care personally. If the copy-protection scheme is what SONY paid good mopney for, then their BS player will check for the presence or absence of the "licensing controller" and SHOULD refuse to play if it isn't there. Any failure to this scheme would be THEIR fault as I see it. Now I will SAY that I've *HEARD* that if the copy-protection is absent on the system, then it will NOT play, but it's not my place to care about that. If SONY bought a defective copyright management program, then that's between SONY and their vendor. The way *I* see it is that if software is legitimate, we leave it alone. If it's MALWARE, we yank it. Doesn't get any simpler than that to me. 
But if their encryption scheme is so poorly designed, NOT my problem. I *do* believe though that in the absence of their trash, the CD will NOT play on a computer without their "software" ... apologies, I really don't care. It's not like WE are providing something similar to "DeCSS" where there is active tampering with the encryption to permit copying, that's NOT what we're about. THIS software is beyond "malicious" by its nature, as Russinovich (SP?) clearly proved to everyone's satisfaction except for attorneys.
--
Kevin McAleavey support@nsclean.com (Makers of BOClean - BOClean means never having to do an HJT log again)»www.nsclean.com | |
 DaveDudeNo Fear
join:1999-09-01
New Jersey
kudos:1
 ·ViaTalk
·Vonage
 ·Comcast
1 edit | reply to K McAleavey
I dont understand how removing software from your computer is against the law. Its your property not the recording industries, if they want to pay to use my machine i think thats fair. And that what in essense are using our computers without permission.
--
Feed your Faith, not your doubts | |
Reviews:
·ELECTRONICBOX
| reply to K McAleavey
(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
You don't want to build a removal tool, but an uninstaller:
With an uninstaller, you would not be circumventing the protection since the system would be taken back to the state it was prior to the installation of the «DRM software», therefore, unable to play the media. If all of the XCP and Sony software is removed, and you can demonstrate you cannot play, or copy, the work, you are circumventing nothing.
Regards,
Phil
--
One day, we'll all be 57005 | |
DaveDudeNo Fear
join:1999-09-01
New Jersey
kudos:1 Reviews:
·ViaTalk
·Vonage
·Comcast
| reply to K McAleavey
Sony doesnt realize that people arent going to listen to there Cds, because it isnt worth the hassle to deal with there stupid drm. I for will not buy discs with this garbage on it. So i guess there is no sale.
--
Feed your Faith, not your doubts | |
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
·Callcentric
1 edit | reply to K McAleavey
End user agreement revocation Kevin, perhaps a question for the lawyers - If a user, for whatever reason, ceases to agree with the terms of the license agreement for a product, would that not provide a duty to remove it? If there is nothing in the agreement or in law that states the user must agree forever, the user can revoke his agreement with the terms and thereby be entitled, if not required, to remove the product.
If that's the case, a removal dialog box that says something like;
"I confirm that I revoke my agreement with the license terms of the software about to be removed and am removing this software to comply with my revocation of agreement and the terms of the software license"
Followed by a radio button, "Click "agree" to continue"
I'm sure the lawyers could refine that.
--
In Memoriam -
NRK 1 FEB 1918 - 6 NOV 2005
B-17 pilot -
50 missions over Europe and North Africa -
347th Squadron, 99th Bomb Group -
Husband, Father, Grandfather, Great Grandfather, friend ---
A knight and gentleman gone to peace
| |
 H2OuUp2Happy to be herePremium
join:2002-03-15
Oklahoma City, OK
·Cox HSI
| reply to K McAleavey
Re: Microsoft will wipe Sony's 'rootkit' and more Send the code to an off-shore country that isn't restricted by these FU laws.
Get it out to the masses! ASAP! I will never buy a Sony product again. No DVD's no CD's no TV's no Players, No Play Stations, nothing.
I guess I'll have to really check out what all Sony has their hand stuck in so I can get boycott ALL their products.
I too agree with you Kevin, that if it won't play we are not circumventing the protection we are removing it, and since we are not doing something that will allow it to play then all should be good.
SONY = NOSY
--
He is no fool who gives up what he cannot keep, to gain what he cannot loose. | |
Reviews:
·Verizon Online DSL
2 edits | reply to EGeezer
Re: End user agreement revocation Welcome to MY legal dilemma ... if you examine the usual EULA's, you'll see that you agree to sell your soul to the devil, but NOTE that there seems to never be a "my backside hurts" clause.
But legally, there seems to never be any "revocation" other than removing the software. In THIS case, even THAT doesn't buy back your soul, and THAT is what I have a problem with. We'll forget the right wing, left wing, "vendor", etc. Folks who know Nancy and I know we go beyond fair to our customers at our own expense, but such is NOT the province of seemingly anyone else.
What is particularly irksome though is that *WE* refused to be a party of the "agreement" with SONY and "First4" in which a number of other vendors agreed SOLELY to go after JUST the "rootkit" ... we nail the whole enchilada because we REFUSED to be a party to the "non-disclosure" ... we figured out what they were doing by our OWN means a while ago and refused to be a signatory to this "deal" by which ONLY the rootkit itself is removed, and not the REST.
But what *I* am angered about is that we can't give away our solution to this for FREE because that would legally expose us. THAT upsets me to no end given that I've already written
the code. And we're going to be forced to BURN it.
(edited to remove confusion)
--
Kevin McAleavey support@nsclean.com (Makers of BOClean - BOClean means never having to do an HJT log again)
»www.nsclean.com | |
 antiseriousThe Future ain't what it used to bePremium
join:2001-12-12
Scranton, PA | reply to K McAleavey
Re: Microsoft will wipe Sony's 'rootkit' and more
... why do Sony's rights to protect their product supersede the computer owner's rights to protect their equipment ? ... if they had provided a complete uninstaller as widely-distributed and easily-accessible as their DRMware, this would be a moot point ... and, as I understand from reading all these threads and links, if I decide to divest myself of their DRMware (and decline their EULA) I MUST remove their software from my computer - yet they have pointedly NOT provided me the means to do it, thereby forcing me into a violation of the law ... how can THAT be kosher ? ...
... Kevin, I wish you luck as well in this 'crusade', and would hope your lawyers take into account any loopholes that may be presented as a result of Sony's failures to properly execute code and abide by their legal obligations ... this will get uglier before it gets resolved ...
--
... "Do You Know Where Your Towel Is ?" ... | |
Reviews:
·Consolidated Com..
| reply to K McAleavey
My PC is not primarily a CD player, that is only one feature. If I discover after the fact that use of a copy protected CD impairs the function of my computer, alters my operating system in such a way as to create a privacy and/or security vulnerability, and will damage or disable my computer if I attempt to restore my computer to a safe condition, and then I decide to give up the ability to play Sony CD's as the price of restoring the stability, privacy, and security of my computer, does Sony have the legal right to prevent me from doing that? Once I have used my computer to play a Sony CD am I legally forbidden from doing a format/recovery?
I can see where providing a free uninstaller to the general public may cause you to lose the protection of existing precedent under New York law regarding your license holders being a private club. I would think that binding the uninstallion to BOClean itself so that there is not a free or evaluation version available would maintain your existing precedent.
Would it be possible to submit the question for an advanced ruling to US and NY attorney generals? | |
EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7 Reviews:
·Callcentric
| reply to K McAleavey
Re: End user agreement revocation But still, it brings up the question - If there is no prohibition against a user ceasing agreement with the terms, it seems the user can revoke and thereby be free to - or even required - to remove the product.
Now if the license agreement does not specify irrevocation of agreement, then it seems that no prohibition would exist and the user would be able to declare "I no longer agree with the license terms".
This would probably be better argued by good lawyers at any rate.
--
In Memoriam -NRK 1 FEB 1918 - 6 NOV 2005B-17 pilot -50 missions over Europe and North Africa - 347th Squadron, 99th Bomb Group - Husband, Father, Grandfather, Great Grandfather, friend --- A knight and gentleman gone to peace | |
SvS
join:2001-04-15
Germany | reply to K McAleavey
Re: Microsoft will wipe Sony's 'rootkit' and more The software installed allows to create a limited number of copies of the CD in question, if I understand this right this is the only (legal) way to create copies so most vendors preferred to do what is referred to as "de-cloaking". They just remove the part which is considered to be dangerous but leave the (main) functionality of this thing in place...
I don't know what happens if the software is removed, if it is possible to create more than the number of copies allowed by simply re-installing the "rootkit" from CD you may probably get in trouble since this would qualify as case of "circumventing a technological measure ...". | |
Reviews:
·Verizon Online DSL
| reply to Mowergun
What I'd written for this situation is actually NOT a part of BOClean itself, and therefore would not have provided "legal connectivity" to the product we make - it was a separate and unique application of something that we did custom for a foreign government to secure their systems and not legally applicable as a piece of BOClean. That was the reason why I pursued doing it in the first place as I sure wouldn't want to do anything that would jeopardize our existing constructs.
Within our own code, dealing with SONY's rootkit is amateur hour compared to what else is out there, and thus I saw no risks on a technical standpoint given how different the freebie would have been compared to our "real stuff."
But lawyers ... well ... (grin) I keep getting told that they're not as dumb as juries. Heh.
--
Kevin McAleavey support@nsclean.com (Makers of BOClean - BOClean means never having to do an HJT log again)»www.nsclean.com | |
| reply to K McAleavey
Kevin, I think you're absolutely right. If what the lawyers say is correct, then it would be illegal for anyone with the Sony DRM installed to reformat their hard disk and install a fresh copy of Windows. It might even be illegal to replace the hard disk if it crashes; following a disk crash you would be required to throw away the entire computer system. That can't be right.
You're not circumventing anything. You're returning the system to the state it was in before the Sony disk was inserted. If that's an illegal state of affairs, then it would be illegal to merely have the Sony disk in the same room as a computer without the DRM installed.
This is way out of control. I wish you well (as a happy BOClean user) and I'm glad I don't have your legal bills. | |
Reviews:
·Verizon Online DSL
| reply to SvS
And again, I'm not a lawyer, just an "evil vendor" (heh) ... but as I see it (and as observed in the lab) in THIS case, if the software is not installed, then the player doesn't play. Put as simply as possible (so lawyers comprehend) there is NO circumvention at ALL if the "software" is removed ... however, the VAGUENESS of "1201" clearly fails to differentiate, and if SONY decides to sue as a result of the vagueness, then they WIN.
Reality is, it all comes down to presentation before a technically clueless jury, and an even more clueless judiciary and that's what the lawyers are worried about. I can understand ours since we're nowhere near Symantec or Microsoft in size or income, it just becomes difficult indeed to realize that we stand to face all this ALONE and no one with far more resources and money than we have has already chucked the issue and is willing to comply with this foolishness.
Legally, it's perfectly OK for us to STOP you from being infected in the first place, and by nature of our legal precendents, stop an already existing infection - the PROBLEM is that we can't provide the solution to the general public for FREE because *THAT* would expose us to harm. Madness!
--
Kevin McAleavey support@nsclean.com (Makers of BOClean - BOClean means never having to do an HJT log again)»www.nsclean.com | |
 catseyenuAck PfftPremium
join:2001-11-17
Fix East | reply to K McAleavey
I've reached out to Mark Russinovich to see if we can get him to weigh in on the technical side for the attorneys.
--
Using BOClean means never doing a Hijack This log again.»nsclean.com/boclean.html | |
| reply to K McAleavey
Why does it matter if the solution is free or for-pay? I don't see anything in the law that differentiates based on whether or not there is money charged. | |
Reviews:
·Consolidated Com..
| reply to K McAleavey
Unfortunately Sony has the resources to destroy you even if you are in the right. That is why I wonder about seeking an opinion in advance from the attorney general. With that in your hip pocket, maybe it would put some steel in your lawyer's spines. | |
|
