Happy Thanksgiving Everyone!!!

The rootkit saga has been going on since at least 1995. I have a cd here by a group called Aswad (Jamaican group)..with the BMG on the cd. and I'm doing some work for a friend, who has every one of his cd's on his computer, but now none of those files will play.

Using a computer that has a brand new os on it, and never been online at all... I've taken his ORIGINAL CD and placed it in my burner. Here's what's happening.

1. All files show up as 1K
2. Trying to copy the files to my hd fails.
3. trying to use any software at all to copy/rip the cd fails.

Although I'm no expert on this ... yet.... but I am already at the conclusion that:

4. Since 1995, they've been rootkitting cd's.
5. The cd's MUST be multi-session cd's. There is no way those cd's shouldn't copy to my hd.. or NOT copy/rip at all.... not unless those cd's have rootkits on them.

When placing the ORIGINAL cd back into the person's computer, it gives a message that the cd has been copied 3 times, and he'd have to download a license to play his songs.

I then put the ORIGINAL cd back into my computer, but using the Media Player Classic (not Microsoft related) and it'll take a while to load up the songs... but then they'll play from the cd. But again,, when I look at the files in Windows Explorer, they all say 1K.

I'm still testing this.. and I have still a few extra hard drives that can and will be repartitioned and reformatted and OS installed. I'm going to test this on a few more hd's and if this happens to be the same on those too (brand new os's)... then there is no question at all as to if those cd's are rootkit/multi-session cd's.

There is no other logical explanation to it, except that rootkits have been around and embedded since 1995.... maybe earlier, but this is the earliest cd I'm testing that comes from BMG.

Here is a test for you......... Take ANY ORIGINAL cd and try to make 4 copies of it. If it allows you to make 4 copies, that cd is rootkit free, but if it doesn't... that cd has a rootkit on it.. and (or) it could be on your computer. In my case.. that's impossible.. Nor unless the ORIGINAL OS cd has it already built in it, but I doubt that. Then again?????

One Man's Opinion

You can't hate MS for any of this, Mark agreed to the offer and it's***ory now. Regardless, I just hope that MS doesn't start bloating the code out with too much UI glitz and tie-ins to "related resources", etc. As long as it remains (a) useful and (b) free, it serves its purpose well I think. I wonder what MS will do with RR now that they're convinced a rootkit is a dying concept in Vista.

No one hates them for joining MS. I mean Jesus Christ it's a MASSIVE wad of cash NO ONE in their right mind can refuse that. The blame falls squarely on MS for it's pending ruining of the sysinternals tools.

Hopefully it doesn't happen, i DO have hope, but i'm not counting on it. I think they'll wait about a year and then when everyone thinks they're in the clear with free well-functioning, super-useful, non-bloated, un-WGA'd tools. BAWWOOWW: Homosoft swings into action.

What really pisses me off is that now we have to wade throught that POS microsoft website. God I hate their site. You can never find s***. Your best chance of finding what you need is through google.

The sad thing is it's like calling a Best Buy store. Everybody knows it sucks, the owners know it sucks, but for years nobody has done anything to fix the problem.

Like how hard was it to search the MS site for Marks name or, if you've been following Marks move to MS you would have known where his stuff was going to be located. Also, if you went to the sysinternals.com web page it redirects to the Sysinternals site on TechNet. Now, while you are at the Sysinternals TechNet site, click Favorites and save the bookmark.

Funny. Lighten up Mark.

Who invited the sheep?

Through a systematic investigation of his system that could perhaps be achieved by no other security engineer known to humankind...

Okay, I'll admit the guy's good, but, come on guys, he's not God.

Amazingly unlucky for Sony that the *only* guy on the planet who could foil their dastardly plot just happens to listen to Franz Ferdinand.

Not too amazing, I also enjoy the musical stylings of Franz Ferdinand.

Some years ago, music publisher Sony BMG installed a DRM

Some == 1 ?

Betanews discussed this story on Nov 2 2005, and even links to it in the above story: "...two or three steps..." (http://www.betanews.com/..._DRM_Rootkit/1130965475)

The DRM existed long before it was discovered a year ago.

so what your saying c4p0ne is that you steal or ripoff software?

Yeah, but Bill Gates forced him to do it, so it's okay.

/sarcasm

No one was asking you.

/realism

Absolutely not. I just don't, and never will pay for it. If they want a donation, and the software is really worth it, I'll chip in.

People are idiots nowadays, they cannot think for themselves. When they see Microsoft do thing, it automatic tag it as negative. Jealousy or hated, I don't know. Microsoft, unlike Google, has more than enough engineers to write any programs they need. They don't need to acquire any company, the only reason why they do that is to hire the owner and it people. Remember Ray Ozzie's Groove Network??

removed my unnecessary comment.... discussed in detail below...

No one pwned them. Mark just got the real job at MS and Sysinternals free tools will remain as they were before. At least thats what Mark said to me.

Except source codes are NO LONGER going to be distributed. These were one of the most useful reference tools for low-level Windows development in existance. Gone now (or at least Microsoft is trying to kill them). After all, no money in it..

This should be a story in and of itself. 'Microsoft decides to kill SysInternal's source codes."

For a reference, see http://blogs.technet.com...als-site-migration.aspx

I am really sad that MS had to pwn sysinternals. That seems like an UNFORTUNATE trend nowadays with sh*t-as$ companies. This is right up there with how Symantec destroyed the perfectly good Sygate firewall by assimilating it into their fat bloated ***GARBAGE*** line of software. Symantec coders deserve to be hung by the balls and beat by random sufferers of their software like a piniata until candy... or blood comes spilling out.

Anyway, now all we have to look forward to is mentally RETARDED WGA crap in onces was great sysinternals software. WGA is RE-TAR-DED and makes zero difference. It's just a nuisance at best to those who would never pay (like me) for an OS they were forced to use due to its unfortunate stranglehold on the desktop.

roflmao...

"MS forced me to pirate."

I love it.

Mark, you can keep your Reality-Blocking™ glasses, this guy's are *much* more effective.

I'm sure you do love it. In more ways then one, and thats how MS is gonna keep giving it to you. In-the-backside ... ™

A product that hurt Sony is now owned by Microsoft? Oh dear, Mark Gillespie is going to be REALLY mad now. :P

Because?

The Sysinternals tools are some of the best around, it's hardly suprising Microsoft bought them up, in fact what's suprising, is they left it as long as they did.

I feel sorry for the muppets that believe everything they read on the press. The Sony rootkit issue was blown out of all proportion by the media, to sell stories and get website hits, Betanews and The Inquirer started a Sony hating feeding frenzy, you lot just lapped it up, like the Betanews puppydogs you are...

The reality is, that the rookit was not malicious, not a virus (ie not not spread itself), and not doing anything particularly dodgy.

I wonder how many Sony haters, and people b****ing about the RootKit issue ACTUALLY had the rootkit? Not very many, I don't think there were that many CD's pressed with it a couple hundred thousand from what I recall.

Let's blame the CAUSE, people like c4p0ne who steal software and music, and force companies like Microsoft and Sony to implement "features" like WGA, SPP and DRM protection schemes like the Sony rootkit.

Off-Topic as hell, but...

The reality is, that the rookit was not malicious, not a virus (ie not not spread itself), and not doing anything particularly dodgy.

Right. Because hiding youself from the user *and* the system, allowing not only your own files, but *any* file that uses your naming structure to be completely invisible to the system isn't in th e*least* bit dodgy, right?

Dude, I just gotta know where you get those Reality-Blocking™ Sunglasses.

Like I said, the people that pirate music, movies and software are forcing companies like Sony and Microsoft to implement tighter security systems to protect their property.

The people that are complaining about DRM, SPP and WGA, are the ones who are no longer getting their stuff for free...

As far as I can recall, if it detected an executable that was similar to LAME it would reboot the host computer - I wouldn't call that non-malicious.

The people that are complaining about DRM, ..., are the ones who are no longer getting their stuff for free...

Bullsh1t.

You've just accused millions of people who stand up against Music DRM *LEGALLY* of being pirates.

Music DRM is not a good thing. Thinking that does *not* make me a pirate, and I deeply resent that point of view. It's wrong, it shows you to be extremely narrow-minded, and spreading such an assumption damages any case *against* Music DRM.

If a song or CD contains DRM, I don't buy it. If it is not legally available without DRM, I go without.

Your assumption is wrong, and you are, at the very least, a jerk for making such a sweeping accusation.

I specified "Music" DRM several times to seperate this discussion from IP such as software.

Music is not Intellectual Property. It is Art.

So tell me WHY DRM is bad, if it's not that it restricts copying...

Are you going to play the privacy card??

Why is DRM bad?

Are you serious?

Download a tune from iTunes. Try to play it in *anything* other than iTunes.

Yeah, I can burn it, rip it to MP3 and then play it, but that means I get to take an already lossy copy and make it even worse.

Oh lucky me...

I'm sorry, but when I *buy* a song, I should be able to listen to it in my car, on my computer, on my x5..etc. I'd also like it to not be some compressed piece of garbage, i.e., lossless.

It restricts how I listen to it, what I listen to it on, and makes me jump through hoops that I should *not* have to jump through just to listen to it through Foobar2000 where I have all of my plugins.

Add to that the length "certain" companies will go to in order to maintain the pretend value they have placed on these copies and it gets absurd.

Add into that the amount of money and time wasted by our government on behalf of the RIAA and the Music Industry that could have gone into Education or Crime Prevention...

I don't need to play the privacy card. The list goes on forever.

Music DRM is a cancer.

The law in my country allows me to make a backup, the music companys know this and happily sell me it acording to the law. If I wish to use my right to make a backup, and they stop me then I concider this a violation of my right to do so and to adjust my computer to stop me without my consent is ilegal.

So in summary, DRM is bad, because you want to make more copies than you are licened to do.

So my original statement, the people that pirate music are the ones who complain about DRM.

What is diffucult to understand? You are licenced to copy to x personal devices, make x copies, burn it to x cd's DRM is bad, because YOU want to be able to break this licence and copy it to more..

How is this any different to "WGA is bad, as my 1 windows licence prevents me from copying windows to my 10 PC's"... The answer, it's no difference....

Ever heard of fair use?

But PC_Tool's point being that iTunes provides crappy 128Kbps AAC music files hits the proverbial nail on the head. That kind of inferior compression is bs! I could accept only one valid copy as long as they could provide at least 256kbps or better, especially "lossless" compression as he mentions.

Then buy the CD's, they are cheaper than downlaoding anyway.

What sony did was far out of line and they deserve every bit of bad press they got.
Technically I consider it a crime as software of very questionable safety was installed onto people computers.
Also it did record user activity with out their knowledge last I checked this is illegal and is even a fairly serious crime in some jurisdictions I think the sony case should have been made a criminal case because it was a criminal case as each offense was a computer intrusion and in some states like Georgia is a crime known as computer trespassing punishable by up to 5 years for each offense.
The executive responsible for the decision to push the root kits really should face prison time.
As for dodgy yes it was very dodgy so much so microsoft it's self considered it a piece of malware because it was malware it left compramised windows machines wide open to attacks and made the OS very unstable.

I now refuse to ever put an original sony cd into a windows PC instead it gets copied on the mac or under linux first which is something I've had to do for sometime because the CDs with copy protection do not play in every other CD player.
Also to be safe I have auto start disabled and recommend this action to all windows users it'll save you lots of trouble down the road.
If you ask me it annoying I have to turn tricks just to use something I paid for it's crap like this that makes honest people into pirates.
Ever here of the saying if you treat your customers like criminals they will become criminals.
Also everyone one I know hates DRM,SPP,and WGA except those who profit or think they profit from it.
MS's lousy licensing lately has eroded their customer base with Mac and linux gaining at their loss.
I seen instances where WGA has marked a legit CD key a fake.
None of this technology is magic it does fail it's only as good as those who field it so it's not really all that great.
Also on how great microsoft is and how honest they are I suggest you google about a little OS called Btron and the vile thing M$ did to try and kill it and hook asia on their software much of which they may have pirated themselves in an effort to make it a standard there.

I agree PCtool I had a few DRMed CDs not play in a car CD player I think I had only two that had an anticopy scheme actually play in any portable player.
Also I agree it's stupid to waste government resources to track down P2P users when there are real criminals who must be taken off the streets.
Heck the FBI and CIA cannot afford to waste time helping the RIAA and MPAA fleece the people they have a serious problem fighting terror real crime as it is.
I say no the DRM and no means no as my computer is my property not hollywood's and I'll treat any incursion the same as if my house were broken into by a burglar.

DRM sucks because the people who are getting the problem from it are the BUYING CUSTOMERS. People who pay for a CD who cannot use it in their stereo, or if the CD even install software unknowingly on your PC.

Sadly the industry is ignoring the simple fact about copy protection, "if it can be played, it can be copied" and the people who make illegal mp3's of these CD's know how to and the mp3 still appear on the internet. The people who want to download illegal mp3's still find them on the internet.

The only one who suffer are the paying customer.

IMO several Sony executives should be imprisoned for their rootkit crap.

Hmm the article writer assumed all the text on RootkitRevealer's page applied only to the newest version.

In reality, the command line interface has been replaced with the Windows service since before Microsoft integrated Sysinternals... I know it was in v1.6 at least.

Like a "Borg" saying to resist is futile! Microsoft is Microsoft! I hope this little tools remains free! Mark Russinovich is a great professional and MS made a excellent contract to your company.

the thing you call "Borg" is a larger entity which absorbs a smaller one - no matter if the smaller one chooses to allow it or not.

in this case, I am assuming by common sense that Russinovich CHOOSE to work with MS - ie; made his own decisions to work with them.

What you had proposed sounds a bit like slavery and nothing like what that story above describes.

I didn't say that! you are misunderstanding my words. Work in Microsoft was Mark Russinovich choice and excellent for both. The market works like "Borgs" (not looking the negative side of Star Trek point of view: compulsory), but like a natural adjust. It's normal in business larger absorbs a smaller one.