Sony's Rootkit Benefits WOW Hackers
Posted by dw2003 on 04 November 2005 - 21:09 · 57 comments & 9406 views
About the Author
Full name: Unknown
Forum name: dw2003
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name: dw2003
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
#1 Posted by ~WinGz~ on 04 Nov 2005 - 21:19
- wow, good job sony you idiots, making hacking so much easier for the newb community.
-
(5 replies)
#2 Posted by silversurferkj on 04 Nov 2005 - 21:29
- So does windows that allows hacks for any game but you don't write news about that now do you..
-
#2.1 Posted by Shadrack on 04 Nov 2005 - 23:10
- I 100% agree with you.
This is a problem with Windows 2 fold -
1. Windows shouldn't be hiding any processes from you if you are an administrator and want to know what the heck is running.
2. Windows shouldn't allow programs such libral rights to other programs for them to actually be able to know what else is running. A 3rd party program has no right to know that I have Outlook open for instance.
I think all this news is just showing how shakey the Windows platform really is. -
#2.2 Posted by Gumboot on 04 Nov 2005 - 23:34
- 1. Windows isn't hiding anything... the rootkit installs itself as a driver and then patches the Win32 API. Windows, like many other operating systems, is designed to give complete control to any code running with administrative priviledges. (Note however that Windows x64 disallows this type of patching).
2. I find it ironic that the windows team at Microsoft worked for ten years to make apps on Windows more powerful, and then they have to spend the next ten years making apps less powerful! -
#2.3 Posted by threedaysdwn on 04 Nov 2005 - 23:45
- Shadrack...
1. Windows isn't doing the hiding. Sony is patching at the kernel level to hide items from you. Read the write-up at SysInternals.com to get an idea of what they've done.
2. Think about that for a second. You're saying that no program should be allowed to know what other programs are running? So how are they going to interact with each other? If someone writes a tool that relies on Windows Desktop Search, for example, they need to be able to check to see if WDS is running before they try to query the indexer.
And that's just one example.
You could make an argument that you, as an advanced user, should have the ability to disallow certain programs from taking such action. But then things get really complicated. -
#2.4 Posted by Shadrack on 05 Nov 2005 - 00:47
- keeping with the format :p ...
1. Well why does Windows let patching at the kernel level happen? I guess that is why it is considered a virus.
QUOTE 2. Think about that for a second. You're saying that no program should be allowed to know what other programs are running? So how are they going to interact with each other? If someone writes a tool that relies on Windows Desktop Search, for example, they need to be able to check to see if WDS is running before they try to query the indexer.
2. There needs to be a standard API for programs that need this ability. I like what you can do with addon programs that interact with iTunes/Winamp/Outlook, don't get me wrong. They extend the functionality that I'm wanting. However, I think there should be a standard API for programs to communicate to each other that doesn't involve looking up or searching through the running processes for a particular task. A "plugin" program trys to work through the API to talk to iTunes, it gets no response back...ohh it must not be running. NOT: "hey windows, is iTunes running? Windows: no but winamp is..."
-
(1 reply)
#3 Posted by Lexcyn on 04 Nov 2005 - 21:47
- Ouch. That sucks. Now people are going to be teleporting around the world and flying with their horse.
-
#4 Posted by Danrarbc641 on 04 Nov 2005 - 22:26
- Gee. Thanks Sony.
Your rootkit completely screws over you computer if you try to remove it, and now it allows for cheating in online games.
Great job
-
#5 Posted by ElectricDemon on 04 Nov 2005 - 22:45
- bah, it's only a game eh? a bit of fun?
-
(2 replies)
#6 Posted by TRC on 04 Nov 2005 - 23:14
- This keeps getting better and better. I hope they get embarrased (or sued) out of business.
-
#6.1 Posted by Ghostdraconi on 04 Nov 2005 - 23:23
- It would be funny if Blizzard sued them
-
(5 replies)
#7 Posted by S7R1K3R on 04 Nov 2005 - 23:22
- i should sue for ruining my online gaming experience. and then im gonna purposly try to remove it and when it screw up windows i should sue again for loss of data. i didnt even agree to a EULA for them to put software on my computer.
-
#7.3 Posted by Smigit on 05 Nov 2005 - 05:41
- then sue again for the 2 minutes you wasted posting that post thanks to the mental trauma they have caused you.
-
#7.4 Posted by pdog on 05 Nov 2005 - 06:22
- theres probably a liscense agreement in the cd case somewhere. Anyways, they could be sued for invasion of privacy, you would easily win.
-
(1 reply)
#8 Posted by Buttus on 04 Nov 2005 - 23:26
- wow, i think i might start playing warcraft! now that Sony has made it easy to cheat in it, there's no reason not to!
-
(4 replies)
#9 Posted by Surrieall on 05 Nov 2005 - 00:02
- "This just in, Sony's rootkits cause AIDS!"
Didn't think it would go this far lol, I'm sure Blizz will release a patch soon. -
#9.1 Posted by TRC on 05 Nov 2005 - 00:51
- Is there any way that Blizzard can patch it?
Last edited by 122701 on 05 Nov 2005 - 02:19 -
#9.2 Posted by Lexcyn on 05 Nov 2005 - 02:33
- Yes. They can patch the Warden program to detect rootkits installed on your system. However, I'm not sure this will be a good thing ... what happens if they detect the rootkit that Sony installs as a cheat? Then everyone who has purchased just a music CD gets banned for no reason.
-
#9.3 Posted by pdog on 05 Nov 2005 - 06:28
- what they could do is use the b2b backchannel and get how to remove the rootkit details from sony. Then when Warden runs, and it detects the rootkit, it uses it's own method to uninstall it (at least the one sony gave them).
-
#9.4 Posted by Dairyface69 on 05 Nov 2005 - 08:31
- Also i think it would be a bad idea if Warden starts scanning my kernal for stuff.
Bluescreens anyone?
-
(2 replies)
#10 Posted by GCNaddict on 05 Nov 2005 - 01:19
- could this be used for cs source cheats?
-
#10.1 Posted by advancedboy on 05 Nov 2005 - 02:19
- This might be discovered tomorrow
-
#11 Posted by SimplyPotatoes on 05 Nov 2005 - 02:24
- yea
-
(10 replies)
#12 Posted by matt74441 on 05 Nov 2005 - 02:44
- Its sort of hard to point the finger at just Sony, Microsoft is irresponsible for allowing their Operating Systems to allow such a patch to be installed.
-
#12.2 Posted by Smigit on 05 Nov 2005 - 05:43
- yeah, and its the record stores fault for selling the cd and our fault for using it
Clearly its Sony's fault, I dont see how its microsofts.
I do wonder what other companies may have done a similar thing without people knowing. -
#12.3 Posted by rm20010 on 05 Nov 2005 - 08:14
- I think EVERYONE posting in this thread should point their bloody fingers at the COMPANY THAT DEVELOPED THE ROOTKIT. Sony didn't develop it but was stupid enough to use it in their CDs. I wonder if they really knew what the rootkit did.
-
#12.4 Posted by rIaHc3 on 05 Nov 2005 - 09:04
- matt74441 - Im shocked you just said that...Very antiMS and straight trolling. Ive known you as a pretty good mod since you were made one; dont let the power hunger get to you man because trolling is also against the rules on Neowin.
-
#12.5 Posted by your_muther on 05 Nov 2005 - 11:16
- rIaHc3 - Your so far off on what his actual comment is its unfunny, matt74441is far from trolling or making antiMS comments, its is ridiculous that Microsoft allows patching of the kernel, which cant be undone. Its basically screwing your PC due to microsoft allowing its main kernel to be modified, so to say its not just sony's fault but also microsofts is more then a fair comment to make!
-
#12.6 Posted by TRC on 05 Nov 2005 - 15:10
QUOTE so to say its not just sony's fault but also microsofts is more then a fair comment to make!
I still don't think it's Microsoft's fault that someone else released malicious software that damages their OS. Do you really think they sat down and said "Hey I think we should allow patching of the kernel so our OS will be more insecure". I'm sure at least at one time there were legitimate reasons for this feature. I'm also sure it will not be an issue in Vista and maybe even a patch for XP. What is Sony doing to fix the problem now that they know about it? NOTHING.-
#12.7 Posted by rakiner on 05 Nov 2005 - 21:03
- Don't unsigned visual themes in windows xp require kernel patching to work?
-
#12.9 Posted by Mathiasdm on 06 Nov 2005 - 20:22
- Look, guys, Microsoft can't really do much about it. Rootkits like this exist for all kinds of operating systems.
I don't know much about 'kernel patching', but I think Microsoft didn't do anything wrong with this one. -
#12.10 Posted by mram on 06 Nov 2005 - 22:13
- Lets sue car manufacturers for allowing us to ram our vehicles into people.
Better yet, lets sue gun companies for allowing the guns to shoot people.
....No.
The tool, in this case: Windows, can do many things. Many times being able to install drivers, software, etc at the kernel level is beneficial. Many times it is not. The fault is not with the manufacturer of the tool, it is really in the education of the end user. Use the same logic with all the examples I gave above.
As for it being "rediculous" that MS allow patching of the kernel ... well, there are not many OS's that do not allow that today, to some degree, that are mainstream. Consider that.
-
#13 Posted by obiwankenobi on 05 Nov 2005 - 03:45
- wow, like we didn't see this one coming! I've been keeping up with the story....sony makes me sick!
-
(1 reply)
#14 Posted by Computer Guru on 05 Nov 2005 - 05:34
- Comment Removed.
Not on my watch...
--matt74441
Last edited by 33280 on 05 Nov 2005 - 06:55 -
#14.1 Posted by Computer Guru on 05 Nov 2005 - 07:09
- lol, was joking
-
#15 Posted by pdog on 05 Nov 2005 - 06:23
- most rootkits can do this, people that cheat are mostly scrip-kiddies, and don't even know what a rootkit is, they just run a program and cheat!
-
#16 Posted by fubarshibby on 05 Nov 2005 - 09:21
- Hmmm... Me likes it here on my Mac mini and iBook.
-
(1 reply)
#17 Posted by aStRaLgOd on 05 Nov 2005 - 13:03
- And people get just so outraged on how far Blizzard goes... I dunno, I think people can be just so hypocritical...
-
#17.1 Posted by Computer Guru on 05 Nov 2005 - 13:50
- not really, I think Blizzard is dumb for installing spyware, but i see their POV
Sony is just downrigth evil
-
#18 Posted by disturb3d on 05 Nov 2005 - 14:59
QUOTE Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.
Thanks for the info
-
(1 reply)
#19 Posted by icecaveman on 06 Nov 2005 - 00:20
- Blizzard should sue them for billions, that should teach Sony not to mess with Windows
-
#19.1 Posted by toadeater on 06 Nov 2005 - 19:57
- This article focuses on WoW, probably because the author isn't familiar with the rest of the MMORPG market, the same technique can be used to cheat in Sony's MMORPGs! Sony didn't just screw Blizzard, they screwed themselves.
The bad thing about this is that others will learn from this technique, so we'll see more of it in the future. I guess if you consider how this all started, it's all Microsoft's fault again, for having such an insecure OS. Why does Windows allow hidden directories to be created in the first place? Why doesn't Windows Task Manager show all processes?
-
#20 Posted by EduardValencia on 06 Nov 2005 - 20:20
- wohiooo great sony,your doom is near
-
#21 Posted by Code Red on 07 Nov 2005 - 06:26
- &sys& eh..
-
(2 replies)
#22 Posted by Airlink on 07 Nov 2005 - 16:07
- Ok, I'm only going tosay this once:
It's Not A Rootkit.
If it really were a rootkit, it would be undetectable. Calling Sony's DRM a rootkit is like calling a VW a BMW. The one may resemble the other, but that doesn't make them the same.
-
#22.1 Posted by toadeater on 07 Nov 2005 - 17:08
- Don't say "I'm going to say this once" unless you know what you're talking about.
-
#22.2 Posted by spader on 07 Nov 2005 - 20:02
- Good thing you didnt compare the VW to an Audi cos they are the same. Well mostly.
The thing is that anything that you install on your computer that gives you no indication that it is installing and hides itself so you dont know its running is classed as a rootkit. Do you know exactly what Sony can do with this software? Are they able to connect to your computer and remove any MP3's on your system from their artists? or gather the information and supply it to the RIAA?
If it just installed but didnt hide and didnt screw up your computer when you try to remove it it would be Malware.
What would you class it as if NOT a rootkit?
Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.
When contacted for input on the issue, a Mozilla spokesperson said that with 35 languages across 3 supported platforms (Windows, Linux, and Mac) the list of bugs suspected and reported via the Bugzilla reporting and tracking tool can sometimes be massive. The spokesperson went on to state that while the Bugzilla lists can often be overwhelming, a significant number of submitted reports often times just don’t contain enough information to be of assistance when it comes to tracking down a particular problem. As I witnessed myself, there are pages of comments on this bug alone, and many of them contain no technical information to assist the developers, but merely contain frustrated comments such as “this was broke back in version x.xx and it’s still broken, when will it be fixed.” While it is understandable that posts like that are submitted by users who are at the time, frustrated with the situation, it is also true that they provide no value whatsoever to the bug tracking process. The Mozilla spokesperson also stated that of those issues reported, first priority has and will always be security issues, and then issues that are more widespread and have the potential to disrupt the usefulness of the product to the most users, which is understandable.
In the end, this bug has existed for quite some time, and Mozilla is aware of it. However it only rears its ugly head twice a year, at the change to and from Daylight Savings Time, and coupled with the fact that not everyone observes Daylight Savings Time, it just doesn’t get enough attention from the end user to warrant investing a lot of time and resources in to fixing, at least not in the current release of the software. The Mozilla spokesperson did say that v1.5 is due out in this quarter, which is rapidly drawing to a close, and that Release Candidate 1 would be released very soon. With so many changes in this new version including some significant security enhancements such as anti-phising protection, the spokesperson said that it is possible that this issue may become a non-issue once v1.5 is released. Will it be fixed in v1.5? We’ll keep you posted.