| |  | | | 
11-01-2005, 06:47 PM
| | |  Re: Sony DRM Rootkit
nemo_outis wrote:
> Here's a shocker: rootkit installed by Sony!
>
> Sony, Rootkits and Digital Rights Management Gone Too Far
> http://www.sysinternals.com/blog/200...s-and-digital-
> rights.html
>
> Regards,
>
Well I was trying youre link and come up a little short handed.
Did the root-kit worked on Linux?
The page cannot be found
The page you are looking for might have been removed, had its name
changed, or is temporarily unavailable.
Please try the following:
* If you typed the page address in the Address bar, make sure that
it is spelled correctly.
* Open the www.sysinternals.com home page, and then look for links
to the information you want.
* Click the Back button to try another link.
HTTP 404 - File not found
Internet Information Services
Technical Information (for support personnel)
* More information:
Microsoft Support
Anders |
11-01-2005, 07:20 PM
| | | Re: Sony DRM Rootkit
Anders <andersajja@hotmail.com> wrote in news:JDP9f.37325$d5.193991
@newsb.telia.net:
> nemo_outis wrote:
>> Here's a shocker: rootkit installed by Sony!
>>
>> Sony, Rootkits and Digital Rights Management Gone Too Far
>> http://www.sysinternals.com/blog/200...s-and-digital-
>> rights.html
>>
>> Regards,
>>
>
> Well I was trying youre link and come up a little short handed.
> Did the root-kit worked on Linux?
>
> The page cannot be found
> The page you are looking for might have been removed, had its name
> changed, or is temporarily unavailable.
>
> Please try the following:
>
> * If you typed the page address in the Address bar, make sure that
> it is spelled correctly.
> * Open the www.sysinternals.com home page, and then look for links
> to the information you want.
> * Click the Back button to try another link.
>
> HTTP 404 - File not found
> Internet Information Services
>
> Technical Information (for support personnel)
>
> * More information:
> Microsoft Support
>
> Anders
The URL was split across lines and you may have reconstructed it
incorrectly. For your convenience try the following instead: http://tinyurl.com/auyjl
Regards,  |
11-01-2005, 10:30 PM
| | | Re: Sony DRM Rootkit
On 01 Nov 2005 18:44:38 GMT, nemo_outis wrote:
> Here's a shocker: rootkit installed by Sony!
>
> Sony, Rootkits and Digital Rights Management Gone Too Far
> http://www.sysinternals.com/blog/200...s-and-digital-
> rights.html
>
> Regards,
I think the only thing shocking about this is that we haven't found all the
others doing the same thing.
--
Drop the alphabet for email |
11-01-2005, 11:00 PM
| | | Re: Sony DRM Rootkit
nemo_outis wrote:
> Here's a shocker: rootkit installed by Sony!
>
> Sony, Rootkits and Digital Rights Management Gone Too Far
> http://www.sysinternals.com/blog/200...s-and-digital-
> rights.html
>
> Regards,
>
Would seem to me like a good case for some (several hundred) like minded
people having the Sony crap destroy their (very expensive ;)) machines,
and starting a class action.
Time *we* started fighting back!
I guess in the UK we could probably use the terms of the `Computer
Misuse Act'
Steve |
11-02-2005, 12:09 AM
| | | Re: Sony DRM Rootkit
Steve Welsh wrote:
> nemo_outis wrote:
>> Here's a shocker: rootkit installed by Sony!
>>
>> Sony, Rootkits and Digital Rights Management Gone Too Far
>> http://www.sysinternals.com/blog/200...s-and-digital-
>> rights.html
>>
>> Regards,
>>
>
> Would seem to me like a good case for some (several hundred) like minded
> people having the Sony crap destroy their (very expensive ;)) machines,
> and starting a class action.
>
> Time *we* started fighting back!
>
> I guess in the UK we could probably use the terms of the `Computer
> Misuse Act'
>
> Steve
Yes it is time to fight back because if you don't it will only get worse...
Im |
11-02-2005, 12:10 AM
| | | Re: Sony DRM Rootkit
Ari Silversteinn wrote:
> On 01 Nov 2005 18:44:38 GMT, nemo_outis wrote:
>
>> Here's a shocker: rootkit installed by Sony!
>>
>> Sony, Rootkits and Digital Rights Management Gone Too Far
>> http://www.sysinternals.com/blog/200...s-and-digital-
>> rights.html
>>
>> Regards,
>
> I think the only thing shocking about this is that we haven't found all
> the others doing the same thing.
....give it time...others will follow.
Imhotep |
11-02-2005, 12:37 AM
| | | Re: Sony DRM Rootkit
nemo_outis wrote:
> Here's a shocker: rootkit installed by Sony!
>
> Sony, Rootkits and Digital Rights Management Gone Too Far
> http://www.sysinternals.com/blog/200...s-and-digital-
> rights.html
>
> Regards,
>
I read this earlier today. I found it an excellent tutorial on running
critters to ground. It is good work.
The nested driver is an interesting trick, that has other applications.
I question whether under the DCMA Sony can be prosecuted, even under
California law as some of the blog commenters suggest. While Sony I
believe may have avoided legal entanglements in the US due to clauses in
the DCMA which overrides state law, it is morally contemptible.
That said the measures can be bypassed easily and avoided if one is
conscientious of the issue. I believe the lesson here is WinX users
should turn off auto play, copying just the music files off original
disk an burn them on a backup disk, then use the backup disk. I will
consciously avoid Sony products, not only music, but for all Sony
product lines, both business and personal,(Only wish I could do same for
Microsoft).
Sony is without honor.
Company behaviors should always be considered before any purchase.
This is not the first scum behavior I have seen with Sony. I had a VIAO
desktop a few years back, where they had clipped the jumpers on the
mobo, where the system could not easily be upgraded (I did, but required
a soldering iron), though the motherboard was fully capable of the upgrade.
While I am only one, it will be a cold day in a very warm place, before
I knowingly purchase another of their products, irrespective of turn
around in company policy. I suspect there will be a backlash to this
behavior that Sony will reap, for many years to come.
While I am not an activist, this is a very good reason to lobby
legislators to roll back DCMA protections. Easy E-mail for US
legislators of your state can be found here: http://www.webslingerz.com/jhoffman/congress-email.html
Winged |
11-02-2005, 02:02 AM
| | | Re: Sony DRM Rootkit
nemo_outis wrote:
> Here's a shocker: rootkit installed by Sony!
>
> Sony, Rootkits and Digital Rights Management Gone Too Far
> http://www.sysinternals.com/blog/200...s-and-digital-
> rights.html
>
> Regards,
I am deeply disturbed by this. The only way to fight this sort of bullshit
is to spread the word to people as well as boycott any company that uses
these sort of techniques...
Personally, I refuse to purchase these CDs...it will never happen. I will
pirate first...
Imhotep |
11-02-2005, 02:06 AM
| | | Re: Sony DRM Rootkit
Winged wrote:
> nemo_outis wrote:
>> Here's a shocker: rootkit installed by Sony!
>>
>> Sony, Rootkits and Digital Rights Management Gone Too Far
>> http://www.sysinternals.com/blog/200...s-and-digital-
>> rights.html
>>
>> Regards,
>>
>
>
> I read this earlier today. I found it an excellent tutorial on running
> critters to ground. It is good work.
>
> The nested driver is an interesting trick, that has other applications.
>
> I question whether under the DCMA Sony can be prosecuted, even under
> California law as some of the blog commenters suggest. While Sony I
> believe may have avoided legal entanglements in the US due to clauses in
> the DCMA which overrides state law, it is morally contemptible.
>
> That said the measures can be bypassed easily and avoided if one is
> conscientious of the issue. I believe the lesson here is WinX users
> should turn off auto play, copying just the music files off original
> disk an burn them on a backup disk, then use the backup disk. I will
> consciously avoid Sony products, not only music, but for all Sony
> product lines, both business and personal,(Only wish I could do same for
> Microsoft).
>
> Sony is without honor.
>
> Company behaviors should always be considered before any purchase.
>
> This is not the first scum behavior I have seen with Sony. I had a VIAO
> desktop a few years back, where they had clipped the jumpers on the
> mobo, where the system could not easily be upgraded (I did, but required
> a soldering iron), though the motherboard was fully capable of the
> upgrade.
>
> While I am only one, it will be a cold day in a very warm place, before
> I knowingly purchase another of their products, irrespective of turn
> around in company policy. I suspect there will be a backlash to this
> behavior that Sony will reap, for many years to come.
>
> While I am not an activist, this is a very good reason to lobby
> legislators to roll back DCMA protections. Easy E-mail for US
> legislators of your state can be found here:
>
> http://www.webslingerz.com/jhoffman/congress-email.html
>
> Winged
Agreed. All people (expect me) at my company use Sony Viao laptops. I have
already forwarded this article to my boss and I will actively pursue
replacing Sony with another vendor. In short, they lost all of my respect
and do not deserve my (or my companies) money...
RIP Sony...
Imhotep |
11-02-2005, 04:07 AM
| | | Re: Sony DRM Rootkit
This is a Type III anonymous message, sent to you by the Mixminion
server at mercurio.mixmaster.it. If you do not want to receive
anonymous messages, please contact mercurio-admin@mixmaster.it
-----BEGIN TYPE III ANONYMOUS MESSAGE-----
Message-type: plaintext
In <1sdn43rqbueup$.izwitrx95deb$.dlg@40tude.net> Ari Silversteinn <arisilverstein@yahoo.com> wrote:
>On 01 Nov 2005 18:44:38 GMT, nemo_outis wrote:
>
>> Here's a shocker: rootkit installed by Sony!
>>
>> Sony, Rootkits and Digital Rights Management Gone Too Far
>> http://www.sysinternals.com/blog/200...s-and-digital-
>> rights.html
>>
>> Regards,
>
>I think the only thing shocking about this is that we haven't found all the
>others doing the same thing.
Those who use rootkits are the lowest scum ever to draw breath.
-----END TYPE III ANONYMOUS MESSAGE----- |
11-02-2005, 10:36 PM
| | | Re: Sony DRM Rootkit
Winged wrote:
> I will
> consciously avoid Sony products, not only music, but for all Sony
> product lines, both business and personal,(Only wish I could do same for
> Microsoft).
>
> Sony is without honor.
>
> http://www.webslingerz.com/jhoffman/congress-email.html
>
> Winged
Totally agree, and so do many of my work colleagues - keep spreading the
word
Steve |
11-04-2005, 06:31 AM
| | | Re: Sony DRM Rootkit
On Wed, 2 Nov 2005 06:07:09 +0100 (CET), nobody@mixmaster.it wrote:
> This is a Type III anonymous message, sent to you by the Mixminion
> server at mercurio.mixmaster.it. If you do not want to receive
> anonymous messages, please contact mercurio-admin@mixmaster.it
>
> -----BEGIN TYPE III ANONYMOUS MESSAGE-----
> Message-type: plaintext
>
> In <1sdn43rqbueup$.izwitrx95deb$.dlg@40tude.net> Ari Silversteinn <arisilverstein@yahoo.com> wrote:
>>On 01 Nov 2005 18:44:38 GMT, nemo_outis wrote:
>>
>>> Here's a shocker: rootkit installed by Sony!
>>>
>>> Sony, Rootkits and Digital Rights Management Gone Too Far
>>> http://www.sysinternals.com/blog/200...s-and-digital-
>>> rights.html
>>>
>>> Regards,
>>
>>I think the only thing shocking about this is that we haven't found all the
>>others doing the same thing.
>
> Those who use rootkits are the lowest scum ever to draw breath.
I feel the same way, there is a root kit removal utility in the general
technology section of privacy.li's forums, I just downloaded it, here's the
link if you want it, http://www.privacy.li/forum/
>
> -----END TYPE III ANONYMOUS MESSAGE----- |
11-04-2005, 02:17 PM
| | | Privacy.LIE scamming you again!
traveler wrote:
> On Wed, 2 Nov 2005 06:07:09 +0100 (CET), nobody@mixmaster.it wrote:
>
>> This is a Type III anonymous message, sent to you by the Mixminion
>> server at mercurio.mixmaster.it. If you do not want to receive
>> anonymous messages, please contact mercurio-admin@mixmaster.it
>>
>> -----BEGIN TYPE III ANONYMOUS MESSAGE----- Message-type: plaintext
>>
>> In <1sdn43rqbueup$.izwitrx95deb$.dlg@40tude.net> Ari Silversteinn
>> <arisilverstein@yahoo.com> wrote:
>>>On 01 Nov 2005 18:44:38 GMT, nemo_outis wrote:
>>>
>>>> Here's a shocker: rootkit installed by Sony!
>>>>
>>>> Sony, Rootkits and Digital Rights Management Gone Too Far
>>>> http://www.sysinternals.com/blog/200...s-and-digital-
>>>> rights.html
>>>>
>>>> Regards,
>>>
>>>I think the only thing shocking about this is that we haven't found all
>>>the others doing the same thing.
>>
>> Those who use rootkits are the lowest scum ever to draw breath.
>
> I feel the same way, there is a root kit removal utility in the general
> technology section of privacy.li's forums, I just downloaded it, here's
> the link if you want it,
>
> http://www.privacy.li/forum/
Here's the REAL link: http://www.sysinternals.com/ntw2k/fr...itreveal.shtml
What a DICK. Forcing people to search through a known logging service to
get to a freely available security program on ANOTHER site. You have no
shame and no morals. Is Privacy.LIE suffering so bad that you have to
resort to this sort of BULLSHIT just to get more visitors to log?
Some background:
Adminus posting in the Dog House:
"Hello, I am the owner of privacy.li. Today i saw some extra visitors, so
i checked where they came from and arrived here."
But privacy.LIE claims not to log! Over and over again on their web site
in every forum their sock puppets visit the say NOTHING IS LOGGED. Then
how would they see extra visitors and know where they came from?
They ALSO demand a valid email address to access their file area with the
promise that you will be sent a download link. When you hand over an
address they send you an email that you HAVE to be a customer.
SWINDLERS! What do they do with the email addresses they collect I wonder?
>
>
>> -----END TYPE III ANONYMOUS MESSAGE-----
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info. |
11-04-2005, 02:35 PM
| | | Re: Privacy.LIE scamming you again!
Well, you guys are really either stupid or someone pays you to spread
this FUD.
Can you imagine that privacy.li has a website at http://www.privacy.li,
which of course uses traffic analysis of its WEB SURFING VISITORS, to
see where they come from, what draws most interest, what key words are
scoring high, etc. Any business out there which is not doing this basic
analysis has no clue about what web visitors are interested in, and
therefor could not better or enhance their service...
However, this analysis is NOT matched with any individuals, but only in
a generic and general summary.
And to stretch your imagination a little bit further ->
In contrast to mere web visitors stands the service we offer:
We offer SSH2-accounts (Privacy-Tunnel) with full TOR entry points on
our servers (TOR-servers running, usage optional) for privacy loving
folks, and we DO NOT LOG ANY of the following:
1. we do NOT log your surfing behaviour, like which sites you visit
2. we do NOT log your email content
3. we do NOT log your traffic as in how many bytes you transferred
4. we do NOT log how many emails you sent or received
5. we do NOT log your chats like those in IRC and other IM-clients
6. we do NOT backup any of your data
So, we have perfect deniability, if we ever would get asked to produce
evidence about a client. What we don't know, we can not produce - it's
that easy!
Adminus
-------------------------------------------------------------------------------
Privacy.li - Being paranoid is a virtue, not a malfunction! www.privacy.li or www.privacy.org.cn Visit our forums at: www.privacy.li/forum
Anonymous domains + offshore hosting, anonymous banking, Privacy-tunnel,
market maker for digital gold currencies
"Fiat currencies don't float. They just sink at different rates."
Open your free e-gold account today here: https://www.e-gold.com/newacct/newac...asp?cid=385095
>>>>I think the only thing shocking about this is that we haven't found all
>>>>the others doing the same thing.
>>>
>>>Those who use rootkits are the lowest scum ever to draw breath.
>>
>>I feel the same way, there is a root kit removal utility in the general
>>technology section of privacy.li's forums, I just downloaded it, here's
>>the link if you want it,
>>
>>http://www.privacy.li/forum/
>
>
> Here's the REAL link:
>
> http://www.sysinternals.com/ntw2k/fr...itreveal.shtml
>
> What a DICK. Forcing people to search through a known logging service to
> get to a freely available security program on ANOTHER site. You have no
> shame and no morals. Is Privacy.LIE suffering so bad that you have to
> resort to this sort of BULLSHIT just to get more visitors to log?
> |
11-04-2005, 10:50 PM
| | | Re: Sony DRM Rootkit
Ray Vingnutte wrote:
> On Thu, 3 Nov 2005 19:36:04 +0000
> Ray Vingnutte <rvmospam@againnospam.our.uk> wrote:
>
>
>>On 01 Nov 2005 18:44:38 GMT
>>"nemo_outis" <abc@xyz.com> wrote:
>>
>>
>>>Here's a shocker: rootkit installed by Sony!
>>>
>>>Sony, Rootkits and Digital Rights Management Gone Too Far
>>>http://www.sysinternals.com/blog/200...s-and-digital-
>>>rights.html
>>>
>>>Regards,
>>>
>>
>>It's made the BBC headlines
>>
>>http://news.bbc.co.uk/1/hi/technology/4400148.stm
>
>
> And an update
>
> http://news.bbc.co.uk/1/hi/technology/4406178.stm
>
There has to be a way for us to get to these big corporations trying to
impose their wants on us.
Just a thought: if we can find some various items of technological merit
in Sony kit (whatever), if enough of us go into our local Sony retailer,
and propose to buy that piece of kit, and then prevaricate to the tune
of a couple of hours, exploring any alternatives to the particular piece
of Sony kit (well, doesn't the Ghmx-x-100 from xxx do that?)
Then when we have wasted a couple of hours of a sales assistant's time,
tell them EXACTLY why we won't touch Sony with a barge-pole.
Perhaps Sony would get the message when it starts to come back loud and
clear from their retailers.
My 2p worth.
Steve |
11-05-2005, 03:08 AM
| | | Re: Sony DRM Rootkit
On Fri, 04 Nov 2005 23:50:28 +0000
Steve Welsh <nobody@linux.bogus> wrote:
> Ray Vingnutte wrote:
> > On Thu, 3 Nov 2005 19:36:04 +0000
> > Ray Vingnutte <rvmospam@againnospam.our.uk> wrote:
> >
> >
> >>On 01 Nov 2005 18:44:38 GMT
> >>"nemo_outis" <abc@xyz.com> wrote:
> >>
> >>
> >>>Here's a shocker: rootkit installed by Sony!
> >>>
> >>>Sony, Rootkits and Digital Rights Management Gone Too Far
> >>>http://www.sysinternals.com/blog/200...s-and-digital-
> >>>rights.html
> >>>
> >>>Regards,
> >>>
> >>
> >>It's made the BBC headlines
> >>
> >>http://news.bbc.co.uk/1/hi/technology/4400148.stm
> >
> >
> > And an update
> >
> > http://news.bbc.co.uk/1/hi/technology/4406178.stm
> >
>
> There has to be a way for us to get to these big corporations trying
to
> impose their wants on us.
>
> Just a thought: if we can find some various items of technological
merit
> in Sony kit (whatever), if enough of us go into our local Sony
retailer,
> and propose to buy that piece of kit, and then prevaricate to the tune
> of a couple of hours, exploring any alternatives to the particular
piece
> of Sony kit (well, doesn't the Ghmx-x-100 from xxx do that?)
>
> Then when we have wasted a couple of hours of a sales assistant's
time,
> tell them EXACTLY why we won't touch Sony with a barge-pole.
>
> Perhaps Sony would get the message when it starts to come back loud
and
> clear from their retailers.
>
> My 2p worth.
>
> Steve
Yeah, hit them where it hurts most, don't give them your money ;-) |
11-05-2005, 03:56 AM
| | | Re: Privacy.LIE scamming you again!
> traveler scribbled:
>> Max Burke wrote:
> Oh, and by the way, you posted a dead link ^ they must have shut
> it down because of all the complaints that it was a root kit, lol
>> No it hasn't been shut down and it isn't a rootkit.
>> It's here:
>> http://www.sysinternals.com/Utilitie...tRevealer.html
> Thanks for the info, the only thing is that it dosen't look like it
> can remove the actual root kit.
That's why it's called Rootkit *Revealer,* which is understandable given the
damage an 'un-informed' user could do to their OS if they ran it then
deleted everything the scan showed....
Like all software it's not foolproof and is simply a tool to show *possible*
anomolies that might need further investigation.
For example whenever I run it, I get a prefetch entry everytime for cmd.exe
that Rootkit Revealer says is hidden from the Windows API.
It's a false positive for cmd.exe and nothing that I need to be concerned
about.
-- mlvburke@xxxxxxxx.nz
Replace the obvious with paradise.net to email me
Found Images http://homepages.paradise.net.nz/~mlvburke |
11-06-2005, 08:37 AM
| | | Re: Privacy.LIE scamming you again!
"traveler" <noreply@nym.alias.net> wrote in message
news:tb5rm1duccaseg2q4iecmndgr10dii7a7m@4ax.com...
> On Sat, 5 Nov 2005 17:56:18 +1300, "Max Burke" <mlvburke@xxxxxxxxx.nz>
<snip>
> If you would like to try something that's more than a "revealer",
> that can safely remove the root kit for you, if in fact you want to
> remove it rather than keeping it, that's a safe product and produced
> by a leading computer security company, that's free to use until
> January 1st, 2006, then go to the general technology section at:
> www.privacy.li/forum
>
> Or just keep what you have, just don't delete anyhting.
...or just go to Windows Update and run the Malicious Software Removal Tool.
Limited, and less capable than (say) a typical 3rd-party AV (which is why I
don't personally use it). But utterly free.
If *I* were ever to locate a rootkit on one of my PCs, then the first stop
would be my AV provider.. after all, removing nasties is what I pay them
for. And what they do for a living.
Oh, and most vendors put out free worm removal tools, even to
non-subscribers. I daresay a bit of a rummage through the appropriate web
site would do the same for known rootkits.
Not that I'm dissing a tool that I haven't even looked at, of course...
--
Hairy One Kenobi
Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there! |
11-06-2005, 09:04 AM
| | | Re: Privacy.LIE scamming you again!
On Sun, 06 Nov 2005 09:37:39 GMT, Hairy One Kenobi wrote:
> "traveler" <noreply@nym.alias.net> wrote in message
> news:tb5rm1duccaseg2q4iecmndgr10dii7a7m@4ax.com...
>> On Sat, 5 Nov 2005 17:56:18 +1300, "Max Burke" <mlvburke@xxxxxxxxx.nz>
>
> <snip>
>
>> If you would like to try something that's more than a "revealer",
>> that can safely remove the root kit for you, if in fact you want to
>> remove it rather than keeping it, that's a safe product and produced
>> by a leading computer security company, that's free to use until
>> January 1st, 2006, then go to the general technology section at:
>> www.privacy.li/forum
>>
>> Or just keep what you have, just don't delete anyhting.
>
> ..or just go to Windows Update and run the Malicious Software Removal Tool.
>
> Limited, and less capable than (say) a typical 3rd-party AV (which is why I
> don't personally use it). But utterly free.
>
> If *I* were ever to locate a rootkit on one of my PCs, then the first stop
> would be my AV provider.. after all, removing nasties is what I pay them
> for. And what they do for a living.
>
> Oh, and most vendors put out free worm removal tools, even to
> non-subscribers. I daresay a bit of a rummage through the appropriate web
> site would do the same for known rootkits.
>
> Not that I'm dissing a tool that I haven't even looked at, of course...
The reason ant-virus products don't catch it is because it's not a virus,
or a trojan. It's software of sorts designed to hide something like a
trojan. Windows removal tool and even the best virus/trojan scanner
wouldn't find it, you need a specialized product like the F- Secure to
detect it, and just as important to SAFELY remove it without any hassles,
Regards, |
11-06-2005, 01:45 PM
| | | Re: Privacy.LIE scamming you again!
traveler wrote:
>> If *I* were ever to locate a rootkit on one of my PCs, then the first
>> stop would be my AV provider.. after all, removing nasties is what I pay
>> them for. And what they do for a living.
>>
>> Oh, and most vendors put out free worm removal tools, even to
>> non-subscribers. I daresay a bit of a rummage through the appropriate
>> web site would do the same for known rootkits.
>>
>> Not that I'm dissing a tool that I haven't even looked at, of course...
>
> The reason ant-virus products don't catch it is because it's not a virus,
> or a trojan. It's software of sorts
There's no "of sorts" about it, they're software. Period. The reason
mainstream AV software doesn't detect them (some are) is probably more a
matter of money and politics than anything else. They're just recently
becoming "popular" in the world of Window$, and until recently the ROI
just wasn't there. No financial benefit for investing the time and effort
into designing ways to ferret out something that only had a one in a
billion chance of being a problem.
Root kits aren't some mysterious magical incantation uttered by long
bearded mages who live under ancient trees. Viruses have been using
similar or identical "stealth" techniques for many years to hide their
presence from AV software and things like the task manager. Detecting
them isn't rocket surgery if you know what you're doing. The problem with
root kits is that they generally *replace* critical system files with
total rewrites. You can't typically "disinfect" a system that falls victim
to many/most root kits, and anyone or any software that claims to be able
to do so reliably is lying or severely misinformed. Thus the "political"
problem of detecting something and then telling the customer "nothing I
can do... sorry about you luck". ;)
> designed to hide something like a
> trojan. Windows removal tool and even the best virus/trojan scanner
> wouldn't find it, you need a specialized product like the F- Secure to
Think about what you're saying... "one piece of software can't find it but
another can". This is obviously nothing more than a matter of adding the
code and methods from one software to another, not some magical quality
that software assumes if it's given the "Anti Virus" moniker. Root kit
detection has been thus far left to specialized software because there was
no pressing reason to detect them. Although I know I've read through lists
of "trojans" that mainstream AV softwares detect and seen rot kit names.
So AV software peddlers obviously do add detection for such things if and
when they become a problem in the mind of the peddler.
> detect it, and just as important to SAFELY remove it without any
> hassles,
How do you remove something that replaces critical files with completely
different versions?
Short answer... you can't. You're left restoring from backups or
reinstalling. No anti-rootkit software in the universe is going to be able
to do this alone.
--
_?_ Outside of a dog, a book is a man's best friend.
(@ @) Inside of a dog, it's too dark to read.
-oOO-(_)--OOo-------------------------------[ Groucho Marx ]--
grok! Registered Linux user #402208
|
11-06-2005, 02:34 PM
| | | Re: Privacy.LIE scamming you again!
Jim Watt <jimwatt@aol.no_way> wrote in
news:npmrm11r481keevmahl31rbrf27cnmtnho@4ax.com:
> On Sun, 6 Nov 2005 02:04:47 -0800, traveler <noreply@nym.alias.net>
> wrote:
>
>>The reason ant-virus products don't catch it is because it's not a virus,
>>or a trojan. It's software of sorts designed to hide something like a
>>trojan. Windows removal tool and even the best virus/trojan scanner
>>wouldn't find it, you need a specialized product like the F- Secure to
>>detect it, and just as important to SAFELY remove it without any hassles,
>
> AV products these days do a lot more than look for boot sector virus's
>
> If I wanted something to remove this shit, not that it would have been
> installed i nthe first place, I'd expect to get it from Sony.
> --
> Jim Watt
> http://www.gibnet.com
>
FWIW programs like Slysoft's AnyDVD (v5.5.1.1) not only bypass Sony's
protection but *prevent* the rootkit being installed in the first place.
Regards, |
11-06-2005, 04:00 PM
| | | Re: Privacy.LIE scamming you again!
Jim Watt wrote:
> On Sun, 06 Nov 2005 14:45:02 GMT, "Jeffrey F. Bloss"
> <jbloss@tampabay.mapson.rr.com> wrote:
>
>>The problem with root kits is that they generally *replace* critical
>>system files with total rewrites.
>
> Fine; if the original is digitally signed
They're generally not. Unless you've signed them yourself. There's
always generic detection, which falls under "signed" I suppose, but that's
just detection and not "cleaning".
> its a simple matter of
> identifying those that are not and replacing them with the genuine system
> components.
Simple? For a piece of software to do this it would be necessary to know
precisely what software, version, and updates have been installed, where
the archive media or site is located, and how to install/register each and
every changed file, registry key, yadda... yadda... yadda.
Not quite so simple I'd think. ;)
--
_?_ Outside of a dog, a book is a man's best friend.
(@ @) Inside of a dog, it's too dark to read.
-oOO-(_)--OOo-------------------------------[ Groucho Marx ]--
grok! Registered Linux user #402208
|
11-06-2005, 04:00 PM
| | | Re: Privacy.LIE scamming you again!
"traveler" <noreply@nym.alias.net> wrote in message
news:bhvuky9l4za6.1mwfsv6cvo6xz.dlg@40tude.net...
> On Sun, 06 Nov 2005 09:37:39 GMT, Hairy One Kenobi wrote:
> > "traveler" <noreply@nym.alias.net> wrote in message
> > news:tb5rm1duccaseg2q4iecmndgr10dii7a7m@4ax.com...
> >> On Sat, 5 Nov 2005 17:56:18 +1300, "Max Burke" <mlvburke@xxxxxxxxx.nz>
<snippage warning>
> > If *I* were ever to locate a rootkit on one of my PCs, then the first
stop
> > would be my AV provider.. after all, removing nasties is what I pay them
> > for. And what they do for a living.
> The reason ant-virus products don't catch it is because it's not a virus,
> or a trojan. It's software of sorts designed to hide something like a
> trojan. Windows removal tool and even the best virus/trojan scanner
> wouldn't find it, you need a specialized product like the F- Secure to
> detect it, and just as important to SAFELY remove it without any hassles,
I don't recall saying that AV products don't catch this; instead I have a
vague recollection of saying the exact opposite ;o)
Assuming that this software doesn't install via Voodoo (not the graphics
card), then one can catch it.
I even went as far as checking MS's site to make sure that I wasn't
misremembering. As I said, no idea as to the relative effectiveness of
whichever snake^H^H^Hsoftware you're peddling/advocating.
But. I doubt that it involves requiring Harry Potter as sysadmin - software
is software[1], no matter what the intent. It's no easier or more difficult
to detect sol.exe than leet-root-kitzzz!1!!1.exe (I'm possibly cheating a
little, in that this particular example formed part of the standard
Unicenter demo, back in '97. Forget the automated trouble-tickets,
supervisor email, removal, and reboot: the flashing red light was [cough]
kewl)
Point taken about "progressive" kits that replace multiple files. Sounds
like a damned stupid idea, though, as it's more likely to be detected IMHO.
H1K
[1] Originally misytped that as "siftware". Have I invented a new software
term..? Shame I'm not American - I'd rush out to patent it.. :oD | | |
| Thread Tools | | | | Display Modes |  Linear Mode |
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off | | | |
