Real Story of the Rogue Rootkit 427
BokLM writes "Wired has an interesting article from Bruce Schneier about what's happening with the Sony Rootkit, and criticizing the anti-virus companies for not protecting its users. From the article: 'Much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.'"
Mirror (Score:3, Informative)
The brick advertisement (Score:5, Informative)
This is how I've viewed the major AV companies for quite some time. Sure, there are non-affiliated virus threats out there, but they perpetuate their own business as well.
I didn't think that my opinion of McAffee and Norton could sink any lower... but I was wrong.
Printer Friendly (Score:5, Informative)
3-Pages of Wired goodness
Reminds me of the good old days when computer viruses were spread around on 3 1/2 floppy disks. Nothing like a boot sector virus to spoil your day.
Links From The Article
Apparently there is a criminal investigation going on...
In Italy [computerworld.com]
Class action lawsuit [boingboing.net]
Apparently step 3 is that you have to "reside in either California or New York." Sadly, step 4 is not Profit!
Sony's DRM breaks (Score:4, Informative)
It does not work and cannot work when it warns the user, as the Rootkit DRM program has to ask for an administrator password before you install.
On a Macintosh running OS X.
Re:Bah... (Score:3, Informative)
Re:Fear? (Score:4, Informative)
Define a custom page stylesheet (userChrome stuff in Mozilla), with
a {
color: black;
text-decoration: none;
}
Then, you can go to View -> PageStyle and switch between the original page style and your new style.
Re: OT but informative (Score:1, Informative)
Yes, use Opera. You can set a "user" CSS for yourself and switch back and forth from "author" mode to "user" mode with a button or keypress (shift-g).
Hope that helps.
Rampant Hypocrisy (Score:5, Informative)
It's interesting how some of the vendors are listing information about the rootkit, but see uninterested in adding a signature, claiming that it's not really a virus (which is true) because it doesn't self-replicate. That's fine, I guess, because if they started detecting rootkits, they'd have a lot more work to do, but I think it's kind of shortsighted of them to think that people won't get angry that they paid for a $40/year subscription for a product that doesn't detect when their system gets totally rooted.
(I'm always tempted to spell it r00tk1t, but I'm trying to act more mature these days...)
It's a shame what big companies can get away with. (Score:5, Informative)
Bhopal
.
Re:Another bruce presswhore event (Score:3, Informative)
Aside from the value of getting publicity for security issues:
1999: Solitaire algorithm published. An output-feedback mode stream cipher which can be easily calculated using a pen, paper, and a deck of cards, allowing people without computers to use strong encryption in their communications. This system was featured in Neal Stephenson's Cryptonomicon.
2003: Helix algorithm published. A fast stream cipher comparable in speed to RC4 and with low per-message overhead, making it suitable for very small messages.
2004: Phelix algorithm published, a refinement of the earlier Helix algorithm.
Re:Fear? (Score:2, Informative)
Perhaps the LinkVisitor [mozdev.org] Firefox plugin is what you're looking for. Among other things, it has context menu options for "mark all links as (un)visited".
Re:Thats because this virus was nasty as hell. (Score:3, Informative)
This rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software. [symantec.com]
McAfee(R) AVERT(tm) recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. [nai.com]
Microsoft is only removing XCP, not the DRM. I haven't been able to find any statements from Microsoft regarding the DRM at all.
Becasue it is not an audio CD. (Score:4, Informative)
Just becasue it's round, shiney and plays music, does not make ti a red book standard. i.e. CD
Re:Bah... (Score:3, Informative)
You realise that because most distributions use modules, that a clever hacker (who's already got root) can easily install a root kit on your machine that cloaks itself, via good ol' insmod.
That says a lot, really, about the difference in playing said CD on Windows vs. Linux. A typical Linux user is *probably* not going to be in a situation where he opens a CD and a program automagically runs with root/admin permissions. True, cloaking and rootkits can happen on Linux, but it's a much harder job to do without doing something purposely evil, like using a known bug that has root elevation privileges (and even then, the linux community itself would be highly likely to notice a commercially distributed rootkit).
It's getting hard to take, is all.
Re:It's a shame what big companies can get away wi (Score:5, Informative)
He is referring to the bhopal gas tragedy of 1984, http://en.wikipedia.org/wiki/Bhopal_gas_tragedy/ [wikipedia.org] where thousands of people were killed and Union Carbide pretty much got away with it. The CEO Warren Anderson is a fugitive and is on the wanted list of CBI India.
Re:Bah... (Score:4, Informative)
According to F-Secure's blog [f-secure.com], they had received tips that Sony CDs might contain a rootkit at least a month before Mark broke the story.
"We didn't go public with the info right away as we were worried with the implications (especially with the info on how virus writers can use this to hide files which have names starting with "$sys$"). So we were in the middle of discussions with Sony BMG and First 4 Internet when Mark broke the news on Monday."
Re:Actually (Score:5, Informative)
I suspect that for 99% of non-geek users, the ability to play the Sony CD was much more important than removing "some rootkit, whatever that is". And you probably can't remove the software and leave the ability to play the CD without violating the DMCA, so what are you going to do?
Re:How? (Score:3, Informative)
'Toggle quickly'... (Score:2, Informative)
Re:It's a shame what big companies can get away wi (Score:5, Informative)
Re:It's a shame what big companies can get away wi (Score:2, Informative)
Re:Why not call law enforcement? (Score:3, Informative)
Re:Actually (Score:2, Informative)
In the ensuing fallout, Symantec apparently has decided that they can provide an uninstaller but they do strongly advise using Sony's product (which generally uncloaks and does not cleanly uninstall).
Re:Why not call law enforcement? (Score:3, Informative)
ian