Page 6 of 9 FirstFirst ... 23456789 LastLast
Results 51 to 60 of 89

Thread: Sony DRM

  1. #51
    Junior Member
    Join Date
    Nov 2005
    Posts
    25

    Default

    FYI, from the Microsoft Anti-Malware team:
    "Detection and removal will also be added to the December release of the Malicious Software Removal Tool which will be released the second Tuesday of December. We also wanted to take a moment to confirm that we are not removing or disabling Sony’s XCP software. We are only removing the rootkit component published by First 4 Internet which is included as part of Sony’s XCP software. We will continue to monitor the situation and react as conditions change. There has also been quite a bit of discussion on the web around the ActiveX control that was later released by First 4 Internet and Sony to neutralize the rootkit. The ActiveX control has been cited with a variety of issues / vulnerabilities and it was quickly pulled off of the Sony site. If you have concerns with this ActiveX control it can be blocked by following the directions at the MSRC blog." http://blogs.technet.com/antimalware...005/11/17.aspx

    It also apppears that one of the other Copy Protection schemes that SonyBMG uses, SunnComm DRM, has big problems also. See the post: "Not Again! Uninstaller for Other Sony DRM Also Opens Huge Security Hole" at: http://www.freedom-to-tinker.com/
    Last edited by el cpu; 2005-11-18 at 19:31.

  2. #52
    Junior Member
    Join Date
    Nov 2005
    Posts
    4

    Default

    I'm inclined to agree with CA's list of reasons for detecting XCP:

    Installs without user permission, presenting only a vague and misleading EULA
    Changes system configuration without user permission at time of change.
    Defends against removal of, or changes to, its components
    Silently modifies other programs' information or website content as displayed.
    Includes mechanisms to thwart removal by security or anti-spyware products.
    Cannot be uninstalled by Windows Add/Remove Programs and no uninstaller is provided with application.

    Perhaps Spybot needs a separate category of "rootkit" for software that hides files or processes from the administrator of the computer, even if the software doesn't do anything else malicious. I'm inclined to believe that most people don't want rootkits on their computers, regardless of who put them there and why.

  3. #53
    Junior Member
    Join Date
    Nov 2005
    Posts
    8

    Exclamation

    Quote Originally Posted by zak.wilson
    I'm inclined to agree with CA's list of reasons for detecting XCP:

    Installs without user permission, presenting only a vague and misleading EULA
    Changes system configuration without user permission at time of change.
    Defends against removal of, or changes to, its components
    Silently modifies other programs' information or website content as displayed.
    Includes mechanisms to thwart removal by security or anti-spyware products.
    Cannot be uninstalled by Windows Add/Remove Programs and no uninstaller is provided with application.

    Perhaps Spybot needs a separate category of "rootkit" for software that hides files or processes from the administrator of the computer, even if the software doesn't do anything else malicious. I'm inclined to believe that most people don't want rootkits on their computers, regardless of who put them there and why.
    I completely agree...ITS TIME!!!

    I will need to be able to recommend an effective tool to protect users, for my family, friends, coworkers and customers...will Spybot be up to the task, or bow to corporate poison?

    Right now CA's PestPatrol seems to be the only product I can recommend for effective spyware protection..unless Spbot steps up to the plate and blocks not only the rootkit but XCP entirely.

    Personally, I don't want a single shred of DRM installed on my machines for any reason. If something I want to watch or listen to is DRM'd, I don't need it!

  4. #54
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default Suicide by Root Kit removal

    At this point I'm less inclined then ever to suggest that any anti-malware product attempt this removal, since Sony now displays the following on their page regarding uninstalls:
    November 15th, 2005 - We currently are working on a new tool to uninstall First4Internet XCP software. In the meantime, we have temporarily suspended distribution of the existing uninstall tool for this software. We encourage you to return to this site over the next few days. Thank you for your patience and understanding.
    http://cp.sonybmg.com/xcp/english/form14.html

    Only if this new uninstaller doesn't become available in a reasonable time frame (a couple weeks for development and testing) and/or doesn't truly remove the software completely and safely at that point should this be considered.

    Until then, only removal of the hidden attribute of the 'Root Kit' technology and blocking of the problematic ActiveX control used with the earlier uninstaller should be considered. In fact, I feel that removing the hidden attribute is itself dangerous, since some users may then attempt to delete the files manually, which is known to be dangerous to the stability of the PC.

    In addition, this cooling off period gives Team Spybot time to thoroughly test the detection and removal process on multiple platforms for all variants of the software currently known to exist, if they are indeed working on such a thing at all. If such removal is attempted, the potential for failure and damage to a PC is the responsibility of those removing it, not Sony.

    By declaring this DRM package 'malware' some will feel they are justified to remove it, safely or not. Those who do this and fail will find out how quickly the public can turn on them since the last thing the user did was 'scan and fix' with their program, they won't care what was being removed or what disclaimers the software contains about such possibile damage.

  5. #55
    Junior Member
    Join Date
    Nov 2005
    Posts
    8

    Default

    I completely understand not removing it at this point, but I'd like to see it added to the immunization database to prevent installation in the future.

    I'd be inclined to wipe my hard drive and reinstall my system to get rid of it.
    Last edited by BigRedNeck; 2005-11-21 at 15:35.

  6. #56
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,777

    Default

    Hello.
    Regarding Spybot-S&D detections, team is aware of and looking into the subject matter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #57
    Junior Member
    Join Date
    Nov 2005
    Posts
    4

    Default

    Quote Originally Posted by bitman
    In addition, this cooling off period gives Team Spybot time to thoroughly test the detection and removal process on multiple platforms for all variants of the software currently known to exist, if they are indeed working on such a thing at all. If such removal is attempted, the potential for failure and damage to a PC is the responsibility of those removing it, not Sony.

    By declaring this DRM package 'malware' some will feel they are justified to remove it, safely or not. Those who do this and fail will find out how quickly the public can turn on them since the last thing the user did was 'scan and fix' with their program, they won't care what was being removed or what disclaimers the software contains about such possibile damage.
    I agree with you that any potentially dangerous removal routine should be tested before being released to the general public. If the Spybot team needs to take its time to make sure the removal works properly, they should do so. My point is simply that rootkits are malware, regardless of who's using them or why.

    As for XCP itself, my understanding of the software is that it interferes with the way the OS normally accesses the CD drive, and it sends information to Sony without telling the user. The EULA might say they can do it, but most peolpe don't accept that excuse from Gator/Claria; why should we accept it from Sony?

  8. #58
    Junior Member
    Join Date
    Nov 2005
    Posts
    25

    Default

    Bitman:

    I have followed your posts on this thread with interest as your opinions have differed from those of the anti-malware community. Bear with me please, ... I quote:

    Nov 1: Mark's article is an opinion, not an indication of any illegal activity [by Sony]
    Nov 1: Though Mark doesn't like the way they implement that protection for technical reasons, they [Sony] are totally within their rights
    Nov 1: I'd rather not see any reputable antispyware organization take the position of removing such software… All that will do is…. tie up resources that would be better spent fighting 'true' malware
    Nov 3: Though it's badly written and may create a potential hiding place for true malware, nothing described has made this program itself malware
    Nov 17: At this point it's also obvious that anti-malware developers will have to become involved in the cleanup effort
    Nov 21: At this point I'm less inclined then [sic] ever to suggest that any anti-malware product attempt this removal, since Sony now displays...

    All of us are entitled to our opinions of course, but personally I am glad to see Tashi’s post above. The Sony rootkit has been classified as malware by nearly all AntiVirus/AntiMalware companies and most have added it to their detections already; Computer Associates, Symantec, McAfee, and Microsoft AntiSpyware, to name a few. Your last post is entitled "Suicide by Root Kit removal"... are all those companies wrong? Relying exclusively on a Sony uninstaller for the complete XCP might work for those that know they are infected but will do nothing for those that do not - isn't that what anti-malware programs are about, to detect and warn about existing malware that the user may not be aware of? Agent O said it well in a previous post, quote: “Contrary to bitman's position above, I am personally of the opinion that Sony should not be held to a lower ethical standard merely because they are big. I think this should be added to the [Spybot] definitions. Covert malware like this is unacceptable, no matter who makes or distributes it; and I would hope that any reputable antispyware solution would also feel the same way.”

    p.s. to all readers, Nancy McAleavey has a new post on her site http://www.dozleng.com/updates/topic7048 that addresses the concerns I mentioned in an earlier post… Russinovich’s concerns, not mine, although I am the one that quoted them. Nancy has addressed them well. Also fyi "The Electronic Frontier Foundation filed a class-action lawsuit against SonyBMG on Monday. It's the second legal challenge to SonyBMG in one day. The attorney general for Texas also filed a suit against the music giant for allegedly violating the Consumer Protection Against Computer Spyware Act of 2005."
    Last edited by el cpu; 2005-11-22 at 02:34.

  9. #59
    Junior Member
    Join Date
    Nov 2005
    Posts
    4

    Default

    Quote Originally Posted by el cpu
    The Sony rootkit has been classified as malware by nearly all AntiVirus/AntiMalware companies and most have added it to their detections already; Computer Associates, Symantec, McAfee, and Microsoft AntiSpyware, to name a few. Your last post is entitled "Suicide by Root Kit removal"... are all those companies wrong? Relying exclusively on a Sony uninstaller for the complete XCP might work for those that know they are infected but will do nothing for those that do not - isn't that what anti-malware programs are about, to detect and warn about existing malware that the user may not be aware of?
    Symantec detects it as a security risk, not as malware. They provide a removal tool, but recommend that you use Sony's instead. Microsoft detects and removes the cloaking, but not XCP itself. McAfee removes the cloaking, but not the copy protection. CA detects all varients of XCP as trojans, but their website doesn't make it clear if it is properly removed or not. They also classify the included music player program as spyware because it phones home without telling the user.

    Of these, I think CA's attitude is the most appropriate. I suspect they don't provide a fully functional uninstaller because they haven't properly tested it yet, not because they don't want to. Symantec and McAfee appear to believe XCP is legitimate, but a potential security risk. Microsoft condems the rootkit functionality, but seems ok with the rest of it. Only CA condems the whole package.

  10. #60
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,777

    Default

    Quote Originally Posted by el cpu
    Bitman:
    Your last post is entitled "Suicide by Root Kit removal"... are all those companies wrong?
    I believe bitman was considering that in the rush to find a fix there was the potential to cause even more damage.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •