Please create an account to participate in the Slashdot moderation system


Forgot your password?
Sony Privacy Security Software

Bad Day To Be Sony 812

Not only is Sony no longer selling the RootKit CDs, Arend writes "According to a USAToday article, Sony is to pull their controversial rootkit CDs from store shelves." A nice gesture, but a little late. bos writes "Sony's DRM rootkit has been found by Dan Kaminsky to have infected at least half a million networks, according to an article by Quinn Norton for Wired News. Dan has even put together some pretty pictures of the breadth of the infection." With so many people infected, it's unfortunate that wiredog writes "From The Washington Post comes the news that serious security flaws have been found in the software that Sony is distributing to users who want to remove the Sony rootkit. The article says: 'Because of the way the tool is configured ... it allows any Web page that the user subsequently visits to download, install and run any code that it likes.'" Oops. Even Microsoft is getting into the act. ares284 writes "Microsoft said it would remove controversial copy-protection software that CDs from music publisher Sony BMG install on personal computers, deeming it a security risk to PCs running on Windows."
This discussion has been archived. No new comments can be posted.

Bad Day To Be Sony

Comments Filter:
  • Re:How to boycott? (Score:2, Insightful)

    by Anonymous Coward on Tuesday November 15, 2005 @03:55PM (#14037277)
    you did not type that all in the 30 seconds since the story was posted....
  • by Rude Turnip ( 49495 ) <{valuation} {at} {}> on Tuesday November 15, 2005 @03:56PM (#14037287)
    I'd like to thank the fine folks at Sony for helping me decide which next-generation gaming console to buy (hint: It doesn't begin with the letter "P" or end in a "3"). It's a sad state of affairs when Microsoft has to come to the rescue and un-fsck your security blunders.
  • Thank god for Sony (Score:5, Insightful)

    by sedyn ( 880034 ) on Tuesday November 15, 2005 @03:56PM (#14037291)
    I'm all in favour of letting the average person know the truth behind what content distributors are willing to do to protect "their" property.

    Let us hope that people find out about DRMs before they saturate the market any further.
  • by apflwr ( 930636 ) on Tuesday November 15, 2005 @03:57PM (#14037303)
    In the end it probably would have been cheaper and much less hassle to just let us download the damn mp3s.
  • by jenkin sear ( 28765 ) * on Tuesday November 15, 2005 @03:59PM (#14037321) Homepage Journal
    Looks like Sony crossed the threshold from nuisance to crime. While DOJ is almost certainly going to soft-pedal this, a savvy attorney general with political ambitions from a state unencumbered by Hollywood and the RIAA could probably ride this case into the governor's office....

    "Paging Eliot Spitzer [], Paging Eliot Spitzer, Mr. Spitzer white courtesy phone..."

  • Vulnerability (Score:5, Insightful)

    by Anonymous Coward on Tuesday November 15, 2005 @03:59PM (#14037328)
    So we have a vulnerability on machines that was pushed out intentionally by somebody. We know who that somebody is.

    The question is, will they get punished for this by the authorities? The FBI and police seem to be happy to jail writers of virii or worms or those who spread vulnerabilities to unsuspecting systems. Why shouldn't the product manager responsible for this pay for his crime of making the nations computers even more insecure?

    Considering the rootkit is installed without owners realistically being aware, doesn't that make it equivalent to a form of worm, virus, or other type of nasty?

    I seriously believe that someone should be doing jail time for this. Such a punishment would make any other malfeasants think twice before thinking that they don't have to obey the law.
  • Boycott Big Music (Score:5, Insightful)

    by drdanny_orig ( 585847 ) * on Tuesday November 15, 2005 @03:59PM (#14037337)
    I suggest people consider boycotting _all_ RIAA member labels, not just Sony. They just happened to be the fools who fell for this particular version. It's not hte implementation that's anathema, it's the concept of DRM. When in doubt, consult RIAA Radar []. Don't buy discs produced by RIAA members, it't that simple.
  • by Murphy's Paradox ( 585454 ) on Tuesday November 15, 2005 @04:00PM (#14037340)
    I wonder how many people, and their positions in the company, were shipped off to Sony's Siberian department for this debacle. I also wonder if anyone Even though the programmers were told to do this by management, I'm sure they are getting in trouble for not being sneaky enough with the code.
  • Re:How to boycott? (Score:5, Insightful)

    by jedidiah ( 1196 ) on Tuesday November 15, 2005 @04:00PM (#14037347) Homepage
    Nevermind boycotts. These sorts of shenanigans deserve nothing short of civil litigation and criminal prosecution. People should be showing up to the local DA's office with pitchforks in hand. Nevermind silly little boycotts.
  • Re:How to boycott? (Score:3, Insightful)

    by Anonymous Coward on Tuesday November 15, 2005 @04:00PM (#14037352)
    It's a lot easier to download something from p2p than to go out and buy it. Easy boycott.
  • Re:How to boycott? (Score:5, Insightful)

    by achacha ( 139424 ) on Tuesday November 15, 2005 @04:01PM (#14037354) Homepage
    Have to agree with you, I have added Sony to my very small list of companies not to buy things from. Yesterday I bought a camcorder from Canon even though both Canon and Sony were final runner ups, I put my 800$ on a Canon for one reason... Sony DRM is an insult to consumers and I am sure my miniscule decision will not matter but I feel good that I will not be giving money to a company that thinks it is ok to distribute a rootkit with their music CDs. And I actually checked the music CDs I was buying to make sure they were not from Sony. The only way we can have our voices heard is not by making noise but by not spending money ontheir products... when you affect their profits it hurts a lot more and while I am one person and my immediate actions will not even affect the company, I am hoping there are more people out there that believe in honest practices.
  • by The Rizz ( 1319 ) on Tuesday November 15, 2005 @04:01PM (#14037363)
    Why hasn't Sony been raided by the Feds, yet?

    If this had been an individual, or small business, you know they would already be behind bars awaiting trial for violating some law or another... possibly even being brought up on some sort of national security-related charges.
    ( Someone in a secure/top secret/classified government network has probably stuck one of these CDs into their machine at some point.)

    I want to know why the Feds aren't treating Sony like they would anyone else ... break into their offices, confiscate every single piece of electronics and CD in the place, and never give them back, ever (or at least, not until years after you've replaced everything).
  • buy second hand? (Score:5, Insightful)

    by speedfreak_5 ( 546044 ) on Tuesday November 15, 2005 @04:01PM (#14037364) Homepage Journal
    I'm a music nut. I've tried the boycott thing with mixed results. But what has "worked" for me lately is buying CDs and vinyl second hand. Unfortunately, They may already have the money from the original purchase of the music, but if you buy second hand, someone gets money and you get a CD or record and the RIAA partners get nothing.
  • by olddotter ( 638430 ) on Tuesday November 15, 2005 @04:03PM (#14037386) Homepage
    I agree, in the grand scheme this might be a good thing.

    And if for nothing else this has been very funny to watch the problems snow ball for Sony.
  • by SilverspurG ( 844751 ) * on Tuesday November 15, 2005 @04:08PM (#14037440) Homepage Journal
    Because we live in a democratically elected plutocracy.

    By associating it with democracy, though, that makes it all better. We're all supposed to be happy that corporate profits supersede individual rights and property.
  • by Anonymous Coward on Tuesday November 15, 2005 @04:10PM (#14037470)
    I wonder how much money Sony saved by adding DRM to their CDs.
  • Wow (Score:5, Insightful)

    by realmolo ( 574068 ) on Tuesday November 15, 2005 @04:13PM (#14037505)
    Sony really screwed the pooch on this one.

    They actually got the Department of Homeland Security to denounce them. I knew it had to be good for something ;)

    The great thing about all of this is that now that the Feds are aware of this evil DRM bullshit, they will start regulating it a little better. As it stands now, the DMCA basically give all the media companies "carte blanche" with regards to copy-protection schemes.
  • Re:How to boycott? (Score:2, Insightful)

    by DroopyStonx ( 683090 ) on Tuesday November 15, 2005 @04:16PM (#14037527)
    Boycotts don't work with companies as large as Sony.

    Even if you were lucky enough to gather a large amount of people, their producs are so intertwined with everyday technology that your actions won't make the slightest dent in their profits.

    It might seem like a good idea on how to "stick it to the man", but in reality it's not quite so effective.

    Even with all this bad publicity, they'll probably see a temporary dent in their stock, but 6 months from now all will be back to normal.

    Then the PS3 comes out, yadda yadda...

    Won't work.
  • Re:How to boycott? (Score:3, Insightful)

    by linguae ( 763922 ) on Tuesday November 15, 2005 @04:17PM (#14037540)
    There is nothing wrong with having a business that relies on the government as long as you provide society with products and services that it needs.

    Yes, there is something wrong with businesses that need the government in order to make profit. It's wrong because it goes against the nature of free markets. Have you heard of corporate welfare? If a business cannot make the profits necessary, then it should either change its business plan or die, and not have taxpayers pay to keep it alive. There is a huge difference between governments contracting corporations in order for them to build infrastructure and schools, and governments subsidizing businesses (e.g., corporate welfare). He's talking mainly about subsidies.

  • by Rasta Prefect ( 250915 ) on Tuesday November 15, 2005 @04:17PM (#14037545)
    Why Menard's won't do it is beyond me. Home Depot is always around the corner, and we're finally getting Lowe's here as well, in the Midwest.

    Because American Express rewards their customers by charging much higher merchant fees than their competition. 2-22-amex_x.htm []

  • by OneFix at Work ( 684397 ) on Tuesday November 15, 2005 @04:18PM (#14037551)
    Someone in a secure/top secret/classified government network has probably stuck one of these CDs into their machine at some point.

    No, they probably haven't. The kinds of machines that are in these secure environments are locked down big time...most don't even have a CD-ROM attached to the machine. The networks are closed (no direct internet access) and the machines with CD-ROMs/RWs have their lasers aligned differently so as to not be able to be read on a standard of the benifits of purposefuly misaligning the laser that writes the disks to be read in these machines is that you can't just insert a standard CD...

    Yes, contrary to what the media would have you belive, the folks in secure/top-secret/classified government positions are not stupid...
  • by jenkin sear ( 28765 ) * on Tuesday November 15, 2005 @04:18PM (#14037554) Homepage Journal
    Especially since he's already successfully sued the RIAA for "lost" royalties, and served notice (and got a settlement) from Sony BMG on payola...

    Might be an interesting idea for a New York resident to make a phone call to his office...
  • by Guppy06 ( 410832 ) on Tuesday November 15, 2005 @04:20PM (#14037568)
    "I would like to point out that at Sony's size, the different divisions have little or nothing to do with each other."

    They're associated well enough to have the name "SONY" branded on them. Good enough for me.
  • by RsG ( 809189 ) on Tuesday November 15, 2005 @04:21PM (#14037581)
    >I study at last(sic) 40 hours a week the various documents that help me reinforce the views I hold dear to me. ...

    Am I the only one who saw that as a disturbing statement? You spend 40 hours a week, which amounts to having a second job (I'm assuming that you're employed based on your previous statements) reinforcing your own point of view. I've met religious fanatics who don't spend that much time reading their religious scripture. Literally, you claim to be spending more time with whatever literature supports your views than a fundie does with a bible.

    First off, if you wanted an informed opinion, wouldn't reading the opposition make more sense? If I want to know the full story about something, I find info from both sides, I don't just take the side I agree with as automatically infallable. Second, why the need to "reinforce" those things you already beleive? Sounds a bit too much like brainwashing for me - certainly if someone else was shoving their point of view down your throat that's the word I would use.
  • by Starker_Kull ( 896770 ) on Tuesday November 15, 2005 @04:22PM (#14037596)
    About the only way DRM will be tamed (I think, in the long run, it will be eliminated completely, but that will take people completely rethinking intellectual "property" as a lega concept) is if it intereferes or damages an average person's system. That is perhaps the biggest "problem" with DRM - its many failure modes usually screw you out of your content - or in this case, screw up your system. And it's a great, wonderful problem, because all we need are a few more screw-ups like this, and average people will start to associate "DRM" with "Sucks/Breaks" and avoid it like the plauge.

    Go Sony! Do it again!
  • by Anonymous Coward on Tuesday November 15, 2005 @04:24PM (#14037619)
    I assume the other "defect" Sony DRM has is that it competes with Microsoft's DRM technologies.

    Microsoft killing the Sony DRM is really scary from an anti-trust & DMCA violation point of view.

    Here, you have a convicted monopoly destroying the security product of a competitor. And people are saying this is a good thing?

  • by Anonymous Coward on Tuesday November 15, 2005 @04:26PM (#14037639)
    You jest. I've never downloaded a single song and I've always felt that while it wasn't criminal it was immoral.

    I've changed my mind. Sony has destroyed any inhibitions I have against getting it for free from here on in. And I'm not kidding.
  • Re:How to boycott? (Score:5, Insightful)

    by Zathrus ( 232140 ) on Tuesday November 15, 2005 @04:31PM (#14037686) Homepage
    How do those who are active boycotters stick to it? Do you actively pursue telling others, or is it just a "one person, one dollar, one vote" kind of life lead?

    If you actively pursue telling others you'll just annoy them and get labeled as a wacko. So it's pretty much up to you and your money. If the opportunity presents itself to discuss the topic without having to stretch for relevance (e.g. -- a friend/colleage/random stranger complains about a CD not working on their computer or something), then go for it. Otherwise keep to yourself. The only real exception here is demonstrations -- if you can get a reasonable number of people together then you don't look like quite such a loon; instead you look like a group of loons. But at least then you're in a flock.

    As for boycotting Sony specifically -- first, write them a note telling them why you're boycotting and what they need to do to end your boycott. The second part is extremely important -- if you don't give them a method to regain your money, then why should they even bother? And in that vein, it has to be reasonable. I don't expect Sony to never issue non-CDs with DRM. I do expect them to never use this piece of crap again and to fire/relieve from their existing duties any managers that were involved in the approval of XCD.

    Second, try to make sure you don't give them any money. If you want to be strict about it, then only punish Sony-BMG Music. That means no buying CDs from them. If you want to be more liberal then don't buy anything from any Sony division -- no CDs, no DVDs, no movies, no electronics (including PS2 and so forth), nothing whatsoever directly associated with the company. If you want to be even more liberal then don't buy anything that will funnel money to the company -- all PS2 games are licensed, so none of them. Similarly, many movies may use music that's owned by Sony, so start checking those music credits first! And if you want to be a complete whacko then avoid any thing that funnels money to them through cross-licensing, partnerships, and so forth. Given how big Sony is, if you take this route then I suggest you sit quietly in an open field and hope they break before you die of dehydration or starvation (pray for rain and small, harmless furry animals to wander nearby).

    At least send the letter and try to stick to your boycott, at whatever level you choose. They've already done a lot more than I expected by recalling the defective CDs. Now they need to post a public apology (from a Japanese company that's a big deal), post a non-ActiveX method on their website to completely and utterly remove the DRM (and the decloaking junk), and appropriately punish the management involved in this cock-up. That would make me happy at least.
  • Re:What next? (Score:2, Insightful)

    by planetoid ( 719535 ) on Tuesday November 15, 2005 @04:31PM (#14037689)
    I'd prefer to see those responsible put behind bars, for at least two or three years. Every other virus writer, rootkit-using hacker, or other species of malicious computer-diseaser has gone to jail for the same crime -- there's no reason this should be treated any different.
  • Quite the reverse (Score:5, Insightful)

    by Vainglorious Coward ( 267452 ) on Tuesday November 15, 2005 @04:32PM (#14037696) Journal
    I would like to point out that at Sony's size, the different divisions have little or nothing to do with each other. So the same people who make decisions for the music products are not the same people who make decisions at the playstation divisions . From what I hear, there is some pretty intense inside fighting going on between the people who make mop3 players, and the music division.

    That sounds to me like more reason to boycott, not less - the impact is not compartmentalised, but spreads across their entire business. It also gives ammunition to those on the inside who are fighting against the shenanigans. Sony need to get the message that their actions don't just do damage to their CD sales business, they also create a serious dent in the Sony "brand" as a whole.

  • Re:How to boycott? (Score:5, Insightful)

    by Milican ( 58140 ) on Tuesday November 15, 2005 @04:33PM (#14037713) Journal
    Well, I just bought a 32" TV 2.5-hours ago [] at Circuit City. It was between the Sony and the JVC. Both looked good and were at similar price points. Guess which one I bought? Thats right, I bought the JVC. Thats $500 less for Sony. All because of this XCP fiasco. They better wise up and remember that they are in the business of selling music and electronics. Not treating their computers like thieves and fscking up their computers.

  • by NIK282000 ( 737852 ) on Tuesday November 15, 2005 @04:35PM (#14037728) Homepage Journal
    But the RIAA told me that because of file sharing no one bought new CDs any more. Im confused! ;)
  • Excellent (Score:5, Insightful)

    by Anonymous Brave Guy ( 457657 ) on Tuesday November 15, 2005 @04:37PM (#14037742)

    Blockquoth the AC:

    That's a clear DMCA violation.

    Let's hope so. With a bit of luck, this case will demonstrate the idiocy of both draconian copy protection mechanisms and draconian anti-copying laws. If it becomes Sony vs. Microsoft, there will be a big, high profile case with both sides sending zillions of lawyers at each other and zillions of lobbyists at the government, ultimately with no winning option for either side since any outcome will hurt their corporate interests in the longer term even as it protects them in the short term. The government can't suck up to both parties forever, and public opinion is bound to sway against things like the DMCA, DRM, and so on the longer it goes on.

  • by DysenteryInTheRanks ( 902824 ) on Tuesday November 15, 2005 @04:38PM (#14037752) Homepage
    Any further mega-cases would only waste time that he would rather spend campaigning. /cynical

    Frankly, I am glad there are at least _some_ incentives to reward people like Elliot Spitzer who try and force corporations to comply with the law -- because there are HUGE financial incentives for the corporations to flaut the law.

    Maybe you'd like to explain how society should hold corporations in check after it throws away any recognition, title (politics) or money (lawsuits) awarded to those who do so. It seems to me that we should not leave corporate money as the sole remaining incentive or insist that public advocates live like monks.

  • by Eric Damron ( 553630 ) on Tuesday November 15, 2005 @04:40PM (#14037780)
    That we can't hurt Sony by witholding our money so we shouldn't even try?

    If you don't think a boycott is the way to go maybe suggesting something that you think will make a difference would be a good idea.
  • by atomic_toaster ( 840941 ) on Tuesday November 15, 2005 @04:40PM (#14037781)
    Okay, I've fallen for your lines about downloading and not paying for mp3's "taking money away from artists", that downloading is illegal and immoral and God knows what else. Or maybe I've just gotten tired of trying to find a good copy of a song online. Or I might simply prefer to have a high-quality copy of my favorite album(s) so that, if for some reason my computer should crash, I can convert a new copy to MP3 and lose nothing but a little time.

    For whatever reason, I buy one of your CD's, pay the $18 CAD or thereabouts for a new release. But this is the computer age, I don't even own a stereo, so I want to play the CD on my computer.

    The first thing I notice is that the CD is DRM-ed to death so it's a pain in the ass to convert the songs to MP3 format; so much for listening to the music that I've bought on my iPod. (If I live in Canada, I may have also paid for this music twice, once through the purchase of the CD, and a second time through the levy on my iPod as "blank media".) Oh yeah, and for some reason, neither iTunes nor Winamp will play the CD.

    The second thing I notice (because who really reads the EULA?) while researching how to crack the DRM, is that, among other things, if my house is burgled I will have to delete all the mp3's from this disc. (Because, you know, a burglar would spend all that time copying the MP3's from my hard drive instead of stealing the whole damn computer. And man, if I own a laptop, they're just going to leave it on the desk and take my crappy TV instead...) Also, if I don't update the software whenever it prompts me to, I will lose all access to the music that I have purchased. And I can't listen to the music on a work computer, nor can I re-sell the CD that I have just purchased. WTF?

    But then my system crashes, and some virus I can't get rid of keeps me from accessing all the data on my hard drives that I haven't backed up in ages (of course). And how did this virus get on my system? Through a root kit that the Sony CD installed without even telling me it was doing so, thank you very much. ...

    Alright, Sony, now you've shot yourself in the foot. You've basically persuaded millions of CD buyers out there (you know, the people who were actually paying for your product?) that it's easier, safer, and plain old less annoying to yoink MP3's from thier favorite website or file-sharing program.

    Way to go.

  • by spankaroo ( 931300 ) on Tuesday November 15, 2005 @04:42PM (#14037804)
    I don't fully understand why Microsoft comes off looking okay here. Why is it so easy to "patch Windows APIs" and override kernel operations? Why is this common practice? From the original article: "Rootkits that hide files, directories and Registry keys can either execute in user mode by patching Windows APIs in each process that applications use to access those objects, or in kernel mode by intercepting the associated kernel-mode APIs. A common way to intercept kernel-mode application APIs is to patch the kernel's system service table"... Sony did it and didn't think it through - left some bugs, and generally made a lot of people angry and worried... but Microsoft is at the heart of the issue isn't it? Why is it so easy to patch these APIs? Isn't this all just a Microsoft security hole that allowed Sony to make another one?
  • by coinreturn ( 617535 ) on Tuesday November 15, 2005 @04:42PM (#14037808)
    The kinds of machines that are in these secure environments are locked down big time...most don't even have a CD-ROM attached to the machine. The networks are closed (no direct internet access) and the machines with CD-ROMs/RWs have their lasers aligned differently so as to not be able to be read on a standard of the benifits of purposefuly misaligning the laser that writes the disks to be read in these machines is that you can't just insert a standard CD... Yes, contrary to what the media would have you belive, the folks in secure/top-secret/classified government positions are not stupid...

    All I can say is I am in the know with regard to such matters and you are so amazingly wrong it is unbelieveable. There may be EXTREMELY isolated cases of such Machiavellian security measures, but it has been my experience that music CDs are always making it into secured areas and being played on secure machines.
  • Re:How to boycott? (Score:5, Insightful)

    by Esion Modnar ( 632431 ) on Tuesday November 15, 2005 @04:43PM (#14037816)
    People unhappy about a company or a product have much more of a voice

    I recall that a certain popular tax preparation software (TurboTax, that's it!) got into hot water when, in the effort to curb piracy, they started mucking with the customer's boot sector, or some such. (Couple years back.) They ended up retracting their software naughtiness, and doing a profound mea culpa.

    Anyhow, will these companies ever learn that the bad press from borking their customers' computers, will cost them much more than piracy ever will? Sure, they see piracy as a problem to be met with DRM, but they're losing all perspective. Their DRM hammer is leaving holes in the wall.

    Good will is a commodity which is built up slowly over many years, and can be lost overnight.

  • Re:Vulnerability (Score:2, Insightful)

    by freidog ( 706941 ) on Tuesday November 15, 2005 @04:44PM (#14037820)
    Considering the rootkit is installed without owners realistically being aware, doesn't that make it equivalent to a form of worm, virus, or other type of nasty?

    No, it makes it a pieces of spyware or malware, which may or may not yet be illegal. The state of New York (and a few others) have filed civil suits against spyware companies based on existing tresspass and privacy laws.
    The 'I-SPY' act ( a Federal anti-spyware law) as far as I know is still waiting to be passed by the Senate. In fact it's been sitting in the senate judiciary committie since the end of May, so don't hold your breath.

    I'm not interested in jail time so much as making sony pay. The New York state spy-ware law suits were something like a $500 fine per instance of infection - consider the millions of infected CDs Sony sold over the last 18 months, and you can bankrupt Sony pretty quickly. A $50 billion dollar class action law suit - that's a Ford Pinto type situation. I don't think they'll forget the lesson when they're still paying into a settelment fund 25 years from now.
  • by Anonymous Coward on Tuesday November 15, 2005 @04:45PM (#14037827)
    Ain't. Gonna. Happen.

    The skript kiddie, contrary to popular opinon, is a human being.

    Sony, on the other hand, is a multi(b?)illion dollar multinational corporation.

    Guess which one has more rights?
    Guess which one gets more protections?

  • by Guppy06 ( 410832 ) on Tuesday November 15, 2005 @04:51PM (#14037876)
    The difference is that I don't have "pirate" stamped on my forehead. If Sony didn't want to milk its name recognition for every dime it's worth, they wouldn't have "SONY" written on everything they sell. Even if they didn't want to spin off their hardware division, they still could have followed Disney's example of "Touchstone," et al.

    They want to make money on the Sony name, period. If there's going to be a consumer response, then the response should show the industry just what that "SONY" nameplate is worth.
  • by Thad Boyd ( 880932 ) on Tuesday November 15, 2005 @04:51PM (#14037877) Homepage
    Why, Microsoft is fighting this? Wow! Suddenly I find myself liking Microsoft much better than Sony! ... ... ...Say, what's this I hear about a major Microsoft product launch in a field dominated by Sony?
  • by vwp ( 201642 ) on Tuesday November 15, 2005 @04:53PM (#14037895)
    It doesn't say that Microsoft will be circumventing the copy protection software. Just removing it from the PC. The CDs in question will still be copy protected.

    Nice try.
  • Re:How to boycott? (Score:3, Insightful)

    by Total_Wimp ( 564548 ) on Tuesday November 15, 2005 @04:53PM (#14037902)
    Boycotts usually happen to achieve a goal. What is your goal? If your goal is to get Sony to pull the CDs and send a patch then Bravo! your work is done. If it's something else then I'd start with what that goal is and work your way back.

    Possible goals:

    - Better patch
    - Pledge to never do it again
    - Give money to spyware erradication groups
    - Give money to the EFF

    Note that Sony alread seems pretty willing to whatever it takes to make this go away, so I'd stick to the important stuff. If you feel you can make them do something like give $100 to everyone who bought a CD then a) you'll never win and b) you, the protestor, will look like the asshole.

    Remember, boycotts should happen only in extreme circumstances. If they fix the extreme stuff then all you'll have left is the trivial, and thats no reason to go boycotting.

  • by frieko ( 855745 ) on Tuesday November 15, 2005 @04:59PM (#14037948)
    Removing the DRM from the computer means that the CD can then be easily copied by that computer. This is like saying DVD-shrink is DMCA kosher because it doesn't modify the original DVD.
  • by Puhase ( 911920 ) on Tuesday November 15, 2005 @04:59PM (#14037951) e=QT []

    This news story has really only begun to break onto mainstream media and just wait for it to hit the general public. I bet Sony cant wait to have regular Joe Schmoe think that when they buy a Sony CD, they are going to mess up and get a virus on their computer. And just before the Christmas season as well. Average consumers have no was to discern what the real problem was here, the concept of a "rootkit" would probably lead to potato or carrot issues, so they will just blanket Sony products with the "full of bad stuff" stigma. And then just wait for the sales #'s to come in after the Christmas season. This stock is going from bad to worse. Boycotts are fun, but when the guys who own $300 million in stock are getting screwed, then the fun really begins. Seppuku anyone?
  • Re:How to boycott? (Score:5, Insightful)

    by Aumaden ( 598628 ) <.moc.liamg. .ta. .relliM.C.noveD.> on Tuesday November 15, 2005 @05:02PM (#14037980) Journal
    Boycotting Sony BMG will have the same effect as boycotting RIAA.
    "Wah! Our profits aren't humungous!
    No, there's no boycott, its them pirates!
    Find an artist you like who is on one of Sony's labels (there are over 20 labels held by Sony BMG, so you should be able to find something). Take a few minutes to track down contact information for the artist. Now, write them and their agent a nice letter explaining how you really like their music, but are not buying their album because you don't want to risk being infected by Sony's defective copy protection. Let them yell at Sony.
  • You should care, this affects us too! The Sony CDs have Mac Malware as well!

    Perhaps it's time to install Clam (which I just did) and then call Jay Beale and ask him him how Bastille for OS X is coming along.

    I have no idea, is there a malware app like addaware for OS X?
  • by hunterx11 ( 778171 ) <.hunterx11. .at.> on Tuesday November 15, 2005 @05:03PM (#14037988) Homepage Journal
    But you could be against eating turkey sandwiches, and even encourage others not to eat turkey sandwiches, and still want them to be legal.
  • What will work (Score:5, Insightful)

    by SuperKendall ( 25149 ) * on Tuesday November 15, 2005 @05:05PM (#14038020)
    I also agree boycotts will not work. A major reason? Because there's no way Sony can measure what you are not buying. If you can get enough people not buying something it might work, but as the poster said that task is really impossible when it comes to Sony as a company.

    So what will work:

    Litigation. That's a great start because it costs them money they can count (legal fees) instead of four people not buying some Sony product. It looks like this might end up costing them big.

    Harrass customer service. It is not as effective but if a lot of people start consuming customer service with calls, again this costs them a measureable amount of money and also makes the VP in charge of customer service very angry. You want angry people at the same level in the company as the ones who are putting in things like the rootkit.

    The main goal in all this should be to try and make a public example of Sony so that other companies do not do the same thing, and Sony themselves will not want to try again for quite some time.
  • Re:How to boycott? (Score:2, Insightful)

    by thegnu ( 557446 ) <`thegnu' `at' `'> on Tuesday November 15, 2005 @05:07PM (#14038039) Journal
    If you actively pursue telling others you'll just annoy them and get labeled as a wacko. So it's pretty much up to you and your money. If the opportunity presents itself to discuss the topic without having to stretch for relevance (e.g. -- a friend/colleage/random stranger complains about a CD not working on their computer or something), then go for it. Otherwise keep to yourself.

    I disagree a little. I, as a nerd, take it upon myself to say something when people ask me specific advice about a product. That's sort of what people expect of us. If someone asks me about laptops I say, "I like IBM and Toshiba, because the experience I have with Dell and HP shows inconsistency in product quality. Sony sometimes makes great laptops, sometimes they're terrible and unsupported and Sony doesn't care. I don't buy Sony because they put on the market a virus that invades their consumers right to privacy."

    Lots of times it affects people's buying decision and appreciate being told in a non-offensive manner.

    But I don't walk up to people and say, "SS-S-SSO-OO-ON-N-NY'S EVIL!!! AAAHHH!" if that's what you're talking about.
  • by tktk ( 540564 ) on Tuesday November 15, 2005 @05:11PM (#14038077)
    These CDs have been out since mid-2004, according to Sony. Why hasn't this been noticed? Were they all bought off?

    Looking at the list of artists the DRM affects, I'm surprised it was noticed at all. Course, I am biased, I stopped regularly buying CD's about 10 years ago. Now I buy CD's only if I'm at a store, and really bored.

  • Re:How to boycott? (Score:3, Insightful)

    by poot_rootbeer ( 188613 ) on Tuesday November 15, 2005 @05:12PM (#14038086)
    And I believe that is the problem with this rootkit. Sony didn't test it properly. If they had tested it properly and kept it within its own little world on a customer's PC, I don't think the fallout would have been so excessive.


    It's a rootkit.

    It's intended functionality is deleterious to the consumer. Better testing might have made it better, but it could never have made it Good.
  • Re:How to boycott? (Score:2, Insightful)

    by wintermute740 ( 450084 ) <<wintermute> <at> <>> on Tuesday November 15, 2005 @05:16PM (#14038118) Homepage
    "And I actually checked the music CDs I was buying to make sure they were not from Sony."

    I quit buying from RIAA member companies awhile back. I'll listen on the radio, but I haven't heard anything worth buying for a long time. And I station-surf through commercials :P If I do buy music, it's from one of the local unsigned artists who haven't had their sound watered down to what the RIAA wants.

    As for Sony, I am done with them. My last TV was a Sony, but my current one is some German company that I can't pronounce. My Sony stereo has been abused for way too many years. I will not be replacing it with a Sony. My digital camera needs replaced. I'm thinking Canon. My notebook computers are Toshiba, and my desktops are custom-built and Sony-free. As mentioned above, I don't buy Sony-label (or RIAA-label) music. I haven't gone to the movies forever, and my (non-Sony) DVR watches TV for me, and most shows get erased unwatched. I think that about covers it... Well, except for gaming. My last console was an Atari 2600 and I don't do much PC gaming. When I do, it's usually Blizzard. So, Sony, what are you going to do to get my business back? Remove a couple of crappy CDs from store shelves? Not likely to get my business back. They're gonna hafta go through a lot of chapstick to accomplish that!
  • by Anonymous Coward on Tuesday November 15, 2005 @05:20PM (#14038154)
    "it has been my experience that music CDs are always making it into secured areas and being played on secure machines."

    Not anymore!

  • by Frymaster ( 171343 ) on Tuesday November 15, 2005 @05:26PM (#14038238) Homepage Journal
    To me, capitalist is sort of like 'pregnant.' Either you are or you aren't.

    virtually everyone who calls themself a 'capitalist' isn't. to be a capitalist, you must live off the revenue generated by capital you control. i suspect stronlgy that dada21 and others like him actually live by trading their labour to people who are, in fact capitalists.

  • Re:A little harsh (Score:4, Insightful)

    by Todd Knarr ( 15451 ) on Tuesday November 15, 2005 @05:31PM (#14038280) Homepage

    Robert Morris didn't intend his little worm program to spread as widely as it did, but none of the companies and universities whose networks were shut down by the Morris Worm in 1988 cared about intentions. They only cared about the fact that the worm killed their networks. When Sony's software starts playing games with my system I don't care what their intentions were, only what the results are.

  • by RichMan ( 8097 ) on Tuesday November 15, 2005 @05:31PM (#14038283)
    If the CD is a valid music CD and will play in a standard player,

    Why is the operating system trying to run a program from the CD?

    You should be able to set the OS to treat music CD's as music CD's and ignore any other content.

    This is all due to MS advanced features messing the user over. Pressure should also be placed on Microsoft to treat music CDs as music CDs.

    Perhaps a configuration to easily switch between
    1. Play Music
    2. Access any Autorun features
    3. Offer option of 1 or 2
  • by merc ( 115854 ) <> on Tuesday November 15, 2005 @05:40PM (#14038359) Homepage
    I have noticed one aspect from all of this Sony/BMG rootkit fallout that seems to have gone unnoticed; but which I believe is a positive thing:

    Up until now the RIAA trade group has been the front-man for all of the label cartels' untenable activities -- it's never been BMG, Geffen, Warner Brothers, Universal, EMI, et al, suing 12 year old girls and old ladies--noo, it's the RIAA.

    Up until now whenever the consuming masses are outraged, all they have to derive their seering hatred towards is a large anonymous trade association which exists purely to absorb all of that yucky malevolent P.R.

    Finally the pressure is being put on a specific corporate entity who happens to also be an RIAA member, and they will feel the wrath directly. It couldn't happen to a better company (well... okay, perhaps EMI; Bronfman is a real chode smacker).
  • by Guppy06 ( 410832 ) on Tuesday November 15, 2005 @05:53PM (#14038458)
    "Ah yes. An AMERICAN."

    Somebody from Texas does something you don't like. Abroad, everything from Texas or New York or even Saipan is only labelled "made in the USA." Additionally, federal taxes collected from businesses in New York still benefit those folks in Texas.

    Now, would you like to go even further out of your way in the course of your boycott to make sure that you only penalize those businesses from Texas, or do you want to make sure that everybody in the US, regardless of what state they're in, is penalized for allowing Texas to do what it does and helping them to do it?

    Just because there are times when you should ask whether the scalpel or the chainsaw is the best tool to use doesn't mean the chainsaw is always the wrong choice.
  • Re:Excellent (Score:3, Insightful)

    by Em Adespoton ( 792954 ) <> on Tuesday November 15, 2005 @06:20PM (#14038738) Homepage Journal
    Of course, this won't really matter, as the court case will go on for the next 30 years, by which point the outcome will be meaningless as various new bits of statute law will have already been created to deal with such situations. Eventually Sony and MSFT will only have one junior lawyer on the case each, and it won't be covered by popular media at all.
  • by C0D3X ( 300627 ) on Tuesday November 15, 2005 @06:24PM (#14038768)
    So isn't Microsoft violating the law by removing the Sony copy protection software, even though it's buggy and poses a security threat? Even though their intentions are good?

    Should it be a violation of law to circumvent such copy protection schemes, even though they are harmful to the user?
    It's still copy protection software, and they're still removing it.

    Of course I don't think Sony would take Microsoft to court over this since they put themselves in such a bad position -- it would make them look twice as bad.

    I think we finally found the missing link:

    1. Sell a CD with copy protection / spyware or virus in one program
    2. Antivirus will remove the program, circumventing the copyright measure and therefore breaking the law
    3. Sue the antivirus maker for the huge loss of billions of dollars (per second) and the awful personal damages from such a terrible disaster.
    4. PROFIT!!!
  • I believe you're confusing your DRM software -- the software you're talking about is by SunnComm, and those audio CDs are still being distributed by Sony. This software might have its own legal issues, but not in the same class as the Sony RootKit.
  • by slarrg ( 931336 ) on Tuesday November 15, 2005 @06:27PM (#14038800)
    As a programmer, I have felt for quite some time that we need to have a "Programmers Guild" similar to the guilds of Medieval times. In the guilds of yore, the professionals of a craft actively monitored the products of other craftsmen and would punish/train/certify those who performed the craft badly. It has always bothered me that the most inept programmers continue to find work in our industry. Sadly, the only people in the industry who seem capable of evaluating a programmer's ability is other good programmers. The people responsible for this crappy code should simply not be allowed to work as programmers ever again. Instead these people will have a resume that proudly proclaims, "Worked to create high quality software with millions of users for Sony," and the managers they interview with will be quite impressed and put them in charge of more programming projects. For the sake of our craft, we desperately need to create a software programmers' guild.
  • yeah, right (Score:1, Insightful)

    by Anonymous Coward on Tuesday November 15, 2005 @06:30PM (#14038822)
    That's $500 less for Sony assuming...

    1) You're not making this up. This being slashdot, odds are you made this up.

    2) It costs Sony $0 to manufacture 32" TVs

    3) Nobody else in the supply chain wants to be paid, shipping costs nothing, etc.
  • by MrNiceguy_KS ( 800771 ) on Tuesday November 15, 2005 @06:32PM (#14038838)
    I just sent them off an email and I'll call tomorrow when the switchboard is open. I'm sure I'm not the only one. Just remember, be polite and reasonable, and if using email, read over your message before you send it. Don't scream that Sony execs should be shot, just point out that Sony is breaking computer crime laws by damaging the security of thousands of computers. Point out their use of a fraudulent EULA that implies their software can be uninstalled. Mention that, even though they have recalled the CDs in question, the crimes have already been commited.

    I don't think it will help a whole lot if the DOJ gets 100,000 emails that all look like typical /. posts.

  • It's called a Cartel. Just like the diamond merchants do everything they can to restrict the injection of "other" diamonds into the marketplace, RIAA companies restrict the airplay and venues available to new artists. This means that in most cases, if you want to make a living off of your music, you have to sign with an RIAA member, in order to get the startup financing, airplay, and venues that are generally required to become popular. Most artists eventually give up and sign, even if they don't like the conditions of the contract.

    However, with the advent of internet-based human networking (IM, blogs, etc.), this is starting to change. You still can't get the old airplay and venues, but it is now affordable to distribute your music over the internet, using word of mouth to increase demand. Similarly, you might not be able to book the good venues, but with blogs etc., people can find the alternative venues that don't get ad-time in newspapers, on the radio, or on TV.

    So in summary, artists often are victims, but with the new technologies of the last 10 years, more and more artists are able to emancipate themselves and survive.

  • by AngryNick ( 891056 ) on Tuesday November 15, 2005 @07:26PM (#14039382) Homepage Journal
    Sony will choose to ignore this violation of their DMCA rights. What's funny is that, assuming M$ offers the removal tool to all Windows users (as opposed to secretly whacking the rootkit with the next SP), then the users will be in violation of the Sony EULA []...the same EULA that says you must delete the licensed materials from your computer if you declare bankruptcy or fail to install updates to the rootkit(see Article 9, paragraphs 2 and 3).

    New sig:
    Days since my last Sony purchase: 602

  • by Nkwe ( 604125 ) on Tuesday November 15, 2005 @07:39PM (#14039510)
    While everyone is whining (rightly so) about what Sony has done, why is there not obvious and loud whining about what Microsoft has done? How come by simply inserting a disk into a CDROM drive, Windows will read the disk and automatically execute code as a privileged user? The Sony DRM stuff is evil and hooks into and hides at the kernel level. It is more evil that kernel level drivers are automatically installed by Windows by the mere insertion of media with no user interaction or confirmation. There is no excuse for this.
  • by SuperFuse2 ( 931369 ) on Tuesday November 15, 2005 @09:18PM (#14040176)
    Sony has a habit of wanting to control everything. Betamax, Memory Sticks (manufactured exclusively by and for Sony), UMD, blue ray, the PSP, even the new PS3 will have the ability to control all of your media on the machine. The only thing they have learned over the years is that for new technologies to catch on, you do need the support of the other big dogs. What Sony recently learned is that they are going too far in their attempts to "control" their consumers.
  • Re:Excellent (Score:4, Insightful)

    by Mad_Rain ( 674268 ) on Tuesday November 15, 2005 @09:18PM (#14040177) Journal
    The government can't suck up to both parties forever

    I believe you underestimate the federal government.
  • by Al Dimond ( 792444 ) on Tuesday November 15, 2005 @10:56PM (#14040665) Journal
    IANAL but I'm betting the EULA would be struck down as unenforceable. Of couse, that would only happen if Sony tried to enforce it, and Sony seems to be in full retreat mode over this whole fiasco right now.
  • by GnarlyNome ( 660878 ) on Tuesday November 15, 2005 @11:43PM (#14040909) Journal
    Do you honestly think that the same laws will be applied to Sony in the same way that the law would apply to you
    Five dollars says that *no* sony executive will spend any time in jail
  • by uncoveror ( 570620 ) on Wednesday November 16, 2005 @12:01AM (#14040976) Homepage
    The problem with free market theories is that they advocate the law of the jungle and the law of the land being the same. That flies in the face of civilization itself. Under such a system, big tigers get the meat, and small ones starve. Might is right. Humanity never would have needed civilization if that had worked.

    Capitalism as an economic theory has its attributes and flaws, but capitalism as a religion is the worst thing ever foisted upon humankind. If you let "do as thou willst be the whole of the law" in business, you give businessmen a license to rob and loot. Guess what. They will use it. Bowing before golden calves called "competition" and "the markets" is all anarcho-captalism is, and libertarianism is basically the same.

  • by MBraynard ( 653724 ) on Wednesday November 16, 2005 @01:02AM (#14041242) Journal
    Your completely wrong in every possible way.

    Capitalism is the savior of the third world. It works every time it's tried. Just look at the Asian tigers.

    You should really sit down with some Ayn Rand. I'd even offer to buy a book or two for you if you'd read it. I'd recommend Capitalism: The Unknown Ideal.

"Never face facts; if you do, you'll never get up in the morning." -- Marlo Thomas