Will Eset add detection for Sony's "rootkit"?

Hello,
As many can know, Sony introduced a type of "rootkit" to protect some of its CD from being pirated.
Here's the link that said others AV added detection: http://news.zdnet.co.uk/0,39020330,39235702,00.htm
My question is, will Eset add detection for this malware in its database?

Thanks very much.

 

haha, DONT ASK FOR DATES

 

Hi ronjor,
Yes, I read that, but my question is if Eset will add specific detection to this threat. Like others rootkit as Win32/Rootkit...

Take care,
Andre

 

Lets see. Maybe yes, Happy Bytes should probably add Sony's specific rootkit detection too, as he is very committed to adding rootkits as well to NOD32's database (which is a good thing) . Maybe he's named it Win32.Rootkit.SonyDRM

A rootkit is a rootkit, legal or not.

 

Totally agreed with you.
AVs should add signatures for malware even if it was made by Sony, Microsoft, FBI or a simply person.

 

The classification of any piece of software that has a "legitimate" purpose as malware must surely be a sticky point... ESPECIALLY if you consider the size of the legal clout wielded by the large corporations such as Sony...

I'm not a lawyer, but I'd reckon that any AV provider that labelled Sony's "protection" system as a removable malware would fall immediately into the classification of companies that are top of the "let's sue these fine folks" - but perhaps not...

If I was in a fairly small AV solution provider's position, I'd probably have a much clearer idea of how much, if any, legal recourse a company like that has when classification as mentioned would occur... without having any legal certainties - I'd probably be 2nd in line to make that call - NOT FIRST!

 

Maybe off topic, but related. A good analyze of this malware.
Sony, Rootkits and Digital Rights Management Gone Too Far

 

this is a rootkit,it is stealth installed.. if an antivirus program adds detection/ removal of a stealth installed rootkit then sony would lose the case. an av's job is to protect its users, right?

btw sony admitted guilty: there is a patch out to correct this..

 

I thought the patch just unhid the files and to actually remove the product you have to call CS.

Besides, 90% of the users who play these Sony cd's will not apply the fix.

 

your considered opinion is duly noted - I also noted that you failed to supply your legal credentials, so I'll reserve judgement until some REAL legal expert chimes in...

 

A real legal expert would likely reserve judgement pending a review by a real technical expert - and I doubt many could plausibly deny Mark Russinovich's claim to that title.

 

Well said, true it always works like this.

 

Do you seriously think that the law follows technical experts so closely? It more often follows ruling in TEST CASES - these can be considered completely clear-cut by industry experts - but the ruling of a judge generally decides the fate of motion, and once precendences are set, they steer future similar legal actions until challenged.

The point being, that the first legal "opinion" isn't always the same as the final outcome, and not even the same as "expected" by industry "experts".

I take no issue with Mark Russinovich's determination as the legitimacy, or the determination as to the nature of the software, but if you REALLY think that one experts opinion will determine the eventual outcome in any legal cases, I'd have to say you have little concept of how the world works in real life.

 

In technical areas, yes.

Precedence is key - but how do you think test cases are decided if technical experts are not called upon?

I didn't say that - I said that technical, rather than legal expertise was the key issue in cases like this. Doubtless if this came to court, both prosecution and defence will call upon technical witnesses and for something with as much public impact as this, there would be numerous amicus curiae filings by third parties also. So it would not come down to one person's judgement at all.

 

lol - it would be an interesting test case - one can only imagine what "experts" that Sony would roll out if it ever went to court, but you can bet they would - highly paid, highly credible and highly in-favour of type of techology that would be practically "on-trial" (in the legal sense).

It's getting too off-topic for this forum - so we should leave it be here... but I take your point, I still think that it would NOT be a small AV solutions provider to make cast the first stone - but I'm sure many will join in once the first pebble has been tossed... and I say - gimme a stone...

 

They may be going to court soon. http://blogs.zdnet.com/Spyware/index.php?p=697

 

yep - it's getting interesting... but I'll not hold my breath on the topic of some attorney talking about a class action - there is ALWAYS some attorney talking about a class action when they sniff a few dollars...

 

The link I posted also makes reference to the opinion of a law professor for what it's worth.

 

I know - Eric Goldman flip-flopped from his earlier opinion that it wasn't spyware, to now thinking that it is spyware... don't you love academics ...

From Eric Goldman's Blog: http://blog.ericgoldman.org/archives/2005/11/is_sonys_drm_sp.htm

"bad actors" - call them what they are - MALWARE WRITERS or something else - but they are NOT actors... what a ridiculous terminology the law uses ...

Possibly - but these are the standards that MUST be applied to all software these days - anything that lets in an intruder, aids an intruder, or hinders the detection of an intruder is BAD NEWS - I don't care if it came as part of a DRM solution, database, graphics program, or GAME... a badly written, exploitable piece of code is a big problem!

Then lets stick to "ineptware" - it's a more accurate term for the junk code released with no thought as to it's implications. How about "idiot programmer ware", or "ill-conceived ware", or "exploitable software" - I don't care what it's called, but users must have a way of detecting and removing it...

The fact it was installed with a call-home feature, it wasn't disclosed in the EULA, it doesn't have a remove feature, and it's been proven both exploitable AND unstable, *AND* the distributors and authors continue to proclaim their innocence and bury their heads in the sand over the issues and POTENTIAL for exploit of the software is where it starts to get even worse....

I hope some attorney DOES sue these fools...

 

Let the legal games begin!

 

Good to see

 

Looks like most of the "big guns" of the AV industry are detecting it.....maybe NOD too

 

ESET should add dection for this rootkit. Read this New backdoor program uses Sony rootkit.

 

Here's more
http://today.reuters.com/news/newsA...4821Z_01_ARM058018_RTRUKOC_0_US-SONY-HACK.xml