Re: Sony DRM Rootkit (again) and questions about its disclosure...

[Blue Boar <BlueBoar () thievco com>]

Pierre Vandevenne wrote:
> - the Sony "rootkit" isn't a virus, despite the genre confusion
> currently fueled by the medias. I don't expect an anti-virus to detect
> everything that's bad or could be bad for me or my computers. However,
> I'd expect behavioral analysis based rootkit detectors to ring some
> bells.

No, it's not a virus, for the proper definition of virus.  It seems to 
me that relatively little of the malware over the last year or two is 
actual viral.  But AV companies have also detected worms and trojans for 
many years.  Even though spyware is handled pretty much the same as 
other malware, the AV companies put out seperate products for that.  So 
they can charge you again, I suppose?  Point being, that I absolutely 
would expect AV companies to detect this, because it's just like any of 
the other categories they already cover.  In fact, they now do detect 
it, because they have been shamed into doing so.

So they arrived at the right conclusion, the only question is why did 
they wait for months?

> - it did not "infect" computers. While the level of non-disclosure
> about how the program acted was of course inacceptable, it was
> announced and installed in a fairly standard way.

If you could spyware or trojans as "infection" (and don't hold strictly 
to using that term for a proper virus), then yes, they are infected.

No, I have the Van Zant CD.  it says *nothing* on the packaging about 
installing software.

> Also, as far as I know some anti-virus companies independently found out
> but weren't too sure on how to tackle the problem legally. Similar
> situations have been quite ambiguous in the past.

They need to stop being wusses, and detect solely based on behavior, and 
not license.  I want them to go to court instead of settling.  If the 
courts decide to screw us, then so be it.

> Now, the fundamental truth is that it isn't possible to implement copy
> protection mechanisms that would be beyond reproach. I am sure people
> involved in today's operation are fully aware of that. But of course,
> simply saying "we oppose all kind of copy/content protection" isn't
> too politically correct. Better attack it from the sides, for example
> by an "ad absurdum" reduction tactic where content protection will
> ultimately be shown to be intrinsically unsafe. 

It seems to me that there was a brief period in the late 80s, early 90s, 
where everyone got relatively sane with the copy protection.  I've been 
playing the copy protection game since... 1980 on my Apple ][?  25 
years?  Geeze, I'm getting old.  Anyway, there was a period where it 
wasn't a big deal, except for the wacko dongle people.  It has since 
ramped back up, and way surpassed anything that went on back then. 
Thanks, DMCA!

If you insist on having copy protection, then IDA Pro is a good example 
of how to do it nicely.  You punish the paying customer as little as 
possible.  The big media comapnies haven't gotten that message.

                                        BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.