Announcement

Collapse
No announcement yet.

Daemon Tools rootkit?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    Dt

    I have been using daemon tools since its inception but nomore. The orginal release was extremely buggy. I do not know if it has been discussed in this forum but when I repaired windows the program unistall and reinstall was invalid and I had to not only search the registry for the keys but remove the permissons to allow me to delete the keys as well. I admit I do not have much infromation on DT rootkit but I do not want any program that is owned by a adware or malware company high level or 0 ring level priveleges on my system. No more I will cease the use of daemon tools from now on and I encourage others to do the same.

    Comment


    • #47
      @chris622000: No, I will not uninstall DT. Instead, I just bought a 2nd license.
      Last edited by FordPrefect; 28.02.2006, 23:36.

      Comment


      • #48
        Originally Posted by chris622000
        I have been using daemon tools since its inception but nomore. The orginal release was extremely buggy. I do not know if it has been discussed in this forum but when I repaired windows the program unistall and reinstall was invalid and I had to not only search the registry for the keys but remove the permissons to allow me to delete the keys as well. I admit I do not have much infromation on DT rootkit but I do not want any program that is owned by a adware or malware company high level or 0 ring level priveleges on my system. No more I will cease the use of daemon tools from now on and I encourage others to do the same.
        It is actually a very good idea that ppl like you with actually no idea what they're talking about stay away from using Daemon Tools.
        The "bugs" you are talking about are no bugs of Daemon Tools, neither are we "owned" by any adware/malware company.
        Everybody be cool! You, be cool!
        They'll keep fighting! And they'll win!

        Comment


        • #49
          yeah sure

          The "bugs" you are talking about are no bugs of Daemon Tools, neither are we "owned" by any adware/malware company.


          Sure whatever. You have no clue wtf you are talking about. Don't believe me ask lotus borg. And if the program doesn't need access to the kernel then why does it need to disable kernel debugging?

          Comment


          • #50
            Originally Posted by chris622000
            The "bugs" you are talking about are no bugs of Daemon Tools, neither are we "owned" by any adware/malware company.


            Sure whatever. You have no clue wtf you are talking about. Don't believe me ask lotus borg. And if the program doesn't need access to the kernel then why does it need to disable kernel debugging?
            They HAVE a clue, I'm sure.
            Without any skills, they couldn't had programmed d-tools.
            My system
            Boycott Starforce!
            Wiederstand ist zwecklos! Ihr Assis werdet miliert!

            Comment


            • #51
              @chris:

              DT does not stop debuggers, it just stop working when debugger is active,
              one of several security reasons to prevent
              analyzing by copyprotection-industry.

              Second: I guess you simple misunderstood Copytrooper. Where
              does he stated that DT does NOT need access to the kernel?
              And keep in mind, we talk about DT components here, not
              the adware!

              We do run our own business and bundle DT with Adware, yes.
              If you do not like it, we do not force you to install the adware.
              If you want pure DT, just install DT without the adware.

              Third:

              Copytrooper is right. You have no clue about the whole
              background - your postings are too provocative to be
              taken serious.

              Also: Why should we discuss at all? You uninstalled DT,
              now I ask you kindly to leave us alone here. There is nothing
              to discuss anymore as you don't use our product anymore.
              Just try to be a gentleman (or a lady?) and simple stay away
              from our products in the future. That should be fair enough
              for you and us - it is in best interest for both parties

              Comment


              • #52
                Originally Posted by chris622000
                Sure whatever. You have no clue wtf you are talking about. Don't believe me ask lotus borg. And if the program doesn't need access to the kernel then why does it need to disable kernel debugging?
                YOU don't a clue what YOU'RE talking about. LocutusofBorg and Copytrooper are on the same team. An im sure him and LocutusofBorg know what they're talking about.

                Comment


                • #53
                  This guy is funny Telling people they don't know what they're talking about, while he can't even quote properly.
                  And who's lotus borg?

                  Comment


                  • #54
                    @Reef: easy - Lotus Borg is the brother of the "white Lotus"

                    You remember? Kill Bill Vol.2

                    Comment


                    • #55
                      I really need to watch that movie again

                      Comment


                      • #56
                        Well I saw about this quite late but I must say that for M.R to say Starforce contains no rootkits yet DTools does is laughable and (at least to me) would indicate that someone is getting back handers from someone else.

                        Daemon tools is a program that installs nothing but what it says, A optical drive emulator, it hides a single registry entry from the OS (which isnt harmful at all) and ceases to function when a debugger is present. Thats basically what he calls a rootkit.

                        Starforce on the other hand is installed WITHOUT the users knowledge, it grants Ring0 access to user level (A SERIOUS security problem).

                        Starforce have claimed that their protection ONLY is in effect when the game is running, if this is the case why are DPM reading impossible when SF drivers are present on the system?

                        Starforce have also claimed that their protection isnt harmful to the system, well having lost a HD (playing a backup of colin mcrae rally 2k5) I can say this is also false, I also know at least one other person who has lost an optical drive with an original (read - NOT backup) game (X3 if you're interested). This person also asked to enter the starforce compitition because he was confident he could replicate it and after several emails he was told "to contact starforce support" and refused entrance to the compitition.

                        Starforce also claims it doesnt hide anything from the user, again another falsehood, SF hides memory locations from the user (try using artmoney or tsearch to cheat a game and you WONT find the memory locations).

                        Starforce also claim their remover will remove the drivers, yet again more lies. Try to download trackmania nations, install it and then run the driver remover. "Do you want to reboot to complete removal?", and surprise after a reboot the files are still there.

                        One of THE most frequent questions on my sites hardware sections recently is "my computer is stuttering like crazy" and its VERY easy to solve because 99.9% of the time the starforce drivers have screwed their system over and put their drives in PIO mode, now how many people will ever know this has happend?

                        Now lets goto the bad effects that daemon tools has caused....

                        Some people have missed the adware install, which is VERY clear on the install but people have become acustomed to clicking NEXT too fast. it also CLEARLY states that it will not run when a debugger is present on the system, is this a problem? none at all because you simply dont use daemon tools at the same time.

                        M.R's article is laughable, and furthermore his article is full of half truths and incinuates that daemon tools is potentially doing something its not.

                        Lucky I think his article has had the reverse effect that was intended, more people are aware of daemon tools now, more people are laughing at sysinternals article on this and more people are realising the awful truth about such malware protections as Starforce.

                        If you want to read more truth than lies about starforce, dont goto their forums as they lie straight out, or simply accuse you of being a hacker when their buggy and dangerous protection wont function. You find more truths about Starforce at that link.

                        Comment


                        • #57
                          I didn't know until now that DT hides anything. For this reason, I would suggest adding a dialog windows to the setup asking whether you want the hiding or not, if this is possible. I would suggest something like:
                          Daemon tools can use technologies also used by rootkits (like the Sony copy protection (insert name)) in order to hide from copy protections that refuse to run the protected application if DT is installed. However, we think that it is important to let the user know what we are doing and not install it stealthy, without information, asking or a way to remove it, like some copy protections do.

                          If enabled, the following (and ONLY the following) registry entries will be hidden:
                          (list all hidden entries here)

                          You can choose not to enable this feature. If this feature is inactive, some copy protections may detect DT and refuse to run, so we recommend to enable it. You can change this setting later in the options menu.
                          But please do not hide it in the EULA or something, put it into a separate dialog box (maybe a red one ;-)

                          If it is not posslible to let the user choose, I would at least inform the user clearly what will be done (list of hidden entries etc.) and to allow him to abourt installation. This way noone can complain. The companies making the copy protections probably already know about the registry keys, so it is probably not dangerous to list them. Also it will be a clear example how to do it if you want to implement rootkit-like functions, and YOU can dare to say what you are doing. The copy protections cannot (imagine you buy a game and it says "To install this game, you must allow it to install a restrictive copy protection that will destroy your drive, make it impossible to use your PC as you want to, hides itself and spyware and is impossible to remove" ;-) Noone would play that game.)

                          And finally I would like to add, that copy protection measures nearly always harm buyers more than pirates. Examples:
                          Buy a game - you can only play it without DT and with CD in the drive. Pirate it - it is cracked and runs without CD and without need to uninstall anything (game went back to shop)
                          Buy a sony CD - your PC gets f***** up by the rootkit, you are glad if you can listen to the music in low quality on the PC. Pirate the music - you have clean mp3 files with good quality, without viruses, and you can put them onto CD, your mp3-player or anything you want.
                          I do not wonder why people are not paying for less when they can (illegaly, but easily) get better quality for free. Maybe the industry should consider this.
                          http://janschejbal.wordpress.com/ - Meine Meinung, mein Blog - ES LEBE DIE FREIHEIT

                          Comment


                          • #58
                            AV scanning?

                            Hello to all.Since this is an off-topic area I would like to ask how can I make my AV ( NOD 32 ) disregard any possible false warnings about rootkit detection that are generated from DAEMON TOOLS (DT)?I haven't yet installed DT but I would like to know which Reg Keys are used for emulation purposes and/or files so as to configure my AV scanner ( It's set to a scan/clean state ).Thnx!
                            It is remarkable how similar the pattern of love is to the pattern of insanity

                            Comment


                            • #59
                              NOD32 shouldn't throw up any errors. I run it, and have never had a problem when installing.

                              Comment


                              • #60
                                depends highly of which version of DT you use. It is reported
                                and seems to be true, that some illegal versions of DT Pro
                                are infected with a clever trojan inside.

                                But with legal versions, we monitor frequently all important
                                virus-scanners (incl. NOD32) and so far it seems everythings
                                ok now. Which version of DT you use?

                                Comment

                                Working...
                                X