Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Real Story of the Rogue Rootkit

Zonk posted more than 8 years ago | from the when-good-rootkits-go-bad-on-fox dept.

Privacy 427

BokLM writes "Wired has an interesting article from Bruce Schneier about what's happening with the Sony Rootkit, and criticizing the anti-virus companies for not protecting its users. From the article: 'Much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.'"

Sorry! There are no comments related to the filter you selected.

A thought experiment (0, Offtopic)

Dim Undercellar (929222) | more than 8 years ago | (#14056884)

I remember reading an article, a long time ago, in "Psychology Today", entitled something like "The Soulmate Myth". It's about how people these days seem worried about settling down. They worry they'll miss a better opportunity if they throw in their lot with the relationship partner directly in front of them. Combine that with the oft-spoken idea that when it comes to relationships you should never "settle", and you get a recipe for a lot of trouble and angst.

It can really make you wonder. Should we ever "settle", in an ideal world, for a relationship partner who's "just good enough"? Or should we wait for our "perfect match", who may or may not exist?

The question is entirely academic, for scholars and philosophers, but it's important to consider the following:

What makes a "perfect match" for you?

To answer that question, I'd like you all to conduct a thought experiment in your head.

Build, in your mind, your PERFECT partner. From scratch. Imagine this perfect person. Imagine how an interaction with this person would go. Imagine how a first date with this person would go. Don't worry about putting in qualities your wife/husband /girlfriend/boyfriend has just to keep it politically correct; this is strictly for your own edification, not for me to judge you by.

Now open up Notepad or MS Word or grab a sheet of paper and write down what you came up with. Shred it later, if you don't want your spouse to find it. Again, it's not my thought experiment.

I'm serious, I REALLY want you to do this. I promise that it can be enlightening and fun. Forget what you believe society is telling you that you're supposed to want and just pay attention to what you actually want.

Now, I'm going to ask you a series of questions about your perfect spouse. Write down the answers for your personal notes because, again, this is about individual edification.

Did you start with a personality? A voice? A sense of humor? A political ideology? Something else non-physical? Or did you start out with a body type? Hair color? Eye color? Bicep size? Breast size? Anything else physical?

Is your initial interaction sexual? Are sex and sexuality primary components of what it takes to be "perfect" for you, or secondary, or tertiary? Do the physical sexual acts they'd be willing to perform factor into your image? Is your "perfect spouse" of a particular sexual orientation (for example, bisexual)?

For those of you who even considered physical appearance, does the person physically resemble someone you've seen in a media context? An actor/actress, a singer, a talk show host, a sports persona (Woo, I know what the ladies are thinking: John Madden! POW!), a comic book character, a news anchor, a model, a porn star? Did you take a relatively famous person and graft the "perfect" personality onto them?

Does this person physically resemble your current partner or prospective partner, if applicable?

Does this person's personality resemble that of your current partner or prospective partner, if applicable?

If you were to build, in the same manner, a "perfect friend who you would never ever be sleeping with in married to", would that person in any way resemble your "perfect spouse"? If so, how? If not, why not?

How likely is your "perfect spouse" to actually exist, in terms of personality?

How likely is your "perfect spouse" to actually exist, in terms of physical attributes?

Is one of the first thoughts you have when contemplating those last two questions: "Someone like that would never have anything to do with ME anyway..."? (Hint: If so, that means you're not really focusing on creating their personality so much as their physical appearance, since someone with a "perfect personality" for you would probably, by definition, like you.)

Hey, no need to get defensive. I can already hear a lot of people, mostly men, gearing up to justify their "perfect spouse" image and make it seem less incriminating than it might otherwise seem. Don't worry so much about it, gang. I'm not all that interested in your answer on a personal level. This is just for you to think about. Although, If it's something you'd feel less than proud telling other people about, maybe that's a clue, eh?

That aside, I'd like to ask the men (and maybe the women who are so inclined) to compare their "perfect spouse" to a typical porn person. How many qualities are similar? Are we looking at oversized sexual organs or erogenous zones (breasts, penises, butts, etc)? A hyperactive sex drive? A willingness to participate in "kinky" sex acts, but not TOO kinky? Exaggerated submissiveness, with regards to women, or exaggerated aggressiveness (particularly sexual) with regards to men? Are we looking at Ron Jeremy? Are we looking at Jenna Jameson?

Think about it. And if this is making you uncomfortable or indignant, think about WHY. If your "perfect spouse" does, in fact, resemble a porn star in some respects, that's something you really need to give serious thought to. Not just for the stability of your current/future partner, but also for your current/future happiness.

How happy could your partner ever be, knowing that he or she is just "second rate", particularly when he or she is competing not against flesh and blood, but figment and ephemera? Knowing that as soon as someone comes around who is closer to the "ideal", he or she risks being dumped? How happy, how fulfilled, can you really make another human if your "perfect spouse", your image of relational bliss, will never be her/him? Is your partner's happiness and fulfillment even important to you? Honestly?

Furthermore, how happy can YOU be when your "perfect person" is unattainable? How happy can you be if you always look at your partner and compare that partner to a "perfect spouse" who doesn't really exist in real life? How likely are you to "trade up" to closer and closer approximations of your "perfect spouse", without ever being satisfied that you're not just "settling for what you can get", if your "perfect spouse" only exist in a porn director's script? How happy can you be if you never truly settle down in favor of keeping one foot in the doorway and the other on the road in case another opportunity comes along? How depressing is that? How stressful is that?

How many of you men feel like you'll never find a girl, then get confused and frightened when a girl likes you? That's a symptom.

Pornography, men assure everyone, is just a harmless fantasy. They are aware of its lies and half-truths and its whitewashing of the complex reality of sexual interaction into a simple "women want to be fucked all the time" paradigm. They swear up and down that it has no effect on them(1).

But I'm pretty sure that there are a couple men out there who, upon completion of this exercise, now realize that pornography has had a little more effect on their thoughts, feelings, and desires than they really wanted to believe.

But... does pornography shape what we desire, or merely show us what we already naturally desire? Chicken first, or egg? Good question. I will answer it with a few more questions for you to evaluate honestly:

Where would you, or anyone, originally get the idea that the perk of having a bisexual girlfriend is the opportunity to have threesomes with another woman? Keep in mind that there aren't many men who had their first exposure to "bisexual" porn AFTER they actually met a real-life bisexual woman willing to have a threesome.

Given that in real life the cervix tends to send large pain signals to the brain when it's hit with a hard object over and over again, where would you or anyone originally get the idea that women love big dicks?

Given that excess fat around the mammary glands makes it more difficult for a baby to nurse, thus removing the "biology" argument (look it up sometime), where would you, or anyone, originally get the idea that big breasts are the pinnacle of female sexuality?

Assuming for the moment that men are NOT just naturally sex-crazed misogynists who only want to use women as a sex class, where would you or anyone originally get the idea that women really love acts that you yourself would find disgusting, frightening, or painful? Especially painful?

Think about it, honestly, and maybe you'll find there's some insight to be gained from it all. Maybe, just maybe, some of you will look up from your list and realize that you're not who you thought you were. That you HAVE been influenced by pornography, that you ARE affected, and that if YOU are affected, anyone could be affected. And, most importantly, that you are not happy with it.

I don't ask you to change your "perfect spouse" image. That's a band-aid on a sucking chest wound. The only real cure begins with serious, honest, and introspective thinking.


[(1)Until they feel cornered, at which point they claim that porn is the only thing keeping their horrible inner rapists from enacting a just-below-the-surface need to fuck and brutalize unwilling women. The form it usually takes is an assertion something along the lines of "If porn were illegal, there would be more rape". And it's bullshit, particularly since it doesn't seem to apply to kiddie porn. But I digress. Sorry.]

Re:A thought experiment (2, Funny)

aicrules (819392) | more than 8 years ago | (#14056909)

What the heck is this?

Re:A thought experiment (0)

Anonymous Coward | more than 8 years ago | (#14056958)

I dunno?

Re:A thought experiment (1)

OakDragon (885217) | more than 8 years ago | (#14057004)

I don't know, but if you reply to it you'll get modded down, too.

She seems to have the knack for getting the first post, though!

Re:A thought experiment (0)

Anonymous Coward | more than 8 years ago | (#14057016)

Stop replying! Me mod you down longtime.

Re:A thought experiment (0, Offtopic)

suzerain (245705) | more than 8 years ago | (#14057006)

I think it's a big pseudopsychological masturbation-fest from some asshole who can't control his porn watching habits, and feels that he has a "problem", so he deals with it by concocting this big bullshit treatise on the perfect partner as a way of dealing with his problem.

Re:A thought experiment (1)

temojen (678985) | more than 8 years ago | (#14057107)

No, actually, it's a troll who's re-posting blog entries (he/she) did not write in an effort to get people to troll the blog site they came from.

Re:A thought experiment (0)

Anonymous Coward | more than 8 years ago | (#14056993)

True story;

Ten years ago I delivered parts to Chrysley in Detroit, from Mexico, on a weekly bases. One day I was inside one of their plants and I saw a sign that said, in so many words, "We will no longer omit parts just because they are not currently in stock."

And that is reason #914 why I will never buy a Chrysler. /love my Subaru Legacy GT

Re:A thought experiment (2, Interesting)

neomunk (913773) | more than 8 years ago | (#14057108)

I don't care what the rest of you hip 1334 types think, this post (though slightly incoherant) trys to bring a real point to the table, and actually offers (albeit painfully) what I consider to be the most valid reason this didn't get taken care of earlier. You are NOT to question the corporate masters when they tell you how to use the software you bought, you are NOT to question when they force you to use your own property (your computer's clockticks) to make sure you don't cross the line they have placed for you. Why do we take this? Read the post again, and try THINKING (I know, I know, it's dangerous) about what this person said. It's spot on as far as I'm concerned. Sony is one of the masters (one of the High Masters of Entertainment), and if master says shoot myself in the foot for his amusement, then master gets what master wants. We've been willingly bent over so long that we didn't even notice that they stopped giving us the courtesy of a reach-around.

deafing silence (0, Interesting)

Anonymous Coward | more than 8 years ago | (#14056893)

Nothing to see here, please move along...

How appropriate ;-)

This time... (5, Funny)

Anonymous Coward | more than 8 years ago | (#14056894)

... the malware was not made by the anti virus companies so how could we expect them to make the antidote?

Now don your tin foil hats!

And in other news... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14056955)

Google stock breaks $400 per share [] . Who wants to bet that'll be the next story on the front page?

DMCA risks. (5, Interesting)

Anonymous Coward | more than 8 years ago | (#14057038)

If the Antivirus companies start destroying Sony copy-protection technologies, they're almost certain to get in trouble. Surely they don't want to violate the DMCA.

Mirror (3, Informative)

Anonymous Coward | more than 8 years ago | (#14056899)

Wired's webserver was borked before this even hit the front page. A functional mirror [] for everyone's perusal.

Bah... (4, Interesting)

Poromenos1 (830658) | more than 8 years ago | (#14056900)

It's a shame what big companies can get away with. I mean, no matter how you look at this, a rootkit is a rootkit, there was nothing subjective about this. Yet, the fact that it was by Sony made people keep their mouths shut. It's a shame.


Anonymous Coward | more than 8 years ago | (#14056930)

I so agree with Poromenos1. He's right about Sony. That's for sure.


Well, not really... (was:Bah...) (4, Insightful)

Lead Butthead (321013) | more than 8 years ago | (#14057077)

It's their "rootkit," our "DRM enforcement agent." The same sort of nonsense about their "terrorist," our "freedom fighter." that were promoted by the whitehouse in 80's.

Re:Bah... (2, Insightful)

l2718 (514756) | more than 8 years ago | (#14057098)

I think's things are not so simple. While this is a rootkit, "infected" systems don't display the normal symptoms: no (appreciable) slowdown, no annoying popups, no self-propagation or open ports. Moreover, the "phone home" behaviour is very limited. Since the average user didn't notice, there were no complaints. Do you expect the AV companies to buy and test music CDs for malware before this broke out (not in hindsight!). Since it took a Windows guru to figure out something was wrong, I'd expect these companies to take a few days. Several (including Microsoft, in fact) already classify it as malware and look for it.

A more serious problem for AV makers is that removing this rootkit is a very delicate business, so they can't offer a solution before they ensure it actually works. Also, since this stuff comes from music CDs people might listen to again, it's not clear what the right thing to do is. What happens if the (cluelss) user inserts the CD again? What is a (better informed) user wants to play the CD despite the rootkit?

Re:Bah... (5, Insightful)

LiquidCoooled (634315) | more than 8 years ago | (#14057198)

What is a (better informed) user wants to play the CD despite the rootkit?

Rule #1: Disable Autorun.

If microsoft had disabled this action by default, it would have prevented this being a widespread problem in the firstplace.

AUdio CDs should be nothing more than data. A media player is installed on every single computer that can play audio CDs.

Sony should not have messed with that, and if MS had defaulted it then 1st$ wouldn't have exploited it.

Re:Bah... (2, Informative)

QuantumG (50515) | more than 8 years ago | (#14057210)

Uhhh, it causes your CD burning software not to work.. and in many cases it caused people's CD/DVD drives not to work.

Re:Bah... (1)

qeveren (318805) | more than 8 years ago | (#14057221)

So... as long as you don't know it's there, it can't harm you, right?

Re:Bah... (4, Insightful)

eric76 (679787) | more than 8 years ago | (#14057261)

While this is a rootkit, "infected" systems don't display the normal symptoms: no (appreciable) slowdown, no annoying popups, no self-propagation or open ports.

Methinks thee art confusing rootkits with spyware.

The last thing a rootkit author would want in a rootkit would be for it to be noticeable to the average user. Or even to the expert user. If symptoms are noticed, it isn't a good rootkit.

Re:Bah... (5, Insightful)

nigelo (30096) | more than 8 years ago | (#14057266)

TFA points out that this has been out there for over a year, not just "a few days".

Just because the symptoms are barely noticeable does not make it acceptable.

Just because it comes from a CD does not make it acceptable, either.

If the "(cluelss) user" inserts the CD again, the AV software should do what it should have done the first time - issue a large warning and block the activity. If this had happened a year ago, there wouldn't be several hundred thousand machines with it installed today.

Re:Bah... (0)

Anonymous Coward | more than 8 years ago | (#14057280)

It made people keep their mouth shut? When this rootkit was first discovered, hell broke lose in less than a day. I doubt there has been as many news stories about rootkits taken together during the last decade than there has about this single Sony slip up.

I don't know what bizarro world you live in, but I'm getting this story shoved down my throats five times a day and this has been so since day 1.

Clearly (5, Insightful)

Trails (629752) | more than 8 years ago | (#14056918)

The AV companies are just gunshy of Sony's squad of legal attack ninjas. Not surprising given that this is grey area. I think the author makes a decent point (that the AV companies moved slowly), but the real failing here is the draconian legislation that made this a grey area in the first place. Hopefully these wee little gaps in consumer protection get plugged as a result of this.

Re:Clearly (2, Interesting)

Anonymous Coward | more than 8 years ago | (#14057067)

I think the lack of response has to do more with anti-virus companies not having enough experience with kernel mode programming rather than any overarching fear of retaliation.

Re:Clearly (1)

wossName (24185) | more than 8 years ago | (#14057271)

anti-virus companies not having enough experience with kernel mode programming

Now that's a scary thought.

Re:Clearly (0)

Anonymous Coward | more than 8 years ago | (#14057093)

Hopefully these wee little gaps in consumer protection get plugged as a result of this.

Be careful what you wish for. You just might get it. Sony is no lightweight in the legal department and they may use any resultant case to try and establish precident for these types of DRM schemes.

Re:Clearly (4, Insightful)

jcr (53032) | more than 8 years ago | (#14057285)

Not surprising given that this is grey area.


This is not a grey area, this is a crime, and it is also a civil tort. Sony will learn this at great expense over the next couple of years in litigation.


Who Else Can We Blame (4, Insightful)

moehoward (668736) | more than 8 years ago | (#14056935)

I have to ask... If you were infected by this thing, then why not call law enforcement? You know it is malware of the worst kind and you know exactly who did it to you. Why not call the FBI or your Attorney General and file a criminal report? Couldn't you list Sony or the record store/online store you got it from as the source? I don't know. Seems like a good form of civil disobedience at the very least.

Isn't that what we're supposed to do?

Of course, all Slashdotters were not infected because we all boycott music companies anyway. Right?? Or did I miss a memo?

Why not call law enforcement? (1)

thepotoo (829391) | more than 8 years ago | (#14056968)

Because calling law enforcement would lead to a court case: YOU vs SONY.

Guess who wins every time?

Not to mention that if warez/pirated music, etc were found on your computer by the law enforcement you called in, you'd be in deep shit.

Re:Why not call law enforcement? (5, Insightful)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#14057053)

Because calling law enforcement would lead to a court case: YOU vs SONY. Guess who wins every time?

What are you talking about? Making a report to law enforcement is not going to get you into a civil suit. It will be the state vs. Sony in a criminal case should they pursue it. The trouble is getting them to do so. Try calling the FBI sometime. If it isn't easily demonstrable as several grand worth of damage they will just ignore you.

Re:Why not call law enforcement? (1)

QuantumG (50515) | more than 8 years ago | (#14057128)

This must be some sort of alternate universe where states charge corporations with criminal acts. Wouldn't the police have to identify which persons in the company were actually responsible for this criminal act and charge just those persons? Ya know, like ceasing the internal communications that have probably already disappeared from Sony's internal email servers?

Re:Why not call law enforcement? (0)

Anonymous Coward | more than 8 years ago | (#14057237)

ever hear of the Sarbanes Oxley act?

Re:Why not call law enforcement? (1)

Scarletdown (886459) | more than 8 years ago | (#14057066)

Because calling law enforcement would lead to a court case: YOU vs SONY.
But wouldn't this be a criminal case instead of a civil suit? In that case, it wouldn't be you vs. Sony. It would be The State vs. Sony.

There is such a thing as criminal law (1)

tepples (727027) | more than 8 years ago | (#14057069)

calling law enforcement would lead to a court case: YOU vs SONY.

Not necessarily. It might lead to PEOPLE v. SONY, if you can help the police prove that a crime was committed.

Re:Why not call law enforcement? (1)

RedWizzard (192002) | more than 8 years ago | (#14057088)

Because calling law enforcement would lead to a court case: YOU vs SONY.
No, it wouldn't. If you sued Sony (i.e. a civil case) it would be you vs Sony. If you call law enforcement and they decided to prosecute (i.e. a criminal case) it would be "the people" vs Sony. You might be involved as a witness, but that would be all.

Re:Who Else Can We Blame (5, Funny)

Hosiah (849792) | more than 8 years ago | (#14057114)

Of course, all Slashdotters were not infected because we all boycott music companies anyway. Right?? Or did I miss a memo?


To:all Slashdotters
From: The Big Penguin
Subject: Protective measures

We will be switching exclusively to the Linux operating system at 1200 hours effective Tuesday. This will ensure that we can run any music CD with impunity, be it ripped or legit.


Re:Who Else Can We Blame (1)

dada21 (163177) | more than 8 years ago | (#14057119)

My other and I are dumping all our Sony artists CDs at the resale shop. I'm also done with future artists dumb enough to support Sony BMG.

Why do this?

You can get record stores to stop selling Sony artists.

You can't get Sony to stop.

You can't change the RIAA which came to power through the voterd in the US (I don't vote/rape).

You can hurt the artists. I'm amazed how many artists are on Sony. I e-mailed the ones I could, and I will never support Sony BMG again.

The $1000 I save on my PS3+games will be spent at more indie shows now.

Re:Who Else Can We Blame (1)

Mattcelt (454751) | more than 8 years ago | (#14057170)

Certainly not this slashdotter. I haven't bought a new CD in more than four years except for when I went to a band's concert and bought it there.

Libel and liability (1)

Mithrandur (69023) | more than 8 years ago | (#14056942)

AV companies can't afford to take the threat of a libel lawsuit lightly. They have to step carefully whenever someone with backing installs malicious software on your box. Why do you think it took them so long to get into the spyware removal business? Lawsuits.

DMCA (4, Insightful)

PacketScan (797299) | more than 8 years ago | (#14056949)

No shit no one touched it..

They are Scared Shitless...

Until Now.

Re:DMCA (4, Insightful)

Mundocani (99058) | more than 8 years ago | (#14057112)

The article makes a big issue of painting this to be big corporations supporting big corporations, but I suspect you're right and that it's actually because of the DMCA. The anti-virus companies removed the cloaking code, nothing too risky about that as far as the DMCA goes. Removing the rest of the code however isn't nearly so clear cut. Personally, I'd love to see the DMCA gutted, but until it is this sort of issue is going to be there. When is it ok to remove a piece of software which is a combination of copyright protection AND spyware? Seems like a very fuzzy area in the DMCA indeed given that an anti-virus company can't exactly pick apart the software to leave the protection features in place while knocking out the spyware.

This issue isn't about big companies supporting big companies, it's about companies not knowing where the legal line is on what they can remove from your computer without being slapped with a DMCA lawsuit.

NGSCB? (5, Interesting)

interiot (50685) | more than 8 years ago | (#14056952)

What happens when Sony's rootkit hides under the protection of Windows Vista's NGSCB [] ? Will antivirus vendors be able to remove bad code that ends up in the NGSCB? Given that Window's kernel in insecure enough to allow itself to be rootkitted, what is the chance that NGSCB itself will be subverted? Doesn't the fact that NGSCB is designed to hide code from normal users and knowledgable debuggers alike mean that it's somewhat similar to what the Sony rootkit tries to do?

Built-in DRM (5, Insightful)

dereference (875531) | more than 8 years ago | (#14057039)

That's a great point, although I suspect the reality will be even more bleak.

Sony won't need to install a rootkit, because the Microsoft DRM will be designed specifically to help enforce things like Sony's EULA. Why should Sony bother with a rootkkit when the OS itself will impose the limits by design?

anti-Vista publicity (3, Funny)

geo.georgi (809888) | more than 8 years ago | (#14057137)

That can be a great anti-Vista publicity.

"With Vista you don't have to worry about shit like the Sony rootkit, because he is already in!"

Re:NGSCB? (1)

Lehk228 (705449) | more than 8 years ago | (#14057103)

if when NGCSB gets owned, NGCSB will nolonger protect malicious code hiding in it because scanners will be able to use the same exploit, unless the malware plugs the hole behind it.

RootKit ??? What rootkit ?? (2, Funny)

Hymer (856453) | more than 8 years ago | (#14056957)

& wich flavours of UNIX/Linux is it for ? ...and what are the symptoms ?

Re:RootKit ??? What rootkit ?? (2)

QuantumG (50515) | more than 8 years ago | (#14057051)

Yeah, I didn't notice any problems playing these CDs on my Amiga either.

Re:RootKit ??? What rootkit ?? (1)

superspaz (902023) | more than 8 years ago | (#14057076)

None, only affects windows machines. Also I think the EFF lists some of the CD's affected and gives the location of a site to test if your computer has been infected with xcp.
(Also, "which" of "???", "??" isn't annoying?)

Re:RootKit ??? What rootkit ?? (1)

mrtroy (640746) | more than 8 years ago | (#14057213)

Sorry sir...

You put in an honest effort, but the grandparent post was using ill sarcasm.

By the Rootkit??? What rootkit ?? what flavour of unix/linux is this for??
The grandparent post was implying this should not be referred to as a "rootkit", since it is windows based.

So they were not looking for a serious answer of how to see if your Windows box was infected, rather were trolling based on the name given to this so-called "rootkit".

Personally, I have no problem referring to things as rootkits, we can bring syntax over from the *nix world into the Windows world when its useful.

sony (3, Insightful)

akhomerun (893103) | more than 8 years ago | (#14056961)

i'm still shocked that a "legitimate" company that's widely purchased from, and is a household name, would distribute software that anti-virus companies would consider to be malware. i'm still shocked that sony let this kind of thing slide, it's so obvious that they didn't even check to see what they were doing before they did it.

Re:sony (1)

QuantumG (50515) | more than 8 years ago | (#14057030)

Yeah, it's called due diligence and it's something large companies are notoriously bad at. Of course, nothing is going to happen. If the LAME dudes or DVD Jon were going to sue Sony they would have let us know by now.

Re:sony (4, Insightful)

Mattcelt (454751) | more than 8 years ago | (#14057206)

I think you're forgetting that DVD Jon and the others don't have a team of lawyers at their immediate disposal like more companies do, so it takes time for them to seek legal counsel. It may be days or weeks before they announce an intention to sue Sony.

Re:sony (2, Interesting)

Azarael (896715) | more than 8 years ago | (#14057174)

Beyond that, who is going to properly regulate NGSCP code to keep out the poorly coded crap? From the sounds of it, you won't be able do anything to fix it or get rid of it unless MS or whoever decides to patch it. As far as I can tell it will be pretty much a black hole full of all sorts of stuff that can, will and does kill your machine.

Re:sony (1)

Azarael (896715) | more than 8 years ago | (#14057199)

Oops, this is under the wrong parent.

A good point (1)

OakDragon (885217) | more than 8 years ago | (#14056963)

TFA makes a good point. What's your opinion of your anti-virus software that failed to detect such a malicious piece of software?

Sony offended precisely the wrong people, the nerds that would eventually detect this thing. Once they did, they were appalled. Nerds were good Sony customers, once... Nerds buy hardware for non-nerds, sometimes.

Fear? (5, Interesting)

dada21 (163177) | more than 8 years ago | (#14056976)

When news of the criminal root kit hit full blast, I figured it would immediately get nuked by the AV companies. As things progressed and no one but MSFT came to the rescue, it made wonder if there was fear or maybe even collusion.

Yet the bigger story here in the fact that a blogger was the breaking source.

My media is 75% blogs now. Many use links to back their opinions (I'd love to see a standard bibliogtaphical Wiki for referencing). They're faster than the daily news and less likely to be afraid of corporate threats.

BTW, anyone know a way for me to toggle link text format fron standard (blue w/ underline) to normal (black no underline) and back, quickly?

Re:Fear? (0)

Anonymous Coward | more than 8 years ago | (#14057111)

"BTW, anyone know a way for me to toggle link text format fron standard (blue w/ underline) to normal (black no underline) and back, quickly?"


Re:Fear? (0)

Anonymous Coward | more than 8 years ago | (#14057178)


Please explain how in a way that the grandparent poster would appreciate.

Re:Fear? (3, Informative)

ParadoxDruid (602583) | more than 8 years ago | (#14057226)

In regard to your question:

Define a custom page stylesheet (userChrome stuff in Mozilla), with

a {
    color: black;
    text-decoration: none;

Then, you can go to View -> PageStyle and switch between the original page style and your new style.

Re:Fear? (1)

conJunk (779958) | more than 8 years ago | (#14057233)

BTW, anyone know a way for me to toggle link text format fron standard (blue w/ underline) to normal (black no underline) and back, quickly?

css [] . make a personal stylesheet and tell your browser to use it and to let your personal styles override site styles, then turn it off when you don't want it.

Re: OT but informative (1, Informative)

Anonymous Coward | more than 8 years ago | (#14057270)

BTW, anyone know a way for me to toggle link text format fron standard (blue w/ underline) to normal (black no underline) and back, quickly?

Yes, use Opera. You can set a "user" CSS for yourself and switch back and forth from "author" mode to "user" mode with a button or keypress (shift-g).

Hope that helps.

Antivirus Company Failure (2, Insightful)

krgallagher (743575) | more than 8 years ago | (#14056978)

"Much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case."

Yeah that has been my reaction. When I heard about it the first thing I began doing was searching for detection and removal software. I found nothing. I could not believe that Mcafee was not publishing a fix.

Thats because this virus was nasty as hell. (5, Insightful)

Viewsonic (584922) | more than 8 years ago | (#14056982)

It was very hard, even for Microsoft to figure out how to remove the damn thing without disabling the CD/DVD drive entirely. The first anti-virus patches that thought they fixed this was actually disabling peoples drives without knowing it. Microsoft had to work with Sony to figure out what the hell they had actually done. It really sucks.

Re:Thats because this virus was nasty as hell. (4, Interesting)

Daedala (819156) | more than 8 years ago | (#14057173)

Well, then, why didn't they say, "We can't do anything yet because this is nasty. We are working on a fix."

Instead, they're saying the DRM software that hijacks your device driver is legitimate, and the rootkit was really only kinda bad because it hid legitimate software....

Uh, antivirus companies are out to make money. (5, Insightful)

Spazntwich (208070) | more than 8 years ago | (#14056990)

They don't exist to make gigantic corporate enemies.

Like it or not, detecting and removing Sony's malware puts them at series risk for DMCA lawsuits and the like and is thus a bad business decision. Anyone who thinks they're in it to actually better their customers and not their bottom line is living in fantasy land.

Re:Uh, antivirus companies are out to make money. (1)

richg74 (650636) | more than 8 years ago | (#14057167)

Yeah, it's an example of Murphy's Golden Rule: The guys that have the gold make the rules.

Article sucks! (-1, Flamebait)

Spy der Mann (805235) | more than 8 years ago | (#14056998)

I read that article this morning, misled by the title "the REAL story behind the Sony rootkit".

It reads more or less:
"And then this happened, but THAT's not the story.
Also , this happened, but THAT's not the story.
Sony did this, but THAT's not the story. ... etc etc...

The REAL story is that the antivirus companies didn't detect it! Ta-da! :D"

And I was like "WTF!? O.o I spent reading all those paragraphs to read THIS crap? OK now THAT's a story".

Nothing worse than a title that is (at least) as misleading as the original Gator EULA.

Microsoft and lawyers are the good guys? (1)

superspaz (902023) | more than 8 years ago | (#14057010)

Microsoft is treating the program as malware and are working on way to let users safely get rid of the rootkit. The only problem is the ETA for this is sometime in January.

As for the lawsuits, it seems like it is the only way Sony is actually going to have to go to court for all the evil crap they did with this.

What is wrong with the world?

Another bruce presswhore event (-1, Flamebait)

tomstdenis (446163) | more than 8 years ago | (#14057022)

Fuck off bruce, Dan Kaminksy and others have already done the REAL work of analyzing servers [etc] to see the damage.

I swear to god that guy [Bruce] hasn't contributed anything meaningful to the public since 1998 and yet he's still fucking there.

At least this article wasn't full of links back to his company.


Let's call it "Sony's Law": (5, Funny)

Hosiah (849792) | more than 8 years ago | (#14057031)

Never simply shoot yourself in the foot when you can shoot yourself in both feet while hanging yourself with a bungee cord, disembowling yourself with a potato-peeler, running a crowbar up your ass, and jumping though a foot of plate glass to fall into a pool of sulfuric acid all at the same time.

Man, all this just in time for Christmas. When I'm shopping this Holiday Season, I think I'll just run up to store clerks and ask them if they carry Sony products and if they say yes, ask "For the love of God, WHY???" and then run away laughing.

is there any AV out that will deny the install (0)

Anonymous Coward | more than 8 years ago | (#14057045)


is there any AV out that will deny the install?


The brick advertisement (4, Informative)

72beetle (177347) | more than 8 years ago | (#14057055)

Imagine this: a brick comes sailing through your window, smashing glass everywhere. You pick it up and wrapped around the brick is a flyer for a glass replacement company.

This is how I've viewed the major AV companies for quite some time. Sure, there are non-affiliated virus threats out there, but they perpetuate their own business as well.

I didn't think that my opinion of McAffee and Norton could sink any lower... but I was wrong.

Re:The brick advertisement (2, Interesting)

Dragoonmac (929292) | more than 8 years ago | (#14057302)

I didn't think my opinion of the digital culture could sink any lower.
When you look back and examine old BBS's you see stuff that might make the average person squirm. You find manuals on how to drive someone to suicide, you find ways to destroy a vax system from a remote location. You find e-books that make Chuck Palanhuk and his Fight Club buddies look like a bunch of weaklings. You can find manuals on how to make an exploding floppy disk for heavens sake.
  But amid all that text, all the Warezed floppys, all the unreliable explosive guides, There were people you felt you could trust. We had that with the modern web.
  Now when you scour the internet you find a variety of things. Blogs, Memes, Warezed isos, Pirate movies, any album ever recorded, any type of fetish you could concieve. With this comes new problems, Malware, Trojans, Worms. No operating system is safe anymore.
  With the digital war between blackhat and security escalating newer and nastier ways to cripple PCs are becoming ever more prevailent. Most security centers today have not implemented full rootkit detection. So are they losing? That is a matter for the individual to decide.
  But as for myself, my faith has been broken. The faith that Grisoft and Microsoft will truely protect me. The faith that a website at will not try to install things on my PC. The faith that free software will truely stay free or will go the way of Div-X 5 and Daemon Tools 4, falling prey to temtations of revenue from adware.
  In many ways we may be more physically secure today, but I think I speak for everyone who maintains a windows partition, for whatever reasons, in saying we just don't know anymore.

DRM is useless (5, Interesting)

gasmonso (929871) | more than 8 years ago | (#14057062)

Companies are so worried about piracy that they go to these extremes. What they need to look at is why are people pirating. Many people pirate because the thought of spending $17 for a cd is rediculous considering that only a few songs are worth a damn. Secondly, DRM makes it worse because people can't rip the audio for their mp3 player. This drives people to piracy and the DRM makes it worse and drives the consumer away. Just lower the damn prices and let me burn it, rip, or do anything else I want with it because it's mine!

gasmonso []

Did ClamAV pick this up? (2, Interesting)

Dominic Burns (673810) | more than 8 years ago | (#14057090)

I'm in the UK. Do the US-centric have anything to report on this?

Consumer Protection (0)

Anonymous Coward | more than 8 years ago | (#14057110)

Other than the EFF, what organizations exist primarily to protect consumers from both a) media distribution companies trying to control our stuff, and b) lousy anti-virus and anti-spyware vendors who supposedly detect this stuff and prevent it from making our lives miserable?

We will never win this battle if we have to rely on civil disobedience to inact any change the status-quo. What we need is a DCMA that protects the rights of the consumer and inflicts sever penalties on thoses companys whos practices conflict. I'm talking both Sony and the like AND the anti-virus protection firms.

Printer Friendly (4, Informative)

TubeSteak (669689) | more than 8 years ago | (#14057113),1294,69601, ml []
3-Pages of Wired goodness
this isn't one of those lightning-fast internet worms; this one has been spreading since mid-2004. Because it spread through infected CDs, not through internet connections, they didn't notice?

Reminds me of the good old days when computer viruses were spread around on 3 1/2 floppy disks. Nothing like a boot sector virus to spoil your day.

Links From The Article
Apparently there is a criminal investigation going on...
In Italy []
On Friday, the Milan-based (Association for Freedom in Electronic Interactive Communications - Electronic Frontiers Italy) filed a complaint about Sony's software with the head of Italy's cybercrime investigation unit...

The complaint alleges that XCP violates a number of Italy's computer security laws by causing damage to users' systems and by acting in the same way as malicious software, according to Andrea Monti, chairman of the ALCEI-EFI. "What Sony did qualifies as a criminal offense under Italian law,"

Class action lawsuit []
Apparently step 3 is that you have to "reside in either California or New York." Sadly, step 4 is not Profit!

How about the open source? (3, Interesting)

nonother (845183) | more than 8 years ago | (#14057121)

While it is a good article, it leaves out what was just recently posted on Slashdot - the use of open source software to create it. That's another important part of the legal quandry. Also the article really seems to minimize the fact that it also effects Macs. While it is true that the user must provide a password (on the Mac), Sony insisted it did not effect Mac and Linux computers.

Re:How about the open source? (0)

Anonymous Coward | more than 8 years ago | (#14057279)

>>Sony insisted it did not effect Mac and Linux computers.

OK. That's proof enough for me give Sony's trustworthy past actions.

Re:How about the open source? (1)

jfulcer (864545) | more than 8 years ago | (#14057295)

Bah, sure it did. Didn't RTFA?

This drama is also about incompetence. Sony's latest rootkit-removal tool actually leaves a gaping vulnerability. And Sony's rootkit -- designed to stop copyright infringement -- itself may have infringed on copyright. As amazing as it might seem, the code seems to include an open-source MP3 encoder in violation of that library's license agreement.

double standards, no standards? (5, Interesting)

z0I!) (914679) | more than 8 years ago | (#14057123)

The double standard of the security companies is troubling... If I released this application (sony's rootkit) it would be considered malware immediately. The fact that they only remove a portion of it is also strange. That is like removing the part of a spam generating worm that sends emails to others but leaving the rest of it to waste CPU time scavanging my address book. Also... What I wonder is, is what consequences will come from the alleged GPL violations? Is anyone suing Sony or first4Internet for copyright infringment? If not, does this send a signal to big corps that it's ok to steal code that is GPL'd because the parties that wrote it probably don't have the time/money to do anything about it anyway?

can't we just boycot Sony? (1)

porky_pig_jr (129948) | more than 8 years ago | (#14057139)

At least, not purchasing their electronic products is very simple. There are lots of competing companies. As to CDs --- well, get one and rip it, on Linux, of course :-).

Maybe... (1)

Hi-Nu (532202) | more than 8 years ago | (#14057141)

the antivirus companies are afraid to get sued for providing software to remove DRM software

Sony's DRM breaks (3, Informative)

mhollis (727905) | more than 8 years ago | (#14057153)

It does not work and cannot work when it warns the user, as the Rootkit DRM program has to ask for an administrator password before you install.

On a Macintosh running OS X.

This is because they already knew about it! (0)

Anonymous Coward | more than 8 years ago | (#14057155)

The earlier statements included that communications with anti-virus companies had already taken place.

I bet they thought they could slip this under the radar until it was a fait a complis!


please note it is my PC not yours fuk off!

A word from User Friendly... (3, Funny)

creimer (824291) | more than 8 years ago | (#14057156)

Sony Feels Badly [] :P

Obligatory... (1, Funny)

Anonymous Coward | more than 8 years ago | (#14057160)

In Soviet Russia you can always find a way to cloak illegal activities. In corporate America, the way to cloak illegal activities finds you!

No, the REAL story is... (2, Insightful)

dtjohnson (102237) | more than 8 years ago | (#14057166)

The weak non-response by AV companies isn't the REAL story, either...

The REAL story is why aren't elected officials falling all over themselves to make what SONY did a criminal offense?

Re:No, the REAL story is... (1)

qeveren (318805) | more than 8 years ago | (#14057194)

Uh... because there's no money in doing so?

Security Alert (4, Funny)

jeti (105266) | more than 8 years ago | (#14057168)

Your computer is infected with the Sony DRM Rootkit.
It compromises the security of your machine, leaving
it open to various attacks.
Due to legal restrictions imposed by the DMCA, the
infection can not be removed. It is recommended to
disconnect the computer from the internet and
reinstall the operating system.

Never in my wildest dreams (5, Insightful)

SlashAmpersand (918025) | more than 8 years ago | (#14057179)

The biggest surprise for me was that Microsoft, who usually pisses me off, actually was the only company to step up to the plate in a meaningful way. I expected far, far better from the antivirus/spyware vendors. If you're going to tell me that you're going to protect my system, make me pay a subscription to keep my definitions current, and, on top of that, consume some of my system resources to do it, you'd damn well better step up to the plate when it comes to something as blatantly dangerous to my security as a rootkit.

Pretty Ironic (1)

macaulay805 (823467) | more than 8 years ago | (#14057196)

Is it me, or is Sony the first vendor to make (or spread) a Mac OS X Root Kit [] ?

Market solutions (0)

Anonymous Coward | more than 8 years ago | (#14057241)

If I had a choice, I'd buy the anti-virus software that told me about shit like this. So if the companies would wise up to a source of profit, the market would fix this.

What about...... (2, Interesting)

Zenzilla (793153) | more than 8 years ago | (#14057250)

when the spyware/malware people start bundling rootkits as part of the infection? I'm not really worried much about the responce of the anti-virus people as much as I'm worried about the responce I'll get from Microsoft when I ask: How can I keep code from installing this type of code into windows.

I'm afraid the answer I'm going to get is: We don't know.

Viruses vs. Spyware vs. Rootkits ... ??? (2, Interesting)

Anonymous Coward | more than 8 years ago | (#14057254)

It is my meager understanding the AV companies detect _viruses_. That they've forayed into spyware detection is perhaps a natural/logical path, albeit, that has still not become their primary avenue of business.

Some of the most popular spyware-detection tools aren't from the big AV players -- /.ers you know what you use on your friends'/family's boxes to get rid of such helpful toolbars ;) as ones that mom installed so she'd know when it's raining outside.

That said, there are explicit differences between terms in TFA that should be noted. Though I am no expert in the field, it's generally agreed upon that virus != spyware. (How many of you cringe when you hear "hacker" used pejoratively? Are they really a cracker/script kiddie/etc...) Let's get our diction correct.

Ok, so what are rootkits? This is where the /. crowd has the capability to shine. The onslaught of Windows rootkits may unveil a shadowy niche in computer security to the general population, however, isn't it the rootkit and it's purveyors we should be disgusted with? Author of TFA seems to think otherwise.

Do we blame the ambulance responding to the scene of a fire for our house burning down? Nay, the fire department? Suppose the fire department responded lethargicly. Then, might we play the blame game. What if the fire department arrives to confront an unknown, previously unfaced force destroying your building?

The tongue-lashing poured out by Author should best be kept to his blog, which he has proudly boasted to you, the reader, about already. Let him keep his opinions and bashing there and in /. comment sections. Save the other bandwidth for pertinent _investigative_ journalism.

Lawsuits (2, Insightful)

ucblockhead (63650) | more than 8 years ago | (#14057258)

I suspect that the security companies don't fear lawsuits from spammers. On the other hand, one can easily imagine a company like Sony threatening lawsuits for having their DRM labelled a "virus" even if it damn-well is.

Heh, the dirt is piling up. (4, Funny)

88NoSoup4U88 (721233) | more than 8 years ago | (#14057268)

Wow, it's getting dirtier and dirtier.

I won't be surprised when in a few days there will be an announcement how Sony's rootkit causes world hunger, rapes dogs, and hides one sock out of every pair every once and awhile.

Damn you Sony !... Oooh, shiny PS3 !

Rampant Hypocrisy (4, Informative)

dragonfly_blue (101697) | more than 8 years ago | (#14057281)

I think this just highlights the hypocritical nature of the antivirus vendors; by measuring the time between the Mark Russinovich post unveiling the rootkit [] on October 31, and the subsequent addition of the rootkit's signature to the various antivirus vendor's products, you can draw some fairly interesting conclusions about the relationships between antivirus companies, consumers, virus/malware authors, and software companies (or in Sony's case, companies offering products that happen to contain additional software).

  • F-Secure - Nov 1st, 2005
  • Symantec - November 8, 2005: Renamed to SecurityRisk.First4DRM from SecurityRisk.Aries November 11, 2005: Added link to removal tool.
  • Computer Associates - listed, unknown date.
  • Kapersky - Nov 2, 2005

It's interesting how some of the vendors are listing information about the rootkit, but see uninterested in adding a signature, claiming that it's not really a virus (which is true) because it doesn't self-replicate. That's fine, I guess, because if they started detecting rootkits, they'd have a lot more work to do, but I think it's kind of shortsighted of them to think that people won't get angry that they paid for a $40/year subscription for a product that doesn't detect when their system gets totally rooted.

(I'm always tempted to spell it r00tk1t, but I'm trying to act more mature these days...)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?