[Copytrooper]

I don't think we hide Deamon Tools from the user(s) - if Daemon Tools is installed on your system, you've installed it all by yourself, thus you know it is on your system.

[Development]

Who cares what Regmon does then - it uses "unethical" technology no matter what for.

[streetwolf]

So what's the big deal about hiding keys? Microsoft hides all kinds of stuff on us.

How about MS's hiding known file extensions as the default in a new install of XP? This has allowed lots of malicious emails with attachments to take advantage of this. You know, a malicious program file called 'report.doc.exe' displays as attachment 'report.doc' in Outlook. The user thinks it's a Word document, opens it and WHAMO! MS still makes hidden the default even though they know of this problem.

AFAIK hiding Registry keys is a feature of the OS. If it's so bad for the user than why hasn't MS issued a security hotfix to plug it?

Now if a software package uses any Registry key to perform malicious acts then that's something that should be reported.

My 2 cents.

[LocutusofBorg]

to whom it will concer:

the "registry-hiding" technology from DaemonTools is based
on my design, so if you want to bash someone for that reason,
you now whom to write!

It was my decision and to tell the truth: it was for sure not
in my mind to hide it from the user!! People who claim that
just simply don't know what they're talking about!

My goodness, it is to protect OUR software. We do NOT fool
the users NOR does we NEED to hide something from them!

Especially since we contain adware we were ALWAYS as "open"
to our users as possible, don't you think we use that "root-
kit" for "better" purposes then? NO! It is only to defend our-
selfes from malicious software. If THAT is unethical to some
users, I think you better deinstall DAEMON-Tools!

Apart from that is Mr. Russinovichs opinion in fact biased,
for me it looks even as if he knows the development behind
StarForce (at least he "checked" their technology and found
no rootkits ) - with that in mind, and the fact that he later
checked us, go figure! To me it is clear who sits on which
site of the table, check also this link: now you can see the
"timeline" I mentioned above:
http://www.star-force.com/protection.phtml?c=83&id=766

Especially the "he woked up famous the next morning" shed
some other light to the whole issues (again, in MY opinion)

Apart from that, we do not go on the same level like others,
I will not bash against Mr. Russinovich nor does I bash against
StarForce. At least they will not receive help from me to get
more attention, if I wouldn't know better, I could think that
all this is a very very clever "campaign" from some people
to get more fame. And does it worked? Yes, it does!! But we
are not so dumb and blind and do not notice the real reasons
behind all this.

But that is only my opinion.

More and more I got the idea that here people work together
to bring us down. That show me at least one thing: it points
out that we must do something right.

[vatras90]

Quote:

Originally Posted by LocutusofBorg

to whom it will concer:

the "registry-hiding" technology from DaemonTools is based
on my design, so if you want to bash someone for that reason,
you now whom to write!

It was my decision and to tell the truth: it was for sure not
in my mind to hide it from the user!! People who claim that
just simply don't know what they're talking about!

My goodness, it is to protect OUR software. We do NOT fool
the users NOR does we NEED to hide something from them!

Especially since we contain adware we were ALWAYS as "open"
to our users as possible, don't you think we use that "root-
kit" for "better" purposes then? NO! It is only to defend our-
selfes from malicious software. If THAT is unethical to some
users, I think you better deinstall DAEMON-Tools!

Apart from that is Mr. Russinovichs opinion in fact biased,
for me it looks even as if he knows the development behind
StarForce (at least he "checked" their technology and found
no rootkits ) - with that in mind, and the fact that he later
checked us, go figure! To me it is clear who sits on which
site of the table, check also this link: now you can see the
"timeline" I mentioned above:
http://www.star-force.com/protection.phtml?c=83&id=766

Especially the "he woked up famous the next morning" shed
some other light to the whole issues (again, in MY opinion)

Apart from that, we do not go on the same level like others,
I will not bash against Mr. Russinovich nor does I bash against
StarForce. At least they will not receive help from me to get
more attention, if I wouldn't know better, I could think that
all this is a very very clever "campaign" from some people
to get more fame. And does it worked? Yes, it does!! But we
are not so dumb and blind and do not notice the real reasons
behind all this.

But that is only my opinion.

More and more I got the idea that here people work together
to bring us down. That show me at least one thing: it points
out that we must do something right.

D-tools doesn't fit in the pattern of the industry, so they recrute idiots to bash here. Call me paranoid, thats MY opinion.
And M.R. tells very much to form himself.

[evlncrn8]

i think the issue really is that people are getting scared now about rootkits, about drivers hooking KeServiceDescriptorTable entries and so on, and using this to reroute process api's, registry api's etc... true, anti virus program do this etc.. but thats really expected, after all anti virus programs monitor process execution, so a hook is expected. I agree the guy in the article is jumping to conclusions, but i think the people are interested in the reasons for these hooks in daemon tools etc, which you have explained and thats all that was required.. as for hiding it from the user, well thats your choice

as for starforce being rootkit free, the older versions were definately rootable and there were a few exploits for it, mostly escilating user priveledges..

[Leolo]

LocutusofBorg,

Correct me if I'm wrong, but what Mark Russinovich says is that hooking system calls should be avoided at all costs.

And there are many people who use Daemon Tools but don't play any games, so they would be much happier to have a version of Daemon Tools that doesn't use those "potentially dangerous" hooks.

So my proposal is this: during the installation of Daemon Tools, offer the user the choice of disabling those hooks, and of course warn them that some games will no longer work so that they can make an informed decision.

That way, "anally retentive" people that are concerned about the possible system instability that those hooks could produce, will be able to sleep easily.

And the rest of us will keep using the hooks because we want to play our legally made backups and exercise our Fair Use rights.

Could that be the best of both worlds?

[Anemious]

This Marks is so clever, he is only concerned by our security!
So concern that he should tell to the world, he 's find a rootkit in alcohol and DT and blame them !!!
Funny that he knows since months that Symantec has implement feature to hide folders similar to those of sony...

"I learned of the cloaking several months again when users of our RootkitRevealer rootkit detection tool sent us log files asking whether their was evidence of malware (others have posted logs in the Sysinternals forums). A little research showed that it was generally known that SystemWorks creates NPROTECT directories that show up as false-positives in RootkitRevealer scans."

But for symantec, this is "false-positives", "rootkit-like"
Even if:
"I confirmed that a security vulnerability similar to Sonys exists in the cloaking by copying files into the directory "

But despite knowing that and being very concern by our security, does he tell anything about that? No he wait the symantec declaration...

Strange no?

As I have start about security concern. We should speak about a huge security concern. (not as the rootkit of dt who could be use perhaps by a genious hacker), I have find that a guy sell a real rootkit! This rootkit allow a five years old Kid to access my computer, allow somebody to alter my files, desactivate my antivirus, implemante a keylogger and steal documents and credit card number... What was the name of this soft ... Ah this is NTFS2DOS which allow full access to a ntfs partition just booting on dos bootdisks...
This kind of guy should be in jail, this is propably denied by the DMCA...

[Copytrooper]

Quote:

Originally Posted by Leolo

LocutusofBorg,
Correct me if I'm wrong, but what Mark Russinovich says is that hooking system calls should be avoided at all costs.
And there are many people who use Daemon Tools but don't play any games, so they would be much happier to have a version of Daemon Tools that doesn't use those "potentially dangerous" hooks.
So my proposal is this: during the installation of Daemon Tools, offer the user the choice of disabling those hooks, and of course warn them that some games will no longer work so that they can make an informed decision.
That way, "anally retentive" people that are concerned about the possible system instability that those hooks could produce, will be able to sleep easily.
And the rest of us will keep using the hooks because we want to play our legally made backups and exercise our Fair Use rights.
Could that be the best of both worlds?

No, if you're afraid of "potentially dangerous hooks" do not install Daemon Tools, do not install certain anti-virus software, and do not install programs and games protected by certain protections.
It is really interesting to see that Mark just labelled Starforce completely ethical - although especially Starforce hooks a lot of system and patches kernel during cd/dvd check. Seems for Mark there're "good" and "evil" hooks?
Now our hooks are just to protect our software, which is really unethical (sarcasm alert). But e.g. the Starforce hooks are completely ethical, 'cause they enforce copy protection (now Professor Frink's sarcasm detector exploded again). I wonder if Starforce paid for the analysis ...

[Chocky]

As far as I understood, Mark said almost nothing about StarForce.
http://www.sysinternals.com/Forum/fo...s.asp?TID=2263
Somebody asked him to check StarForce, he answered

Quote:

I've taken a look at StarForce and other than some unorthodox ways of monitoring Cd-Rom traffic and intercepting the creation of all processes and threads, there's nothing overtly unstable about its implementation.

And then starforce developers started to tell everyone about Mark's "examination". I doubt if he really knows about all starforce's deeds.