Sony Settles With FTC Over Rootkits

The FTC has struck a deal with Sony punishing Sony for the rootkits it included on millions of CDs in 2005. The deal is exactly like the Texas and California settlements — $150 a rootkit. The settlement isn't final yet. There will be a 30-day public consultation. American citizens who read Slashdot might want to put in their two cents. Comments will be accepted through March 1 at: FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580 (snail mail only). Here is the FTC page announcing the settlement.

Save your reciept ?

[Joebert]

Under the settlement, Sony BMG must allow consumers to exchange affected CDs bought before 31 December 2006, and reimburse them up to $150 (£76) to repair damage to their computers.

I understand why stores require reciepts to return stuff, but when it comes to CDs which are non-returnable once that plastic wrap is taken off, who the hell bothers to save the reciept ?
How are they going to know when the CD was purchased ?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:What about OS????/

[bcraigen]

I was under the impression that these CD's were only sold in America??

How About...

[Anonymous Coward]

How About you realise that this is Sony BMG - e.g. a partnership between Sony and Bertelssman. The rootkit would have been 100% BMG's idea. The CEO of Sony has gone on the record as saying he thinks online music sales are too expensive and should be close to the 25c mark.

So if I'm reading the settlement site correctly...

[Telephone Sanitizer]

Without a receipt for repair services the most that you can qualify for is $25 dollars, at their discretion.

If you removed the unlawful hack yourself, no matter how much pain and suffering it caused, there is every probability that they will compensate you exactly nothing.

(I mean nothing but the opportunity to exchange your defective CD for a slightly less defective one or a DRM-laden download.)

I think the kicker is that this is one of those fancy federal consent-decrees -- like the one that was used to "break" the Microsoft monopoly way back when. They agree not to be such meanies and in exchange, they receive total immunity from prosecution on any related federal charges and all state laws that conflict with the federal decision are automatically superseded.

I'm so glad that the feds are looking out for me. With punishment like that, Sony surely KNOWS they've been naughty. It's certain that they won't do anything like THAT again.

Re:Not bad

[Don_dumb]

The one change I would like, is for this to be labelled 'Malware' 'adware' or 'virus concealment tools' because barely anyone outside this site has any clue what a 'rootkit' is, to the public, this is just some "techy thing". Mention virus and people will take notice, they might not bother to protect themselves against them but they certainly know what viruses are. This would have had a different reaction form the public if they understood the issue.
Sometimes the IT world just doesn't make its case clear in a public issue and loses out as a result.

Claim form help?

[Kredal]

The claim form you need to fill out for recompensation is at this link [sonybmg.com].

One of the questions is as follows:

7. Briefly describe the type of harm / damage / problem you experienced and the steps that you
took in response:

What kinds of problems, other than the pain of removing it, did people have? Was any actual damage done? Did anyone's computer get taken over? I'm just curious what a valid response would be to this, for when I fill out the form.

Could malware use Vista's DRM functionality?

[babbling]

Most of the Vista DRM that we hear about involves applications requesting from Vista that the quality of audio/video be crippled unless the user has special DRM hardware and special DRM ("signed by microsoft") drivers installed. It's difficult to envisage how that functionality could be useful to malware, but there also must be more to Vista's DRM than just that. If it were nothing more than I just described, someone wanting to crack the system could disassemble the application being used to play DRM-encumbered media, remove the DRM-requesting code, and then happily use unsigned drivers to collect the decrypted audio/video. This suggests that there must be some way in which Vista prevents tampering of such programs.

If Vista prevents tampering of programs, that would certainly be useful to malware. It could even make it immune to virus scanners. If an arbitrary program (aka a virus scanner) can be used to circumvent the DRM, that would make the DRM rather useless too, wouldn't it?

I'm speculating a lot. Could anyone who knows specific details shed some light, please?

I Chooose a Better Punishment

[N8F8]

I'll never buy something from Sony again until they change their anti-consumer practices.

Re:Could malware use Vista's DRM functionality?

[Anonymous Coward]

Yes, exactly. A virus that makes that request any time audio or video is played, and makes it multiple times. Your system would be ddos'ing itself and anything you hear, and any video you watch, would be of degraded quality. Oh crap, probably shouldn't have given them the idea for their next rootkit...

Re:how does this multiply out?

[theckhd]

Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque?

It's not even that simple, FTFA [ftc.gov]:

As part of the settlement, Sony BMG will allow consumers to exchange CDs containing the concealed software purchased before December 31, 2006 for new CDs that are not content-protected, and will be required to reimburse consumers up to $150 to repair damage that resulted directly from consumers' attempts to remove the software installed without their consent. Sony BMG is required to publish notices on its Web site describing the exchange and repair reimbursement programs.

It's a reimbursement for costs incurred while trying to repair the damage done. I presume this means you would need a receipt from a vendor or service company that removed the rootkit for you. I doubt Sony will award the full $150 to you if you removed it yourself.

Banning things which are already illegal

[h2g2bob]

Quite - installing software without consumer consent is pretty much the legal definition of computer hacking. If I was to do that, I'd go to prison. If this is what they did, why isn't Sony's execs in prison?

Damn them anyway!

[Anonymous Coward]

Sony's rootkit (which my teenaged daughter installed; damn it I had autoplay shut off for a reason!!!) cost me the price of an SB Audigy since I couldn't find sound chip drivers, and XP since my video card mfg didn't have Win 98 drivers for download. Around $200 plus an afternoon of my time; reinstalling W98, then going to Circut City and installing XP (three fucking times - it didn't like my CD burning software and had a popup on boot saying XP had disabled it, but XP wouldn't let me uninstall it because it had disabled it. Then it updated my networking drivers which disabled the internet. Great product that XP).

After being yelled at for ruining my computer, she broke the CD and threw it away, and I've lost the receipts for the SB and XP.

I think a more fair settlement would have been to just have Sony give $500 to every man, woman, and child on the planet, and have its CEO spend as much time in a US federal assrape prison as anybody who would have done this to Sony's corporate computers would have, after being caned in Singapore. Then when he was released from US prison, have the Chinese execute him and bill his family for the bullet.

If you work for Sony in any capacity at all, I hate your fucking guts. Please die and take your God damned company with you.

Sorry for the rant.