WoW! Sony DRM v The Warden
p2p news / p2pnet: So Sony is bundling a rootkit, commonly used by nasty malware apps with their CDs?
This comes at the same time as World of Warcraft maker Blizzard introduced a spyware app called The Warden designed to sniff out cheaters on the popular MMORPG.
The Warden periodically takes a snapshot of every process running on a user’s PC looking for applications that allow cheating, but also manages to capture email addresses and other sensitive info as well.
After analyzing Sony’s rootkit, developed by First 4 Internet, Mark Russinovich’s verdict is that it’s very badly designed.
Now it has become apparent that Sony’s poorly developed rootkit can be modified to hide your activities from The Warden. A brave band of WoW hackers (well, one guy called Outlaw) has found a quick-n-dirty method (reminiscent of the get-around-CSS-by-holding-the-Shift-key) to block The Warden’s sniffing. How’s it done?
1. Buy the (ironically titled) CD “Get Right With The Man” by Van Zant
2. Run the CD
3. rename myhack.exe to $sys$myhack.exe
So for $14.95 you can score a perfect hack to hide your WoW “pharming” or other activities banned by Blizzard.
As the WoW hacker who made this public says, “Warden does not find (means open) a process covert with this rootkit…Blizzard cannot ban you for having this rootkit installed cause its pressed on a Sony music CD and there is no easy way to remove it. 95% of the CD buyers dont even know that a rootkit comes with the CD “for free”. I am sure that Blizzard could find a way arround it but it wont be cheap.”
The interesting part of this saga is that the rootkit can’t be easily removed.
Mikko Hypponen, F-Secure’s director of anti-virus research, says the only way to uninstall the program in the conventional sense (without running the risk of hosing your system or CD-ROM drive) is to contact Sony BMG directly via a Web form and request removal.
At that point, a real, live person will call you back and ask for all kinds of information about your system, and your reason for wanting to remove the software (”umm…it’s my PC and I decide what programs I want on it?”). You’re then directed to a Web page that downloads an ActiveX program (yes, you must be using Microsoft’s Internet Explorer to do this), which determines what version is installed and reports that back to First4Internet. Then you get an e-mail containing a link to another site that downloads something that finally uninstalls the Sony program.
So, Blizzard could release a decent removal kit, but this would almost certainly be breaking the law under the DMCA.
Sony could also release decent uninstall program, but that would defeat the whole purpose of the rootkit, and would be a waste of the money they spent getting First 4 Internet to create it.
My guess is that the whole thing will end up in court – either a class action against Sony by a bunch of CD owners who have damaged their systems trying to get rid of the rootkit, or Blizzard against Sony for creating cheating tools for WoW…because the software makers can be liable for the actions of their users!
With the amount of press coverage the dirty rootkit is getting, whatever happens it will be hard for Sony to come out of the whole mess without a bigger PR disaster on their hands than they already have.
Alex H, p2pnet development manager – Sydney, Australia
[Alex is an operations manager for an ATM (automatic teller machine) supplier and he specialises in infrastructure development and maintenance, and logistics. He’s also an[other] active member of the Shareaza community.]
======================
Something you think we should know? tips[at]p2pnet.net
November 6th, 2005 at 10:33 pm
I am not for hacking the games and cheating but……. If a lot of people start doing this witch they most liekly after reading these storys will then this will be bad for both companys… The “warden” for collecting sensitive data, wether it ment to or not and sony for covertly (in some were some read the entire ELU and it did not metion the rootkit) installing thier software. The way I see it is both companys are going to take it in the %&& and I can’t wait to see this. Cheers to the guy who figured this hack out, he should be credited for starting these companys to get the shaft cause the way they monipulate the laws it is finally comeing back to huant them.
November 7th, 2005 at 12:42 am
I agree with the above writer — the guy who pulled Sony’s covers should be canonized. The name of Mark Russinovich should go down in history. We should organize a parade and place a solid gold laurel wreath on his brow. This world needs more Mark Russinoviches (just wish he had been born Smith or Jones or maybe even Russo …) No matter, a man’s name is his glory and Russinovich deserves lots of that.
I hope this doesn’t sound flip or tongue-in-cheek, because I am serious. Mark was not content to simply overlook some minor, insignificant addition to his Add/Remove Programs list. His vigilant, keen eye was responsible for subsequent events. I sat glued to my monitor as I read the account of how he discovered the RootFix etc. I wish I had half of his computer savvy.
Oh well — parade or not, do not forget the name Mark Russinovich. It even helps to type it several times to make it stick. My hat is off to Mark. I applaud his noble deeds, and will continue to insist that he is deserving of admiration, even reverence, for his contribution to the world of cyber-space.