Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Sony Settles With FTC Over Rootkits

Journal written by Anonymous McCartneyf (1037584) and posted by kdawson on Wed Jan 31, 2007 05:05 AM
from the wrist-slap dept.
Sony Privacy Security
The FTC has struck a deal with Sony punishing Sony for the rootkits it included on millions of CDs in 2005. The deal is exactly like the Texas and California settlements — $150 a rootkit. The settlement isn't final yet. There will be a 30-day public consultation. American citizens who read Slashdot might want to put in their two cents. Comments will be accepted through March 1 at: FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580 (snail mail only). Here is the FTC page announcing the settlement.

Related Stories

[+] IT: Sony DRM Installs a Rootkit? 801 comments
An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.
[+] Sony Rootkit Settlement Gets Judge's Approval 187 comments
Lewis Clarke wrote to mention a ZDNet story about Monday's final approval of the rootkit settlement in the case brought against Sony BMG Music. From the article: "The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments ... At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a U.S. District Court in New York to make it official. "
[+] Sony Sues Rootkit Maker 334 comments
flyboy974 writes "Sony BMG Music Entertainment is suing the company that developed anti-piracy software for its CDs, claiming the technology was defective and cost the record company millions of dollars to settle consumer complaints and government investigations. The software in question is the MediaMax CD protection system, widely derided as a rootkit. Sony BMG is seeking to recover some $12 million in damages from the Phoenix-based technology company, according to court papers filed July 3."
This discussion has been archived. No new comments can be posted.
Sony Settles With FTC Over Rootkits | Log In/Create an Account | Top | 133 comments | Search Discussion
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • What about OS????/ (Score:3, Informative)

    by threeofnine (813056) on Wednesday January 31 2007, @05:07AM (#17825560)
    I am an Aussie, this means nothing to anyone outside the USA, it would be good to see Sony pay US$150 to everyone they infected with their shite.

  • 150? If by 150 you mean 150ml (Score:5, Funny)

    by Cocoshimmy (933014) on Wednesday January 31 2007, @05:15AM (#17825600)
    How about 150ml of the Sony CEO's blood per rootkit. If they run out, then start taking blood from the rest of the executives in a hierarchical fashion.

  • Drawing parallels (Score:4, Insightful)

    by rumith (983060) on Wednesday January 31 2007, @05:17AM (#17825608)

    According to the FTC, the software also exposed consumers to significant security risks and was unreasonably difficult to uninstall.
    Hmm. Perhaps they would fine Microsoft too, based on this exact reason? ;)

  • Save your reciept ? (Score:5, Interesting)

    by Joebert (946227) on Wednesday January 31 2007, @05:20AM (#17825626)

    Under the settlement, Sony BMG must allow consumers to exchange affected CDs bought before 31 December 2006, and reimburse them up to $150 (£76) to repair damage to their computers.

    I understand why stores require reciepts to return stuff, but when it comes to CDs which are non-returnable once that plastic wrap is taken off, who the hell bothers to save the reciept ?
    How are they going to know when the CD was purchased ?

  • how does this multiply out? (Score:4, Informative)

    by acidrain (35064) on Wednesday January 31 2007, @05:23AM (#17825654)

    Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque? Because I imagine those are entirely different numbers. Also, for those who would like to see Sony hurt worse for this, do remember that that this is more than enough. Any company pulling a stunt like that again will be ignorant, not unconcerned.

    So when are desktop OS's going to come installed inside a secure virtual machine OS that is capable of detecting rootkits and possibly doing a little extra scanning on the side? That is long overdue.

    • Re:how does this multiply out? (Score:5, Insightful)

      by Don_dumb (927108) on Wednesday January 31 2007, @05:50AM (#17825766)

      Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque? Because I imagine those are entirely different numbers.
      I wonder how many people have these CDs and dont even realise that their CDs are or have been infected? This did make the mainstream media, but wasn't a huge story. I imagine there are thousands of people who still have no idea.

      Wouldn't a better punishment be that Sony is made to stand up and publicize (using such mediums as MTV) the particular CDs that were infected and educate people as to how they can protect against malware. - It openly damages them to those who aren't aware about this (thereby acting as a deterant for anyone else thinking about doing somthing like this), informs the masses as to the lengths DRM goes to (generating more widespread disapproval for DRM) and helps to fight malware through educating the yoot.
      [ Parent ]
    • Re:how does this multiply out? by High Hat (Score:1) Wednesday January 31 2007, @05:50AM
    • Re:how does this multiply out? by Secrity (Score:2) Wednesday January 31 2007, @06:19AM

      • Re:how does this multiply out? (Score:5, Funny)

        by Professor_UNIX (867045) on Wednesday January 31 2007, @06:59AM (#17826034)

        How many people won't even know that they have been rooted?
        This sounds like the perfect opportunity for one of those chain e-mail letters to be circulated. "Have you played any of these Sony CDs on your computer? If so you're entitled to $150. Pass this along to 5 other people or you will die tomorrow!"
        [ Parent ]
    • Re:how does this multiply out? by mpe (Score:2) Wednesday January 31 2007, @08:04AM

    • Re:how does this multiply out? (Score:5, Interesting)

      by theckhd (953212) on Wednesday January 31 2007, @08:25AM (#17826476)

      Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque?
      It's not even that simple, FTFA [ftc.gov]:

      As part of the settlement, Sony BMG will allow consumers to exchange CDs containing the concealed software purchased before December 31, 2006 for new CDs that are not content-protected, and will be required to reimburse consumers up to $150 to repair damage that resulted directly from consumers' attempts to remove the software installed without their consent. Sony BMG is required to publish notices on its Web site describing the exchange and repair reimbursement programs.
      It's a reimbursement for costs incurred while trying to repair the damage done. I presume this means you would need a receipt from a vendor or service company that removed the rootkit for you. I doubt Sony will award the full $150 to you if you removed it yourself.
      [ Parent ]
      • 1 reply beneath your current threshold.

  • Meanwhile, RIAA wants $750 per song... (Score:5, Insightful)

    by Zaatxe (939368) on Wednesday January 31 2007, @05:25AM (#17825666)
    Isn't that a little unfair?

  • Not bad (Score:2, Insightful)

    by Anonymous Coward on Wednesday January 31 2007, @05:28AM (#17825678)
    The terms of the settlement actually seem pretty good for the consumer. You can claim up to 10 times the price of a CD for damages, you can exchange existing CDs for unencumbered ones, and Sony has to deal with the embarrassment of advertising this fiasco on its website. And more importantly, this will hopefully send enough of a message to other DRM providers and users to make them pause before throwing more malware into their products.

    The only thing I'd like to see added onto there is a clause requiring Sony to pay the legal defense fees of anyone sued by the RIAA. I can dream.
    • Re:Not bad by Don_dumb (Score:3) Wednesday January 31 2007, @06:16AM
      • Re:Not bad by MrNiceguy_KS (Score:2) Wednesday January 31 2007, @11:33AM
    • Re:Not bad by danzona (Score:1) Wednesday January 31 2007, @11:43AM
    • Re:Not bad by HiThere (Score:2) Wednesday January 31 2007, @01:16PM

  • By that rationale... (Score:4, Insightful)

    by GapingHeadwound (985265) on Wednesday January 31 2007, @05:28AM (#17825680)

    From TFA

    The US regulator said the anti-piracy software wrongly limited the devices on which music could be played to those made by Sony or Microsoft.

    Hmmm... no mention whether Vista or other Microsoft operating systems will come under fire of the same arguement.

  • Send the repair bill in (Score:3, Interesting)

    by scsirob (246572) on Wednesday January 31 2007, @05:30AM (#17825686)
    Maybe some folkes can send the invoices for lost time and consultancy hours spent on fixing their systems.

    I'm sure that will be just a bit over $150...

  • If someone in their basement pulled the exact..... (Score:5, Insightful)

    by Anonymous Coward on Wednesday January 31 2007, @05:40AM (#17825722)
    ....same thing, their asses would be in the slammer in no time. Sony souldn't be treated any different. This was a computer crime, plain and simple.

  • How much per song can the RIAA get away with? (Score:1)

    by Karem Lore (649920) on Wednesday January 31 2007, @05:56AM (#17825804)
    I want THAT, per song on the CD that contains the rootkit...

    Karem

    • 1 reply beneath your current threshold.

  • So if I'm reading the settlement site correctly... (Score:5, Interesting)

    by Telephone Sanitizer (989116) on Wednesday January 31 2007, @06:13AM (#17825868)
    Without a receipt for repair services the most that you can qualify for is $25 dollars, at their discretion.

    If you removed the unlawful hack yourself, no matter how much pain and suffering it caused, there is every probability that they will compensate you exactly nothing.

    (I mean nothing but the opportunity to exchange your defective CD for a slightly less defective one or a DRM-laden download.)

    I think the kicker is that this is one of those fancy federal consent-decrees -- like the one that was used to "break" the Microsoft monopoly way back when. They agree not to be such meanies and in exchange, they receive total immunity from prosecution on any related federal charges and all state laws that conflict with the federal decision are automatically superseded.

    I'm so glad that the feds are looking out for me. With punishment like that, Sony surely KNOWS they've been naughty. It's certain that they won't do anything like THAT again.

  • Claim form help? (Score:5, Interesting)

    by Kredal (566494) on Wednesday January 31 2007, @06:42AM (#17825986)
    (http://www.kredal.com/ | Last Journal: Sunday August 11 2002, @01:57AM)
    The claim form you need to fill out for recompensation is at this link [sonybmg.com].

    One of the questions is as follows:

    7. Briefly describe the type of harm / damage / problem you experienced and the steps that you
    took in response:

    What kinds of problems, other than the pain of removing it, did people have? Was any actual damage done? Did anyone's computer get taken over? I'm just curious what a valid response would be to this, for when I fill out the form.

  • Understatement of the year... (Score:5, Insightful)

    by Panaqqa (927615) * on Wednesday January 31 2007, @07:13AM (#17826082)

    According to the FTC, the software also exposed consumers to significant security risks and was unreasonably difficult to uninstall.

    Huh? "Reasonably difficult"? This damned thing broke Russinovich's [technet.com] machine, and he had to use several utilities he developed himself to get rid of it by looking deeper into the Windows OS than I think Microsoft ever intended (or wanted) anyone to look. How many /. denizens would have looked for this little gem using named pipes [wikipedia.org] to communicate?

    "Difficult to uninstall"? Right...

  • I Chooose a Better Punishment (Score:5, Interesting)

    by N8F8 (4562) on Wednesday January 31 2007, @07:19AM (#17826104)
    I'll never buy something from Sony again until they change their anti-consumer practices.

  • Two cents (Score:3, Funny)

    by Bob54321 (911744) on Wednesday January 31 2007, @07:46AM (#17826226)
    American citizens who read Slashdot might want to put in their two cents.

    No, thats all wrong. Sony is supposed to pay out...

  • Wonder who really gets to pay... (Score:5, Insightful)

    by ray-auch (454705) on Wednesday January 31 2007, @07:47AM (#17826232)
    What's the betting that cost of this gets passed onto artists as deductions from royalties ?

    Artist monthly statement:

    Sales: $$$
    Gross royalties (tiny%): $
    Deductions:

          [ blah blah blah ] $$
          DRM legal costs $$
          [new this month]

    Net Royalties: -$$$

    [NB: you won't have to pay us because we're nice like that, we'll just carry it forward]

  • I have an idea for compensation (Score:2, Funny)

    by badenglishihave (944178) on Wednesday January 31 2007, @08:31AM (#17826526)
    (http://www.howawesomeisthat.com/)
    How about a free PS3 instead? Oh wait, that would just introduce more Sony problems into our lives. Whoops.

  • Damn them anyway! (Score:3, Interesting)

    by Anonymous Coward on Wednesday January 31 2007, @09:11AM (#17826884)
    Sony's rootkit (which my teenaged daughter installed; damn it I had autoplay shut off for a reason!!!) cost me the price of an SB Audigy since I couldn't find sound chip drivers, and XP since my video card mfg didn't have Win 98 drivers for download. Around $200 plus an afternoon of my time; reinstalling W98, then going to Circut City and installing XP (three fucking times - it didn't like my CD burning software and had a popup on boot saying XP had disabled it, but XP wouldn't let me uninstall it because it had disabled it. Then it updated my networking drivers which disabled the internet. Great product that XP).

    After being yelled at for ruining my computer, she broke the CD and threw it away, and I've lost the receipts for the SB and XP.

    I think a more fair settlement would have been to just have Sony give $500 to every man, woman, and child on the planet, and have its CEO spend as much time in a US federal assrape prison as anybody who would have done this to Sony's corporate computers would have, after being caned in Singapore. Then when he was released from US prison, have the Chinese execute him and bill his family for the bullet.

    If you work for Sony in any capacity at all, I hate your fucking guts. Please die and take your God damned company with you.

    Sorry for the rant.

  • How much they should actually pay (Score:1)

    by Kwesadilo (942453) on Wednesday January 31 2007, @11:05AM (#17828402)

    Sony BMG should have to pay each infected person the amount of money that it would take to replace their infected system plus the money they lost from not being able to pull all of their data out of the fire. For the average user, this malware probably made their computer totally unsalvagable, so this seems reasonable.

  • Grrrr Rrrrr Aaah-Oogah!!! (Score:2)

    by Nom du Keyboard (633989) on Wednesday January 31 2007, @11:18AM (#17828598)
    (Subject Title is from the Dilbert Desk Calander for 1/28/2007)

    So it took them this much longer to achieve exactly the same settlement, lawyers billing their time all along the way. That's government in action for you.

  • Blame engineers, not just CEOs (Score:2)

    by MobyDisk (75490) on Wednesday January 31 2007, @11:45AM (#17829026)
    (http://www.mobydisk.com/)
    Lots of people talk about blaming the CEOs for this type of behavior. But as a programmer, I think of the people who actually implemented this. Somewhere, there is some employee or contractor who wrote a rootkit for Sony. Maybe a few people. And somebody was paid to make an ISO image containing music tracks and a rootkit. I would love to know what they thought when he made that ISO image. Did he call his boss and say "Hey! There's a rootkit on here!" or not? How about the team of testers who had to compromise their machines and verify what information was sent back? Did any of them think that maybe this wasn't such a good idea?

    There are a lot of people responsible for this type of thing. Is corporate-group-think so powerful that these people didn't even realize what they were doing was wrong? Or did they hold their tongues out of fear? Or were they malicious?
  • I'm just happy to know that even though I never bought one of the millions of CDs that included this rootkit, at the end of the day, sony loses $130 for every CD sold with it. Honestly I think it should be more, but between that, the battery recalls, blue-ray, the shoddy PS3 sales, I think it's time for new management in Sony and they really need to turn themselves around as a company. In my mind right now, they are worse than Microsoft.

  • Sony can make a profit from this (Score:1)

    by AlgorithMan (937244) on Wednesday January 31 2007, @05:27PM (#17834270)
    (http://www.algorithman.de/)
    slashdot reported that 40% of all music consumers have pirated music http://slashdot.org/article.pl?sid=05/06/21/223825 6&from=rss [slashdot.org]

    people who had the rootkit are music consumers (since they bought the cds) therefore 40% of the affected people have pirated music

    now sony only has to sue EVERYONE who claims his 150$
    because of the first and second statement, sony will win twice in every five cases (those two have at least 1 pirated song, so they have to pay at least 700$) which means:

    for paying 5 times 150$ (5*150$=750$) they get at least 2*700$=1400$ which means
    SONY GETS A PROFIT



    yes, I love math :-)

  • So does this mean... (Score:2)

    by h4ck7h3p14n37 (926070) on Wednesday January 31 2007, @08:50PM (#17837022)
    (http://www.kittenwar.com/)

    That if I get caught planting rootkits on peoples' computers that it's only going to cost me $150 per offense, with no jail time?

    Some Sony executives should be serving time. Isn't planting a rootkit on someone's machine a felony in the US?

  • Re:Vaginas for Jesus: Nice real nice, REMOVE IT (Score:1, Insightful)

    by Anonymous Coward on Wednesday January 31 2007, @06:24AM (#17825918)
    This kind of shit shouldn't be just marked 'offtopic', it's spam and spam should be deleted. This goes also for the first post idiots and the goatse boys.

    These are part of the answer why most internet publicists don't allow the public to comment the news. Which is a shame since some readers do have something interesting to say.
    [ Parent ]

  • Re:individual doing this would go to jail (Score:2, Informative)

    by Adambomb (118938) * on Wednesday January 31 2007, @04:45PM (#17833556)
    (Last Journal: Monday August 20, @04:49PM)
    Because avoiding jail time is expensive, and how many individuals have deeper pockets than even an average sized corporation?

    Sad, but true.
    [ Parent ]
  • 7 replies beneath your current threshold.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.