Blizzard's Warden Thwarted by Sony's DRM Rootkit 418
shotfeel writes "First, news of Warden -a bit of code from Blizzard's WoW to trounce game cheats. Then, a Sony rootkit to make your computer safe for music. Now, news that you can use the Sony rootkit to make your game cheats safe from the Warden."
Just goes to show.. (Score:5, Insightful)
Re:Just goes to show.. (Score:5, Insightful)
Re:Just goes to show.. (Score:5, Insightful)
Let's bash Sony (Score:5, Insightful)
Do other cheat protection systems use similar methods to look for files? If so, why are they not affected? Why am I only hearing about Warcraft?
I for one... (Score:1, Insightful)
Re:Hmmmm, are you scratching your beard? (Score:2, Insightful)
Oh, that's right. You were just blowing it all out your ass.
Re:Let's bash Sony (Score:2, Insightful)
In related news (Score:3, Insightful)
Re:YRO? (Score:5, Insightful)
Are we suddenly interested in the rights of game cheaters? Whose rights are being impacted here?
The "rights" issue is with peoples' right to listen to music they've bought without the CD compromising their system and infecting it with rootkits. This article is signifigant more as a new development in that story, than as a "a victory for the rights of online cheaters everywhere!" thing.
To underscore the point, consider that yesterday on GlobeAndMail.com, we have:
The company dismissed the prospect of hackers exploiting its rootkits for their own purposes as an "academic" concern.
I guess it isn't so academic anymore.
Re:Just goes to show.. (Score:5, Insightful)
Only slightly OT (Score:5, Insightful)
1: Why are people celebrating victory because Sony announced they will remove the cloak, they're still leaving all the rest of the crap on your system - including the memory and cpu wasting scan that runs continually, even when you're not playing their DRM infested CD's.
2: Now that the cloak is removed, what was that registry key that keeps track of how many CD's you've burned under their DRM system?
3: Don't you think you're celebrating a bit early since Warden 2.0 should be able to use the same tricks as RootKitRevealer to diagnose your system? And how long will this take to appear?
4: If you detecting and removing this software from your computer violates the DMCA, then the DMCA is so cleary wrong that it should be repealed this afternoon.
5: Profit! Or in other words, who is profiting from this now? I don't see Sony going broke yet.
Re:Let's bash Sony (Score:5, Insightful)
Re:Just goes to show.. (Score:3, Insightful)
Nintendo tried to sue the makers of the NES game genie 'game enhancer', but lost. Although, the NES wasn't a multiplayer console, so who knows?
Re:I pray for the day (Score:5, Insightful)
Sony : Tylenol or FPU (Score:3, Insightful)
Instead, Sony is using the Intel Floating Point strategy of obfuscation, excuses, hard line statements etc.
From BBC News:
"A spokesman for Sony BMG said the licence agreement was explicit about what was being installed and how to go about removing it. It referred technical questions to First 4 Internet.
Mr Gilliat-Smith said Mr Russinovich had problems removing XCP because he tried to do it manually something that was not a "recommended action". Instead, said Mr Gilliat-Smith, he should have contacted Sony BMG which gives consumers advice about how to remove the software.
Getting the software removed involves filling in a form on the Sony website, visiting a unique URL and agreeing to have another program downloaded on to a user's PC that then does the uninstallation. "
You can't top the best (Score:2, Insightful)
I'm just crazy like that.
Re:Yup... definitely works (Score:3, Insightful)
You need to move beyond your reality-based thinking.
Re:Just goes to show.. (Score:5, Insightful)
If I create something to beat The Warden, that uses Sony's rootkit to hide, then *I* am the one liable, not Sony, just like Kitchen Devil aren't liable for any psychotic killing sprees I may go on with their products.
Unfortunately.
This is silly (Score:5, Insightful)
This demonstrates .... (Score:3, Insightful)
Before long, if you get 10 or 15 different toolkits which all try to change your system behaviour to ensure no cheating/copying/peeking is taking place, then absolutely NOTHING will keep working.
An arms race of installed crap to keep you honest will just leave everyone with busted machines.
Cheers
Re:Just goes to show.. (Score:3, Insightful)
Re:Just goes to show.. (Score:4, Insightful)
Of course, the 31337 WoW cheaters write their own DRM software... Um, I mean, "rootkits"
It's funny how quickly words can become synonyms of another.
Re:Just goes to show.. (Score:3, Insightful)
Umm, no... they'll be equally vulnerable as anyone else foolish or unfortunate to be infected with this particular piece of malware.
Honestly, why take a perfectly good and telling point and then weaken it with some unsupportable moralising sneer?
Unless of course you have inside information not mentioned in TFA, in which case, do please share.
Re:YRO? (Score:3, Insightful)
Seems like people are more interested in the rights of non-cheating WoW players? People who play WoW SHOULD know that their systems are monitored, and if they don't like it they can quit. Presumably, they are ok with the trade off of "my system is monitored, but so is everyone else's, so at least I can play the game knowing that it is an even field". Sony has given people a way to defeat that, and in doing so taken away all the advantages of having the Warden system, but done nothing to the disadvantages it presents (the fact that it is mildly invasive of your privacy).
Re:Just goes to show.. (Score:3, Insightful)
We already have tools to remove Linux rootkits, is there any for Windows ? And if there is none, why not ?
Re:Came up fine for me. (Score:5, Insightful)
Not really. The presence of the rootkit has a measureable effect. They just have to have Warden create a file with a name starting with $sys$ and then test to see if it is still there. If it has disappeared, it has detected the presence of the rootkit.
Re:Just goes to show.. (Score:3, Insightful)
Two controller ports means that the NES was indeed multiplayer.
Re:Just goes to show.. (Score:4, Insightful)
Re:Just goes to show.. (Score:3, Insightful)
Also that removal tool won't work without that pile of shit called IE.
Re:Let's bash Sony (Score:5, Insightful)
Wrong! How can you say Sony and First4Internet are no way responsible???
Taken from the original article from Mark's blog over at Sysinternals And here is the URL again in case you want to read the whole thing again. http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html [sysinternals.com]
I studied the driver's initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with "$sys$". To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.
If that does not compromise security what does?
Re:Just goes to show.. (Score:4, Insightful)
Re:This is silly (Score:2, Insightful)
Merlin
Re:Only slightly OT (Score:3, Insightful)
It probably isn't necessary for their system to install anything anyway. Even removing the hiding the stuff they insert could have other consequences. e.g. what happens if different versions of this software attempt to install on the same machine?
Re:Just goes to show.. (Score:2, Insightful)
Who's gonna make sure they play nice? (Score:2, Insightful)
Re:Just goes to show.. (Score:2, Insightful)
Hmm.
(a) Food that can make you fat if you eat it irresponsibly over a long time.
(b) Food that can do immediate, lasting physical damage requiring expensive surgeries if it happens to spill on you.
One of these seems more severe than the other.
This is the Future of Trusted Computing (Score:5, Insightful)
Sony just jumped the gun. They weren't willing to wait until Microsoft put a formal system for this kind of bullshit to take place. The only difference between this and 'trusted' computing is that there's no formalized mechanism in place .... yet.
Re:Just goes to show.. (Score:3, Insightful)
However, the continued existence of the makers of the Game Shark would seem to indicate that such devices are either not in violation of the DMCA or the game makers, quite reasonably, don't consider the devices a threat to their sales.
Re:Just goes to show.. (Score:0, Insightful)