[Dshield] Sony, Rootkits and Digital Rights Management Gone Too Fa r

Hernandez, Moses MHernandez3 at mercymiami.org
Mon Nov 7 15:44:26 GMT 2005

I've been lightly following this, but am going to request from a vendor
that we use for in-house host ips with spyware protection to build us a
signature for this for us to remove. I would imagine that by now they
are working diligently on it or if not they will be.


-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Don Jackson
Sent: Monday, November 07, 2005 9:41 AM
To: list at lists.dshield.org
Subject: Re: [Dshield] Sony,Rootkits and Digital Rights Management Gone
Too Fa r

Is there a quick way to spot whether a machine has had this installed
on it?

1) The presence of ariel.sys?
2) A registry key?

We have about 4000 PCs to scan, now that we've decided it should
be removed.  Does Sony, or anyone else, offer a removal tool
where employees (non-owners) of the PCs have installed it on
the company's (owner's) PC?  I can't call Sony for every workstation.

I never heard the response to a previous post.  Our situation might
be mitigated if the user needs administrative rights to install the
Sony rootkit.  However, a fair number of users have local admin rights
(Don't bother, I've heard it all before. Heck, I've said it all

Don J.

>>> haled at pionet.net 11/3/2005 9:04 AM >>>
Agreed. One time having to deal with a machine that has been badly
with this type of CR.. To realize that it should at the least be
banned. I
would like to see it become illegal. Of course then I would have to
find a
new career. 


-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] 
On Behalf Of admin
Sent: Wednesday, November 02, 2005 1:33 PM
To: list at lists.dshield.org 
Subject: Re: [Dshield] Sony, Rootkits and Digital Rights Management
Gone Too
Fa r

An EULA is not the right place to put a statement about adding spyware
any other type of program to an end users machine. It seems to me that
type of information should be presented in a way that no one can
misunderstand. Maybe a big colorful pop up with a big exclamation mark
inside a caution icon. This pop up should also contain very clear
instruction on how to remove the application. Anything less is
deceitful and
malicious. The law to be fair must be clear (then again when has the
ever been fair). That's my opinion, I could be wrong.

*** *** *** *** *** *** *** *** *** ***
This e-mail is intended for the sole use of the individual(s) to whom it
is addressed, and may contain information that is privileged,
confidential and exempt from disclosure under applicable law.  You are
hereby notified that any dissemination, duplication, or distribution of
this transmission by someone other than the intended addressee or its
designated agent is strictly prohibited.  If you receive this e-mail in
error, please notify me immediately by replying to this e-mail.
*** *** *** *** *** *** *** *** *** ***
Using .Net? Need to know more about .Net Security?

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the 
named recipient(s) only.
If you have received this email in error, please notify the system manager or the sender immediately and do 
not disclose the contents to anyone or make copies thereof.
*** eSafe scanned this email for viruses, vandals, and malicious content. ***

More information about the list mailing list