More on Sony's "DRM Rootkit" 608
A couple of days ago we posted a story about Sony DRM installing a rootkit. Since then we have seen many more stories on the subject that I thought were worth sharing.
manno gave us a link to the inquirer and salemnic sent us a page from the washington post. smallfries gave us one from PC Pro.
It's nice to see this story not getting lost in the cracks since the implications are gigantic.
Regardless of where this goes... (Score:5, Insightful)
The Solution is Simple Folks! (Score:4, Insightful)
Me, I think I'll just pirate all my music from now on. That way I don't have to worry about any of this DRM nonsense!
Re:I don't understand the fuss. (Score:2, Insightful)
Sony has the key to your computer.
The key is digital, thus an infinite number of copys can be made of the key.
The key is digital, so anyone with enough time can make a copy even if they aren't from sony.
Once someone besides Sony has the key, they can distribute it on the internet, and now EVERYONE will have the key to your computer.
Is it scary now? Do you think your bank plays music from sony CDs? Do you want everyone in the world having keys to your bank?
Re:Sue (Score:4, Insightful)
I think the issue here is that Sony does not tell you that they are installing the software ANYWHERE. In addition to them adding the software without your permission, its software that can create a "safe haven for viruses" (the software makes everything that has "$SYS$" in the filename turn invisible), according to the PcPro writeup.
Re:Dupe(s): with a purpose. (Score:5, Insightful)
No seriously, I agree. Sony's inconceivably bad behavior has to be dragged, squealing and flailing, into the sunlight where it can be properly stomped to gory death with hobnailed boots. No mercy, no PR coverup, no plausible deniability. Corps have to understand, with visceral fear-of-agonizing-death understanding, that this kind of crap will not ever be tolerated. This is a trend which must be stopped cold dead. These shenanigans have to be punished with such finality that any observer centuries from now will intuitively know the immediate and unalterable consequences of this kind of crap.
Re:Simple Solution: Boycott Sony to Death (Score:2, Insightful)
Grounds for suit (Score:4, Insightful)
Of course, IANAL, IAAEE.
Deal with the devil... (Score:5, Insightful)
Re:Sue (Score:2, Insightful)
You have got that backwards. Those who know what DRM is cares.
The problem is that not many people know about it.
Re:Contains LAME code? (Score:5, Insightful)
Who'll follow up on this thread? I'm sure we can find enough free-as-in-freedom warriors to do a tech analysis on the software and confirm the report in parent comment? C'mon, hoisting retards [sonymusic.com] on their own petards [wiktionary.org] is just too much fun!
Re:Sue (Score:4, Insightful)
The security industry (Score:4, Insightful)
Re:I don't understand the fuss. (Score:2, Insightful)
That aside, anything that hooks into the internals of an OS without my clear and informed authorization is a problem.
you've got a piece of code in your computer that only gives Sony access. nobody else.
Please tell me you don't really believe that. Considering how many of MS's products have opened backdoors for people, you're going to trust Sony to "do it better" and leave this software completely secure? It might not suddenly allow crackers "on some IRC network" to get in, but it sure opens up a lucrative bit of research for them- finding the security holes in a DRM rootkit that people don't even know is installed.
Imagine the trouble in fixing that with a patch.
Re:Simple Solution: Boycott Sony to Death (Score:2, Insightful)
there's nothing wrong with memory sticks! sure they're proprietary - but sony's consumer-grade cameras are currently the best on the market,* simply because their AF system has made several advances in the past three years which make their cameras solidly faster in-use than the competition. canon's following closely; hopefully the situation will reverse in the next year or so (the market was even 3 years ago, such leads rarely last).....but all to say, memory stick, while a dead end, perhaps, is certainly not dead, as most of the best and most popular cameras still demand it. furthermore, with moore's law, EVERY format you buy is dead in two years. my first digicam (kodak) was given a 64 meg card (compact flash), my second (sony - memory stick) a 128, then later a 256, my third (canon - compact flash) a 512, and my fourth (canon) 1 gig. i anticipate a 4 gig card for my next camera.
all to say - people that waste time whining about proprietary memory that-they-can't-take-with-them need to realize that they can't take it with them *anyway*, at least until the megapixel war subsides. storage for serious photographers is more analogous to RAM than floppies - it's just part of the camera system. even if the format is compliant with subsequent models, they'll likely consider it prohibitively small, and they're better off selling it off to pay for half a new one.
ps: and before you say "b4t m1n3z d4 b0mbz!" realize i'm not dissing your camera, i'm just saying that, at this point in time, when you take a consumer down the line in a camera store that carries all brands of cameras, and make them play with each camera uninfluenced by sales rhetoric or concerns for proprietary formats or brand preference, a significant majority gravitate to the Sony's...not all, but most (like 5/6, among people that consult with me). doesn't mean the others aren't good, or don't have specific features that make them more desireable to other people, just means their user interface and general operation speed is slightly less eye-catching. natch?
pps: OT? sorry. just a pet peeve of mine. you can say it's proprietary and we should resist proprietary formats on principle, but don't mix "proprietary" with "technically bad," or underestimate Sony's ability to keep its CompactBetamax in very active use for years to come.
Solution? (Score:2, Insightful)
Re:A wild conspiracy theory: (Score:4, Insightful)
I'd bet they simply did not understand the implications of their "copy protection".
Or maybe they knew and did not expect it to make much waves.
But I don't think Sony management wanted the kind of publicity they have now.
Re:Deal with the devil... (Score:3, Insightful)
Re:Sue (Score:2, Insightful)
Or, better yet, don't buy a Sony music CD. Sony gets sued all of the time for various reasons - it's part of the cost of doing business. Their stockholders are used to it. A significant drop in sales will be far more likely to get attention.
... until removed or deleted. (Score:5, Insightful)
So, technically they are in the clear (in the same way that they would be in the clear if they said "the SOFTWARE will reside on YOUR COMPUTER until pigs grow wings"), but what they are doing is still morally very wrong...
As far as being able to uninstall it via "add/remove programs", I wasn't aware that this made software dismissable via legal grounds.
It's just not a matter of failing to supply some user-friendly functionality to make it extra easy to uninstall.
Such functionality might take time to develop, and so a case could be made that the developper just didn't feal it worthwhile to spend the effort...
But in this case, the developers went out of their way to make it extra difficult to detect, let alone remove, their software. Even without Add/remove functionality, you could still remove the files and registry keys manually, if the software was just sloppy, rather than malicious. But in the present case, the software's files and reg keys are hidden, so you can't just remove them. And if you do find the trick how to de-activate the rootkit, removing the resources will break the OS if not done properly (disabled CD driver), meaning that for a normal user the only alternative is to reinstall the OS. Not nice!
Legal Justification for Downloading Music (Score:1, Insightful)
Re:Solution? (Score:2, Insightful)
Re:Regardless of where this goes... (Score:3, Insightful)
Yes it is.
That's the point, it's got a double plus good word in it's title, so it must be good!
For other examples of this: PATRIOT act and "operation [adjective] freedom"... how could ANYONE oppose them without appearing anti-freedom to the uninformed?
Re:Hope it catches on (Score:5, Insightful)
Re:Sue (Score:2, Insightful)
If 'fair use' is a natural right then any entity that attempts to crush that is criminal.
Your attitude is lazy, here's some fun with it; don't like not being able to sit up the front of the bus, then dont ride on the bus.
Don't like the cancer from the toxic waste dump in your town, then leave.
Don't like to have the police perform secret searches on your home, don't buy a home, dont move into that town, state, country, etc.
Facile examples but they are along the same line of thinking. If an entity is actively stamping on peoples natural rights then that entities behaviour can be forcefully stopped by society, through the power of government, one of the things that government is supposed to exist for.
There seems to be some strange thought pattern here that nobody must let the idea even cross their mind that a corporations' behaviour may be wrong and that it is ok to put a stop to it through Government. Somehow a fairly large group of people have decided that corporations should have less responsibility to a country than the citizens that it is supposed to benefit do. That the only thing that lowly citizens should be 'allowed' to do is *absolutely nothing* (which is exactly what a 'boycott' is, total and utter inaction).
Undoubtably this thought process is a mutation of various anti-communist, anti-socialist and pro facist (in the true sense) ideologies coming to their logical end..
Your argument is also objectively pro virus/spyware and malware. Using your argument any virus or malware author, to be safe from prosecution simply has to show some form of EULA, something that has been joked about here often but dismissed as absurd. (You probably didn't make that connection in your rush to promote your ideology).
--Awaiting the flurry of half thought out responses misinterpreting my words.
Re:Never fear, Slashdot is here! (Score:3, Insightful)
Re:... until removed or deleted. (Score:5, Insightful)
The SOFTWARE is designed to hide itself, alters the functionality of the machine to the detriment of its performance and can cause it to malfunction(prevent CD/DVD readers/writers from working properly), opens up the machine to further attack, and finally reduces the stability of the machine. The EULA, which you cited, is intentionally vague and misleading, and certainly does not absolve Sony of responsibility for the above problems caused by their SOFTWARE. Also, just because it's in the EULA, sorta(!), does not make it legal. Sony is clearly being deceptive with these products and their EULA, and there are laws on the books to protect consumers from such action.
Furthermore, it is not a safe bet to assume an EULA is a binding contract, there is precedent both ways on this, it depends on the EULA and the judge's opinion, and there are all kinds of laws regarding contract validity.
Re:Simple Solution: Boycott Sony to Death (Score:2, Insightful)
Think again, who has more power over your Windows computer, Sony or Microsoft? Who doesn't even need to install a root kit to do anything on it they want to?
Boycotts are worthless... (Score:5, Insightful)
... for stuff like this. If you care enough to REALLY do something about it, there are really only two things to do:
Intentionally or otherwise, what the program is exploiting a flaw in a popular operating system in a way that not only enables them to control access to the data on the CD -- which itself is illegal, but fat chance the government will help you with that -- but it in so doing opens up the machine to facile infection with illicit software which it will then actively cover up and make detectable only to very knowledgable users. If DHS is serious about cyber terrorism, they shouldn't be letting companies subvert the already weak security of the predominant operating system and prime them for becoming unwitting pawns in terrorist activity.
Make a simple flyer explaining what's happened and the implications and see if local record stores would be amenable to helping out. This could be as little as having them stuff an info packet in their bags, to leaving a stack of Live Linux CDs that do nothing but permit a user to duplicate a CD to CD-R without the offending software, or even have a "SafeDupe" day where a few people setup a table where purchasers can show proof of purchase and bring a blank CD to have it "SafeDuped" for them. Obviously, most record stores won't want to rock the boat, but a well-spoken and sincere person (armed with copies of coverage from the mainstream media talking about the problem) ought to be able to find at least one or two store managers with an ethical streak.
It's perfectly legal to make such copies, and if you don't believe me, ask a lawyer or download the Bern Convention on Copyright and read it yourself.
And remember kids, calm, cool, and collected. No name calling, no vitriole. Attribute not malice where stupidty is explanation enough, etc. And do make sure that whatever you do is entirely on the up-and-up, transparent to everyone involved, and that the press and SonyMusic are well informed on the subject.
Re:quite the non-sequitur (Score:2, Insightful)
Re:Sue (Score:2, Insightful)
Re:Hope it catches on (Score:3, Insightful)
Me: That CD's infected with DRM
Friend: What's DRM?
Me: Digital Restrictions Management. SONY has infected that CD so that it will alter the way Windows works so that you can't put that CD onto your iPod or make a copy to use in your car player that eats CD's occasionally.
That might finally get through.
One nasty idea (Score:5, Insightful)
Buy something from Sony, like PS2 or a camera, and then return it the day after. AFAIK, return items go pretty high up in the supply chain. Tell why you are returning it.
Any problems with this?
Re:Sue (Score:3, Insightful)
Re:... until removed or deleted. (Score:2, Insightful)
Why are you so vehemently opposed to the very IDEA that people could sue Sony? From reading your posts here, I'd guess you are insecure and you want everyone to just give up and feel as weak as you in the face of teh uber Sony...
The post I've quoted essentially says: "you dont have a case because legislation can be vague, and because you can't afford it." Neither of these two "points," has ANY bearing in the arguement over whether or not there is LEGAL justification for a suit. Please stop posting flamebait.
but Sony says it's not malware (Score:3, Insightful)
6. I have heard that the protection software is really malware/spyware. Could this be true?
Of course not. The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system.
Also, the protection components are never installed without the consumer first accepting the End User License Agreement.
If at some point you wish to remove the software from your machine simply contact customer service through this link. You will, though, be unable to use the disc on your computer once you uninstall the components.
I call shenanigans. They say it's not designed to be intrusive, yet it hides itself by creating a security hole and it messes with your drivers. They say it's not installed without the consent of the user to the EULA yet the EULA doesn't appear to give sufficient details to make an informed choice as to whether or not you want this on your system. They offer a removal tool; however, once applied, you will not be able to use the CD in your system at all. This last implies that the tool either does an incomplete removal or adds further software to your system (does the removal tool come with an EULA?)
Re:Sue (Score:2, Insightful)
Re:Sue (Score:2, Insightful)
If this woman just likes to bop to the beat without a thought for the struggles of the human race, with no concern over the protection of the future of the art, then maybe you should question if she even "gets" the music she is recommending.
Maybe you should find someone with a bit more heart than a mindless primate that simply likes to bounce to a thumping bass or gaze at a shiny object.
Personally, I am glad my wife both understands and is passionate about social issues. It's the same passion that bleeds over into everything she does and keeps our marriage strong.
Disclaimer: I speak only to the description in your post. I do not know your fiance, who may have plenty of other positive traits.
Re:Let us /. Sony (Score:3, Insightful)
Re:Sue (Score:3, Insightful)
Unfortunatly, you made the problem worse. (Score:3, Insightful)