Even if! DT would be a "rootkit" (#define rootkit evil), people will still use it...

Take a look at what *lizzard is doing with W*W. No one cares about it now, and in 2 weeks no one will care about DT anymore...
(at least if rootkit.com doesn't proof mr. Russinovich is right )

True

Yes, the most of us will continue using it.

I think its remarkable that M.R treats a legit Software like
a CD/DVD Emulator differently than software with other
purposes. The people have the fucking right to install
a CD/DVD Emulator on their property. If this software by
coincedence can by used to make life easier for people
that use pirated music/software, well thats not the problem
of the developer of the emulator, but the problem of the
developer of the other software/music etc or their copy
protection companies. So what these companies do is to
render useles or even force to uninstall a legit software of
a other company because they cant find any other easy
way (unless they develop on a high cost) to solve their
own problem. If companies like Microsoft would use such
methods to dominate their product over others companies
product they would have been sued for about 10 billion
dollars at least. Well whatever. The methods that these
companies used to defeat DT and Alc are unethical business
practises and violate the right of the user to their own
property plus they violate the rights of the Emulator companies
to have their software be used in legitimate ways
and in peaceful coexistance. There are at least the same
amout of legit reasons to use an emulator as there might
be unethical or even illegal reasons...if not more. Its not
the software thats "bad" its the users that chose to do
things with it they maybe should not. Its completely
ridicolous that emulator companies products are allowed
to be discriminated and tampered with and no legal protection
for them seems available. While the big companies with their
lobbies have the free ticket to do whatever they please with
the customers and unpleasent software which might endanger
their profits or feed their paranoia.

If the makers of emulator had the army of lawyers and the big
money behind them im quite sure they would certainly win some
cases infront of courts around the world if not in the US.

DT and Alc reasons to have to use STEALTH technology (and
thats what really is the correct label, instead of calling it rootkit
which it is not) is that the aggressive and unethical politics of
software and media companies install anti emulator software
makers code into their products, not judging if the user owns
their product or not.

Instead they generally ban emulators to coexist with their products
and sabotage the emulators sole purpose which is to maintain the
fundamental reason of their existance: Emulating CD/DVD drives and
giving the User the right to their private copy of their legally purchased
software / music.

Stealth tech is used by anti virus TSRs to hide themselves from
Viri that scan for them etc etc is considered perfectly legit as
well. A rootkit in my definition is a more complete
set of tools that will allow ROOT access to a computer
remotely or locally circumventing its security concepts.
DT and ALC dont aim and i think have never been known
to be exploitable for exectuting hostile code.
It is quite ridcoulous that he is not bashing various copy protections
schemes and especially starforce which installs hidden devices, often without
users conscent and no proper removal method (unless you search for it in the
internet). But also the other methods do things like installing hidden drivers
that do not appear in the process list etc etc etc.
Go and BASH them idiot. They really make my OS unstable prevent me from
burning CD/DVDs cause they ban legitimate cd writer
drivers ..the list can go on forever.

DRM is not part of the OS security. Its external product
copyright protection concept, its not legit to incorporate
DRM into a OS security discussion. Rootkit discussion is
a OS security topic and not a DRM topic. It has been mixed
up with DRM due to the Fact of the SONY incident.

Calling DT or ALC a rootkit is mere BULLSHIT. It has some
stealth tech but that doesnt make it a ROOTKIT.
He doesnt say in clear words that they are Rootkits but
use Rootkit tech. But the fact that hes putting DT and Alc
in that "hot" context is primarily propaganda and unethical
and irresponsible.

Im sure that millions of users of Alc and DT around the
world are perfectly safe using these tools and i have
never heard of a way that they would become vulnerable
to attacks by having it installed. Making a system vulnerable
is the goal of rootkit. DT and Alc systems are NOT vulnerable,
unless smartass M.R proves me something else.

Im not a coder but i have a brain and i have a abstract
understanding of security concepts and also for what
i think is my personal human right as well. And one of them
is that i can do with my fucking computer what i want
unless i break the law. The law is NOT what some companies
would like it to be yet. And so i dont give a shit what
they and MR think. If they mess with my PC i will mess with
their software to make it fit for me. Im defending my home.
And thats a thing every american understands very well.^^
Noone thinks about prohibiting guns, although millions of people
die thru them thru crime and war. That is sad but true.
Hell yeah but a emulator that harms noone and only has a
chance of being abused for things that cost a damn media
producer some fuckin dollars he wouldnt have earned in the first
place cause noone wouldve bought his crap anyway, and
if he did and didnt like it he couldnt return it too (great
deal they make,them producers,sell shit with no refund),
a emulator like that is EVIL. The world is crazy and ruled
by arsewipes.

And last but not least..companies that make good products will
always have good revenues if they are managed just as well.
I think that all the bashing on emulators has just one reason:
Companies that make bad products fear this to be exposed to
the potential customers before they have their money.
After a customer has bought a buggy shit software he cant
just return it for money back. (at least not in europe). If i
have bought a car that doesnt perform as it should i can, or
at least i get it replaced instantly with a working one.
Software makers are in the ideal position to release shit to the
public and people buy the cat in the bag (german saying) without
getting to look inside of it first.

This would be the best solution, although it was quickly dismissed. I would appreciate a request during installation whether to use or not to use the discussed methods above as well, though.

On the other hand, I - in the position of being the boardzombie - feel the obligation to raise the morale a bit. Neelix would do the very same :


Guess who's DT in this picture...

the starforce people are loving this. http://www.star-force.com/forum/index.php?showtopic=579. they've already concluded that dt uses rootkits and thats what theyre spreading on their website.
source: http://www.star-force.com/protection...on.phtml?c=353

what a bunch of f*****s!!!

mark actually concluded with this:
and who the hell is he go poking around in other peoples software?? if you don't like it, don't use it.

*censored word for people*, they change quotes or left 99% of the posts, but if there's no other way to pay russ, they're really poor people.

I really didn't come into this to have an argument or atitude war about the safety and utility of your product.

I just wanted to know what unknown mysterious thing on my machine was "hiding" from normal API calls.

Since you claim to be hiding to help the user with certain features and compatibility issues, rather than hiding the perpitrator from the user, you could at least do a better job of not acting suspicious.

First, put version information with your company name in the files being pointed to, especially since they are in the system directories!

Second, you could include a human-readable key or value name inside the cloaked branch, so that any tool that reveals it will also show this information as to what it is and why. This could certainly be done without affecting the functionality or changing the product code at all.

Third, now that people are on the hunt for malware, document what you are doing. I'm sure that historically most end users didn't care how the product works. They still don't. But saying "you willingly chose and installed it" doesn't hold water when I can't corelate the anomoly being reported with the tool I installed. In the current climate, it should state that this installer does "cloak" things, and what they are with instructions that if presented with that exact item by a malware scanner of some kind that it's OK.

Deceminate this information to the malware-fighting industry, too. Then they can report immediatly that this is a "friendly" and not something unknown or (worse yet) something camoflauged as a friendly program.

As for the very presence of hidden stuff on the computer, I think it could make backups problematic. Other than that, it just has to be extra-careful not to cause problems that would then be hard to attribute.

--John

Umm... Mark's article is the one that got Sony's ass busted for their rootkit. And you'd better believe someone could exploit the DT one as well as the Sony one. Try calling S and asking them how much this debacle is costing them, then ask yourself if the $15 for DT is enough to cover all those class-action suits. It might be best to start offering people refunds if they aren't happy about that. (I, for one was not told ANYWHERE that there was cloaked software being installed.)

There is NO cloaked software installed....
The "so-called" root kit is merely a registry entry which is not visible to windows.
The registry entry is required to make the actual driver for the virtual drive load, and if people would actually download the rootkit revealer from sysinternals, they would see that it is the dtscsi service registry value which is hidden from windows.
Nothing like a spyware app.
I can't stand naiveity. Don't believe everything you read, just because some moron blogged about it.
The only spyware installed is whenU which is uninstallable from the add/remove programs applet in the windows control panel.
It is also an optional component during installation. (Which is more than I can say for most ad-supported software vendors)
That hidden registry key is necessarily hidden.
DT Team have done this as a registry key which is detectable by software is the easiest way for copy protection vendors to blacklist daemon-tools.

I have looked at your posts GreyWolf, and all 6 that you have made so far are complaining about Daemon Tools.
It seems to me like you are merely disgruntled because you failed to take any notice of the dt installers setup routine, and blindy clicked next, next, next.
Here's hoping you have learned a lesson there.
Now go click on Control Panel.
Then click on Add/Remove Programs.
Then search the list of programs you see there for any instances of WhenU or Daemon Tools Search bar, and uninstall them for gods sake.
And stop your complaining. Just because you paid money for dt means nothing. The program is free anyway, so you had plenty of opportunity to evaluate it before paying your hard earned $15 (Less than one large pizza btw) for the right to complain in the forums.

Good luck buddy.
Cheers,
Amph.

The key used by v4.0x is actually not even hidden, it just denies access to all unauthorized access - even Rootkit Revealer.

The installation is voluntarily, and every administrator should know what he is installing. And D-tools is a program to mount images, if any aggresive protections, which aren't installed voluntarily, try to block d-tools, d-tools goes around the protection. There is no reason speaking of a "rootkit".

For me it seems too many users here without technical know-
ledge want to discuss things with us they don't have a clue
why it is so. ALTHOUGH we explained it to the most here
in THIS thread, it is obviously that some people here simple
want to complain, regardless if it is logical or not.

Some suggestions here are even...... lets say imprudent.

I will paste here what Spath (who is really not a guy I would
add to our "fanbase" but more a neutral observer here) wrote
at cdfreaks:

The whole discussion here is merely BULLSHIT. A save/load
function or even jpeg-compression is often found in trojans.
And now? Should we forbid all programs worldwide which
use such functions?

One guy found a rootkit which only purpose was indeed to
HARM user-interests. And it was a REAL rootkit, as it was
possible to hide even other files etc etc.
All this has NOTHING TO DO WITH DAEMON TOOLS, goddamn.

I don't expect too much technical knowledge here from the
average joe, but I can at least long our users here to read
our explanation just because all answers are in there.

Here Here!
Well said Locutus
Here's hoping ppl read this far and understand

I have 100% trust in what the DT team do here, I have great respect for Locutus, his explanation in my mind is wholly truthful & don't believe he would ever try to pull the wool over our eyes. As with the team at CD Freaks, I have been a regular visitor over there for many years & believe me they know what they're talking about.

It's obvious this whole rootkit thing has been engineered to try to dis-credit the D-Tools team, I for one don't believe a word of it !!!

I agree completly .
RESPECT FOR THE DT TEAM!!!!