funsec mailing list archives
Re: And another Sony DRM Rootkit question
From: "Mary Landesman" <mlande () bellsouth net>
Date: Thu, 17 Nov 2005 14:41:36 -0500
According to Zone Labs, ZoneAlarm 6.0 'premium' products detected the behavior and blocked the installation of the rootkit: http://download.zonelabs.com/bin/free/pressReleases/2005/pr_17.html Any permission-based firewall, properly configured, should detect the player's phoning home. But I see no reason a firewall should detect the rootkit itself. ZA's premium products do but only because they offer more holistic protection than would a standalone firewall. There's good evidence here that the player was able to phone home A LOT: http://www.doxpara.com/ But, of course, how much of that traffic emanated from rootkitted PCs is anyone's guess. -- Mary ----- Original Message ----- From: "Pierre Vandevenne" <pierre () datarescue com> To: "Larry Seltzer" <larry () larryseltzer com> Cc: <funsec () linuxbox org> Sent: Thursday, November 17, 2005 1:17 PM Subject: Re: [funsec] And another Sony DRM Rootkit question Good Day, LS> I don't actually have any of the evil CDs, so I can't test this. Does anyone LS> know? I was actually thinking about getting some, they'll soon be collector's items. Unless they start protecting chamber music CDs I fell I'll always be a step behind in that race ;^) And I was also wondering about the reactions of third party firewalls such as Zone Alarm, etc... Did they, in practice, warn the normal users that something wierd was going on. -- Best regards, Pierre mailto:pierre () datarescue com www.datarescue.com - home of the IDA Pro Disassembler. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Sony DRM Rootkit (again) and questions about its disclosure... Fergie (Nov 17)
- And another Sony DRM Rootkit question Larry Seltzer (Nov 17)
- Re: And another Sony DRM Rootkit question Pierre Vandevenne (Nov 17)
- RE: And another Sony DRM Rootkit question Larry Seltzer (Nov 17)
- Re: And another Sony DRM Rootkit question Mary Landesman (Nov 17)
- Re: And another Sony DRM Rootkit question Pierre Vandevenne (Nov 17)
- Re: Sony DRM Rootkit (again) and questions about its disclosure... Pierre Vandevenne (Nov 17)
- Re: Sony DRM Rootkit (again) and questions about its disclosure... Blue Boar (Nov 17)
- Re[2]: Sony DRM Rootkit (again) and questions about its disclosure... Pierre Vandevenne (Nov 17)
- Sony DRM Rootkit samples Jochen (Nov 21)
- RE: Sony DRM Rootkit samples Larry Seltzer (Nov 21)
- Re: Sony DRM Rootkit samples Jeff Kell (Nov 21)
- RE: Sony DRM Rootkit samples Larry Seltzer (Nov 21)
- Re: Sony DRM Rootkit (again) and questions about its disclosure... Blue Boar (Nov 17)
- And another Sony DRM Rootkit question Larry Seltzer (Nov 17)