DHS: Sony rootkit may lead to regulation

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,148
Location
Near Silicon Valley (too near)
Like ACMarina said. Schmucks....


DHS is not doing a proper job of enforcing the laws we have against hacking other's computers and they want to have laws against enabling technology? I wonder what part of "INTERNET" they fail to understand.

Schmucks....


Daniel
 

Ken_McE

Flashlight Enthusiast
Joined
Jun 16, 2003
Messages
1,687
So they're going to crack down on them with the same brutal efficiency they use on all the existing web scams? *yawn* Must be a slow news day down at the DHS.
 

dim

Enlightened
Joined
Nov 26, 2004
Messages
345
I can't help but think that despite the relative difficulties that Sony has faced recently, aside from any good results from their, yet to be released, next generation Play Station, which, by accounts, is having issues of its own, Sony continues to damage its name, by its nearsighted tactics, to the next generation of consumers. Do you think that today's high school kids will buy Sony products 10 years from now? No. They'll buy Apple products.



73
dim
 

thesurefire

Flashlight Enthusiast
Joined
Dec 15, 2003
Messages
1,081
Location
U.S.A.
dim said:
I can't help but think that despite the relative difficulties that Sony has faced recently, aside from any good results from their, yet to be released, next generation Play Station, which, by accounts, is having issues of its own, Sony continues to damage its name, by its nearsighted tactics, to the next generation of consumers. Do you think that today's high school kids will buy Sony products 10 years from now? No. They'll buy Apple products.

73
dim

Do you think todays highschool students buy things made by sony now? :poke: :crackup: :crackup: Ipods are for music, The Xbox360 is for games. The only thing sony makes that I'd buy is their TV's, and thats only if the price is better. I'd take a PSP if they were alot cheaper as well.
 

ACMarina

Flashlight Enthusiast
Joined
Sep 10, 2004
Messages
3,119
Location
Brookston, IN
IT's not about products, it's not a game between playstation and ipod or whatever. What they're really talking about is the Sony Artists, people like John Mayer, Shakira, Ginuwine, INXS, Ricky Martin, there's a ton of them. Just look up Sony Artists. AFAIK, nobody's signed on to make music for Apple..
 

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,148
Location
Near Silicon Valley (too near)
And don't forget that Sony has bought into the entertainment world bigtime. If you watch TV you probably watch a show or two produced by Sony. If you go tho the movies, chances are that Sony is getting paid.

Check out http://en.wikipedia.org/wiki/List_of_assets_owned_by_Sony_Corporation for a quick look into Sony's holdings.

I don't see any newspapers or Radio stations.... Yet. They do seem to own or control many cable outlets.

I'm always suprised to see so few positive stories about individual rights on the news. Then I realize who is controling the media and it makes sense.

Daniel
 

dim

Enlightened
Joined
Nov 26, 2004
Messages
345
Many high school kids don't even buy Ipods as, often, they are birthday and holiday gifts bought by their parents. It is their parents that still know, have confidence in and, some, like my brother-in-law, love and continue to buy Sony products.

Yesterday, proverbially speaking, Apple was neither in the music player nor distribution business. But today, despite Itunes being just a fraction of all legal distribution, the Ipod is THE player in the space. Now they play movies too. Now Steve Jobs, the once former CEO of the once former Pixar, recently bought by Disney, is now a MAJOR if not the dominant stock holder of Disney and is, of course on its board. I may not have all of my facts 100% about the mechanics of the deal, but that is pretty much the shape of it. And while Pixar, now Disney, produces excellent and popular movies, Sony's movie division, Columbia, does not.

How long will it be before the Ipod becomes a connected device enabling more communication features. I know that Apple is not Pixar/Disney, but that will be a very symbiotic relationship. Steve Jobs is just warming up. Not that Apple is immune to DRM and the like, it just seems that they've hit the floor with a bit more grace and not danced on the toes of consumers and themselves like Sony and the record companies.

Between these two companies, Sony and Apple, who's stock would you put you're money in for the next ten years?

73
dim
 

Sub_Umbra

Flashlight Enthusiast
Joined
Mar 6, 2004
Messages
4,748
Location
la bonne vie en Amérique
One of the creepier aspects of this whole rootkit/copy protection fiasco is that it demonstrates how quickly the big companies you pay money to for their security scanning software will slide right into bed with any big international corporation (like Sony) who has no qualms about putting a rootkit on your computer. Or your police department's 911 controller or any other computer it may be inserted into.

Very few have been talking about Symantic and McAfee's seeming complicity in all of this. They are either in bed with Sony or they are incredibly stupid.

In Bruce Schneier's December 15, 2005 edition of Crypto-Gram Newsletter he wrote:
...Initial estimates are that more than half a million computers worldwide are infected with this Sony rootkit. Those are amazing infection numbers, making this one of the most serious internet epidemics of all time -- on a par with worms like Blaster, Slammer, Code Red and Nimda.

What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers? And this isn't one of those lightning-fast internet worms; this one has been spreading since mid-2004. Because it spread through infected CDs, not through internet connections, they didn't notice? This is exactly the kind of thing we're paying those companies to detect -- especially because the rootkit was phoning home...

Emphasis mine.

There's some more good stuff in that issue which may be found here:

http://www.schneier.com/crypto-gram-0512.html#6
 

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,148
Location
Near Silicon Valley (too near)
I think Sub_Umbra is making two invalid assumtions.
1) That virus scanners should detect suspiscious program activity.
2) That this was capable of spreading or infecting other systems.

First, the firewall software should detect suspiscious program activity. They probably called Sony and they probably would have gotten a valid explaination as well as a pointer to the EULA that allowed it. That makes it a valid application from their point of view.

Since it was an authorized application installed by individuals, you might make a case for it being a trojan, but it wasn't destructive. It does not fall within any parameters that I would expect to trigger a virus alert.

If you want to point a finger of blame, you might fault ad-aware and the other spyware programs that failed to complain. The fact that the Sony work could be leveraged by bad guys is no big deal. I'd blame the bad guys, or maybe the OS creator that allows such silly exploits.

Daniel
 

Sub_Umbra

Flashlight Enthusiast
Joined
Mar 6, 2004
Messages
4,748
Location
la bonne vie en Amérique
gadget_lover said:
I think Sub_Umbra is making two invalid assumtions.
1) That virus scanners should detect suspiscious program activity.
2) That this was capable of spreading or infecting other systems.
I don't think we have to make this so personal.Those weren't just my opinions, those are Bruce Schneier's conclusions. That is plain from my post. It wouldn't be fair to give me all the credit. :D Schneier has the chops on the subject of security. His security newsletter is widely read by professionals. He is a very respected author in the security field. He has also distinguished himself in the field of cryptography. Schneier wrote the Blowfish encryption algorithm and co-authored the Twofish algorithm. More importantly (for me, anyway) he seems to make sense most of the time.

As far as your assumption that virus scanners should not detect suspicious program activity -- why not? The root-kits are malicious. They negatively affect the machine and cost the user money, time, business and cause all sorts of problems. Virus scanners detect other things besides viri. "Virus" is just a word the press made popular. Of the seven 'programmed threats' computers face, viri are statistically the smallest threat. Far more worms, for example, are found by "virus scanners" than viri. Far more.

It's certainly not that "virus scanners" can't detect root-kits. Symantec and McAfee both detect Sony's DRM Root-kit now, but as Schneier pointed out, these disks have been infecting machines since mid-2004. Schneier's point was that the people who pay Symantec and McAfee to keep their machines free of infections would probably like to be protected from Sony's root-kit, too. Symantec and McAfee just chose not to do it until they were forced into it by their customers. Perhaps everyone wouldn't want a root-kit detected on their machine(s) by the virus software that they are paying for, but enough want it to scare the poo out of Symantec and McAfee and as I said that software has been changed to now look for and find the root-kit that they chose to ignore for so long.

As far as your assertion that Sony's DRM Root-kit is incapable of infecting other computers -- what would you call a half million infected machines but other computers? Other computers are definitely infected. I think that Schneier is right in his assertion that virus software should go after root-kits that also come from CDs/DVDs. The point is not that these machines were infected by CDs. The point is that they were infected -- and most people don't want a root-kit on their machine. Where is it written that malicious code infecting a machine is only a menace if it comes from the WWW? As previously pointed out, Symantec and McAfee can find root-kits like these without any problem if they choose to do so. When pressed by their customers the fact that the infection was spread by a CD was irrelevant.

To paraphrase Schneier -- The only thing that makes this root-kit legitimate to Symantec and McAfee is that a multinational corporation put it on your computer, not a criminal organization. If the majority of their customers hadn't felt that their virus software let them down, it would have never been enabled to find the root-kit.

Schneier goes on to add:
Bad security happens. It always has and it always will. And companies do stupid things; always have and always will. But the reason we buy security products from Symantec, McAfee and others is to protect us from bad security.

While you may not want this service that is totally doable by your virus software, the majority does and Symantec and McAfee have responded by finally doing what they were paid to do well over a year ago.
 

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,148
Location
Near Silicon Valley (too near)
By "incapable of infecting other computers" I mean that you can install Sony's copy protection on one machine in an office of 100 and it will not spread to any other computers. It is only spread by people who buy a product and disregard the EULA. One might call it a trojan EXCEPT that it says it's copyright enforcement software and that 's what it does.

You and I both know that we are using the term Virus in its loosest form to cover all infectious spread of evil code.

While Schneier's point of view is well respected, he's off base (in my opinion) simply because he is lambasting companies for not going outside their perfomance envelope. When my virus scanner starts to monitor network traffic to analyze possible malware, well that's time to find a new virus scanner.

As for their adding the Sony software to their malware signitures, well THAT's a cop out, bending to the will of the clammoring press. Of the half a million people with this software, I'd bet that a very small fraction knew about it or cared until it hit the news paper. Microsoft enables many more exploits with every patch than Sony did with their software.

To put it bluntly, the virus detection software becomes bloated and inefficent Is it really desirable if it reports every hidden file on the system? Do I want it to do a "zone alarm" and ask me "is this OK" every time a new program sets up a data connection? If McAfee had flagged it as "malware" and quarantined it, would there have been an uprising from people who could no longer play their CDs?

Personally, I don't see Sony as any worse than Oracle, who shipped a product for 2 years that left a root exploit wide open. It's no worse than the intrusion detection systems that have buffer overflows that can be exploited by the very software they are suppposed to detect. It's certainly not as bad as Windows itself, with its history of slowly issuing patches for vulnerabilities that they cause with previous "improvements".

Oh. Soap box again. Sorry.

Sony's faux pas aint no big deal. Stupid politicians making more laws is.

Daniel
 

thesurefire

Flashlight Enthusiast
Joined
Dec 15, 2003
Messages
1,081
Location
U.S.A.
gadget_lover said:
...By It is only spread by people who buy a product and disregard the EULA.

Sony's faux pas aint no big deal. Stupid politicians making more laws is.

IIRC there was nothing in the end user license agreement about the spyware (or whatever you want to call it, I don't think it was a virus/Trojan)

I think Sony's 'faux pas' was a big deal because if they can get away with it, so can other people.

I would agree that stupid politicians making laws is definitely worse for the world then Sony's products.
 

cy

Flashaholic
Joined
Dec 20, 2003
Messages
8,186
Location
USA
gadget_lover said:
By "incapable of infecting other computers" I mean that you can install Sony's copy protection on one machine in an office of 100 and it will not spread to any other computers. It is only spread by people who buy a product and disregard the EULA. One might call it a trojan EXCEPT that it says it's copyright enforcement software and that 's what it does.

You and I both know that we are using the term Virus in its loosest form to cover all infectious spread of evil code.

While Schneier's point of view is well respected, he's off base (in my opinion) simply because he is lambasting companies for not going outside their perfomance envelope. When my virus scanner starts to monitor network traffic to analyze possible malware, well that's time to find a new virus scanner.

As for their adding the Sony software to their malware signitures, well THAT's a cop out, bending to the will of the clammoring press. Of the half a million people with this software, I'd bet that a very small fraction knew about it or cared until it hit the news paper. Microsoft enables many more exploits with every patch than Sony did with their software.

To put it bluntly, the virus detection software becomes bloated and inefficent Is it really desirable if it reports every hidden file on the system? Do I want it to do a "zone alarm" and ask me "is this OK" every time a new program sets up a data connection? If McAfee had flagged it as "malware" and quarantined it, would there have been an uprising from people who could no longer play their CDs?

Personally, I don't see Sony as any worse than Oracle, who shipped a product for 2 years that left a root exploit wide open. It's no worse than the intrusion detection systems that have buffer overflows that can be exploited by the very software they are suppposed to detect. It's certainly not as bad as Windows itself, with its history of slowly issuing patches for vulnerabilities that they cause with previous "improvements".

Oh. Soap box again. Sorry.

Sony's faux pas aint no big deal. Stupid politicians making more laws is.

Daniel

Gadget, I find it amazing that you take the point of view that you do. but everyone is entitled to their opinion.

I've been on Schneier's mailing list for 5+ years. while I don't agree with everything he posts, Bruce has been dead on most of the time.

don't see how you can trivialize something installed on your machine without permission that compromises security of your machine by simply relabeling what ever application you are trying to hide.

Sony IMHO has gotten off with a slap of the wrist by paying damages with basically free downloads that cost them very little. Think of all the corporate dollars that's been spent cleaning up this issue. So essentially Sony has gotten off pretty much scott free.

I do agree with Bruce's view that how in the world would the anti-virus companies not be aware of this? this has been going on since 2004. this infection rates as one of the largest ever.

What Oracle buffer overflow exploit are you referring to that's been unfixed for two years?
 

Sub_Umbra

Flashlight Enthusiast
Joined
Mar 6, 2004
Messages
4,748
Location
la bonne vie en Amérique
gadget_lover said:
...it says it's copyright enforcement software and that 's what it does.
That's your opinion. Remember that Symantec and McAfee have so many paying customers that were up in arms over their limp response to this issue that they had to at least appear to straighten up and fly right or risk dire economic consequences in the marketplace. That is history. It's a done deal. They have changed their policy in response to customer outrage. The opinions of Symantec and McAfee seem to have been similar to yours -- until they realized that many of their customers felt they were being taken for a ride and were really angry about it..

There is a huge difference between copyright enforcement software (as you so charitably put it) and ivasive copyright enforcement software. Sony hasn't figured it out yet but Symantec and McAfee seem to be at least on their way toward getting the message.

Heck, if even the DHS can figure out that root-kits are a threat then there's truly hope for everyone! :D
 
Top