digg

Facebook Connect Join Digg About

Alcohol and Daemon Tools Contain Rootkit

sysinternals.com Both of these Popular emulation utilites contain a Rootkit, but unlike Sony this is to defeat DRM.

Who dugg this? Made popular Feb 6, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

Warning: The Content in this Article May be Inaccurate

Readers have reported that this story contains information that may not be accurate.

87 Comments

show profanity settings
expand all
  • Aflat, on 10/12/2007, -0/+8Hello, they are there for a reason. People need to wake up and realize that rootkits are not always bad. If you know anything about these tools you'll understand why they are a rootkit. They are tricking the OS into thinking a file is a CD-rom drive.

    This requires replacing some of the windows functions within a loaded dll to treat a file as if it were hardware. The act of replacing functions is part of what a rootkit does. Depending on what you are replacing the functions with determins how bad it is.

    Yes hackers can use these tools. With either one of these tools, a hacker can have you download a non .exe file, then they can make daemon tools run it as if it were. It would take some work, but it can be done. The question is why would they. How prevelant is Daemon tools, and of those users, how many of them know nothing about computers? Many of them know how to protect themselves in the first place, unlike sony who was giving a rootkit to any old newb. And a badly coded rootkit at that.
  • Vektuz, on 10/12/2007, -0/+7Daemon Tools does contain a rootkit type software - what it does is hide its own presence so that programs dont disable themselves JUST BECAUSE YOU'VE INSTALLED DAEMON.

    They wouldn't have had to resort to this if software manufacturers didnt start dictating that you can't use DAEMON at the same time as their own software. Which is ridiculous, of course.

    However, not all rootkits are bad. For example, there anti-rootkit rootkits, which hide themselves so that the rootkit doesnt realise its been found. there are antivirus tools with rootkit-like components. There are other good components too, which have reason to hide from other software on your system, often used for debugging, etc.
  • generalleoff, on 10/12/2007, -0/+5yea this was the whole point. Those "discrepancy's" they talk about are the virtual drives. If you want to remove them just disable the virtual drives. I have 8 of those discrepancy's cuz I use 8 virtual drives.

    vax347 is just the fake internal name of the fake cd/dvd drives.
  • nesquik, on 10/12/2007, -0/+2An interesting response from Alcohol Software: http://forum.alcohol-soft.com/index.php?showtopic=21957
  • Vektuz, on 10/12/2007, -0/+2A RootKit in this sense, by the way, simply means 'software that can hide itself from the operating system'

    In the case of Daemon Tools, which emultates a CDROM, it HAS TO DO THIS in order to emulate a real CDROM or DVD drive, else it won't look 'real'.
  • camintmier, on 10/12/2007, -0/+2Just goes to show, not all rootkits are evil. Only the ones by Sony, and just about every other one out there.
  • masterofshadows, on 10/12/2007, -0/+2a rootkit is a tool that gives someone else access to root (administrator). this is not a rootkit, its simply stuff that is hidden from the OS
  • patrickmcguire, on 10/12/2007, -0/+2"Damn, I installed both.

    Bummer."

    reading is a valuable skill.
  • maotx, on 10/12/2007, -1/+3No Digg.

    Of course it's hidden.
  • minisu, on 10/12/2007, -2/+4I thought that was the whole point with such software?!?! No digg.
  • fredrichl, on 02/10/2009, -0/+1Heh, the whole goddamn windows os is a root kit in itself, you dont really know what or who hid what and when in there, you can guess, you can check the task manager, you can check services, but you can NOT be sure whats in there.

    sudo ps -A ?
  • cquinnd, on 10/12/2007, -0/+1 jphillips59

    The point is that Alcohol and Daemon Tools had to go this route because of other software on from Game and Media companies that
    was either not installing, or disabling Alcohol and Daemon Tools if
    they were detected on the system.
  • STKD, on 10/12/2007, -0/+1It's the virtual drives. Remove alcohol, they go away. Thus no Sony-style system *****.
    The End.
  • Netweb, on 10/12/2007, -1/+2Quote "There’s no proof that Alcohol and Daemon Tools use rootkits to evade DRM, but the evidence is compelling. If they do their usage is clearly unethical and even potentially runs afoul of the US Digital Millennium Copyright Act (DMCA). In any case, there’s no reason for these products, or any product as I’ve stated previously, to employ rootkit techniques."

    From the article.
  • tgraham, on 10/12/2007, -0/+1Completely mis-leading title. People should tag this as inaccurate to help people get the message that I don't wanna see crap on Digg.
  • corkster, on 10/12/2007, -0/+1If only you knew how many other programs you installed contained rootkits
  • SniperGX1, on 10/12/2007, -0/+1big difference, Daemon and Alcohol were downloaded and installed to do a job (to give you the promissed servies without allowing Digital Restriction Management to uninstall it, or disable other applications) what Sony did was force you to get a rootkit to use your own property. Alcohol and daemon did nothing wrong as their actions were only to continue providing service dispite the harsh DRM that circulates the digital world
  • EviLiu, on 10/12/2007, -0/+1I don't know what the article writer is thinking at the end, calling Alcohol and Daemon unethical. Some of the comments on the site rebuting that are good.
  • fallingstars, on 10/12/2007, -0/+0Yeah, this is pretty obvious... Take my ex-girlfriend for example. Enough Alcohol and she'll let anyone access her box! (Hurr hurr) But seriously folks...
  • OBKenobi, on 10/12/2007, -0/+0Russinovich got a couple right with Sony and Starforce, now he's stretching the truth. Upon installation of Alcohol and Daemon Tools you are told about the cloaked drivers, and the registry entries are listed as part of the manual uninstallation instructions. The drivers do nothing to interfere with other software or your hardware.

    If you don't like this, don't use this software, it uninstalls easily without leaving behind any evil. Can you do the same with Starforce's malware and Sony's DRM if you bought one of these infected products and want to use them without the protection hassle? That's why Alcohol and Daemon Tools exist to begin with!
  • dirkyn, on 10/12/2007, -0/+0Wow... Rootkits are bad... period. Any time that a person or vendor explicitly causes a piece of my computer to be hidden from me as an admin then I have lost at least partial control of my system.

    There is no such thing as a 'good rootkit'. The vendor may have perfectly good motivations to use rootkit technology however in my mind this is a lazy and incorrect way to solve whatever problem they are trying to solve.

    I have to disagree with WickedDrag0on.

    "a rootkit is a tool that gives someone else access to root (administrator). this is not a rootkit, its simply stuff that is hidden from the OS"

    I don't believe that this is the definition of a rootkit. To me, a rootkit is code that causes a portion of the operating system (directory/files/processes/ports/etc/etc/) to be hidden from the operating system. Rootkit technology is merely cloaking technology. Nothing more.

  • inactive, on 10/12/2007, -0/+0"Huh, i have installed Daemon tools and I dont have those keys suggested."

    You have to use program like Rootkit Revealer by SysInternals (the same company that wrote the blog entry linked to above. it's freeware BTW) to see the entry because they're hidden by the rootkit.
  • MegaSilver, on 10/12/2007, -0/+0Well DUH!!!! How else would they work if they were not rootkits?
  • Wobble, on 10/12/2007, -0/+0i personally have no issues with DT intimately mingling with my OS. as that is what i want it to do, digg in deep and do an excellent job of looking like a cd/dvd-rom drive. on top of this it should also be very low profile so that PITA copy protection schemes cannot find it and stop working. as long as the app can be removed cleanly and can undo what it has done and doesn't cause conflicts. I'm ok with it. it was up front about what you were installing when you clicked the installer. no digg :)
  • quentinp, on 10/12/2007, -0/+0I'm a few days into the demo and so far it's Game Jackal FTW. Apparently it can't handle Starforce though. So far about 5/6 games have worked...and I think the one that didn't (Dungeon Siege II) just needs more "training". I never realized how much finding the CD was a PITA until I tried this, I was flipping between NFS:MW and Civ 4 over the weekend it was nice. Not sure if i'll buy, but whenever the timed demo thingy runs out I might just be forced to buy it.

    Please tell me there is no spyware in this thing...and if there is please tell me if there's an alternative!! (basically you train it with your original discs, and I think it's monitoring what pieces of the disc or whatever the program is accessing and just records that and feeds it to the game).

    So far..awesome, but it's one of those too good to be true things (at least that's what my inner cynic is telling me)
  • MortenAaserud, on 10/12/2007, -1/+1ther good rootkits
  • bingobob, on 10/12/2007, -0/+0This is quite Freaky

    I was checking out my PC only this morning with KProcCheck when I came across sptd.sys hooking into the Service Descriptor Table. It seems to hook into the Registry services for reading, writing and accessing the registry.

    I searched on Google but couldn't find a thing about it apart from the fact that sptd.sys was part of Daemon tools. I had to use SDT Restore to kill off the hooks and then used the SysInternals AutoStart to remove any mention of this file in the registry startups.

    The annoying thing was that I had deinstalled daemon tools a while ago.

    I thought I'd got a dodgy copy as I couldn't find any mention of the Service Descriptor Table on the Daemon Tools web site.

    Slightly worrying I would say. Wasn't happy at all!

    BingoBob
  • FullMetalMonkey, on 10/12/2007, -0/+0Huh didn't know that!
  • jasqwerty, on 10/12/2007, -0/+0You know, a whole lot of you are alot more retarded than I ever expected. Even those verbally abusing others over the definition of rootkit, good vs bad, etc, are just so off base.

    Russinovich isn't really wrong here, except that unlike the Sony rootkit, this doesn't actually negatively modify your system, install itself permanently, or is even exploitable in any way.

    *********************************

    IT HIDES A FEW REGISTRY KEYS

    *********************************

    Please read the above again. It does nothing else at all. This functionality is actually provided by the loading of the NON-HIDDEN driver, so safe mode renders it useless.

    ALSO
    There is no 'tricking' windows into thinking a file is a CD-ROM drive. If any of you idiots actually knew what the ***** a driver does you would realize its a joke to do this, perfectly legitimately. Microsoft even provides an unsupported driver to mount standard ISO images as a virtual CD-ROM.

    And, I don't understand how this in any way circumvents DRM technology in a way that runs afoul of the DMCA. Being a rootkit can't possibly cause this legally, since you'll have no clue what program is looking for you. Say I make a hidden keylogger that monitors my employees, one of which runs a game that for whatever reason tries to find keyloggers before it starts. How does this violate the DMCA??? I'm not reverse engineering or breaking their DRM, I don't even know their DRM exists or what it does. It's kinda like how copying a DVD by breaking CSS and recopying the video is illegal, but just doing a straight bit copy onto another DVD for backup purposes isn't.

    This is all these tools do, they make the most perfect bitwise copy that is imaginable.
  • tidejwe, on 10/12/2007, -0/+0This story needs to be buried for misleading us to believe the software is doing something other than that for which it is designed to do. DT and AS tell us exactly what their software does (hide itself from windows and DRM's) and has our permission to do it. Sony lied to us about what theirs does, and did it all without permission. Everyone reading this article needs to report it as innaccurate.
  • frontbrain, on 10/12/2007, -0/+0This story has been filed under "That's Obvious"
  • STKD, on 10/12/2007, -0/+0And AFAIK, these aren't exploit-worthy as the Sony one. They also don't screw over your entire install if you remove them.
  • generalleoff, on 10/12/2007, -0/+0"The question is, are these "good rootkits" vulnerable to misuse?"

    they cause many StarForce games to give off CRC errors and fail to install if that counts :)
  • TA_Superman, on 10/12/2007, -0/+0Does writing a program that uses rootkit-like code make it rootkit software? I don't think so unless someone could use it to gain control of your system
  • generalleoff, on 10/12/2007, -0/+0The title is not miss leading at all but the description is kind of. The article states it as a possibility they are using a root kit to defeat DRM but this topic description states it as fact. Not enough to make me give a crap and go all ape ***** bitching and then report the story but never the less miss leading.

    "There’s no proof that Alcohol and Daemon Tools use rootkits to evade DRM, but the evidence is compelling. If they do their usage is clearly unethical and even potentially runs afoul of the US Digital Millennium Copyright Act (DMCA). In any case, there’s no reason for these products, or any product as I’ve stated previously, to employ rootkit techniques."
  • jphillips59, on 10/12/2007, -0/+0How is the title misleading in anyway, they do have rootkits?
  • spidoman, on 10/12/2007, -0/+0Wow DUH! Do you know what a rootkit is? Do you know what Daemon tools and Alcohol are? Of course they have rootkits. OMG THIS JUST IN! Daemon tools is SOFTWARE.
  • generalleoff, on 10/12/2007, -0/+0"An interesting response from Alcohol Software: http://forum.alcohol-soft.com/index.php?showtopic=21957"

    Now I know for sure Steve is going to screw with it and see for himself. This is so going to be on Security Now and it should be an int resting episode.

    Not that I think Steve is the final word on anything but it still will be interesting to see what he finds or has to say :).
  • f00xx0riz3r, on 10/12/2007, -1/+1Reported story as inaccurate. Learn to write a ***** summary asshats.
  • inactive, on 10/12/2007, -0/+0I have Deamon Tools installed and I use to have Alcohol 120% installed. When I uninstall Deamon Tools the the descrepency disappears from Rootkit Revealer and I didn't see the one for Alcohol 120% even though I had it installed and I haven't reinstalled the operating system. They probably should have disclosed their use but unlikely Sony they've provided a means of removal.
  • drwatson, on 10/12/2007, -0/+0Ladies and Gentlemen, the word of the year... "Rootkit".
  • Namco, on 10/12/2007, -0/+0Aah... read the article.

    So Alcohol and Daemon tools hiding themselves from malicious DRM is bad even though it's in our best interest and done with our consent? If a DRM scheme engineers a method of disabling Alcohol's "rootkit" and detecting it... wouldn't the DRM itself be in violation of the DMCA?
  • crash331, on 10/12/2007, -0/+0um, duh
  • Namco, on 10/12/2007, -0/+0I had a hunch about this... I don't have time to read the article right now, but I've noticed that when I insert a new disc, it takes an act of god for Explorer to notice that the disc has changed. Makes ripping CDs in itunes a pain in the ass. Usually I have to insert the disc, then immediately double-click My Computer in order to make it take notice.

    Anyone else notice this?
  • inactive, on 10/12/2007, -0/+0There is no such thing as a 'good rootkit'. The vendor may have perfectly good motivations to use rootkit technology however in my mind this is a lazy and incorrect way to solve whatever problem they are trying to solve.

    Well, thats true. I wish I could convice the publishers of several games to not use the stupid copy protection, since you know--they could've takin a hint that its easily broken anyway and is a waste of resources.. but hey I can't change their minds though...
  • graywave, on 10/12/2007, -0/+0All I want to know is if it is removed cleanly when you uninstall the software.

    Is there any open-source disk emulator software?
  • mrASSMAN, on 10/12/2007, -0/+0no DUH!! holy hell.. in order to emulate a drive aka virtual drive, the application NEEDS to install "rootkit" tech in order to trick windows into thinking its a physical drive

    ..its no secret
  • danimals, on 10/12/2007, -0/+0soo... is this a beggining to a root kit craze???
  • Fetching more discussions...
    Show 51 - 87 of 87 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.