Announcement

Collapse
No announcement yet.

Daemon Tools rootkit?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Daemon Tools rootkit?

    Mark posted something interesting on his SysInternals site about Daemon Tools and Alcohol:



    Theres no proof that Alcohol and Daemon Tools use rootkits to evade DRM, but the evidence is compelling. If they do their usage is clearly unethical and even potentially runs afoul of the US Digital Millennium Copyright Act (DMCA). In any case, theres no reason for these products, or any product as Ive stated previously, to employ rootkit techniques.
    That's an interesting article. Does Daemon Tools really use a rootkit?

  • #2
    this has already been mentioned here: http://www.daemon-tools.cc/dtcc/showthread.php?t=6609
    the hidden entries are your virtual drives.
    Last edited by al1uk; 20.02.2006, 14:10.

    Comment


    • #3
      I just checked my older version of DAEMON 3.47 and it shows a hidden key. I tried to delete it by exporting the visible keys and then deleting the Cfg folder, but apparently RegEditX can't.

      I'm also very curious as to what Daemon is doing here.

      ps. I don't use Daemon to play any games.


      My hidden key from RootkitRevealer
      ----------------------------------.
      HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf 40 2/5/2006 10:08 AM 0 bytes Hidden from Windows API.

      Comment


      • #4
        The following letter is my PERSONAL VIEW of this
        article and the motivation behind it: it does in
        NO way reflect the opinion of The Daemon Tools Team,
        it is only the opinion of a member, exactly: me

        Apart from the technical correctness, I find it
        interesting how can someone mention "DMCA" (funny,
        as if the whole world live in USA!) and on the
        other hand publish internal mechanisms of other
        peoples software. I'm not sure, but to me it seems
        like reverse engineering, although
        we do not even think about lawyers here. Yes, Mr.
        Russinovich, try that with other vendors and you
        will see the difference. That doesn't mean
        necessarily that we accept his behaviour, to me
        this guy is "prey water and drink wine". Some
        people seems to be "ethical more equal" then others,
        seems to be entitled to use any method while others
        only defend themselfes and get bashed for that
        reason.

        Well, yes, the technical description is in fact
        not untrue.

        What worries me the most is that Mark Russinovich,
        whom we always respected as a honorable person,
        did never contacted us to talk about our intentions
        nor does he ever contacted anyone of our team.

        While I have big respect for his work, it seems one
        here lacks at least what I would call "honorable
        behaviour, good attitude" or whatever you want to
        call it.

        In my personal opinion(!) it seems to me that Mark
        Russinovich is hardly defending the DRM-Lobby, so
        his comments about DRM and DaemonTools are under-
        standable (from his point of view).

        Yes, DaemonTools use Rootkit-Technology. But:
        We never tried to "hide" that fact from the users.
        And you must AGREE to install our software. We
        are not interested in personal data. And you have
        the nerves and mention DT/Alcohol and Sonys rootkit
        in the same phrase? My gosh!
        For what reasons? Do we harm someone here? Only because
        Mr. Russinovich sees no deeper reason behind it it
        makes DaemonTools a bad application which harms the user?

        Do you really think we designed this for fun? I think
        everyone can imagine why we had no other choice. For
        gods sake, some posters here doesn't believe any word
        that is written only because it is from a very honorable
        person. And again: I can even understand his thoughts,
        he support copyprotections, lobbyism and dmca, tcpa and
        drm. Good, thats an opinion and we respect that, but I
        find it really strange that without proper reason some-
        one try to destruct our reputation and that without even
        one single notice to US!

        If there's one thing I dislike it is when without
        SECURITY-reasons type in a complete articel to discredit
        the DaemonTools Team.

        Moreover I want to add that we always react and do not
        pro-actively implement functions (hooks, if you like),
        but instead often have to react to even make an
        uninstallation of DaemonTools unneccessary - even if
        the user plays from original!!! Imagine that, I'm pretty
        sure that this behaviour alone is not fully legal, but
        again, that is my opinion and you are entitled to have
        your own. You are welcome to show us your new vdrive-
        design which makes all this possible without RK-technology
        only to satisfy some "I'm pissed off by this technology"-
        guy!

        I'm really curious about the next articles from Mark,
        it's sad that such an intelligent person isn't even
        able to write some lines to get in touch with the
        authors. If something is unethical, than it is THIS
        behaviour and nothing else. Apart from that in most
        countries emulation is legal. At the end of the day,
        our drive is nothing more or less then a hardware-drive
        in a software-form. There are MORE then enough ways to
        prevent piracy, f.e. serial-numbers to only mention ONE.
        Now go ahead and bash against the other vdrives as well!


        I really hope that in the future this is again a site
        that is more neutral and Mark doesn't fight the war
        for Sony and everyone else who think that all the power
        should be in publishers hand and doesn't care a shit
        about the users

        One day, when DT is gone, maybe Mr. Russinovich will
        find out what it means when noone stand in front for
        your rights. But then, it seems that he doesn't care
        about that rights anyway. To sum it up, the whole article
        is written to discredit us. It is a shame in my point of
        view. To me here someone is pissed off by reasons I can't
        imagine, maybe because his "uberleet" rootkit revealer wasn't
        able to open the key or whatever.

        however, this is my personal view of things! Now at least
        we both had our 15 minutes of fame, correct? If you
        want a more serious discussion, you are welcome to contact
        me by email, which is locutus@daemon-tools.cc

        with best regards
        LocutusofBorg


        ---------------------------------------------
        This is (nearly) an exact copy of what I posted also
        on Sysinternals.
        It seems to me that there are people out there that
        doesn't know the difference between "bad" behaviour
        of software and a TECHNOLOGY in general.

        Soon, Microsoft will use similar technologies to hotpatch
        the system - I'm curious if Mark will bash them for their
        technology? No, he would NOT. He is simple a big fan
        of DRM - therefore we are not on his "friends" list.

        The "Rootkit" from DaemonTools does NOT harm the users
        machine, nor is it possible to hide malicious code.
        Apart from that, the whole rootkit-discussion is so biased
        that it virtually makes me feel sick to read how "experts"
        warn of a big big wave of "dangerous applications"....

        HELLO!!!! Someone out there? Trojan-developers will care
        a shit about ethics and they will use this technology for
        totally other reasons. But they will also use many other
        technologies, f.e. the file-system, jpeg-compression (to
        transfer screenshots f.e.).... OK, lets just forbid every
        jpeg-compression, or even better every compression in general.... afaik, warez are often zipped!!!

        Even F-Secure mentioned that there are also "good" applications
        out there. If you think that DT is such a good tool, fine.
        If you believe that we are a bad application:

        We make no secret that we hook some functions (like f.e.
        most copyprotections seems to do so, too)

        We do not force you to install our software nor are we
        interested in your personal data.

        If someone thinks our technology-design is bad, well, go on..
        deinstall it!

        just my 2 cents!

        Comment


        • #5
          In the sense of Mark Russinovich's definition Alcohol and Daemon Tools use rootkits. They hide their presence on systems to prevent some protections to render even their originals useless if either Daemon Tools and/or Alcohol are installed.
          Unfortunately this was required due to the amazing stupidity of some protection creators, which blacklisted everything in registry what could point to either of the programs being installed - including even harmless applications like e.g. Alcoholer -, and refusing to run even with the original media unless the applications found by this blacklist-overkill were removed.
          This is for sure NOT comparable to Sony's rootkit!
          Daemon Tools v4.0x is not present in control panel -> software add/remove anymore due to this stupidity of some protection creators.
          Anyway, Mark Russinovich's opinion is that no "good" (in the good vs. evil sense) software has to use rootkits. Greg Hoglund says "(...) the strongest technology available for protecting software is the rootkit." - now figure for yourself what Daemon Tools and Alcohol actually do.
          We use rootkits to protect a) our own intellectual property, and b) the property of our customers and users they paid a lot money for, and have a right to use it even with Daemon Tools installed.
          Everybody be cool! You, be cool!
          They'll keep fighting! And they'll win!

          Comment


          • #6
            I think Mark is full of himself at this point. Seems he thinks he brought Sony to its knees single handedly.

            From what I remember reading he was NOT the first one to publish the fact that Sony used a Rootkit. I'm too lazy to find the article where I read this.

            Now that he's 'King of the World' he is going after the great 'RootKit conspiracy'.

            Comment


            • #7
              I read all about this matter - -

              This seems to be the classic prejudiced, brainwashing and dumb-thinking effort to bring people on the way of one's own.

              Mr. Goebbels did exactly the same thing.

              And, anyway, talking about DRM, TCP and the like: some people are that greedy that they ruin their own basics in the end. They are just too stupid and ignorant to reasonably think about it.

              Shame on Mr. Russinovich - long live Daemon Tools!
              Don't be reckless with other people's hearts. Don't put up with people who are reckless with yours.

              Comment


              • #8
                Originally Posted by waldi
                I read all about this matter - -

                This seems to be the classic prejudiced, brainwashing and dumb-thinking effort to bring people on the way of one's own.

                Mr. Goebbels did exactly the same thing.

                And, anyway, talking about DRM, TCP and the like: some people are that greedy that they ruin their own basics in the end. They are just too stupid and ignorant to reasonably think about it.

                Shame on Mr. Russinovich - long live Daemon Tools!
                I don't think that you can compare goebbels with a rootkit and/or russinovich. Think before posting rubish.
                Last edited by vatras90; 08.02.2006, 18:41.
                My system
                Boycott Starforce!
                Wiederstand ist zwecklos! Ihr Assis werdet miliert!

                Comment


                • #9
                  as locutus stated

                  there is a slightly difference between the sony rootkit and the "rootkit" (as I don't see it as such) daemon tools installs.

                  sony didn't inform the users that something was insatlled on their machines, which was in fact very bad for sony's reputation.
                  in the case of daemon tools you know what you are installing and if not you better deinstall it and start to inform yourselves about what you are installing before you do that for any further software you want to use.

                  so don't start to panic and search your reg for these keys, just to find something you can cry about.

                  daemon tools is a great and hard peace of work, which makes our all lives much easier.

                  at last I want to say, give a s**t on this article Mr. M. R. wrote because it's just out there to miscredit daemon tools and the crew. it's cleary a drm propaganda article

                  added my 2 cents too

                  Comment


                  • #10
                    Originally Posted by vatras90
                    I don't think that you can compare goebbels and a rootkit and/or russinovich. Some things should be clear.
                    Well - what do you mean by "some things should be clear"???

                    Remember - to communicate effectively, people have to tell each other what they think. Otherwise you're just spitting emotional puddles on my shoes . . .
                    Don't be reckless with other people's hearts. Don't put up with people who are reckless with yours.

                    Comment


                    • #11
                      Am I correct that Sony used the autorun facility to secretly install their software? If autorun is disabled what would happen?

                      Now as far a a program (like DT) that installs a so called RootKit do you think the EULA would specifically state it's a RootKit? Do you think even if they did people would know what it was? Oh yeah, Russinovich will let us know. Champion of the people that he appears to be at least in his own mind.

                      All the EULA will say is that 'something' is being installed on their computer. DUH, you are installing a piece of software. How else can you install it if not onto your computer.

                      I personally think EULAs are a joke. Just like fine print people don't read them. The manufacturers and lawyers know this an rely on this fact. Also they are becoming mini novels in length and full of legalese.

                      Comment


                      • #12
                        What I'd really like to know is:

                        Is it absolutely necessary to use rootkit techniques to make our legal backups run with Daemon Tools?

                        Rootkit techniques can impact the operating system stability, so they should be avoided at all costs.

                        Is there really no other way? None at all?

                        Regards.

                        Comment


                        • #13
                          GRRRRR

                          So many people are talking about 'Rootkits' without having the faintest idea about 'Root(s)' ...

                          So, here is my explanation:

                          Rootkits are intended to slice celery roots .

                          With this in mind -> Daemon Tools is really, really amazing.

                          I will buy a second license! (present for my mother)

                          Have a nice day,
                          blue

                          Comment


                          • #14
                            Originally Posted by streetwolf
                            Am I correct that Sony used the autorun facility to secretly install their software? If autorun is disabled what would happen?
                            Hello to everyone. You are correct streetwolf. One of the ways Sony used to install its rootkit, was by using the autorun feature. You ask what would happen if a user decided to disable such a feature (and a wise decision that is)? As a matter of fact the rootkit would eventually be installed just the same. You see, in order for the cd to be played on a PC, you have to install the software that comes along with the given cd (that means you also install the rootkit). Great stuff, ain't it?
                            However, what most users don't know is that all those (expensive) tecnologies that these individuals have to come up with, can easily be circumvented with the use of Linux.

                            It's REALLY REALLY intollerable that you have to pay for a cd that isn't 100% compatible with all players, that can be copied only a given number of times and furthermore creates a huge security hole that can be (and has been) used by virus-trojan-spyware-adware writers in order for them to gain access to your system.
                            But the really stupid thing about it is that people continue to buy those protected cds, accepting this situation as being a normal one. Try to use the above example let's say for a book.
                            You go to a library, you choose a book and just when you're ready to pay it, you see a sticker on it saying "By buying this book you accept the following:
                            1) The font used does not guarantee this book to be leggible by all people
                            2) This book can be read an unlimited number of times in your living room but only up to 3 times in all other rooms or houses
                            3) You are not entitled to use or copy any phrases from this book
                            4) This book can give away your vault's combination to anyone who opens it. "
                            Now take away the sticker thing (a lot of cd son't even have that) and there you have it. Would anyone consider this normal? Would anyone EVER buy a book like that? Nevertheless there are people that still byu cds like that

                            For LocutusofBorg

                            I'm extremely happy to see an answer like this to Mr. Russinovich's article on Daemon Tools. I too have come across this one and it got me really angry.
                            However Locutus I believe you should make a more rigid stand as far as the rootkit acusation (I could have used another term but this is what this article was all about) goes.
                            I.e. Daemon Tools DOES NOT contain ANY FORM of rootkit.
                            This is an extract from the definition of rootkit in Wikipedia:

                            "A rootkit is a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge"

                            As can be seen, the way Daemon Tool's functions are used, serve an entirely different purpose that is not even close to the definition of a rootkit.
                            Using the way that Mr. Russinovich's thinks (or tries to induce other people to think) one could say that antiviruses are using virus tecnology just by the fact they contain a portion of virus signatures. It's clearly false, and a sign of great ignorance (or perhaps something else?) on behalf of Mr. Russinovich.

                            This said I'm appologizing for the length of my post and end here.
                            Cheers to everyone!

                            Comment


                            • #15
                              Well said...

                              People usually forget that "toolkits", or whatever we could name that, are just technologies... and by the way they are not bad nor good.

                              Like science, it's its use which is good or bad...
                              Carpe diem

                              Comment

                              Working...
                              X