Comments on: Windows with Amnesia — A Rootkit Warning http://www.scatteredthoughts.org/2005/11/08/windows-with-amnesia-a-rootkit-warning/ Only individual servings of small or inoffensive snacks are permitted. Wed, 19 Oct 2011 13:29:07 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: hayden http://www.scatteredthoughts.org/2005/11/08/windows-with-amnesia-a-rootkit-warning/comment-page-1/#comment-1129 hayden Fri, 18 Nov 2005 02:19:37 +0000 http://www.scatteredthoughts.org/?p=304#comment-1129 yea, i know there were some errors, i wasn't really worried about it at the moment. And I wasn't really asking anything, just making a comment and sympathizing. yea, i know there were some errors, i wasn’t really worried about it at the moment. And I wasn’t really asking anything, just making a comment and sympathizing.

]]> By: tm http://www.scatteredthoughts.org/2005/11/08/windows-with-amnesia-a-rootkit-warning/comment-page-1/#comment-1128 tm Thu, 17 Nov 2005 02:20:44 +0000 http://www.scatteredthoughts.org/?p=304#comment-1128 Hayden, if your comment wasn't riddled with run-on sentences and akward syntax, I might have a solution for you. I just don't know what you're asking. Hayden, if your comment wasn’t riddled with run-on sentences and akward syntax, I might have a solution for you. I just don’t know what you’re asking.

]]> By: hayden http://www.scatteredthoughts.org/2005/11/08/windows-with-amnesia-a-rootkit-warning/comment-page-1/#comment-1127 hayden Wed, 16 Nov 2005 22:52:12 +0000 http://www.scatteredthoughts.org/?p=304#comment-1127 Dude, my comp got hacked too and i had to rehack my comp to figure out what he changed and what happend and how he got in. What he did was hacked into my comcast email, that my mom setup and i don't use, a changed all of the commands and made me the admin. then he did something to the comp that i haven't figured out yet. So he got in through an open port in my wireless router that i didn't know was open and i have to close it and change the password and settings. But i still haven't found anything he put on. I think he installed a trojan but i haven't put my thumb on it. the only probeblem is my OS is 9 and there are no programs for that OS now no adaware type programs to get rid of spyware. Dude, my comp got hacked too and i had to rehack my comp to figure out what he changed and what happend and how he got in. What he did was hacked into my comcast email, that my mom setup and i don’t use, a changed all of the commands and made me the admin. then he did something to the comp that i haven’t figured out yet. So he got in through an open port in my wireless router that i didn’t know was open and i have to close it and change the password and settings. But i still haven’t found anything he put on. I think he installed a trojan but i haven’t put my thumb on it. the only probeblem is my OS is 9 and there are no programs for that OS now no adaware type programs to get rid of spyware.

]]> By: LarsG http://www.scatteredthoughts.org/2005/11/08/windows-with-amnesia-a-rootkit-warning/comment-page-1/#comment-1126 LarsG Fri, 11 Nov 2005 00:56:30 +0000 http://www.scatteredthoughts.org/?p=304#comment-1126 A couple of comments: A rootkit, as mentioned above, modifies the core of the operating system in order to hide programs, files and similar. Usually used as part of bad software like viruses and their ilk in order to hide their activities from anti-virus programs. A few anti-virus products use rootkit-like techniques in order to protect themselves from viruses that attempt to disable the anti-virus protection on your PC. But apart from that, I am not aware of any legitimate software that use this kind of technology. Until this story about the Sony DRM (called XCP), that is. Modifying the operating system kernel is kind of a black art, and if you do so you have to be very careful because any bug can lead to the operating system crashing with a blue screen. Unfortunately, the rootkit part of the Sony XCP DRM is of low quality and is known to cause occational computer crashes, especially on Windows XP Media Center. If you ever see a bluescreen caused by 'aries.sys', XCP is to blame. Even worse, the rootkit is not written to only hide the components of XCP, it will hide any file or directory that starts with the letters '$SYS$'. So if you have XCP installed on your system, any malware can easily use it to hide from your anti-virus. Anti-virus companies have already discovered malware in the wild that makes use of this. This would be bad by itself, but there is more.. The EULA that pops up when you put the CD in your computer describes the software as a small application required to play the music on the disc. No mention is made of how intrusive it is, and you are given the impression that it should be easy to uninstall. The software does not include any way of uninstalling itself. At the time of this writing, you have to go to the Sony website and go through a contorted process including giving them your name and email address in order to download an uninstall tool. The uninstall tool will be locked to the computer you downloaded the tool from, so if you are the administrator for 50 PCs you have to go through the entire process for each one. Sony has been downplaying this entire issue in the media, stating that this is no big deal, that there are no security or stability risks, etc. One of the worst examples is that Thomas Hessa, President of Sony BMG's Global Digital Business, went on National Public Radio and stated: <a HREF="http://www.npr.org/templates/story/story.php?storyId=4989260" rel="nofollow"> "Most people, I think, do not even know what a Rootkit is, so why should they care about it?".</a> There is even more, but I digress. For people that know a bit about operating systems and computer security this is like stepping through the looking glass, utterly unbelievable. The XCP rootkit was discovered independently by Mark Russinovich of Sysinternals.com and the security software company F-secure. I recommend reading <a href="http://www.sysinternals.com/blog/" rel="nofollow"> Mark's blog</a> if you are interested in knowing more. The story <a HREF="http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html" rel="nofollow"> started on October 31</a> A couple of comments:

A rootkit, as mentioned above, modifies the core of the operating system in order to hide programs, files and similar. Usually used as part of bad software like viruses and their ilk in order to hide their activities from anti-virus programs. A few anti-virus products use rootkit-like techniques in order to protect themselves from viruses that attempt to disable the anti-virus protection on your PC. But apart from that, I am not aware of any legitimate software that use this kind of technology. Until this story about the Sony DRM (called XCP), that is.

Modifying the operating system kernel is kind of a black art, and if you do so you have to be very careful because any bug can lead to the operating system crashing with a blue screen. Unfortunately, the rootkit part of the Sony XCP DRM is of low quality and is known to cause occational computer crashes, especially on Windows XP Media Center. If you ever see a bluescreen caused by ‘aries.sys’, XCP is to blame.

Even worse, the rootkit is not written to only hide the components of XCP, it will hide any file or directory that starts with the letters ‘$SYS$’. So if you have XCP installed on your system, any malware can easily use it to hide from your anti-virus. Anti-virus companies have already discovered malware in the wild that makes use of this.

This would be bad by itself, but there is more..

The EULA that pops up when you put the CD in your computer describes the software as a small application required to play the music on the disc. No mention is made of how intrusive it is, and you are given the impression that it should be easy to uninstall.

The software does not include any way of uninstalling itself. At the time of this writing, you have to go to the Sony website and go through a contorted process including giving them your name and email address in order to download an uninstall tool. The uninstall tool will be locked to the computer you downloaded the tool from, so if you are the administrator for 50 PCs you have to go through the entire process for each one.

Sony has been downplaying this entire issue in the media, stating that this is no big deal, that there are no security or stability risks, etc. One of the worst examples is that Thomas Hessa, President of Sony BMG’s Global Digital Business, went on National Public Radio and stated: “Most people, I think, do not even know what a Rootkit is, so why should they care about it?”.

There is even more, but I digress. For people that know a bit about operating systems and computer security this is like stepping through the looking glass, utterly unbelievable.

The XCP rootkit was discovered independently by Mark Russinovich of Sysinternals.com and the security software company F-secure. I recommend reading Mark’s blog if you are interested in knowing more. The story started on October 31

]]> By: jon largent http://www.scatteredthoughts.org/2005/11/08/windows-with-amnesia-a-rootkit-warning/comment-page-1/#comment-1125 jon largent Wed, 09 Nov 2005 00:50:36 +0000 http://www.scatteredthoughts.org/?p=304#comment-1125 i think sony should burn in hell for this. i also think we should boycott sony until they relize they are stupid i think sony should burn in hell for this. i also think we should boycott sony until they relize they are stupid

]]>