Demand fix for Smartware Rootkit

DEMAND that WD supplies a permanent fix for the Smartware rootkit bundled with their external drives. Unfortunately for WD, there is no way they can disprove that Smartware is not a rootkit (malicious or not). This isn’t the first time a major organization/corporation has plagued end consumers with a customized rootkit within a product, that is virtually impossible to get rid of, without the intervention/assistance of said organization/corporation.

Smartware IS a ROOTKIT. If you do not know what a rootkit is, use some google-fu and look at the characteristics of what a rootkit is. Every aspect of Smartware is a rookit. I cant think of a single way that it is not.

• WD has to trick you into accepting it out-of-the-box just to even use the drive for the first time. It is almost like ransomware, except we have already paid the price. Requires/uses internet access with, or without your consent/knowledge. Who knows what its actually doing when your computer is idle. It is programmed in such a way as to avoid detection and removal (stealth). It is portable, hidden, virtual disk emulation at its finest. Drives infected with smartware actually report more usable (false) space than Smartware is occupying. Most any decent AV product that has the ability, actually detects the code within Smartware, and its resulting actions, as a rootkit upon drive insertion/software installation.

This is the basic list realized by me after the first 5 minutes with my new WD Passport Essential. I’m sure the list will continue to grow as Smartware is investigated further.

Currently there is no known safe (non-destructive) method to remove Smartware without voiding your drives warranty. Hiding the Smartware VCD is not sufficient nor acceptable, as it is still resident within the drive. Contact (by any available method) Western Digital & their associated affiliates and DEMAND that they provide an adequate, permanent removal tool for their engineered Smartware rootkit NOW!

If you support Smartware, you are part of the problem.

Why on earth do you think this is a rootkit? You start with this wild claim, and they you state that there is no way that can not prove it is a rootkit. You are setting up a no-win situation from the git go. 

A rootkit takes control of your OS at the deepest levels. There is zero evidence that this drive does this. Don’t be irresponsible with accusations. 

Nobody seems to realize what smartware is. I wouldn’t have purchased these new WD external drives if I had known about Smartware prior. Reading reviews didn’t provide me with any insight as to this software existing. I was under the impression that I was purchasing just a normal drive in external casing from WD. I thought that if any software was included, it wasn’t necessary, as it has always been common.

There are hostile, and non-hostile rootkits. Either way, a rootkit is a rootkit, if it takes control of your computer at the “deepest level” or not (which not all rootkits do). Fundamentally, a rootkit is designed to conceal something, not necessarily do any harm. A rootkit can exist at the boot, hardware, hypervisor, kernel/driver, and application levels of ANY computer, OR device component. This, just like all other documentation on rootkits, is published, and freely available on the net. You might also find, to be surprised, other “trusted” hardware/software vendors that have, or still implement rootkits within their products with or without the end users consent nor knowledge.

You want to be in denial (I am not saying you are, but it seems this way by your comment)? Its ok with me if you do not value your privacy, nor the products you purchase. However, as a person who values my privacy, and as a person who does not like rogue software hiding itself withihn products I purchase and forcing me to use it wether I like it or not -  I do. Rootkits are “Invisible Things”. Smartware is concealed extremely well as a functinal program, yet its inner most core is hidden from your operating systems API (Multiplatform: Windows/MacOSX/Unix-Linux), with the inability to remove it except through the most drastic measures. This is the evidence of what it is. I do not need to make drastic accusations, Smartware is the proof. Sure you can “turn off” the primary front end by uninstalling the software & hiding the secondary front of the visible VCD (for sake of avoiding customer annoyance provided by WD), but the backend is still there (invisible). Everytime you plug the drive in, this is inherent, your OS still needs to interact with the hidden Smartware component on a driver level. This is a very plausible threat to end user privacy, and security – since you ask WHY I think this is a rootkit, even though I thought that I listed very clear reasons WHY I think this is a rootkit in my previous post. Maybe this post is easier to visualize. Also I included very basic instruction to use google if you do not know what a rootkit is, for comparision to the claims being made. This is because it is tiresome for me to do all the work for you. You have a computer too. Put it to work for you. Either you see it, or you do not. 

Crumpy, I agree with most of your assessment.  Whether Smartware can be categorized as a rootkit or not may be debatable.  However, rootkit or not, I patently reject any software that is rammed down my throat with no option to REMOVE it completely.  I recommend backup solutions to my clients and I have, to-date, recommended WD exclusively.  I then install my own software solutions.  Now, Smartware is preinstalled, and as you have pointed out, no way to remove it.  Only the front-end can be disbaled.  THIS IS UNACCEPTABLE.  I can’t imagine anyone worth their salt in the technical community  putting up with this scenario.

I concur with you and join you to DEMAND that WD immediately issue a simple and quick utility to REMOVE, not just disable this worthless and invasive software from their drives.  Some marketing “genius” over there must have thought this would become a selling point for the equipment.  Instead it will alienate thousands of techs like me that actually grease the wheels for backup drive installation.  Most casual users have no concept of backup, let alone how to deal with pre-installed software like Smartware.  The bottom line of sales for these devices is not originating with end-users but with techs like us who recommend and install these as solutions. 

If you alienate techs, the WD bottom line will eventually suffer.  There are many other manufactures of good, competetively priced, reliable drives that do not make us go through hoops uninstalling or even worrying about extra ■■■■ we don’t need.

I completely concur. Root kit or not , a fix is required. I complained to WD that their horrid software was as very bad idea (called it something else really)  and that I won’t buy or recommend their drives until they fixed this. Still got one drive that I was really waiting for so I put up with it, followed their procedure to “remove” the virtual CD and it is usable now. But I dread that if they finaly release a real solution, you’ll need to backup the data. Don’t know how i’d do that (buy another 2 TB disk just for that purpose?). 

So please WD make a fix that really removes Smartware, without touching my data…

One a more philosophical note: What where they thinking? How could somebody with halve a whit in computer engineering create such an insanely stupid piece of software? What could they possibly gain except to alienate a enormous pile of otherwise perfectly happy customers? I’m stumped, baffled, perplexed at the galactic stupidity of Smartware…

So readers beware: my advice is to not buy disks that involve Smartware.

If it makes you feel any better you are not alone. 

I would never buy a drive with this “smart” software again.  After wasting hours on it I disabled it and am using Windows 7 backup.  Much better. 

I’m not a tech geek, but I too would like to add my support behind completely removing this thing.  I followed the direction on the website precisely, and it still keep loading something and messing around with my computer.  I loved WD drives before this, this doesn’t make any sense.  I never thought I would join a computer forum, but here we are, please fix this WD, before you lose more customers.

@ jasinviso There you have it. I just don’t get why they do it in this way. It agrevates users - even so much that it makes them vocal about their frustrations. Just like you and also this  REVIEW SmartWare and My Book Studio. http://community.wdc.com/t5/forums/forumtopicpage/board-id/mybook_mac/thread-id/5 

I fail to see what WD could be gaining from this.

Best for them would be to acknowledge (saying sorry is so much smarter than keeping mute) and make a proper fix.

I’ve gotta fall in line with the rootkit crowd.  We can parse words all day, but they are essentially using the same technology / entry vectors that we see with malware.  Not to be a complete shill about things, but whoever made the call to force their software on to user’s PC’s should really be in another line of work.

I had originally purchsed my “Smartware Enabled” drive for my mom, but had to end up keeping it after it crushed her PC’s performance, and created a lot of confusion with the cd partition.  It’s not really practical for me to talk her though firmware updates, registry hacks, etc.  I had to keep her drive, and buy her a (likely inferior) drive from a competitor just so she had something that works.

They need to fix this in a hurry before people start thinking of Western Digital products in the same way they do about Nero (aka you want to burn CD’s and they install 50 unwanted media player services on your PC).

Has anybody come up with a cookbook for removing SmartWare?  I am looking for a list of things to do, like delete the following files, reset the following registry entries (WIndows 7), remove the following configuration settings…

I am not looking for a program, just a list of what to do to clean up my system…

It’s clear that SmartWare is troublesome for numerous reasons and not only advanced users complain.

I’m not buying these products anymore and am advising against them until this software can be removed completely AND painlessly.

I’ve already had to hijack a Windows PC (I don’t own a PC with that OS) & reformat my drive to be able to disable SmartWare. I’m not buying these drives for our employees, that’s for sure.

I don’t describe myself as someone speaking nor writing in english : I’m just another annoyed user from somewhere in the world (here France) that discovered with anger + a bit of shame these “smartwares” : how could I have been that stupid to buy such hard drive !!

This practise is choquing and just inacceptable. The procedure you give to disable the ‘not-that-smart-CD-drive’ just (indeed) DISABLES the showing of the CD-drive but doesn’t really UNINSTALL files from the hard-drive. The occupied space stays occupied and unavailable to the user.

The second annoying part of the problem is that I don’t run OS X nor Windows and I don’t want to. So where is my freedom as a software user ? You will probably advise me to use some PC running Windows to follow the procedure, but I know nobody in my circle that is crazy enough to run programs as yours that asks for security protections to be disabled to be able to work properly…

To conclude, I want to congratulate you for this amazing new shiny and “smart” piece of technology : okok, that’s pretty useless, strange and non-natural for the end-user, ok that also indroduce some insecurity because of the intrusive aspect of the tools but, wow, that’s it ! with such a **bleep** ■■■■, how could it be possible that WD won’t gain some visibility ?

So, if that’s it and if you want to make everybody angry, well, there you are ! you succeed, the game is over ! Thanks for the loss of time, stop kidding and just make that ■■■■ beeing uninstallable for anyone and QUICKLY…

I run a business performing the entire gamut of consulting and tech work across a major metro area encompassing about 500 square miles of tens of thousands of homes and businesses.

I bought a couple of these drives (2TB MyBook Essentials, specifically) for a client a few days ago, on a whim. At the time, I had no idea they had this… “issue”.

I then followed up with quite a bit of research online…which then prompted me to spend a bunch of time talking to other firms and techs about their experiences and opinions.

In the end, the drives were returned to the store, unopened.

I’ve been happy to recommend WD drives–internal and external of every flavor–to anyone that asked, but I’ll be suspicious of WD externals from here on out. Until it’s resolved to the point of recovering full use of the space as a dumb external drive if so desired, without any lingering processes, extra drivers, etc, I’ll no longer recommend WD externals to anyone, anywhere. Word on this is getting around very, very quickly. I don’t know and can’t imagine any other IT/tech person/company willing to risk tarnishing their reputation recommending them in their current state. I get that it may well not be all WD externals, but rather than worry, it’s far simpler for me right now to just write off WD’s external drive product lines entirely.

There’s simply no excuse for the decisions that went into putting this software on such a device. Even if someone wanted it, the “bundled” Smartware/VCD software appears to be quite buggy–an unpredictable drain on system resources, a source of system instability, a waste time and money. Finally, it’s also creating unacceptable and increased potential for data loss–the last things anyone wants in ANY storage or backup device!

Seriously, WD, what were you thinking?  Then there’s all the other stuff we just don’t know; I don’t generally trust any software forced upon anyone in the manner SW/VCD is being forced on WD external-drive users. We don’t know what else–if anything–it does, but it certainly has the driver positioning in the operating system to be used for data collection and reporting, or other more insidious purposes.

So I’m saying no. To protect my clients and customers, and myself. Indefinitely, pending a full reversal and fix of this situation by WD. I’m also not about to hold onto any affected hardware hoping on an eventual firmware fix; this needs to be properly addressed before I buy or recommend WD externals again. Ever.

I won’t–can’t–take the risk to my company’s reputation offering or installing these things.  I do hope WD completely corrects this technology “direction” immediately.

Greetz.!!

This really suckz!!! Just bought myself a 2nd 1TB MyBooks and it has the SmartWare on it. The 1st one does not have it. Got the following qs for the SmartFolks of WDC :

1. WHY has this been forced on the consumer??

2. WHY have you put it in the firmware?? Could have kept it on a sector which could have been removed??

3. WHY have you presumed that EXTERNAL HDD (emphasis on external!!) is ONLY used with computers???

I require the HDD to connect to my DVR’s which can record my required program. Thankz to your fantastic idea, the DVR’s don’t recognize this external drive.

Give me a firmware that will COMPLETELY remove this piece of junk that I did not ask for.

BTW…I did try to re-format it completely from a windowsXP dvd but it still did not kill it. The stupid thing is still there. As mentioned…there is a “rootkit” of 7.8MB that I cannot access. If anyone was successful in removing this then please let me know.

Thankz!!!

VIAA

PS: The firmware update and VCD Manager mod does not work on the DVR setup. That is fine only for computers.

Remove the VCD partition:

http://www.wdc.com/wdproducts/updates/?family=wdsmartwareutilities

That does NOT remove the VCD partition. It merely removes the drive (letter) assignment in your OS for the device so you can’t tell it’s there anymore.

But the VCD partition is STILL there; the space consumed by the partition remains consumed, unavailable to end users.

Not good enough, imo.

I have placed a very strongly worded email to tech support regarding this issue…

I do not think that Crumpy is off the mark, at least not in principal,… although I do not think that WD has placed a root kit on their product with the intent of violating the law… However,… depending on the jurisdication, their Smartware software may be just that,… a violation of criminal hacking statutes. Software that has the potential to circumvent security protocols, and therefore, the DMCA (never that I’d be citing THAT law in favor of consumer protection).

I am demanding, withing 30 days, a solution to removing Smartware completely, and within a Linux environment (which ought to suffice in providing a mechanism to both Windows and MAC users to remove the root kit through use of Linux Live CDs). If not, I suggest we consider banding together to initiate a class action suit against Western Digital for violation of our consumer rights… As a (non-practicing, but licensed) attorney, I am sure I know a few folks in Philly who would love to get their hands into WD’s deep pockets…

Furthermore, if I am not mistaken, their Smartware software may very well employ a Linux kernel (their ethernet enabled external drives certainly do). If so, failing to produce ther kernal sources (and the necessary build chain) is a GPL violation which wouldn’t sit well with the FSF… potential for injunction forbiding the sale of their product (M$ just had to buy themselves out of an injunction brought on by a patent claim by I4I, so the threat of injunction in the tech industry is real).

I suspect that WD’s managemtn is just turning senile or thinking that their customer base is stupid… Not realizing the techies that have been their customers all along represent more of a market than a tech ignorant mass consumer market through Walmart or Staples…

I am quite serious about action… this product is an insult, and one we should not take lightly…

JaseP wrote:

I have placed a very strongly worded email to tech support regarding this issue…

I do not think that Crumpy is off the mark, at least not in principal,… although I do not think that WD has placed a root kit on their product with the intent of violating the law… However,… depending on the jurisdication, their Smartware software may be just that,… a violation of criminal hacking statutes. Software that has the potential to circumvent security protocols, and therefore, the DMCA (never that I’d be citing THAT law in favor of consumer protection).

I am demanding, withing 30 days, a solution to removing Smartware completely, and within a Linux environment (which ought to suffice in providing a mechanism to both Windows and MAC users to remove the root kit through use of Linux Live CDs). If not, I suggest we consider banding together to initiate a class action suit against Western Digital for violation of our consumer rights… As a (non-practicing, but licensed) attorney, I am sure I know a few folks in Philly who would love to get their hands into WD’s deep pockets…

Furthermore, if I am not mistaken, their Smartware software may very well employ a Linux kernel (their ethernet enabled external drives certainly do). If so, failing to produce ther kernal sources (and the necessary build chain) is a GPL violation which wouldn’t sit well with the FSF… potential for injunction forbiding the sale of their product (M$ just had to buy themselves out of an injunction brought on by a patent claim by I4I, so the threat of injunction in the tech industry is real).

I suspect that WD’s managemtn is just turning senile or thinking that their customer base is stupid… Not realizing the techies that have been their customers all along represent more of a market than a tech ignorant mass consumer market through Walmart or Staples…

I am quite serious about action… this product is an insult, and one we should not take lightly…

I agree with this 200%.

In my original post, which I had to edit, this is the exact thing I suggested, yet I was threatened with being banned just for the notion. Smartware is the evolution of Memeo, which was also marked as a rootkit during its inception. If you peek in the Windows registry, you will see that Smartware even creates reference keys to Memeo. Unfortunately, all of the documented evidence on what Memeo was really doing, and how to circumvent it, has been effectively removed from the internet – go figure~! Very few trace sources of information are still available on the internet regarding the Memeo (virus/rootkit) software, which is becoming increasingly more difficult to locate with the growing clutter developing in search engines. The things occuring with Smartware are identical in nature to when Memeo first came on the market. WD has re-animated the devil. WD was facing several legal allegations back THEN as a direct result of Memeo – in relation to the inability to remove it, and the things Memeo was doing in the background with or without user consent nor knowledge. Same concept, same tricks, different name. I see no difference in Smartware, except Memeo users got a removal tool after mass complaints.

One of the ways Memeo violated user privacy, and smartware does as well, is by monitoring all files placed on the drive (or within any folders monitored) for any type of digital watermarks (a type of DRM in similarity). If any are found, it will utilize core OS components (such as svchost.exe in Windows) to send collected data to antipiracy organizations such as the RIAA. I actually think there might still be reference to this on the internet (with luck!). I remember reading about how WD/Memeo had partnered up with such organizations, and implemented hidden features within the software that would collect data and notify the appropriate agencies in discretion. I really wish I could find something for reference, because it was a HUGE issue when it was discovered. However, large companies like WD have the capability to cover up their mistakes very well – even on the internet. All such related information was in reference to the Memeo community forums, and all posts pertaining to such no longer exist. Regardless, with a little google-fu, plenty of information about watermarks & antipiracy is available on the internet.

The above is something I noticed recently when using my WD external drive one night for a few minutes, which was triggered from my memories of the mess Memeo created. This only occurs when using my WD external. I noticed that my NDIS IP packet filter was catching outgoing calls to some dodgy organizations when copying some protected libraries over to my drive. If anyone is familiar with digitally watermarked files, try copying some over to your WD external. Even with the VCD supposedly inactive/hidden, it will utilize core components of the OS to magically intercept even the most sophisticated firewalls, in attempt to notify related organizations. Thus, as I stated in a previous post, the components of the VCD are always active, even when it is not supposed to be. Don’t be fooled by smartware.

Simple question: If, on OSX, I did not install anything and just did the frimware fix to prevent the image form mounting. Would I still be good, or could smartware still affect me? I know it is sitting there on the disk (stupid), but could it somehow still make its way to my Mac or could it still process the files I write to this disc?

Very unhappy with my unit. Returning it tomorrow. 

I don’t think WD care enough to do anything about it judging by the amount of replies and solutions they post in this forum on this subject (0?). 

Would it help if I said they will be losing customers from people studying at thet Australian National University from now on? It is part of my job to tell students what to use in my particular faculty.  I will be forwarding this thread and others like it to my superiors and faculty head.

From Frustrated Technical Officer