Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Blizzard's Warden Thwarted by Sony's DRM Rootkit

CmdrTaco posted more than 8 years ago | from the why-openness-matters dept.

Privacy 418

shotfeel writes "First, news of Warden -a bit of code from Blizzard's WoW to trounce game cheats. Then, a Sony rootkit to make your computer safe for music. Now, news that you can use the Sony rootkit to make your game cheats safe from the Warden."

cancel ×


Sorry! There are no comments related to the filter you selected.

Just goes to show.. (5, Insightful)

Heem (448667) | more than 8 years ago | (#13943419)

Just goes to show that there is indeed a good use for everything.

Re:Just goes to show.. (4, Insightful)

Jonny_eh (765306) | more than 8 years ago | (#13943460)

How is people cheating in an online game a good thing?

Re:Just goes to show.. (5, Funny)

rob_squared (821479) | more than 8 years ago | (#13943482)

Because it helps the cheater WIN! Silly!

Wait a minute...

Re:Just goes to show.. (5, Interesting)

networkBoy (774728) | more than 8 years ago | (#13943538)

Because now Blizzard (hopefully) will sue Sony for some DMCA violation on breaking their game security device :-)
[/wishful thinking]

Re:Just goes to show.. (4, Funny)

Jonny_eh (765306) | more than 8 years ago | (#13943620)

On what grounds? "Their rootkit broke our rootkit!"

Ugly, ugly.

Re:Just goes to show.. (5, Informative)

networkBoy (774728) | more than 8 years ago | (#13943666)

I do believe that "circumvention of a protection device" may actually apply. . .

Re:Just goes to show.. (0)

Anonymous Coward | more than 8 years ago | (#13943667)

why? rootkit is just a tool.

Next fun hack? (5, Funny)

Chordonblue (585047) | more than 8 years ago | (#13943758)

Try and get Sony's DRM to interfere with DVD protection. RIAA Vs. MPAA... FIGHT!

Re:Just goes to show.. (5, Insightful)

B'Trey (111263) | more than 8 years ago | (#13943478)

Good or bad depends on your point of view, of course. Wouldn't it be trivial to modify existing worms or viruses to take advantage of the exact same concept, hiding themselves from virus scanners?

Shut up Chancelor (0)

Anonymous Coward | more than 8 years ago | (#13943660)


Re:Just goes to show.. (5, Insightful)

Anonymous Coward | more than 8 years ago | (#13943735)

A better question is, why don't Antivirus Software remove the Sony Virus(TM) in the first place?

Re:Just goes to show.. (4, Informative)

Proaxiom (544639) | more than 8 years ago | (#13943780)

Wouldn't it be trivial to modify existing worms or viruses to take advantage of the exact same concept, hiding themselves from virus scanners?

Sort of. Good ones already employ techniques to try to hide themselves. The difficult part is getting into the kernel, as the Sony DRM software does when you install it.

Virus writers might at this point decide to start using file and process names that start with $sys$, in which case anybody who has installed the Sony DRM app (in particular, WoW cheaters) will be especially vulnerable. I doubt that's a large enough population for the technique to be considered useful, though.

Mostly this is useful for hiding things from prying eyes on your own machine. It is remarkably effective. To prevent malicious apps from taking advantage of it, you might hack the Sony DRM software so it uses, say, $-q8f790vpae-$ as the 'hiding' tag instead of $sys$.

Just watch what you're doing, because as Mark Russinovich points out in the original article, it's not hard to nuke your box by accident in messing with the Sony/First4Internet drivers.

Re:Just goes to show.. (0)

Anonymous Coward | more than 8 years ago | (#13943542)

Once again clear evidence that two wrongs DO make a right.

Re:Just goes to show.. (0)

Anonymous Coward | more than 8 years ago | (#13943676)

No - this is a demonstration of how screwed up the scheme was. It serves no good. Unless, of course, you just happened to be renaming all your executables accordingly so while you didn't know about Warden and what it was doing, by happy coincidence, it was unable to capture private information. Nevermind that Warden doesn't seem to be the big privacy invasion professional cheaters wanted to make it appear to be.

Re:Just goes to show.. (5, Funny)

Stripe7 (571267) | more than 8 years ago | (#13943781)

I just love that post by the guy who wants ISO's of the CD so they can use the rootkit. Now SONY will now have their entire product pirated not for the content they are trying to protect but for the content protection system they chose to employ! ROFL

Re:Just goes to show.. (1)

einhverfr (238914) | more than 8 years ago | (#13943807)

Just goes to show that there is indeed a good use for everything.

Makes you wonder if you could use Sony's rootkit as a way to hide DRM breaking software. It seems to me that this rootkit might actually be more useful to everyone than it might have previously thought.

Thank you Sony :-)

Unfortunately, I don't run Windows... :-P

Sony owns Everquest (5, Funny)

halivar (535827) | more than 8 years ago | (#13943424)

Coincidence, or conspiracy? Hrmm...

Re:Sony owns Everquest (1)

sgant (178166) | more than 8 years ago | (#13943515)

I thought the same thing. I wouldn't be surprised if it was...but honestly I think this is just a "happy" coincidence for Sony. Not only are they screwing over a customer but now a major competitor in the MMORPG world.

But again, it's probably just a coincidence

Re:Sony owns Everquest (2, Interesting)

harrkev (623093) | more than 8 years ago | (#13943536)

But Sony has some MMORPGs too. Any word on using this for the Star Wars RPG?

Re:Sony owns Everquest (1)

LostCluster (625375) | more than 8 years ago | (#13943555)

I doubt this is going to be the last story of this rootkit being used to hide something from process seekers. Online poker gaming sites rely on being able to look at a user's running processes in order to detect bots.

Oblig. Simpsons (5, Funny)

Alaren (682568) | more than 8 years ago | (#13943574)

No, no, no conspiracy here. Rather, we're seeing an electronic example of the Mr. Burns phenomenon.

Doctor: Mr. Burns, I'm afraid you are the sickest man in the United States. You have everything.
Mr. Burns: You mean I have pneumonia?
Doctor: Yes.
Mr. Burns: Juvenile diabetes?
Doctor: Yes.
Mr. Burns: Hysterical pregnancy?
Doctor: Uh, a little bit, yes. You also have several diseases that have just been discovered - in you.
Mr. Burns: I see. You sure you haven't just made thousands of mistakes?
Doctor: Uh, no, no, I'm afraid not.
Mr. Burns: This sounds like bad news.
Doctor: Well, you'd think so, but all of your diseases are in perfect balance.

So I guess this just means instead of fighting malware and spyware, we just need to find all the spyware that cancels out the other spyware! d^_^b

Hmmmm, are you scratching your beard? (5, Funny)

Neil Blender (555885) | more than 8 years ago | (#13943427)

You anti-DRM, pro-cheating and stealing hippies must be really conflicted on this one.

Re:Hmmmm, are you scratching your beard? (1)

Datamonstar (845886) | more than 8 years ago | (#13943484)

Not nessecarily. Right and wrong hasen't changed any.

Re:Hmmmm, are you scratching your beard? (5, Funny)

WeeLad (588414) | more than 8 years ago | (#13943774)

Not nessecarily. Right and wrong hasen't changed any.

...but now two wrongs can make a right. I think someone said it's like multiplying negative numbers or something. If you do it right, you'll get a positive.

-(Sony Rootkit) X -(The Warden) = -(Cheating) ... hmmm, I think I must've messed up the math.

Re:Hmmmm, are you scratching your beard? (1, Insightful)

TelJanin (784836) | more than 8 years ago | (#13943553)

Your post makes no sense. How is being anti-DRM being pro-cheating? And how does not wanting to surrender my computer to a third party make me a stealing hippy?

Oh, that's right. You were just blowing it all out your ass.

Re:Hmmmm, are you scratching your beard? (1)

real_smiff (611054) | more than 8 years ago | (#13943726)

yes, i hate Sony for their anti-genuine-consumer (anti the majority) stance, and the cheaters for their anti-genuine-player (anti the majority) stance. it looks like my view is, would you believe it, in the majority. Both groups (Sony and cheaters exploiting this) are in the wrong. Not so hard to follow is it. Now stop trolling please (aimed at grandparent? not parent)

Re:Hmmmm, are you scratching your beard? (0)

Anonymous Coward | more than 8 years ago | (#13943602)

i scratched your mom's beard last night...all the way to the bank!

O.o (1)

Spy der Mann (805235) | more than 8 years ago | (#13943429)

An error has occured

Sorry, the database is currently unavailable, please try your request again shortly

Wow, this Sony rootkit works MUCH BETTER than I expected! :D

Now can we have a lawsuit? (4, Funny)

rovingeyes (575063) | more than 8 years ago | (#13943430)

Please somebody...anybody!

Slashdotted already. (1)

thepotoo (829391) | more than 8 years ago | (#13943432)

Christ, anyone got a link/full text?

Re:Slashdotted already. (0)

Anonymous Coward | more than 8 years ago | (#13943516)

Here's a link. []

Came up fine for me. (1, Informative)

Anonymous Coward | more than 8 years ago | (#13943520)

World of Warcraft hackers using Sony BMG rootkit
Published: 2005-11-03

Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD.

World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software--deemed a "rootkit" by many security experts--is shipped with tens of thousands of the record company's music titles.

Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.

Despite making a patch available on Wednesday to consumers to amend its copy protection software's behavior, Sony BMG and First 4 Internet, the maker of the content protection technology, have both disputed claims that their system could harm the security of a Windows system. Yet, other software makers that rely on the integrity of the operating system are finding that hidden code makes security impossible.

Re:Came up fine for me. (1)

nofx_3 (40519) | more than 8 years ago | (#13943706)

It is likely then, that the Warden will simply detect the Sony BMG software and ban all users who have played such copy protected CD's on their machines.

Re:Slashdotted already. (2, Informative)

Dugsmyname (451987) | more than 8 years ago | (#13943594) [] has a cached link here []

Wow (1)

interiot (50685) | more than 8 years ago | (#13943434)

Somebody is going to owe a LOT of people new monitors once they're all drenched in coke.

Re:Wow (1)

exi1ed0ne (647852) | more than 8 years ago | (#13943686)

Coke? Try Mountain Dew and hot pocket chunks.

FIRST POST (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13943437)


Yup... definitely works (4, Funny)

kneecarrot (646291) | more than 8 years ago | (#13943457)

I have definitely thwarted Warden. I just created a 13th level unicorn, ate all the remaining rhubarb in the forest, and killed the White Wizard with an AK-47. NICE!

Re:Yup... definitely works (0)

Anonymous Coward | more than 8 years ago | (#13943533)

I think you're confused. The mention of unicorns, rhubarb, and AK-47s were a dead giveaway. The Warden is not a reference to your mom and "root kit" is not slang for "bong". You're not doing what you think you're doing.

Re:Yup... definitely works (4, Funny)

Shadow Wrought (586631) | more than 8 years ago | (#13943601)

Remember kids, AK-47s don't kill White Wizards, Unicorns do.

Never thought I'd get a chance to say that again!

Re:Yup... definitely works (1)

sgant (178166) | more than 8 years ago | (#13943736)

You've obviously never played World of Warcraft.

There are no AK-47s in the game you noob! Just Colt M16A's...and the rhubarb isn't in the forest. LOL, right right, the rhubarb is in the's in the fricken meadows.

And everyone knows a level 13 unicorn can't take on a White need a group for that!


Cheating? (0)

Anonymous Coward | more than 8 years ago | (#13943465)

It's not cheating, it's civil disobedience!

Never Understimate... (1)

Stormeh (927626) | more than 8 years ago | (#13943469)

Never underestimate the power of the /.

This isn't as good as it seems (0)

Anonymous Coward | more than 8 years ago | (#13943480)

The Warden looks at window titles and such. The rootkit just hides filenames and registry keys. I'm not quite sure how this would be effective. Afterall, you can easily hide a cheat by not telling WoW about it!


Does anyone have a Torrent of the Sony Rootkit? (0)

Anonymous Coward | more than 8 years ago | (#13943481)

Let's stick it to the man by downloading their DRM and not paying!

This post has no content but (4, Funny)

Verteiron (224042) | more than 8 years ago | (#13943486)

Am I the only one who finds this amusing? I mean... wow. Whatever monkey at Sony that approved this scheme must be soiling their armor by now.

And that the first (known) exploit of this thing should be a game cheat. The world is a strange place; Sony has made it just a bit stranger.

Re:This post has no content but (1)

Datamonstar (845886) | more than 8 years ago | (#13943695)

I'm sure that it's money motivated. It's almost a certain bet that it was an organized effort by some WoW gold peddling outfit that hacked the DRM into their WoW hack so quickly. Also a near-certain bet that they're stepping up their production efforts to milk this thing while they can. Greed really isn't as strange as you may think.

Re:This post has no content but (1)

Red Flayer (890720) | more than 8 years ago | (#13943697)

FTA: A way to remove the 'cloaking device' without breaking the DRM (or your device driver): URL>

Sony: We Make Your DRM a Little Less Evil (tm)

Obviously, this was just a way for Sony to try to bring WoW to its knees; after all, that's a lot of potential EQ2 subscribers who might have changed over had Sony been able to cripple the WoW economy.

/tinfoil plate armor, shield, and helm securely equipped

Re:This post has no content but (1)

AdamWeeden (678591) | more than 8 years ago | (#13943698)

What would have been even more amusing is if had been used against a Sony MMORPG like Everquest 2.

I can't stop laughing (1)

elrous0 (869638) | more than 8 years ago | (#13943738)

A piece of evil DRM destroys a piece of evil Spyware. Oh man, that's TOO rich!!!! Talk about poetic justice!


YRO? (1, Interesting)

LostCluster (625375) | more than 8 years ago | (#13943488)

Are we suddenly interested in the rights of game cheaters? Whose rights are being impacted here?

This is just a classic hack. Nothing impacting free speech or even property rights. Yes, it belongs on /., but in a different section...

Yeah but... (1)

Ieshan (409693) | more than 8 years ago | (#13943665)

this directly relates to a story that was originally posted under the YRO heading. it makes sense to keep posting information about that story there, because people who read might want to know the latest in the Sony DRM rootkit saga.

Game Cheaters are human beings too! (1, Interesting)

xtermin8 (719661) | more than 8 years ago | (#13943696)

...well, maybe they're not human in the gameworld. ;) WoW uses a rather invasive technique for scanning Gameplayers whether they cheat or not. Sony's DRM scheme also inteferes with the ability for people to make backups of they're own property. In fact, the only interesting thing about this story is these two issues have collided in an unexpected way at a moment in time.

Re:YRO? (5, Insightful)

Experiment 626 (698257) | more than 8 years ago | (#13943727)

Are we suddenly interested in the rights of game cheaters? Whose rights are being impacted here?

The "rights" issue is with peoples' right to listen to music they've bought without the CD compromising their system and infecting it with rootkits. This article is signifigant more as a new development in that story, than as a "a victory for the rights of online cheaters everywhere!" thing.

To underscore the point, consider that yesterday on, we have:

The company dismissed the prospect of hackers exploiting its rootkits for their own purposes as an "academic" concern.

I guess it isn't so academic anymore.

Let's bash Sony (5, Insightful)

LordSnooty (853791) | more than 8 years ago | (#13943489)

OK, so I understand that Sony did a bad thing with the rootkit. But I don't immediately understand the link to Blizzard. Surely there are other "rootkits" around (think Hacker Defender) which can hide files? Why has this suddenly become a problem with the release of the Sony rootkit? Is it a case of "yes, this is definitely bad... now quick, find some way of demonstrating how bad it is!"

Do other cheat protection systems use similar methods to look for files? If so, why are they not affected? Why am I only hearing about Warcraft?

Re:Let's bash Sony (1)

kertong (179136) | more than 8 years ago | (#13943527)

I'm not sure how the Warden "looks for files", but I believe, rather, it pulls the titles/names of the currently running windows and processes them into a hash before sending it out to the blizzard servers.

Now correct me if I'm wrong - but this has isn't (or shouldn't be) reversible, right?

Re:Let's bash Sony (2, Insightful)

xSquaredAdmin (725927) | more than 8 years ago | (#13943600)

Actually, the way that Warden works (from the analysis I've seen), is that it grabs the window titles, hashes them, and compares them to the hashes of known cheats that it pulls from Blizzard's server. All that it sends to Blizzard is a simple yes/no for whether the player is using hacks.

Re:Let's bash Sony (1)

$RANDOMLUSER (804576) | more than 8 years ago | (#13943683)

Then wouldn't a simple command-line based cheat defeat that?

Re:Let's bash Sony (5, Informative)

xSquaredAdmin (725927) | more than 8 years ago | (#13943760)

I just dug up the description of what it actually does. Turns out it also does a brief memory scan of the processes in memory to look for hacks as well. So even if they do that, as soon as Blizzard gets their hands on it, they could just add it's signature to the definition.

I recently performed a rather long reversing session on a piece of software written by Blizzard Entertainment, yes - the ones who made Warcraft, and World of Warcraft (which has 4.5 million+ players now, apparently). This software is known as the 'warden client' - its written like shellcode in that it's position independant. It is downloaded on the fly from Blizzard's servers, and it runs about every 15 seconds. It is one of the most interesting pieces of spyware to date, because it is designed only to verify compliance with a EULA/TOS. Here is what it does, about every 15 seconds, to about 4.5 million people (500,000 of which are logged on at any given time):

The warden dumps all the DLL's using a ToolHelp API call. It reads information from every DLL loaded in the 'world of warcraft' executable process space. No big deal.

The warden then uses the GetWindowTextA function to read the window text in the titlebar of every window. These are windows that are not in the WoW process, but any program running on your computer. Now a Big Deal.

I watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time.

Once these strings are obtained, they are passed through a hashing function and compared against a list of 'banning hashes' - if you match something in their list, I suspect you will get banned. For example, if you have a window titled 'WoW!Inmate' - regardless of what that window really does, it could result in a ban. If you can't believe it, make a dummy window that does nothing at all and name it this, then start WoW. It certainly will result in warden reporting you as a cheater. I really believe that reading these window titles violates privacy, considering window titles contain alot of personal data. But, we already know Blizzard Entertainment is fierce from a legal perspective. Look at what they have done to people who tried to make BNetD, freecraft, or third party WoW servers.

Next, warden opens every process running on your computer. When each program is opened, warden then calls ReadProcessMemory and reads a series of addresses - usually in the 0x0040xxxx or 0x0041xxxx range - this is the range that most executable programs on windows will place their code. Warden reads about 10-20 bytes for each test, and again hashes this and compares against a list of banning hashes. These tests are clearly designed to detect known 3rd party programs, such as wowglider and friends. Every process is read from in this way. I watched warden open my email program, and even my PGP key manager. Again, I feel this is a fairly severe violation of privacy, but what can you do? It would be very easy to devise a test where the warden clearly reads confidential or personal information without regard.

This behavior places the warden client squarely in the category of spyware. What is interesting about this is that it might be the first use of spyware to verify compliance with a EULA. I cannot imagine that such practices will be legal in the future, but right now in terms of law, this is the wild wild west. You can't blame Blizz for trying, as well as any other company, but this practice will have to stop if we have any hope of privacy. Agree w/ botting or game cheaters or not, this is a much larger issue called 'privacy' and Blizz has no right to be opening my excel or PGP programs, for whatever reason.

Re:Let's bash Sony (1)

Helios1182 (629010) | more than 8 years ago | (#13943562)

Because WoW and the rootkit have been in the news lately. It is easier to pick up on a continuing story than it is to take time digging for new details.

Re:Let's bash Sony (0)

Anonymous Coward | more than 8 years ago | (#13943649)

The issue really isn't whether Warden can discover the rootkit, it's what do you do when you find a rootkit published by a major music/game/content producer that happens to have some nasty side effects. The reason Blizzard is brought up is because Bliz is the other big boy on the block. Meanwhile, us peons chitter about whether a Sony vs Blizzard battle is coming up. That's what makes this story interesting.

Re:Let's bash Sony (5, Insightful)

bleckywelcky (518520) | more than 8 years ago | (#13943786)

This is newsworthy because someone can legitimately use the Sony CD and have the rootkit installed, and then play WoW. So blizzard can't just look for signs of the rootkit and ban that account - people will be pissed for a non-legit ban. At the same time, people can do the same thing AND initiate a cheat on WoW and claim to be pissed for the same "non-legit" ban.

Sue Sony (1, Interesting)

Anonymous Coward | more than 8 years ago | (#13943492)

Sue sony under the DMCA

$sys$Warcraft and Sony Suxorz$sys$ (4, Funny)

sweetnjguy29 (880256) | more than 8 years ago | (#13943493) didn't work.

I for one... (1, Insightful)

wastedbrains (588579) | more than 8 years ago | (#13943506)

I for one would like to sue sony for hating their costumers and making WOW turn into another game that shows you cant play for fun on battlenet unless you password protect your games and only play with friends you know and trust. Why is it that I cant watch movies on my projector cause my computer blues out the screen thinking I am trying to play to some illegal device? DRM IS NEVER GOOD FOR CONSUMERS!!!

Although this is a dupe... (0)

Anonymous Coward | more than 8 years ago | (#13943507)

if it gets enough attention by doing so to get Blizzard's lawyers into action against Sony, I'm all for it.

Two wrongs... (1)

bl4nk (607569) | more than 8 years ago | (#13943509)

So two wrongs do make a right... right? For the cheaters at least... but that's wrong... so two wrongs come together to combat one wrong, and you're left with two wrongs instead of two.. wrongs... Can't we all just get along?

Re:Two wrongs... (0)

sgant (178166) | more than 8 years ago | (#13943770)

Two wrongs don't make a right...but three rights make a left!

Think about it....

Hell, you knew it was coming. (4, Interesting)

Tuxedo Jack (648130) | more than 8 years ago | (#13943511)

If the process is hidden, the Warden can't pick up on it, right?

So hypothetically, ANY rootkit could be used to hide processes - HackerDefender and the others out there would do the job nicely.

Of course, the other edge of the sword is that you don't know just what _else_ is hiding... unless you wrote and compiled the rootkit yourself using your home-brewed compiler.

Re:Hell, you knew it was coming. (4, Informative)

LostCluster (625375) | more than 8 years ago | (#13943719)

And, if we're going by Security Now [] 's definition of a "rootkit", Norton SystemWorks is a rootkit because its Undelete component hides files from the operating system that are really still there, SystemWorks just fools all applications into thinking they're not there.

Any program that uses the operating system hooks to find out what is going on risks being fooled. The only way around it is to do what RootkitRevealer [] does, ignore what the OS is saying and go byte-level reading the disk to see what you get, then if you like compare it with what the OS is reporting to see if there's any differences.

Great Trojan Hiding Tool (0)

Anonymous Coward | more than 8 years ago | (#13943514)

Just name your trojan $sys%AllYourMoneyBelongToUs.exe and it's safe and sound.

did /. just dupe ME?! (1)

Donniedarkness (895066) | more than 8 years ago | (#13943517) 32086 [] . Heh...Slashdot duped me, I think.

Re:did /. just dupe ME?! (2, Funny)

Anonymous Coward | more than 8 years ago | (#13943616)

did /. just dupe ME?!

Depends.. Do you live in Soviet Russia?

What's the term? (0)

Anonymous Coward | more than 8 years ago | (#13943526)

What's the scientific term for when two diseases conflict and the host ends up suffering no harm from either?

Re:What's the term? (1)

$RANDOMLUSER (804576) | more than 8 years ago | (#13943615)

Democracy. No, wait, that other thing.

Re:What's the term? (1)

Ant2 (252143) | more than 8 years ago | (#13943713)

Burns Syndrome

(Simpsons reference)

This does not work (1)

the computer guy nex (916959) | more than 8 years ago | (#13943529)

Sorry. This rootkit will hide the process from WoW, but the Warden will still be able to tell if a function is hooked within the code. Blizzard won't care what is hooking their code, even if they can't find the process, you will get banned anyway.

Warden fix (1)

n0dalus (807994) | more than 8 years ago | (#13943531)

Blizzard just have to write their own code for reading the filesytem/registry and to notice the differences between the raw data and the results from the windows API calls, and Warden can start to check for rootkits.

Not bad, (4, Funny)

Vengeance (46019) | more than 8 years ago | (#13943535)

But it would be better if Warden was a product of Sony Online Entertainment, and it was used to protect Star Wars Galaxies. THAT would have made my day.

This Rootkit Not Affecting Mac (0)

Anonymous Coward | more than 8 years ago | (#13943564)

According to Sony those DRM-CDs will play just like normal audio CDs when using with Mac.

Here is some more information. []

I pray for the day (5, Interesting)

sammy baby (14909) | more than 8 years ago | (#13943569)

I now live in hope for the day that a bunch of the corporations pushing for invasive DRM like Blizzard's Warden and Sony's whatever-it's-called sue each other under the DMCA for circumventing each others technologies, instead of suing us for trying to crawl out from under them.

Time for the whore-off (4, Funny)

Duncan3 (10537) | more than 8 years ago | (#13943579)

In this corner, the spammers, with thier root for zombies to spam you with...

In this corner, the DRM people, making sure you don't listen to any music you paid for.

And in this corner, the 1337 gamer d00ds, making sure you have to buy it on ebay instead of getting it yourself.

And there is the bell... wait, they don't appear to be fighting... why are they taking off their clothes... what is the Sony guy doing to the spammer... they appear to be... oh my, that's just not right... this fight is called on account of an orgy breaking out...


Enjoy the nice cozy comfort of your OSX and Linux boxes :)

I wonder how complete the irony is? (3, Funny)

idontgno (624372) | more than 8 years ago | (#13943582)

I don't play Sony's EQ2, but aren't there cheater progs for that? And doesn't EQ2 have memory- and registry-based cheater scans? Wouldn't the tasties irony in the situation be a Sony software product defeating cheat-detection in a Sony game?

Yes, the software industry is the best way of fulfill the Recommended Daily Allowance for irony.

DRM wars (0)

Anonymous Coward | more than 8 years ago | (#13943614)

Blizzard: w3 0wn joo!

Sony: n0, w3 0wn joo!

Blizzard: n0, W3 0wz joo!

Sony: no, W3 0wn joo!

Lawsuit anyone? (1)

Chayak (925733) | more than 8 years ago | (#13943657)

I can already see Blizzard taking Sony to court because their rootkit allows people to cheat. Yes it may seem stupid but if you ever look at some court cases a lot of them are very stupid indeed. There's no question that the US legal system is broken and provides just the means to pull off a stunt like this.

Sony to Blizzard: (1)

millennial (830897) | more than 8 years ago | (#13943658)

Ha ha! []

SoE Possibly Exploring Warden Technology (0)

Anonymous Coward | more than 8 years ago | (#13943670)

There is a post [] on the EverQuest Live message boards [] asking for a clarification of the EverQuest Producer's message to the community [] .

Craig Knapp, the producer of EverQuest, has stated that Sony Online Entertainment has a new tool to ferret out cheaters and "hackers." There is no word yet from Sony as to whether this will be a repeat of the mistakes [] they made five years ago and of the mistakes that Blizzard is currently making.

Wouldn't it be ironic if you could get around EverQuest's cheat protection mechanism by using Sony's own rootkit?

Now all we need... (0)

Anonymous Coward | more than 8 years ago | (#13943677)

Is a virus to come along and take advantage of this Sony rootkit. How the heck would they explain that one away? It's essentially put a filesystem blindspot right into the core of Windows - one that isn't Microsoft's fault, or responsibility - without asking the owner.

I mean, as far as I'm concerned, that's just plain illegal (or should be).

valve will have to come up /w a new warden anyway. (0)

Anonymous Coward | more than 8 years ago | (#13943690)

They have some time, but with virtualization, you'll be able to hide everything from everything else, putting programs in their own vserver, thereby thwarting valves current method of checking strings of other apps you have running; there will be nothing visible to the warden to check.

In related news (2, Insightful)

$RANDOMLUSER (804576) | more than 8 years ago | (#13943720)

Sony's DRM rootkit can be thwarted by not doing business with those evil bastards.

Proof Positive... (0, Redundant)

lordsid (629982) | more than 8 years ago | (#13943732)

two wrong do make a right.

Other, similar tactics (1)

Yoyoson (928225) | more than 8 years ago | (#13943741)

Did you know that if you are playing X-Com: UFO Defense while running SETI@home, it speeds up the chances of finding an actual UFO by 0.0005%!?!? ZOMGLOLFTW

Only slightly OT (5, Insightful)

Nom du Keyboard (633989) | more than 8 years ago | (#13943744)

It should be only slightly OT to ask:

1: Why are people celebrating victory because Sony announced they will remove the cloak, they're still leaving all the rest of the crap on your system - including the memory and cpu wasting scan that runs continually, even when you're not playing their DRM infested CD's.

2: Now that the cloak is removed, what was that registry key that keeps track of how many CD's you've burned under their DRM system?

3: Don't you think you're celebrating a bit early since Warden 2.0 should be able to use the same tricks as RootKitRevealer to diagnose your system? And how long will this take to appear?

4: If you detecting and removing this software from your computer violates the DMCA, then the DMCA is so cleary wrong that it should be repealed this afternoon.

5: Profit! Or in other words, who is profiting from this now? I don't see Sony going broke yet.


erik umenhofer (782) | more than 8 years ago | (#13943746)

glowing brightwood staves for none!
glowing brightwood staves for some, miniature American flags for the others!

Applies to other anti-cheat systems? (1)

DoddyUK (884783) | more than 8 years ago | (#13943751)

"Sorry, the database is currently unavailable, please try your request again shortly"

Wow. /.'d within 15 minutes? Now THAT is something.

But yeah, this was pretty much inevitable considering that these are two of the biggest stories of the week. Watcher scans for currently active progams and contents of programs, while the Rootkit hides the said problem. Doesn't take much to figure the link.

I'm wondering now if the same can be applied to other Anti-Cheat systems (VAC and so on). If so, then I believe that Sony may have opened a pandora's box for potential cheaters.

It all comes down to trust (0)

Anonymous Coward | more than 8 years ago | (#13943765)

There are only a few ways to solve the problem of cheating:
  • Trust the client—this requires something like Palladium to succed
  • Don't trust the client—keep all the secret bits and random number generation on the server
  • Use theostrich algorithm [] —this is by far the most popular option

It's like Godzilla versus Mothra! (1)

Dark Paladin (116525) | more than 8 years ago | (#13943768)

Or, King Kong versus Godzilla - two gigantic forces of destruction battling it out!

I'm going to pop some corn and watch the sparks fly.

Possible poetic use of Sony's DRM? (0)

Anonymous Coward | more than 8 years ago | (#13943783)

Perhaps someone could write a P2P software that uses Sony's DRM to hide itself on PC's, spreads like a virus, and shares infected user's drives with the world. Then Sony's own DRM would be helping to spread the music.

Not that I advocate such a program.

I think I will post this anonymoosely.

Amusing but... (0)

Anonymous Coward | more than 8 years ago | (#13943798)

The question I am most interested in is the rumor that this code bricks Vista. What about W98, X360 or CE?

Remember folks: friends don't give friends herpes or Sony products!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>