VideoHelp Forum




Closed Thread
Page 1 of 2
1 2 LastLast
Results 1 to 30 of 53
  1. Member
    Join Date
    Oct 2004
    Location
    United States
    Search Comp PM
    Microsoft has released a Critical Patch to deal with the Sony Rootkit Virus. (Yes it is a virus by any rational definition). Read more about it here
    http://news.zdnet.com/2100-1009_22-5993789.html?tag=nl.e589

  2. It is truly ironic that Microsoft patched a hole that Sony created.....
    Believing yourself to be secure only takes one cracker to dispel your belief.

  3. Banned
    Join Date
    Jun 2004
    Location
    ®Inside My Avatar™© U.S.
    Search Comp PM
    Originally Posted by SCDVD
    (Yes it is a virus by any rational definition).
    UH OH!!

    Originally Posted by Dv8ted2
    It is truly ironic that Microsoft patched a hole that Sony created.....


    I sure am glad i never had that harmless rootkit on any of my machines 8)

  4. Member
    Join Date
    Oct 2004
    Location
    United States
    Search Comp PM
    A key point - This Microsoft patch is to protect your computer from initial infection from the Sony Rootkit. If you are already infected, it doesn't "fix" things for you. If your computer is already infected, bite the bullet and reformat and rebuild your computer if you really want to be safe as well as fully restore your system.

  5. no need to rebuild the computer, as it doesnt affect any hardware DIRECTLY, just the drivers for them...at least this is my understanding.........but yea, if you got it already, either reformat or wait for a proper fix if it ever comes around.....

  6. Member adam's Avatar
    Join Date
    Sep 2000
    Location
    United States
    Search Comp PM
    This is in no way a defense of rootkits but I do not believe they can be classified as a virus. The literal definition of a computer virus is a program that replicates itself. Rootkits do not do this necessarily, and the Sony rootkit definitely does not. The danger of rootkits is the fact that they are located at the root of the os, such that any security flaw in their coding makes your entire system vulnerable. This is why the Sony Rootkit is so dangerous, because it does appear to be coded poorly and thus it becomes a wide open door for virii, but the software that comprises the rootkit itself is not a virus, its classified as a security flaw. Its a monumental security flaw, but still not a virus.

  7. Banned
    Join Date
    Jun 2004
    Location
    ®Inside My Avatar™© U.S.
    Search Comp PM
    Originally Posted by adam
    The literal definition of a computer virus is a program that replicates itself.
    I'll go with you on most of that, but i'm pretty sure there are alot of viruses out there that are "viruses" that do not replicate themselves.

  8. Member adam's Avatar
    Join Date
    Sep 2000
    Location
    United States
    Search Comp PM
    If it does not replicate itself then by definition it is not a virus. It can be some other form of malicious code but it is not a virus.

  9. Member
    Join Date
    Oct 2004
    Location
    United States
    Search Comp PM
    Adam is right. Replication is a key part of the definition of a virus. A more appropriate name might be Trojan Horse. A Trojan Horse is installed without the user's knowledge and then does its nefarious deed.

  10. Member adam's Avatar
    Join Date
    Sep 2000
    Location
    United States
    Search Comp PM
    Yup, I'm just being picky. Ever use Trend Micro's online virus checker? It has the same trivia questions everytime to kill time as it runs. One of them asks the definition of a virus, so I've kinda got that one down.

  11. Banned
    Join Date
    Jun 2004
    Location
    ®Inside My Avatar™© U.S.
    Search Comp PM
    Originally Posted by adam
    Yup, I'm just being picky.
    :P

    I stand by myself 8)


    But everything i have read and from scans coming up before, trojans were also called a "virus" 8) just a diff. type or form of a virus,
    As many other malicious programs that did/do not replicate themselves

    Don't make me get mean now!!!!!!!!

    Fine, we will live in webster land :P

    Originally Posted by SCDVD
    A Trojan Horse is installed without the user's knowledge and then does its nefarious deed.
    And i'm pretty sure there have been other "viruses" that do those things without replicating themselves

  12. From ZDNet.
    At least one source tested the fix on Win ME and possible 98.
    The rootkit still installs.
    ME and earlier version users ( 98, 95 etc. ) might need to see if someone other than MS can address the problem.
    NL

  13. ROF should be in here defending Sony any minute now . . . . .

    I downloaded the Microsoft patch - and applied it - but still have no intentions of buying any Sony releases with this garbage on it!

  14. Banned
    Join Date
    Jun 2004
    Location
    ®Inside My Avatar™© U.S.
    Search Comp PM
    Originally Posted by Rich86
    ROF should be in here defending Sony any minute now . . . . .
    Hence my subliminal remark......
    Originally Posted by Noahtuck
    Originally Posted by SCDVD
    (Yes it is a virus by any rational definition).
    UH OH!!
    he's late!!!!!

  15. Renegade gll99's Avatar
    Join Date
    May 2002
    Location
    Canadian Tundra
    Search Comp PM
    I didn't see where it said it stopped The Sony software from being installed.

    Could it be that the patch may not fix or prevent the Sony install but only block anyone from using the flaw it opens up when the rootkit installs itself?

  16. Member waheed's Avatar
    Join Date
    Jul 2003
    Location
    Manchester, UK
    Search Comp PM
    Since the Sony Rootkit, ive stopped buying any more CDs.

  17. Renegade gll99's Avatar
    Join Date
    May 2002
    Location
    Canadian Tundra
    Search Comp PM
    I don't know if this site's info was posted somewhere in another thread before but it makes for interesting reading and shows how intrusive rootkits are. On quick glance this site also has a lot of free helpful software dealing with security issues.

    http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

  18. Member
    Join Date
    Oct 2003
    Location
    Scotland
    Search Comp PM
    In my dictionary a computer virus is defined as a piece of code introduced into a system to corrupt or destroy data.Pretty sure there will be different definitions in different dictionaries.

  19. Member adam's Avatar
    Join Date
    Sep 2000
    Location
    United States
    Search Comp PM
    Could you cite your dictionary source please scorps? I'm sorry I know arguing over semantics is silly but so is disagreeing for the sake of disagreeing. I'm sure Sony would also be interested whether their rootkit constitutes a virus or not.

    The term virus for a computer derives from the term virus as it applies to the human body and both require that the infection multiply. If you look in any major dictionary source (Websters, dictionary.com) or any computer based dictionary this is what you get. There are always subtle differences in definitions but if any definition omits the primary source of its Etymology then it is simply wrong.

    Many people use the term virus generally for bad stuff on your computer, but that is not what it means. That is just an infection. Within this broad category are several types. If the code imbeds copies of itself in another program such that when you run the code, it runs the copies of itself, then it is a trojan horse. If the code is capable of replicating itself across networks it is a worm. And if the code is capable of infecting other files than it is a virus. I really don't see how a rootkit necessarily falls into any of these categories anymore than an operating system itself would. All software is a potential hole for infections to enter your computer. Rootkits are greater security threats due to their location on the root, that's all.

  20. Banned
    Join Date
    Feb 2005
    Location
    USA
    Search Comp PM
    Interesting stuff.

    First off the Microsoft patch does not prevent the initial infection. The rootkit still installs itself in cloaked mode when using a Sony rootkit audio CD.

    After a full week of testing I have removed the rootkit. Let me tell you first hand that the rootkit is much easier to install and decloak then it is to remove. I used Sony's procedure for removal and it's effect was detrimental to the entire system. After initial removal my browser locked up and my net security closed the system from the rest of the network. i opened windows explorer and both my optical drives were missing. When I clicked on the drive that contained the rootkit explorer locked up. So I thought I'd perform a restart and see what would happen. Well, after I restarted windows failed to load due to several corrupted or missing files. So I tried using the restore via windows setup. It failed to work too.

    My final determination is that the rootkit by itself and left to it's own devices without uninstallation on a secure network does nothing but what it's supposed to. Removing it is detrimental to the system and requires a complete restructuring of windows (ie. Reinstallation or format). For my own piece of mind I peformed a format of the drive it was on and copied the drive image back to it. I had to do this procedure twice as I just had to test Microsofts latest security patch to see if it prevented installation. It doesn't. What it does do I guess is prevent the nastiness which can occur after you've installed the rootkit. I was never able to fully test this as I do not know if I ever visited any websites that were exploiting it.

    I hope my testing of this rootkit and the results I've posted helps others.

  21. Disgustipated TooLFooL's Avatar
    Join Date
    Feb 2004
    Location
    Opium Den
    Search Comp PM
    microsoft needs to release a patch that will disallow any rootkits from being installed without your knowledge. that is just bullsh*t.
    I am just a worthless liar,
    I am just an imbecil

  22. Banned
    Join Date
    Feb 2005
    Location
    USA
    Search Comp PM
    from my understanding all the Microsoft patch does is prevent the rootkit from being taken advantage of by dubious websites who wish to exploit it and take over your system.

  23. Disgustipated TooLFooL's Avatar
    Join Date
    Feb 2004
    Location
    Opium Den
    Search Comp PM
    exactly. thats why i just wish they'd 'close the damned door' so to speak. if a rootkit tries to install, it should be stopped, and the user alerted.

    ...and where the hell was Norton?!
    I am just a worthless liar,
    I am just an imbecil

  24. Member thecoalman's Avatar
    Join Date
    Feb 2004
    Location
    Pennsylvania
    Search PM
    Originally Posted by ROF

    My final determination is that the rootkit by itself and left to it's own devices without uninstallation on a secure network does nothing but what it's supposed to.
    You network is no longer secure you have a rogue machine that can hide and execute code without your knowledge, you are absolutely correct it does wat it's supposed to do.

  25. Disgustipated TooLFooL's Avatar
    Join Date
    Feb 2004
    Location
    Opium Den
    Search Comp PM
    this rootkit simply has not been exploited yet. if or when it is, it becomes a security threat.
    I am just a worthless liar,
    I am just an imbecil

  26. Banned
    Join Date
    Feb 2005
    Location
    USA
    Search Comp PM
    Originally Posted by thecoalman
    Originally Posted by ROF

    My final determination is that the rootkit by itself and left to it's own devices without uninstallation on a secure network does nothing but what it's supposed to.
    You network is no longer secure you have a rogue machine that can hide and execute code without your knowledge, you are absolutely correct it does wat it's supposed to do.
    Didn't we go through this already? In order for this occur their must be an opening in your security hence the term "secure network". if you read further in there I posted that I've formatted the machine because of the distastrous results caused by removing this nasty rootkit.

  27. Member thecoalman's Avatar
    Join Date
    Feb 2004
    Location
    Pennsylvania
    Search PM
    Originally Posted by ROF
    In order for this occur their must be an opening in your security hence the term "secure network".
    You don't consider a machine that can run and execute code without your knowledge a opening in your security?

  28. Member gadgetguy's Avatar
    Join Date
    Feb 2002
    Location
    West Mitten, USA
    Search Comp PM
    Didn't we go through this already?
    Yes, and you were warned and that thread was locked.
    https://www.videohelp.com/forum/viewtopic.php?p=1423875#1423875
    "Shut up Wesley!" -- Captain Jean-Luc Picard
    Buy My Books

  29. Banned
    Join Date
    Feb 2005
    Location
    USA
    Search Comp PM
    Originally Posted by thecoalman
    Originally Posted by ROF
    In order for this occur their must be an opening in your security hence the term "secure network".
    You don't consider a machine that can run and execute code without your knowledge a opening in your security?
    First the code would have to get through security in my case that wasn't possible. If you read the thread in which I was previously discussing my testing results you would know this. You would also notice that I had uncloaked the rootkit thus allowing me to view it running the processes on that system.

    @gadgetguy

    Was I speaking to you? Unless you have something constructive to add please move along and allow constructive discussions to continue. Thank you.

  30. Sorry, but I'm going to trust the folks at Sysinternals over some industy-biased forum troll.




Similar Threads

Visit our sponsor! Try DVDFab and backup Blu-rays!