More on Sony's "DRM Rootkit" 608
A couple of days ago we posted a story about Sony DRM installing a rootkit. Since then we have seen many more stories on the subject that I thought were worth sharing.
manno gave us a link to the inquirer and salemnic sent us a page from the washington post. smallfries gave us one from PC Pro.
It's nice to see this story not getting lost in the cracks since the implications are gigantic.
Hope it catches on (Score:5, Interesting)
Love it. Great phrase. Maybe it'll catch on.
Re:Sue (Score:2, Interesting)
A lawsuit on what grounds? That you agreed to something and then they installed their software based on your agreement? I have a feeling that the "oh, no one reads those things" isn't really going to work all that well against Sony's legal team.
Here [f-secure.com]is a link to F-secure's "detailed" writeup about what the DRM installer puts on your machine.
Don't buy DRM'd CDs as they don't allow you to exercise fair-use. Sadly, most people don't care anymore.
Simple Solution: Boycott Sony to Death (Score:5, Interesting)
Let us hope: (Score:4, Interesting)
Re:Sue (Score:5, Interesting)
Contains LAME code? (Score:5, Interesting)
Re:Regardless of where this goes... (Score:3, Interesting)
In fact, to a casual reader, it would almost seem as though anything with an acronym such as "Digital Rights Management" would be designed to protect your digital rights. It's entirely misleading.
If all else fails, Sony can always use a scapegoat and proclaim that the managers had no idea any of this was happening. An unknown malicious programmer must have done it all!
Sony is losing it (Score:5, Interesting)
I guess I'll send them a sharply worded letter first, but I really don't see any way that I can do any business with a company like this. Not even as a shareholder.
Re:Sue (Score:3, Interesting)
On Mark Russinovich's Blog, at least one guy claimed to be a lawyer and he asked California residents who were affected to contact him about a lawsuit.
Re:Simple Solution: Boycott Sony to Death (Score:3, Interesting)
Is this necessarily legal? (Score:5, Interesting)
Re:Sue (Score:5, Interesting)
If you can manage to find the hidden software files and do delete tehm as suggested in the EULA, you will no longer be able to access your CD drive.
Funny how no mention of those points are made in the agreement.
A wild conspiracy theory: (Score:3, Interesting)
Stick that music CD into my computer? No you don't, I'll become infected with malware.
Yes, perhaps it's as the subject suggests, a wild conspiracy theory. It's not as though this industry wanted to create laws to legalize hacking P2P users or anything.
How to beat this... (Score:4, Interesting)
Emphasis is mine. Anyways, nothing is the EULA says that I can't just go and delete it. Sure, it may reinstall, but can't we delete it the minute we eject the CD? Can we write a script to do that?
Anti-PC (Score:3, Interesting)
So messing with your PC looks like a good thing to do for Sony (especially since it also f*cks with MS).
H.R. 2929 (Score:5, Interesting)
(4) inducing the user to install a computer software component onto the computer or preventing efforts to block installation of a software component;
http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.
If they used racketeering laws to go after the RIAA, why not antispyware legislation against this?
Re:Sue (Score:5, Interesting)
The other day, I was driving with my fiance when we got on the topic of cd's. She proceeded to tell me that there's this great cd that I need to get because the band is really good. I proceeded to tell her that I haven't purchased a cd for almost 4 years now because of my dislike for the RIAA. After explaining everything to her, she just got all flustered and said that she didn't care about all that crap. She didn't care that even though she paid for the cd, she didn't fully own. She didn't care about all the bully tactics the RIAA uses. She didn't care about any of that, she just wanted the music.
I agree with you that the majority of the people just dont care. As much as I try and inform people of all the crap the RIAA pulls, it just goes in one ear and out the other.
For now, I suppose I'll just continue on with my silent protest.
Re:Yes, this is bad (Score:5, Interesting)
Something that they tried to HIDE on people's computers to RESTRICT them. People are now abusing it against Blizzard. Blizzard has 'just cause' to start a lawsuit.
Re:First4Internet (Score:4, Interesting)
Demand compensation (for petrol to get there), the money to fix it and if they refuse tell them you'll take them to court for the damages (claim the box was used for something important like hosting websites and the rootkit has not passed some safety tests that all servers must pass at your company).
Aww the fun of being a sick little geek
Other affected CDs (Score:4, Interesting)
I'm starting to think it'd be worthwhile to create a domain policy to prevent this malware from running on any of our network machines....
Re:Yes, this is bad (Score:3, Interesting)
My Letter to Sony (Score:5, Interesting)
Hello.
I have just learned about the malware that Sony has started to add to "compact disks" (in quotes, because Sony breaks the CD standard) via poorly-written DRM software from First4Internet. It is simply unconscionable that Sony would resort to such unethical lengths to prevent the pirating of a software. In fact, criminal trespass comes to mind, given that the software differs from what is described in the EULA and non-removable.
I'm outraged at this behavior demonstrated by Sony, and I can assure you that I am no longer a Sony customer. In short, although I am a computer enthusiast/technologist who builds his own systems and enjoys gaming, and although I am a scientist who uses high-end computing resources on a daily basis, I won't be purchasing any of the following from Sony in the next few years:
1) Stereos and portable audio equipment
2) Flat screen televisions, plasma TV's, etc
3) High-end computer LCD monitors
4) Laptop computers
5) Computer CD and DVD drives
6) Sony-branded CD, DVD, and floppy disk media
7) PlayStation 2 or 3
8) PlayStation Games
9) PlayStation Portable
and needless to say,
10) Sony and BMG music.
If you break standards on DVD equipment, add Sony and Columbia TriStar movies to that list.
Thank you for making my future purchase decisions so much easier.
Sincerely,
****
CMT.com removing posts about Van Zant rootkit (Score:2, Interesting)
Make no mistake, the mebers of Van Zant are just as culpable in this as Sony Music. please let them know at
Vector Management
Ken Levitan and Ross Schilling
P.O. Box 120479
Nashville, TN 37212
Phone: 615-269-6600
Fax: 615-269-6002
Thank you Tapeworm
Re:Maybe Sony Should Print This On Their CD's.... (Score:5, Interesting)
List of affected CDs? (Score:4, Interesting)
Re:... until removed or deleted. (Score:3, Interesting)
The DMCA is deceptive and vague but yet it still stands. Welcome to law.
Furthermore, it is not a safe bet to assume an EULA is a binding contract, there is precedent both ways on this, it depends on the EULA and the judge's opinion, and there are all kinds of laws regarding contract validity.
There is yes, but the EULA hasn't been truly tested, thus why it still stands. You know why? Because no one has the time and financial ability to go up against Microsoft, Sony, etc. So, regardless of YOUR opinion on the subject, you can certainly guarantee that this particular EULA will stand until another fails.
It doesn't scale (Score:1, Interesting)
JR
Re:yes, but is it Mac compatible? (Score:2, Interesting)
Couldn't Sony foresee the reaction on actual consumers: "I wanna buy this CD, but it has DRM (rootkit or not). Maybe it'll play on my car stereo maybe not. Maybe I'll be able to listen to it on my Discman (made by the same Sony), maybe not [corante.com]. Forget it, I'll get it online."
David Berlind [zdnet.com] has some interesting takes on the whole DRM issue.
Never forget... (Score:4, Interesting)
In the good ol' USofA, there is no technically clear in civil litigation. All you have to prove is something as simple as your reasonable expectations. Doesn't matter what the EULA says or if they did anything illegal.
IANAL, but it is my impression that in the eyes of the US courts, you not only have to follow the letter of the law, but you have to ensure that you are conveying a reasonable perception about what your product does. That fine print means nothing if the court finds it too difficult to read, or makes unfair claims (ie - By installing this, you transfer ownership of your computer to us... which is what a rootkit comes closest to without physical possession.)
Civil cases aren't really about the law. They're about damages, and a propoderance of evidence (more than 50% in your favor... a lot less than the reasonable doubt standard of a criminal trial). It may not be against the law for you to spraypaint your trees pink. But if I'm your neighbor and plan on selling my home, I have every right to sue you for damaging the property value of my home. Getting a few other neighbors to testify, and it'll win just on proponderance of evidence.
IMHO, I'd sue the hell out of Sony in a class action lawsuit. Look at it this way: you may not win a lot of money each, but it'll probably be enough to repurchase that CD and a few others with no DRM.
Re:Hope it catches on (Score:3, Interesting)
I would tell Joe Sixpack something like this: "Joe, if you try to play one of these CD's that's got that copy-protection or something else called 'Dee-Are-Emm' on it, it will put viruses into your machine that will not only fuck it up completely, but cannot be gotton rid of. That is because the record companies are in cahoots with the hackers and spammers to rip you off. Do you want to take that chance?" You might also want to add a little punch to this by telling somebody's sad tale of woe.
I think he would get that, and I don't think it is misleading.
Re:Hope it catches on (Score:5, Interesting)
"Infected with DRM"
Again, I must state that whenever I clean a computer with Adaware/Spybot/AVG/Panda Activescan/CWShredder/ect, I'm now going to have to ask one more thing:
"Have you bought and played any music CDs lately?"
How sad is it that doing something so legal can become associated with other computer slow-downs as spyware/malware/adware. This is what is going to irk the general public, and hopefully get people to look at DRM a bit more closely.
Re:Sue (Score:3, Interesting)
Sony in violation of DMCA? (Score:5, Interesting)
Re:Deal with the devil... (Score:3, Interesting)
Functions as normal audio CD on Macs (Score:3, Interesting)
Nothing. It looks and functions as a normal audio CD on a Mac.
Under Windows, yes it will prevent iTunes from ripping it and putting the music on your iPod. Several bands (and I believe even Sony) have instructions for copying music onto the iPod using Windows and they generally involve burning the included WMA files of the music on a regular CD and then reripping it (yes you will lose quality), but the much better solution (that they don't tell you about) is to just hold down the shift key while inserting the CD which will disable the autorun.bat script.
It's actually rather funny looking at their instructions because they'll have several pages of instructions for Windows machines to copy the music onto iPods and for the Mac, they just say "The audio CD will function normally and without restrictions on a Mac.".
Call to anti-virus makers (Score:3, Interesting)
Re:Hope it catches on (Score:4, Interesting)