Will Eset add detection for Sony's "rootkit"?

Discussion in 'NOD32 version 2 Forum' started by sir_carew, Nov 4, 2005.

Thread Status:
Not open for further replies.
  1. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello,
    As many can know, Sony introduced a type of "rootkit" to protect some of its CD from being pirated.
    Here's the link that said others AV added detection: http://news.zdnet.co.uk/0,39020330,39235702,00.htm
    My question is, will Eset add detection for this malware in its database?

    Thanks very much.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,742
    Location:
    Texas
  3. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    haha, DONT ASK FOR DATES :D
     
  4. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Lets see. Maybe yes, Happy Bytes should probably add Sony's specific rootkit detection too, as he is very committed to adding rootkits as well to NOD32's database (which is a good thing) :). Maybe he's named it Win32.Rootkit.SonyDRM :D

    A rootkit is a rootkit, legal or not.
     
  6. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Totally agreed with you.
    AVs should add signatures for malware even if it was made by Sony, Microsoft, FBI or a simply person.

     
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    The classification of any piece of software that has a "legitimate" purpose as malware must surely be a sticky point... ESPECIALLY if you consider the size of the legal clout wielded by the large corporations such as Sony...

    I'm not a lawyer, but I'd reckon that any AV provider that labelled Sony's "protection" system as a removable malware would fall immediately into the classification of companies that are top of the "let's sue these fine folks" - but perhaps not...

    If I was in a fairly small AV solution provider's position, I'd probably have a much clearer idea of how much, if any, legal recourse a company like that has when classification as mentioned would occur... without having any legal certainties - I'd probably be 2nd in line to make that call - NOT FIRST! ;)
     
  8. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
  9. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O

    this is a rootkit,it is stealth installed.. if an antivirus program adds detection/ removal of a stealth installed rootkit then sony would lose the case. an av's job is to protect its users, right?

    btw sony admitted guilty: there is a patch out to correct this..
     
  10. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    I thought the patch just unhid the files and to actually remove the product you have to call CS.

    Besides, 90% of the users who play these Sony cd's will not apply the fix.
     
  11. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada

    your considered opinion is duly noted - I also noted that you failed to supply your legal credentials, so I'll reserve judgement until some REAL legal expert chimes in...
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    A real legal expert would likely reserve judgement pending a review by a real technical expert - and I doubt many could plausibly deny Mark Russinovich's claim to that title.
     
  13. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Well said, true it always works like this.
     
  14. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Do you seriously think that the law follows technical experts so closely? It more often follows ruling in TEST CASES - these can be considered completely clear-cut by industry experts - but the ruling of a judge generally decides the fate of motion, and once precendences are set, they steer future similar legal actions until challenged.

    The point being, that the first legal "opinion" isn't always the same as the final outcome, and not even the same as "expected" by industry "experts".

    I take no issue with Mark Russinovich's determination as the legitimacy, or the determination as to the nature of the software, but if you REALLY think that one experts opinion will determine the eventual outcome in any legal cases, I'd have to say you have little concept of how the world works in real life.
     
    Last edited: Nov 5, 2005
  15. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    In technical areas, yes.
    Precedence is key - but how do you think test cases are decided if technical experts are not called upon?
    I didn't say that - I said that technical, rather than legal expertise was the key issue in cases like this. Doubtless if this came to court, both prosecution and defence will call upon technical witnesses and for something with as much public impact as this, there would be numerous amicus curiae filings by third parties also. So it would not come down to one person's judgement at all.
     
  16. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    lol - it would be an interesting test case - one can only imagine what "experts" that Sony would roll out if it ever went to court, but you can bet they would - highly paid, highly credible and highly in-favour of type of techology that would be practically "on-trial" (in the legal sense).

    It's getting too off-topic for this forum - so we should leave it be here... but I take your point, I still think that it would NOT be a small AV solutions provider to make cast the first stone - but I'm sure many will join in once the first pebble has been tossed... and I say - gimme a stone... ;)
     
  17. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    They may be going to court soon. http://blogs.zdnet.com/Spyware/index.php?p=697
     
  18. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    yep - it's getting interesting... but I'll not hold my breath on the topic of some attorney talking about a class action - there is ALWAYS some attorney talking about a class action when they sniff a few dollars... ;)
     
  19. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    The link I posted also makes reference to the opinion of a law professor for what it's worth.
     
  20. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I know - Eric Goldman flip-flopped from his earlier opinion that it wasn't spyware, to now thinking that it is spyware... don't you love academics ...

    From Eric Goldman's Blog: http://blog.ericgoldman.org/archives/2005/11/is_sonys_drm_sp.htm

    "bad actors" - call them what they are - MALWARE WRITERS or something else - but they are NOT actors... what a ridiculous terminology the law uses ...


    Possibly - but these are the standards that MUST be applied to all software these days - anything that lets in an intruder, aids an intruder, or hinders the detection of an intruder is BAD NEWS - I don't care if it came as part of a DRM solution, database, graphics program, or GAME... a badly written, exploitable piece of code is a big problem!

    Then lets stick to "ineptware" - it's a more accurate term for the junk code released with no thought as to it's implications. How about "idiot programmer ware", or "ill-conceived ware", or "exploitable software" - I don't care what it's called, but users must have a way of detecting and removing it...

    The fact it was installed with a call-home feature, it wasn't disclosed in the EULA, it doesn't have a remove feature, and it's been proven both exploitable AND unstable, *AND* the distributors and authors continue to proclaim their innocence and bury their heads in the sand over the issues and POTENTIAL for exploit of the software is where it starts to get even worse....

    I hope some attorney DOES sue these fools...
     
    Last edited: Nov 9, 2005
  21. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Let the legal games begin!
     
  22. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Good to see
     
  23. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Looks like most of the "big guns" of the AV industry are detecting it.....maybe NOD too o_O
     
  24. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
  25. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
Thread Status:
Not open for further replies.