Page 3 of 7 FirstFirst 12345 ... LastLast
Showing results 21 to 30 of 62

Thread: Daemon Tools rootkit?

  1. #21

    Default

    I don't think we hide Deamon Tools from the user(s) - if Daemon Tools is installed on your system, you've installed it all by yourself, thus you know it is on your system.
    Everybody be cool! You, be cool!
    They'll keep fighting! And they'll win!

  2. #22
    Administrator



    Join Date
    06.11.2002
    Posts
    2,044

    Default

    Who cares what Regmon does then - it uses "unethical" technology no matter what for.

  3. #23
    Experienced User streetwolf's Avatar
    Join Date
    26.11.2005
    Posts
    116

    Default

    So what's the big deal about hiding keys? Microsoft hides all kinds of stuff on us.

    How about MS's hiding known file extensions as the default in a new install of XP? This has allowed lots of malicious emails with attachments to take advantage of this. You know, a malicious program file called 'report.doc.exe' displays as attachment 'report.doc' in Outlook. The user thinks it's a Word document, opens it and WHAMO! MS still makes hidden the default even though they know of this problem.

    AFAIK hiding Registry keys is a feature of the OS. If it's so bad for the user than why hasn't MS issued a security hotfix to plug it?

    Now if a software package uses any Registry key to perform malicious acts then that's something that should be reported.

    My 2 cents.

  4. #24

    Default

    to whom it will concer:

    the "registry-hiding" technology from DaemonTools is based
    on my design, so if you want to bash someone for that reason,
    you now whom to write!

    It was my decision and to tell the truth: it was for sure not
    in my mind to hide it from the user!! People who claim that
    just simply don't know what they're talking about!

    My goodness, it is to protect OUR software. We do NOT fool
    the users NOR does we NEED to hide something from them!

    Especially since we contain adware we were ALWAYS as "open"
    to our users as possible, don't you think we use that "root-
    kit" for "better" purposes then? NO! It is only to defend our-
    selfes from malicious software. If THAT is unethical to some
    users, I think you better deinstall DAEMON-Tools!

    Apart from that is Mr. Russinovichs opinion in fact biased,
    for me it looks even as if he knows the development behind
    StarForce (at least he "checked" their technology and found
    no rootkits ) - with that in mind, and the fact that he later
    checked us, go figure! To me it is clear who sits on which
    site of the table, check also this link: now you can see the
    "timeline" I mentioned above:
    http://www.star-force.com/protection.phtml?c=83&id=766

    Especially the "he woked up famous the next morning" shed
    some other light to the whole issues (again, in MY opinion)

    Apart from that, we do not go on the same level like others,
    I will not bash against Mr. Russinovich nor does I bash against
    StarForce. At least they will not receive help from me to get
    more attention, if I wouldn't know better, I could think that
    all this is a very very clever "campaign" from some people
    to get more fame. And does it worked? Yes, it does!! But we
    are not so dumb and blind and do not notice the real reasons
    behind all this.

    But that is only my opinion.

    More and more I got the idea that here people work together
    to bring us down. That show me at least one thing: it points
    out that we must do something right.

  5. #25
    Experienced User
    vatras90's Avatar
    Join Date
    10.08.2005
    Posts
    190

    Default

    Quote Originally Posted by LocutusofBorg
    to whom it will concer:

    the "registry-hiding" technology from DaemonTools is based
    on my design, so if you want to bash someone for that reason,
    you now whom to write!

    It was my decision and to tell the truth: it was for sure not
    in my mind to hide it from the user!! People who claim that
    just simply don't know what they're talking about!

    My goodness, it is to protect OUR software. We do NOT fool
    the users NOR does we NEED to hide something from them!

    Especially since we contain adware we were ALWAYS as "open"
    to our users as possible, don't you think we use that "root-
    kit" for "better" purposes then? NO! It is only to defend our-
    selfes from malicious software. If THAT is unethical to some
    users, I think you better deinstall DAEMON-Tools!

    Apart from that is Mr. Russinovichs opinion in fact biased,
    for me it looks even as if he knows the development behind
    StarForce (at least he "checked" their technology and found
    no rootkits ) - with that in mind, and the fact that he later
    checked us, go figure! To me it is clear who sits on which
    site of the table, check also this link: now you can see the
    "timeline" I mentioned above:
    http://www.star-force.com/protection.phtml?c=83&id=766

    Especially the "he woked up famous the next morning" shed
    some other light to the whole issues (again, in MY opinion)

    Apart from that, we do not go on the same level like others,
    I will not bash against Mr. Russinovich nor does I bash against
    StarForce. At least they will not receive help from me to get
    more attention, if I wouldn't know better, I could think that
    all this is a very very clever "campaign" from some people
    to get more fame. And does it worked? Yes, it does!! But we
    are not so dumb and blind and do not notice the real reasons
    behind all this.

    But that is only my opinion.

    More and more I got the idea that here people work together
    to bring us down. That show me at least one thing: it points
    out that we must do something right.
    D-tools doesn't fit in the pattern of the industry, so they recrute idiots to bash here. Call me paranoid, thats MY opinion.
    And M.R. tells very much to form himself.
    Last edited by vatras90 : 11.02.2006 at 18:23
    My system
    Boycott Starforce!
    Wiederstand ist zwecklos! Ihr Assis werdet miliert!

  6. #26
    Experienced User

    Join Date
    27.09.2005
    Posts
    822

    Default

    i think the issue really is that people are getting scared now about rootkits, about drivers hooking KeServiceDescriptorTable entries and so on, and using this to reroute process api's, registry api's etc... true, anti virus program do this etc.. but thats really expected, after all anti virus programs monitor process execution, so a hook is expected. I agree the guy in the article is jumping to conclusions, but i think the people are interested in the reasons for these hooks in daemon tools etc, which you have explained and thats all that was required.. as for hiding it from the user, well thats your choice

    as for starforce being rootkit free, the older versions were definately rootable and there were a few exploits for it, mostly escilating user priveledges..

  7. #27
    New User
    Join Date
    20.11.2005
    Posts
    6

    Default

    LocutusofBorg,

    Correct me if I'm wrong, but what Mark Russinovich says is that hooking system calls should be avoided at all costs.

    And there are many people who use Daemon Tools but don't play any games, so they would be much happier to have a version of Daemon Tools that doesn't use those "potentially dangerous" hooks.

    So my proposal is this: during the installation of Daemon Tools, offer the user the choice of disabling those hooks, and of course warn them that some games will no longer work so that they can make an informed decision.

    That way, "anally retentive" people that are concerned about the possible system instability that those hooks could produce, will be able to sleep easily.

    And the rest of us will keep using the hooks because we want to play our legally made backups and exercise our Fair Use rights.

    Could that be the best of both worlds?

  8. #28

    Default

    This Marks is so clever, he is only concerned by our security!
    So concern that he should tell to the world, he 's find a rootkit in alcohol and DT and blame them !!!
    Funny that he knows since months that Symantec has implement feature to hide folders similar to those of sony...

    "I learned of the cloaking several months again when users of our RootkitRevealer rootkit detection tool sent us log files asking whether their was evidence of malware (others have posted logs in the Sysinternals forums). A little research showed that it was generally known that SystemWorks creates NPROTECT directories that show up as false-positives in RootkitRevealer scans."

    But for symantec, this is "false-positives", "rootkit-like"
    Even if:
    "I confirmed that a security vulnerability similar to Sonys exists in the cloaking by copying files into the directory "

    But despite knowing that and being very concern by our security, does he tell anything about that? No he wait the symantec declaration...

    Strange no?

    As I have start about security concern. We should speak about a huge security concern. (not as the rootkit of dt who could be use perhaps by a genious hacker), I have find that a guy sell a real rootkit! This rootkit allow a five years old Kid to access my computer, allow somebody to alter my files, desactivate my antivirus, implemante a keylogger and steal documents and credit card number... What was the name of this soft ... Ah this is NTFS2DOS which allow full access to a ntfs partition just booting on dos bootdisks...
    This kind of guy should be in jail, this is propably denied by the DMCA...

  9. #29

    Default

    Quote Originally Posted by Leolo
    LocutusofBorg,
    Correct me if I'm wrong, but what Mark Russinovich says is that hooking system calls should be avoided at all costs.
    And there are many people who use Daemon Tools but don't play any games, so they would be much happier to have a version of Daemon Tools that doesn't use those "potentially dangerous" hooks.
    So my proposal is this: during the installation of Daemon Tools, offer the user the choice of disabling those hooks, and of course warn them that some games will no longer work so that they can make an informed decision.
    That way, "anally retentive" people that are concerned about the possible system instability that those hooks could produce, will be able to sleep easily.
    And the rest of us will keep using the hooks because we want to play our legally made backups and exercise our Fair Use rights.
    Could that be the best of both worlds?
    No, if you're afraid of "potentially dangerous hooks" do not install Daemon Tools, do not install certain anti-virus software, and do not install programs and games protected by certain protections.
    It is really interesting to see that Mark just labelled Starforce completely ethical - although especially Starforce hooks a lot of system and patches kernel during cd/dvd check. Seems for Mark there're "good" and "evil" hooks?
    Now our hooks are just to protect our software, which is really unethical (sarcasm alert). But e.g. the Starforce hooks are completely ethical, 'cause they enforce copy protection (now Professor Frink's sarcasm detector exploded again). I wonder if Starforce paid for the analysis ...
    Everybody be cool! You, be cool!
    They'll keep fighting! And they'll win!

  10. #30

    Default

    As far as I understood, Mark said almost nothing about StarForce.
    http://www.sysinternals.com/Forum/fo...s.asp?TID=2263
    Somebody asked him to check StarForce, he answered
    I've taken a look at StarForce and other than some unorthodox ways of monitoring Cd-Rom traffic and intercepting the creation of all processes and threads, there's nothing overtly unstable about its implementation.
    And then starforce developers started to tell everyone about Mark's "examination". I doubt if he really knows about all starforce's deeds.

Page 3 of 7 FirstFirst 12345 ... LastLast

Bookmarks

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •