Announcement

Collapse
No announcement yet.

Daemon Tools rootkit?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally Posted by LocutusofBorg
    More and more I got the idea that here people work together
    to bring us down. That show me at least one thing: it points
    out that we must do something right.
    Even if! DT would be a "rootkit" (#define rootkit evil), people will still use it...

    Take a look at what *lizzard is doing with W*W. No one cares about it now, and in 2 weeks no one will care about DT anymore...
    (at least if rootkit.com doesn't proof mr. Russinovich is right )
    When Hell is full,
    the dead will walk the earth

    Comment


    • #32
      True

      Yes, the most of us will continue using it.
      Mejor morir de pie, que no vivir de rodillas.

      Comment


      • #33
        I think its remarkable that M.R treats a legit Software like
        a CD/DVD Emulator differently than software with other
        purposes. The people have the fucking right to install
        a CD/DVD Emulator on their property. If this software by
        coincedence can by used to make life easier for people
        that use pirated music/software, well thats not the problem
        of the developer of the emulator, but the problem of the
        developer of the other software/music etc or their copy
        protection companies. So what these companies do is to
        render useles or even force to uninstall a legit software of
        a other company because they cant find any other easy
        way (unless they develop on a high cost) to solve their
        own problem. If companies like Microsoft would use such
        methods to dominate their product over others companies
        product they would have been sued for about 10 billion
        dollars at least. Well whatever. The methods that these
        companies used to defeat DT and Alc are unethical business
        practises and violate the right of the user to their own
        property plus they violate the rights of the Emulator companies
        to have their software be used in legitimate ways
        and in peaceful coexistance. There are at least the same
        amout of legit reasons to use an emulator as there might
        be unethical or even illegal reasons...if not more. Its not
        the software thats "bad" its the users that chose to do
        things with it they maybe should not. Its completely
        ridicolous that emulator companies products are allowed
        to be discriminated and tampered with and no legal protection
        for them seems available. While the big companies with their
        lobbies have the free ticket to do whatever they please with
        the customers and unpleasent software which might endanger
        their profits or feed their paranoia.

        If the makers of emulator had the army of lawyers and the big
        money behind them im quite sure they would certainly win some
        cases infront of courts around the world if not in the US.

        DT and Alc reasons to have to use STEALTH technology (and
        thats what really is the correct label, instead of calling it rootkit
        which it is not) is that the aggressive and unethical politics of
        software and media companies install anti emulator software
        makers code into their products, not judging if the user owns
        their product or not.

        Instead they generally ban emulators to coexist with their products
        and sabotage the emulators sole purpose which is to maintain the
        fundamental reason of their existance: Emulating CD/DVD drives and
        giving the User the right to their private copy of their legally purchased
        software / music.

        Stealth tech is used by anti virus TSRs to hide themselves from
        Viri that scan for them etc etc is considered perfectly legit as
        well. A rootkit in my definition is a more complete
        set of tools that will allow ROOT access to a computer
        remotely or locally circumventing its security concepts.
        DT and ALC dont aim and i think have never been known
        to be exploitable for exectuting hostile code.
        It is quite ridcoulous that he is not bashing various copy protections
        schemes and especially starforce which installs hidden devices, often without
        users conscent and no proper removal method (unless you search for it in the
        internet). But also the other methods do things like installing hidden drivers
        that do not appear in the process list etc etc etc.
        Go and BASH them idiot. They really make my OS unstable prevent me from
        burning CD/DVDs cause they ban legitimate cd writer
        drivers ..the list can go on forever.

        DRM is not part of the OS security. Its external product
        copyright protection concept, its not legit to incorporate
        DRM into a OS security discussion. Rootkit discussion is
        a OS security topic and not a DRM topic. It has been mixed
        up with DRM due to the Fact of the SONY incident.

        Calling DT or ALC a rootkit is mere BULLSHIT. It has some
        stealth tech but that doesnt make it a ROOTKIT.
        He doesnt say in clear words that they are Rootkits but
        use Rootkit tech. But the fact that hes putting DT and Alc
        in that "hot" context is primarily propaganda and unethical
        and irresponsible.

        Im sure that millions of users of Alc and DT around the
        world are perfectly safe using these tools and i have
        never heard of a way that they would become vulnerable
        to attacks by having it installed. Making a system vulnerable
        is the goal of rootkit. DT and Alc systems are NOT vulnerable,
        unless smartass M.R proves me something else.

        Im not a coder but i have a brain and i have a abstract
        understanding of security concepts and also for what
        i think is my personal human right as well. And one of them
        is that i can do with my fucking computer what i want
        unless i break the law. The law is NOT what some companies
        would like it to be yet. And so i dont give a shit what
        they and MR think. If they mess with my PC i will mess with
        their software to make it fit for me. Im defending my home.
        And thats a thing every american understands very well.^^
        Noone thinks about prohibiting guns, although millions of people
        die thru them thru crime and war. That is sad but true.
        Hell yeah but a emulator that harms noone and only has a
        chance of being abused for things that cost a damn media
        producer some fuckin dollars he wouldnt have earned in the first
        place cause noone wouldve bought his crap anyway, and
        if he did and didnt like it he couldnt return it too (great
        deal they make,them producers,sell shit with no refund),
        a emulator like that is EVIL. The world is crazy and ruled
        by arsewipes.

        And last but not least..companies that make good products will
        always have good revenues if they are managed just as well.
        I think that all the bashing on emulators has just one reason:
        Companies that make bad products fear this to be exposed to
        the potential customers before they have their money.
        After a customer has bought a buggy shit software he cant
        just return it for money back. (at least not in europe). If i
        have bought a car that doesnt perform as it should i can, or
        at least i get it replaced instantly with a working one.
        Software makers are in the ideal position to release shit to the
        public and people buy the cat in the bag (german saying) without
        getting to look inside of it first.
        Last edited by Sabrehawk; 13.02.2006, 07:10.
        Guys vote for the threads you read to give
        the rating system a place to live ^^

        Comment


        • #34
          Originally Posted by Leolo
          So my proposal is this: during the installation of Daemon Tools, offer the user the choice of disabling those hooks, and of course warn them that some games will no longer work so that they can make an informed decision.
          This would be the best solution, although it was quickly dismissed. I would appreciate a request during installation whether to use or not to use the discussed methods above as well, though.

          On the other hand, I - in the position of being the boardzombie - feel the obligation to raise the morale a bit. Neelix would do the very same :


          Guess who's DT in this picture...
          The Boardzombie's website.

          Comment


          • #35
            the starforce people are loving this. http://www.star-force.com/forum/index.php?showtopic=579. they've already concluded that dt uses rootkits and thats what theyre spreading on their website.
            Another most recent revelation about emulators is that they use rootkits. That could actually cause security problems for the OS.

            This discovery made by Mark Russinovich should make any user at least cautious when using emulators.
            source: http://www.star-force.com/protection...on.phtml?c=353

            what a bunch of f*****s!!!

            mark actually concluded with this:
            Theres no proof that Alcohol and Daemon Tools use rootkits to evade DRM, but the evidence is compelling
            and who the hell is he go poking around in other peoples software?? if you don't like it, don't use it.

            Comment


            • #36
              *censored word for people*, they change quotes or left 99% of the posts, but if there's no other way to pay russ, they're really poor people.
              Last edited by vatras90; 18.02.2006, 10:20.
              My system
              Boycott Starforce!
              Wiederstand ist zwecklos! Ihr Assis werdet miliert!

              Comment


              • #37
                I really didn't come into this to have an argument or atitude war about the safety and utility of your product.

                I just wanted to know what unknown mysterious thing on my machine was "hiding" from normal API calls.

                Since you claim to be hiding to help the user with certain features and compatibility issues, rather than hiding the perpitrator from the user, you could at least do a better job of not acting suspicious.

                First, put version information with your company name in the files being pointed to, especially since they are in the system directories!

                Second, you could include a human-readable key or value name inside the cloaked branch, so that any tool that reveals it will also show this information as to what it is and why. This could certainly be done without affecting the functionality or changing the product code at all.

                Third, now that people are on the hunt for malware, document what you are doing. I'm sure that historically most end users didn't care how the product works. They still don't. But saying "you willingly chose and installed it" doesn't hold water when I can't corelate the anomoly being reported with the tool I installed. In the current climate, it should state that this installer does "cloak" things, and what they are with instructions that if presented with that exact item by a malware scanner of some kind that it's OK.

                Deceminate this information to the malware-fighting industry, too. Then they can report immediatly that this is a "friendly" and not something unknown or (worse yet) something camoflauged as a friendly program.

                As for the very presence of hidden stuff on the computer, I think it could make backups problematic. Other than that, it just has to be extra-careful not to cause problems that would then be hard to attribute.

                --John

                Comment


                • #38
                  Umm... Mark's article is the one that got Sony's ass busted for their rootkit. And you'd better believe someone could exploit the DT one as well as the Sony one. Try calling S and asking them how much this debacle is costing them, then ask yourself if the $15 for DT is enough to cover all those class-action suits. It might be best to start offering people refunds if they aren't happy about that. (I, for one was not told ANYWHERE that there was cloaked software being installed.)

                  Comment


                  • #39
                    There is NO cloaked software installed....
                    The "so-called" root kit is merely a registry entry which is not visible to windows.
                    The registry entry is required to make the actual driver for the virtual drive load, and if people would actually download the rootkit revealer from sysinternals, they would see that it is the dtscsi service registry value which is hidden from windows.
                    Nothing like a spyware app.
                    I can't stand naiveity. Don't believe everything you read, just because some moron blogged about it.
                    The only spyware installed is whenU which is uninstallable from the add/remove programs applet in the windows control panel.
                    It is also an optional component during installation. (Which is more than I can say for most ad-supported software vendors)
                    That hidden registry key is necessarily hidden.
                    DT Team have done this as a registry key which is detectable by software is the easiest way for copy protection vendors to blacklist daemon-tools.

                    I have looked at your posts GreyWolf, and all 6 that you have made so far are complaining about Daemon Tools.
                    It seems to me like you are merely disgruntled because you failed to take any notice of the dt installers setup routine, and blindy clicked next, next, next.
                    Here's hoping you have learned a lesson there.
                    Now go click on Control Panel.
                    Then click on Add/Remove Programs.
                    Then search the list of programs you see there for any instances of WhenU or Daemon Tools Search bar, and uninstall them for gods sake.
                    And stop your complaining. Just because you paid money for dt means nothing. The program is free anyway, so you had plenty of opportunity to evaluate it before paying your hard earned $15 (Less than one large pizza btw) for the right to complain in the forums.

                    Good luck buddy.
                    Cheers,
                    Amph.
                    SpeedLabs Inc. - Welcome to the real world...

                    Comment


                    • #40
                      The key used by v4.0x is actually not even hidden, it just denies access to all unauthorized access - even Rootkit Revealer.
                      Everybody be cool! You, be cool!
                      They'll keep fighting! And they'll win!

                      Comment


                      • #41
                        The installation is voluntarily, and every administrator should know what he is installing. And D-tools is a program to mount images, if any aggresive protections, which aren't installed voluntarily, try to block d-tools, d-tools goes around the protection. There is no reason speaking of a "rootkit".
                        My system
                        Boycott Starforce!
                        Wiederstand ist zwecklos! Ihr Assis werdet miliert!

                        Comment


                        • #42
                          For me it seems too many users here without technical know-
                          ledge want to discuss things with us they don't have a clue
                          why it is so. ALTHOUGH we explained it to the most here
                          in THIS thread, it is obviously that some people here simple
                          want to complain, regardless if it is logical or not.

                          Some suggestions here are even...... lets say imprudent.

                          I will paste here what Spath (who is really not a guy I would
                          add to our "fanbase" but more a neutral observer here) wrote
                          at cdfreaks:

                          By Spath, Moderator CD Freaks Optical Storage Technical Discussions
                          However, lets take a closer look at Mr. Russinovich's definition of a rootkit from his blog article and we quote:

                          "I arrived at my working definition for the word rootkit several years ago as: Software that hides itself or other objects, such as files, processes, and Registry keys, from view of standard diagnostic, administrative, and security software."

                          Therefore, Mark feels that anything hidden, malicious or not, whether you installed it yourself or not, is a rootkit. Following his definition, some antivirus and IPS products can also be considered rootkits, something that many security professionals do not agree on.

                          To summarize:
                          • Are Daemon Tools and Alcohol 120% rootkits ? Not according to the common definition. But to do the job we want them to do they have to use the same advanced low-level techniques that rootkits, viruses, anti-viruses and kernel debuggers use.
                          • Did Mark discover anything malicious or suspicious in DT ? No, he just explained part of DT normal behaviour, whose goal is to hide itself from copy protections.
                          • Are these emulation tools a security risk ? Maybe, but nothing in
                            Mark's post proves it. And again, any driver you install is a
                            potential security risk.
                          The whole discussion here is merely BULLSHIT. A save/load
                          function or even jpeg-compression is often found in trojans.
                          And now? Should we forbid all programs worldwide which
                          use such functions?

                          One guy found a rootkit which only purpose was indeed to
                          HARM user-interests. And it was a REAL rootkit, as it was
                          possible to hide even other files etc etc.
                          All this has NOTHING TO DO WITH DAEMON TOOLS, goddamn.

                          I don't expect too much technical knowledge here from the
                          average joe, but I can at least long our users here to read
                          our explanation just because all answers are in there.

                          Comment


                          • #43
                            Here Here!
                            Well said Locutus
                            Here's hoping ppl read this far and understand
                            SpeedLabs Inc. - Welcome to the real world...

                            Comment


                            • #44
                              I have 100% trust in what the DT team do here, I have great respect for Locutus, his explanation in my mind is wholly truthful & don't believe he would ever try to pull the wool over our eyes. As with the team at CD Freaks, I have been a regular visitor over there for many years & believe me they know what they're talking about.

                              It's obvious this whole rootkit thing has been engineered to try to dis-credit the D-Tools team, I for one don't believe a word of it !!!

                              Comment


                              • #45
                                Originally Posted by joeboy
                                I have 100% trust in what the DT team do here, I have great respect for Locutus, his explanation in my mind is wholly truthful & don't believe he would ever try to pull the wool over our eyes......

                                It's obvious this whole rootkit thing has been engineered to try to dis-credit the D-Tools team, I for one don't believe a word of it !!!
                                I agree completly .
                                RESPECT FOR THE DT TEAM!!!!

                                Comment

                                Working...
                                X