Sony, Rootkits And Digital Rights Management Gone Too Far

"Last week when I was testing the latest version of RootkitRevealer (RKR) I
ran a scan on one of my systems and was shocked to see evidence of a
rootkit. Rootkits are cloaking technologies that hide files, Registry keys,
and other system objects from diagnostic and security software, and they
are usually employed by malware attempting to keep their implementation
hidden (see my ?Unearthing Rootkits? article from thre June issue of
Windows IT Pro Magazine for more information on rootkits). The RKR results
window reported a hidden directory, several hidden device drivers, and a
hidden application:"

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

Imhotep

Roger
Tue Nov 01 20:22:11 CST 2005

Interesting read, great analysis outline, and extremely troubling.

Hmmm, although I am glad to see Mark is having time for RKR
I also notice the page is still saying v1.56 (which it has been at
since maybe late July).

ra

"Imhotep" <Imhotep@nospam.net> wrote in message
news:P-SdnbMx7awrj_XeRVn-tg@adelphia.com...
> "Last week when I was testing the latest version of RootkitRevealer (RKR)
> I
> ran a scan on one of my systems and was shocked to see evidence of a
> rootkit. Rootkits are cloaking technologies that hide files, Registry
> keys,
> and other system objects from diagnostic and security software, and they
> are usually employed by malware attempting to keep their implementation
> hidden (see my ?Unearthing Rootkits? article from thre June issue of
> Windows IT Pro Magazine for more information on rootkits). The RKR results
> window reported a hidden directory, several hidden device drivers, and a
> hidden application:"
>
> http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
>
> Imhotep

Imhotep
Tue Nov 01 20:58:59 CST 2005

Roger Abell [MVP] wrote:

> Interesting read, great analysis outline, and extremely troubling.

A lot of people, including myself, have been warning of this for some time.
And mark my words now, IT WILL GET WORSE. For we are only seeing the first
generations of it now.

Spread the word. Boycott any company that practices this is clearly in
order.

Imhotep

> Hmmm, although I am glad to see Mark is having time for RKR
> I also notice the page is still saying v1.56 (which it has been at
> since maybe late July).
>
> ra
>
> "Imhotep" <Imhotep@nospam.net> wrote in message
> news:P-SdnbMx7awrj_XeRVn-tg@adelphia.com...
>> "Last week when I was testing the latest version of RootkitRevealer (RKR)
>> I
>> ran a scan on one of my systems and was shocked to see evidence of a
>> rootkit. Rootkits are cloaking technologies that hide files, Registry
>> keys,
>> and other system objects from diagnostic and security software, and they
>> are usually employed by malware attempting to keep their implementation
>> hidden (see my ?Unearthing Rootkits? article from thre June issue of
>> Windows IT Pro Magazine for more information on rootkits). The RKR
>> results window reported a hidden directory, several hidden device
>> drivers, and a hidden application:"
>>
>>
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
>>
>> Imhotep

Phillip
Wed Nov 02 09:29:43 CST 2005

"Imhotep" <Imhotep@nospam.net> wrote in message
news:lK-dnV-_UoDptvXeRVn-1w@adelphia.com...
> Spread the word. Boycott any company that practices this is clearly in
> order.

Boycotts never work and are a waist of time in the "big picture". However
bad publicity does work wonders sometimes. However highly "technical"
issues are difficult to explain cleary and acuartely in a News Broadcast
time frame. We've tried.

We have aired some of the Phishing scams and done fairly well with it, but
it is diffcult to bring the reporter up to the level of understanding with
the issue so that they sound credible on the air, and it is difficult to
find IT people who already understand it but also must have the "on-air"
skills to fit it all into the short timeslot and make it understandable to
people other than their own peers.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

Imhotep
Wed Nov 02 20:21:59 CST 2005

Phillip Windell wrote:

> "Imhotep" <Imhotep@nospam.net> wrote in message
> news:lK-dnV-_UoDptvXeRVn-1w@adelphia.com...
>> Spread the word. Boycott any company that practices this is clearly in
>> order.
>
> Boycotts never work and are a waist of time in the "big picture". However
> bad publicity does work wonders sometimes. However highly "technical"
> issues are difficult to explain cleary and acuartely in a News Broadcast
> time frame. We've tried.
>
> We have aired some of the Phishing scams and done fairly well with it, but
> it is diffcult to bring the reporter up to the level of understanding with
> the issue so that they sound credible on the air, and it is difficult to
> find IT people who already understand it but also must have the "on-air"
> skills to fit it all into the short timeslot and make it understandable to
> people other than their own peers.
>

It sounds like your in the media business, yes? If so, do your best to
spread the info. Like I said before, this is only the
beginning....companies that use these techniques get away with it because,
let's face it, most people are quite ignorant.

Imhotep

Roger
Wed Nov 02 23:16:50 CST 2005

"Imhotep" <Imhotep@nospam.net> wrote in message
news:lK-dnV-_UoDptvXeRVn-1w@adelphia.com...
> Roger Abell [MVP] wrote:
>
>> Interesting read, great analysis outline, and extremely troubling.
>
> A lot of people, including myself, have been warning of this for some
> time.
> And mark my words now, IT WILL GET WORSE. For we are only seeing the first
> generations of it now.
>

There seems plenty of political ear and effort for protecting media
companies' interests, but not much for actually implementable protections
of the base consumers' rights. I mean, at least there could be a truth in
labelling law . . . "by using this disk you concent to us trashing out your
kernel tables and doing basically anything we want to and on your system
without you being able to notice it" . . . 5 grams fat, 6 grams sugar . . .

--
Roger

> Spread the word. Boycott any company that practices this is clearly in
> order.
>
> Imhotep
>
>> Hmmm, although I am glad to see Mark is having time for RKR
>> I also notice the page is still saying v1.56 (which it has been at
>> since maybe late July).
>>
>> ra
>>
>> "Imhotep" <Imhotep@nospam.net> wrote in message
>> news:P-SdnbMx7awrj_XeRVn-tg@adelphia.com...
>>> "Last week when I was testing the latest version of RootkitRevealer
>>> (RKR)
>>> I
>>> ran a scan on one of my systems and was shocked to see evidence of a
>>> rootkit. Rootkits are cloaking technologies that hide files, Registry
>>> keys,
>>> and other system objects from diagnostic and security software, and they
>>> are usually employed by malware attempting to keep their implementation
>>> hidden (see my ?Unearthing Rootkits? article from thre June issue of
>>> Windows IT Pro Magazine for more information on rootkits). The RKR
>>> results window reported a hidden directory, several hidden device
>>> drivers, and a hidden application:"
>>>
>>>
> http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
>>>
>>> Imhotep
>

Mark
Thu Nov 03 04:29:55 CST 2005

"Imhotep" <Imhotep@nospam.net> wrote in message
news:X72dnU1fLs7a6fTeRVn-tQ@adelphia.com...
> It sounds like your in the media business, yes? If so, do your best to
> spread the info. Like I said before, this is only the
> beginning....companies that use these techniques get away with it because,
> let's face it, most people are quite ignorant.

Make a hack to disable it, distribute on P2P and website, and if anyone
complains you pretty much have full legal immunity because rootkits are
classed as malware.

--
- Mark Randall
http://zetech.swehli.com

"Those people that think they know everything are a great annoyance to those
of us who do"
Isaac Asimov

Phillip
Thu Nov 03 11:24:55 CST 2005

"Imhotep" <Imhotep@nospam.net> wrote in message
news:X72dnU1fLs7a6fTeRVn-tQ@adelphia.com...
> It sounds like your in the media business, yes? If so, do your best to
> spread the info. Like I said before, this is only the
> beginning....companies that use these techniques get away with it because,
> let's face it, most people are quite ignorant.

Yes, an NBC Affiliate. Website is always in my sig. I did print the
article from the link you gave earlier and it is pinned up on one of our
bulletin boards in the hallway. But I can't effect the News Department
much,...I'm in the Engineering Dept. I just help them as a "technical
resource" when they ask.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

PA
Thu Nov 03 15:18:41 CST 2005

cf. http://blogs.zdnet.com/BTL/?p=2112
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP

Imhotep wrote:
> "Last week when I was testing the latest version of RootkitRevealer (RKR)
> I ran a scan on one of my systems and was shocked to see evidence of a
> rootkit. Rootkits are cloaking technologies that hide files, Registry
> keys, and other system objects from diagnostic and security software, and
> they are usually employed by malware attempting to keep their
> implementation hidden (see my ?Unearthing Rootkits? article from thre
> June issue of Windows IT Pro Magazine for more information on rootkits).
> The RKR results window reported a hidden directory, several hidden device
> drivers, and a hidden application:"
>
> http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
>
> Imhotep

Imhotep
Thu Nov 03 19:27:47 CST 2005

Roger Abell [MVP] wrote:

> "Imhotep" <Imhotep@nospam.net> wrote in message
> news:lK-dnV-_UoDptvXeRVn-1w@adelphia.com...
>> Roger Abell [MVP] wrote:
>>
>>> Interesting read, great analysis outline, and extremely troubling.
>>
>> A lot of people, including myself, have been warning of this for some
>> time.
>> And mark my words now, IT WILL GET WORSE. For we are only seeing the
>> first generations of it now.
>>
>
> There seems plenty of political ear and effort for protecting media
> companies' interests, but not much for actually implementable protections
> of the base consumers' rights. I mean, at least there could be a truth
> in labelling law . . . "by using this disk you concent to us trashing out
> your kernel tables and doing basically anything we want to and on your
> system
> without you being able to notice it" . . . 5 grams fat, 6 grams sugar . .
> .
>

...hahaha...nicely put.

Imhotep