Announcement

Collapse
No announcement yet.

Daemon Tools rootkit?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally Posted by dino00
    You ask what would happen if a user decided to disable such a feature (and a wise decision that is)? As a matter of fact the rootkit would eventually be installed just the same. You see, in order for the cd to be played on a PC, you have to install the software that comes along with the given cd (that means you also install the rootkit).
    Sorry to drift the thread even further, but I'd like to correct this: if autorun is disabled, the rootkit would not install and the user has no DRM at that point - he can rip the tracks with no trouble (unless the DRM software's installer gets run some other way).

    Comment


    • #17
      Funny that Mr. R. doesn't mention any thing about a possible security risk caused by DT, which would be the only thing a DT user would be concerned about, but goes on to find it unethical...
      As for the way DT works i think all users are actually ok with it, unlike Sony's XCP..

      Comment


      • #18
        One thing that the DT team might consider is an option to install in 'stealth mode' or not.

        For people (like me) who are not gamers, the anti-blacklisting capabilties of DT are not the top consideration.

        So, like the option of whether or not to install the adware in the free version, maybe give an option to not install the hiding technology.

        Comment


        • #19
          I state officially that "DAEMON Tools contains NO rootkits".
          This article looks like a "piece of incompetent rubbish from a competent guy". Maybe some people, includung Mark Russinovich, have biased understanding of what rootkit is. Yes, our software contains registry hooking mechanisms in order to protect own registry from alteration by malicios software - but this is just technology only used not only by rootkits but also by antivirus and other applications,
          including Mark's own Regmon. If he claims it is a rootkit - we claim back Regmon is rootkit too.
          We have right to decide ourselves what technology to use in our software and what cares us in the least is the opinion of Mr. Russinovich about it. As said - it is just his opinion only.
          If he has too much free time and is willing to go into flames about ethics then he definitely chose wrong piece of software.

          Comment


          • #20
            regmon doesnt hide keys though, it just reports registry access, daemon tools DOES hide keys, so the comparison doesnt quite fit, as for having the right to use whatever technology you want in your own code, sure thats fine, however hiding it from the user is the issue, not the fact that it is done.
            my views are 100% personal views..

            Comment


            • #21
              I don't think we hide Deamon Tools from the user(s) - if Daemon Tools is installed on your system, you've installed it all by yourself, thus you know it is on your system.
              Everybody be cool! You, be cool!
              They'll keep fighting! And they'll win!

              Comment


              • #22
                Who cares what Regmon does then - it uses "unethical" technology no matter what for.

                Comment


                • #23
                  So what's the big deal about hiding keys? Microsoft hides all kinds of stuff on us.

                  How about MS's hiding known file extensions as the default in a new install of XP? This has allowed lots of malicious emails with attachments to take advantage of this. You know, a malicious program file called 'report.doc.exe' displays as attachment 'report.doc' in Outlook. The user thinks it's a Word document, opens it and WHAMO! MS still makes hidden the default even though they know of this problem.

                  AFAIK hiding Registry keys is a feature of the OS. If it's so bad for the user than why hasn't MS issued a security hotfix to plug it?

                  Now if a software package uses any Registry key to perform malicious acts then that's something that should be reported.

                  My 2 cents.

                  Comment


                  • #24
                    to whom it will concer:

                    the "registry-hiding" technology from DaemonTools is based
                    on my design, so if you want to bash someone for that reason,
                    you now whom to write!

                    It was my decision and to tell the truth: it was for sure not
                    in my mind to hide it from the user!! People who claim that
                    just simply don't know what they're talking about!

                    My goodness, it is to protect OUR software. We do NOT fool
                    the users NOR does we NEED to hide something from them!

                    Especially since we contain adware we were ALWAYS as "open"
                    to our users as possible, don't you think we use that "root-
                    kit" for "better" purposes then? NO! It is only to defend our-
                    selfes from malicious software. If THAT is unethical to some
                    users, I think you better deinstall DAEMON-Tools!

                    Apart from that is Mr. Russinovichs opinion in fact biased,
                    for me it looks even as if he knows the development behind
                    StarForce (at least he "checked" their technology and found
                    no rootkits ) - with that in mind, and the fact that he later
                    checked us, go figure! To me it is clear who sits on which
                    site of the table, check also this link: now you can see the
                    "timeline" I mentioned above:
                    http://www.star-force.com/protection.phtml?c=83&id=766

                    Especially the "he woked up famous the next morning" shed
                    some other light to the whole issues (again, in MY opinion)

                    Apart from that, we do not go on the same level like others,
                    I will not bash against Mr. Russinovich nor does I bash against
                    StarForce. At least they will not receive help from me to get
                    more attention, if I wouldn't know better, I could think that
                    all this is a very very clever "campaign" from some people
                    to get more fame. And does it worked? Yes, it does!! But we
                    are not so dumb and blind and do not notice the real reasons
                    behind all this.

                    But that is only my opinion.

                    More and more I got the idea that here people work together
                    to bring us down. That show me at least one thing: it points
                    out that we must do something right.

                    Comment


                    • #25
                      Originally Posted by LocutusofBorg
                      to whom it will concer:

                      the "registry-hiding" technology from DaemonTools is based
                      on my design, so if you want to bash someone for that reason,
                      you now whom to write!

                      It was my decision and to tell the truth: it was for sure not
                      in my mind to hide it from the user!! People who claim that
                      just simply don't know what they're talking about!

                      My goodness, it is to protect OUR software. We do NOT fool
                      the users NOR does we NEED to hide something from them!

                      Especially since we contain adware we were ALWAYS as "open"
                      to our users as possible, don't you think we use that "root-
                      kit" for "better" purposes then? NO! It is only to defend our-
                      selfes from malicious software. If THAT is unethical to some
                      users, I think you better deinstall DAEMON-Tools!

                      Apart from that is Mr. Russinovichs opinion in fact biased,
                      for me it looks even as if he knows the development behind
                      StarForce (at least he "checked" their technology and found
                      no rootkits ) - with that in mind, and the fact that he later
                      checked us, go figure! To me it is clear who sits on which
                      site of the table, check also this link: now you can see the
                      "timeline" I mentioned above:
                      http://www.star-force.com/protection.phtml?c=83&id=766

                      Especially the "he woked up famous the next morning" shed
                      some other light to the whole issues (again, in MY opinion)

                      Apart from that, we do not go on the same level like others,
                      I will not bash against Mr. Russinovich nor does I bash against
                      StarForce. At least they will not receive help from me to get
                      more attention, if I wouldn't know better, I could think that
                      all this is a very very clever "campaign" from some people
                      to get more fame. And does it worked? Yes, it does!! But we
                      are not so dumb and blind and do not notice the real reasons
                      behind all this.

                      But that is only my opinion.

                      More and more I got the idea that here people work together
                      to bring us down. That show me at least one thing: it points
                      out that we must do something right.
                      D-tools doesn't fit in the pattern of the industry, so they recrute idiots to bash here. Call me paranoid, thats MY opinion.
                      And M.R. tells very much to form himself.
                      Last edited by vatras90; 11.02.2006, 19:23.
                      My system
                      Boycott Starforce!
                      Wiederstand ist zwecklos! Ihr Assis werdet miliert!

                      Comment


                      • #26
                        i think the issue really is that people are getting scared now about rootkits, about drivers hooking KeServiceDescriptorTable entries and so on, and using this to reroute process api's, registry api's etc... true, anti virus program do this etc.. but thats really expected, after all anti virus programs monitor process execution, so a hook is expected. I agree the guy in the article is jumping to conclusions, but i think the people are interested in the reasons for these hooks in daemon tools etc, which you have explained and thats all that was required.. as for hiding it from the user, well thats your choice

                        as for starforce being rootkit free, the older versions were definately rootable and there were a few exploits for it, mostly escilating user priveledges..
                        my views are 100% personal views..

                        Comment


                        • #27
                          LocutusofBorg,

                          Correct me if I'm wrong, but what Mark Russinovich says is that hooking system calls should be avoided at all costs.

                          And there are many people who use Daemon Tools but don't play any games, so they would be much happier to have a version of Daemon Tools that doesn't use those "potentially dangerous" hooks.

                          So my proposal is this: during the installation of Daemon Tools, offer the user the choice of disabling those hooks, and of course warn them that some games will no longer work so that they can make an informed decision.

                          That way, "anally retentive" people that are concerned about the possible system instability that those hooks could produce, will be able to sleep easily.

                          And the rest of us will keep using the hooks because we want to play our legally made backups and exercise our Fair Use rights.

                          Could that be the best of both worlds?

                          Comment


                          • #28
                            This Marks is so clever, he is only concerned by our security!
                            So concern that he should tell to the world, he 's find a rootkit in alcohol and DT and blame them !!!
                            Funny that he knows since months that Symantec has implement feature to hide folders similar to those of sony...

                            "I learned of the cloaking several months again when users of our RootkitRevealer rootkit detection tool sent us log files asking whether their was evidence of malware (others have posted logs in the Sysinternals forums). A little research showed that it was generally known that SystemWorks creates NPROTECT directories that show up as false-positives in RootkitRevealer scans."

                            But for symantec, this is "false-positives", "rootkit-like"
                            Even if:
                            "I confirmed that a security vulnerability similar to Sonys exists in the cloaking by copying files into the directory "

                            But despite knowing that and being very concern by our security, does he tell anything about that? No he wait the symantec declaration...

                            Strange no?

                            As I have start about security concern. We should speak about a huge security concern. (not as the rootkit of dt who could be use perhaps by a genious hacker), I have find that a guy sell a real rootkit! This rootkit allow a five years old Kid to access my computer, allow somebody to alter my files, desactivate my antivirus, implemante a keylogger and steal documents and credit card number... What was the name of this soft ... Ah this is NTFS2DOS which allow full access to a ntfs partition just booting on dos bootdisks...
                            This kind of guy should be in jail, this is propably denied by the DMCA...

                            Comment


                            • #29
                              Originally Posted by Leolo
                              LocutusofBorg,
                              Correct me if I'm wrong, but what Mark Russinovich says is that hooking system calls should be avoided at all costs.
                              And there are many people who use Daemon Tools but don't play any games, so they would be much happier to have a version of Daemon Tools that doesn't use those "potentially dangerous" hooks.
                              So my proposal is this: during the installation of Daemon Tools, offer the user the choice of disabling those hooks, and of course warn them that some games will no longer work so that they can make an informed decision.
                              That way, "anally retentive" people that are concerned about the possible system instability that those hooks could produce, will be able to sleep easily.
                              And the rest of us will keep using the hooks because we want to play our legally made backups and exercise our Fair Use rights.
                              Could that be the best of both worlds?
                              No, if you're afraid of "potentially dangerous hooks" do not install Daemon Tools, do not install certain anti-virus software, and do not install programs and games protected by certain protections.
                              It is really interesting to see that Mark just labelled Starforce completely ethical - although especially Starforce hooks a lot of system and patches kernel during cd/dvd check. Seems for Mark there're "good" and "evil" hooks?
                              Now our hooks are just to protect our software, which is really unethical (sarcasm alert). But e.g. the Starforce hooks are completely ethical, 'cause they enforce copy protection (now Professor Frink's sarcasm detector exploded again). I wonder if Starforce paid for the analysis ...
                              Everybody be cool! You, be cool!
                              They'll keep fighting! And they'll win!

                              Comment


                              • #30
                                As far as I understood, Mark said almost nothing about StarForce.

                                Somebody asked him to check StarForce, he answered
                                I've taken a look at StarForce and other than some unorthodox ways of monitoring Cd-Rom traffic and intercepting the creation of all processes and threads, there's nothing overtly unstable about its implementation.
                                And then starforce developers started to tell everyone about Mark's "examination". I doubt if he really knows about all starforce's deeds.

                                Comment

                                Working...
                                X