Sony Settles With FTC Over Rootkits

The FTC has struck a deal with Sony punishing Sony for the rootkits it included on millions of CDs in 2005. The deal is exactly like the Texas and California settlements — $150 a rootkit. The settlement isn't final yet. There will be a 30-day public consultation. American citizens who read Slashdot might want to put in their two cents. Comments will be accepted through March 1 at: FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580 (snail mail only). Here is the FTC page announcing the settlement.

What about OS????/

[threeofnine]

I am an Aussie, this means nothing to anyone outside the USA, it would be good to see Sony pay US$150 to everyone they infected with their shite.

Re:

[gbobeck]

I really wish that part of the settlement would have included a provision where the executives of Sony BMG would get one swift kick in the ass for each installed copy of the rootkit.

Re:

[bcraigen]

I was under the impression that these CD's were only sold in America??

Re:

[grimJester]

This site [doxpara.com] has maps of the spread of the rootkit. It looks like they were sold in the US and western Europe, with stray copies spread around the wordl.

This gives me an idea!

[grimJester]

I can't download zips at work, but would the linked application [nyud.net] still work for mapping out how widespread the infection still is more than a year after the initial spread?

If nothing else, it would make for pretty pictures to show in court.

150? If by 150 you mean 150ml

[Cocoshimmy]

How about 150ml of the Sony CEO's blood per rootkit. If they run out, then start taking blood from the rest of the executives in a hierarchical fashion.

How About...

[Anonymous Coward]

How About you realise that this is Sony BMG - e.g. a partnership between Sony and Bertelssman. The rootkit would have been 100% BMG's idea. The CEO of Sony has gone on the record as saying he thinks online music sales are too expensive and should be close to the 25c mark.

Re:How About...

[ObsessiveMathsFreak]

The CEO of Sony has gone on the record as saying he thinks online music sales are too expensive and should be close to the 25c mark.

What a great guy. Going on record saying what he sees as fit instead of actually running the company the way he sees fit.

Why are they even paying this man?

Re:

[Anonymous Coward]

Why are they even paying this man?

Because he doesn't run the company as he sees fit.

If he did, the shareholders would fire him. That, incidentally, is why corporations are more evil than any individual.

Re:

[asb]

What a great guy. Going on record saying what he sees as fit instead of actually running the company the way he sees fit.

He does this because Sony does not have an on-line music retail business and therefore he has nothing he could act on. He is simply trying to smear iTunes and music selling mobile operators.

Re:

[Rycross]

I'm sure Sony's PR department is grinning from ear to ear that people are falling for this shit.

Listen.... it doesn't matter that they're separate departments. Its. The. Same. Company. Saying "Oh its just the music department, all those other departments are ok," is just a cop-out. At least be honest that you don't really care.

Re:

[Anonymous Coward]

Yay, more Intarweb stupidity...

Listen.... it doesn't matter that they're separate departments. Its. The. Same. Company. Saying "Oh its just the music department, all those other departments are ok," is just a cop-out. At least be honest that you don't really care.

You seemed have missed some fundamental facts. IT'S NOT THE SAME COMPANY! IT"S NOT A DEPARTMENT! IT'S A SEPARATE COMPANY! There's a *reason* it's called "Sony BMG" instead of "Sony Music Entertainment" (here's a hint, Sony doesn't own all of i

BS

[missing000]

All those companies are subsidiaries of Sony Group.

If Wal-Mart split off the shoe department as Wal-Mart Shoe Company but still controlled it, it would still just be the shoe department.

Re:

[DemoFish]

In Soviet Russia...
Rookits take YOUR blood.

Re:

[mpe]

How about 150ml of the Sony CEO's blood per rootkit. If they run out, then start taking blood from the rest of the executives in a hierarchical fashion.

Since Sony are ment to be in the entertainment business how about a "reality show" where viewers can vote for which executive gets fed to the vampire...

Re:

[Dersaidin]

Well... don't just post it here, send your suggestion into the public consultation!

Re:

[GringoCroco]

From wikipedia

Originally, the only symbol for the litre was l (lowercase letter l), following the SI convention that only those unit symbols that abbreviate the name of a person start with a capital letter.
In many English-speaking countries, the most common shape of a handwritten Arabic digit 1 is just a vertical stroke, that is it lacks the upstroke added in many other cultures. Therefore, the digit 1 may easily be confused with the letter l. On some typewriters, particularly older ones, the l key had to be used to type the numeral 1. Further, in some typefaces the two characters are nearly indistinguishable. This caused some concern, especially in the medical community. As a result, L (uppercase letter L) was accepted as an alternative symbol for litre in 1979. The United States National Institute of Standards and Technology now recommends the use of the uppercase letter L, a practice that is also widely followed in Canada and Australia. In these countries, the symbol L is also used with prefixes, as in mL and L, instead of the traditional ml and l used in Europe. In Britain and Ireland, lowercase l is used with prefixes, though whole litres are often written in full (so, "750 ml" on a wine bottle, but often "1 litre" on a juice carton).
Prior to 1979, the symbol (script small l, U+2113), came into common use in some countries; for example, it was recommended by South African Bureau of Standards publication M33 in the 1970s. This symbol can still be encountered occasionally in some English-speaking countries, but it is not used in most countries and not officially recognised by the BIPM, the International Organization for Standardization, or any national standards body.

so Europeans that use "l" instead if "L" are American, you say ...

Re:

[Anonymous McCartneyf]

"By the way, since when does the US use SI units?"
On 2-liter bottles, and on products that we hope to export to Canada or Mexico. You'd be surprised.

Re:

[Arancaytar]

> Apple, Nintendo

I deny that that is the case! I bash Apple and Nintendo as vigorously as the others!
Now if you'd said Google...

----

(This, for the unaware, was an attempt to be +1 Funny, not -1 Moron.)

Drawing parallels

[rumith]

According to the FTC, the software also exposed consumers to significant security risks and was unreasonably difficult to uninstall.

Hmm. Perhaps they would fine Microsoft too, based on this exact reason? ;)

Re:

[Anonymous Coward]

When we'll see malware using Vista DRM "features" so even a user with admin privileges won't be able to get rid of it, maybe we should seriously consider that question.

Could malware use Vista's DRM functionality?

[babbling]

Most of the Vista DRM that we hear about involves applications requesting from Vista that the quality of audio/video be crippled unless the user has special DRM hardware and special DRM ("signed by microsoft") drivers installed. It's difficult to envisage how that functionality could be useful to malware, but there also must be more to Vista's DRM than just that. If it were nothing more than I just described, someone wanting to crack the system could disassemble the application being used to play DRM-encumb

Re:

[Anonymous Coward]

Yes, exactly. A virus that makes that request any time audio or video is played, and makes it multiple times. Your system would be ddos'ing itself and anything you hear, and any video you watch, would be of degraded quality. Oh crap, probably shouldn't have given them the idea for their next rootkit...

Save your reciept ?

[Joebert]

Under the settlement, Sony BMG must allow consumers to exchange affected CDs bought before 31 December 2006, and reimburse them up to $150 (£76) to repair damage to their computers.

I understand why stores require reciepts to return stuff, but when it comes to CDs which are non-returnable once that plastic wrap is taken off, who the hell bothers to save the reciept ?
How are they going to know when the CD was purchased ?

Re:

[zlogic]

These things could sell pretty well on eBay - buy a $75 rootkit CD and sell it to Sony for $150!

Re:

[poser101]

I immediately searched eBay for affected CD's after reading this post. I'm finding it somewhat hard to determine which were "original" rootkitted CD's and which ones are the newer non-rootkitted CD's. If I knew for sure, I would buy a bunch and make some money. Someone should mod parent up.

Re:

[jimicus]

Don't know about the US, but here in the UK if a product is not fit for its purpose, you are entitled to a refund/replacement (at your discretion, though some stores don't know that bit), and it doesn't matter whether or not it's been unwrapped. You just have to return it in a "reasonable" timeframe. Technically you don't even need a receipt, but it can save arguments at the counter.

The biggest problems I've had returning things have been when the item was technically fine - it met the manufacturer's spec

Re:

[GrenDel Fuego]

> How are they going to know when the CD was purchased ?

Well, considering these CDs were pulled from the shelves quite some time back, I think it's safe enough for them to assume that if you have a rootkit version of a CD, you bought it before that date.

Re:

[scottsk]

"How are they going to know when the CD was purchased ?" -- sure, and how would the RIAA know ANY CD had been legally purchased if they accused you of piracy? No one saves receipts for disposeable items like that. Could you prove to the RIAA that you legally own all the CDs you have?

Re:

[Anonymous McCartneyf]

We are speaking about shiny plastic discs here.
If you did not legally purchase a shiny plastic disc, and it was not given to you by someone who did, then either you shoplifted--in which case it's a case for the cops--or the person you bought it from is a "pirate"/bootlegger, and the RIAA should go after him & his presses.

Re:

[HiThere]

I suppose they could start shipping a COE like many software companies do, but that's always struck me as silly anyway.

It's more than just silly, it's deceptive. The BSA won't accept COE's as proof of authenticity. If you read the paperwork that comes with the software carefully, it will tell you what you need to preserve as proof, and it's not always the same. (Sometimes it actually is just the COE and the sheet of paper it comes on, other times it's something else, or some combination of items.)

What le

how does this multiply out?

[acidrain]

Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque? Because I imagine those are entirely different numbers. Also, for those who would like to see Sony hurt worse for this, do remember that that this is more than enough. Any company pulling a stunt like that again will be ignorant, not unconcerned.

So when are desktop OS's going to come installed inside a secure virtual machine OS that is capable of detecting rootkits and possibly doing a little extra scanning on the side? That is long overdue.

Re:how does this multiply out?

[Don_dumb]

Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque? Because I imagine those are entirely different numbers.

I wonder how many people have these CDs and dont even realise that their CDs are or have been infected? This did make the mainstream media, but wasn't a huge story. I imagine there are thousands of people who still have no idea.

Wouldn't a better punishment be that Sony is made to stand up and publicize (using such mediums as MTV) the particular CDs that were infected and educate people as to how they can protect against malware. - It openly damages them to those who aren't aware about this (thereby acting as a deterant for anyone else thinking about doing somthing like this), informs the masses as to the lengths DRM goes to (generating more widespread disapproval for DRM) and helps to fight malware through educating the yoot.

Re:

[Fredge]

The list of affected albums [sonybmg.com] is available on the internet.

Instructions for uninstalling [sonybmg.com] the rootkits are also on the internet.

I think most people who would really care about DRM issues already know about the Sony rootkit incident.

Re:

[CastrTroy]

But what about all the other people who don't really follow the tech news. They still have a rootkit on their computer. I remember when the news came out, there was nothing on the news that 98% of the population would listen to. Only stuff on geek sites like slashdot. I bet most people are completely unaware it even happened.

Re:

[Don_dumb]

That's exactly what I mean, it's the people who don't care that Sony should be owning up to.
They might begin to care if they realise how far this can go.

Re:

[High Hat]

Can you say Vista on TCPA?

Only it comes with its own Rootkit called DRM...

Re:

[Secrity]

That is $150 per infected computer. I don't even want to get into what you will probably have to do in order to prove that you got infected. How many people won't even know that they have been rooted?

Re:how does this multiply out?

[Professor_UNIX]

How many people won't even know that they have been rooted?

This sounds like the perfect opportunity for one of those chain e-mail letters to be circulated. "Have you played any of these Sony CDs on your computer? If so you're entitled to $150. Pass this along to 5 other people or you will die tomorrow!"

Re:

[mpe]

Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque?

The number of infected PCs may well not tally well with the number of customers or the number of CDs. Some customers may have bought more than one infected CD and each CD can infect an arbitraty number of PCs. e.g. if it was bought by a lending library a single CD could have infected hundreds...

Re:how does this multiply out?

[theckhd]

Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque?

It's not even that simple, FTFA [ftc.gov]:

As part of the settlement, Sony BMG will allow consumers to exchange CDs containing the concealed software purchased before December 31, 2006 for new CDs that are not content-protected, and will be required to reimburse consumers up to $150 to repair damage that resulted directly from consumers' attempts to remove the software installed without their consent. Sony BMG is required to publish notices on its Web site describing the exchange and repair reimbursement programs.

It's a reimbursement for costs incurred while trying to repair the damage done. I presume this means you would need a receipt from a vendor or service company that removed the rootkit for you. I doubt Sony will award the full $150 to you if you removed it yourself.

Meanwhile, RIAA wants $750 per song...

[Zaatxe]

Isn't that a little unfair?

Re:

[grimJester]

Yes. The damages of $750 up to 125k per count of infringement were supposed to be that horrendous to discourage the practice. $125k per infringement would be a more reasonable punishment, not only because $150 is probably not worth the trouble of collecting, but because a single user rootkitting a Sony server would never get away with only a $150 fee.

Re:

[SolitaryMan]

single user rootkitting a Sony server would never get away with only a $150 fee.

Doesn't this set some kind of precedent, so users now can get away with $150 per rootkit too?

IANAL, so I'm asking seriously.

Re:

[delinear]

Probably not, the $150 is likely based on the estimated cost of repairing the damage done by the rootkit, or the cost for removal by a professional at any rate. If you were to rootkit a server then the potential for damage and cost of removal are likely to be much higher. If you were to rootkit individual machines then this would probably be assessed on the basis of the machines in question.

What is most annoying about this is that it requires the injured party to be pro-active in claiming the money, and f

Re:

[freedom_india]

If the GeekSquad charged me $550 to repair my computer, would Sony BMG pay the higher of the amounts?
What makes Sony say they can pay only $175/-? Who estimates it would take only that much?
FTC Should not have settled at all. They should have charged Sony with criminal trespass, and jailed the CEO.
if i write a rootkit and distribute it inadvertently (because my GF burned it to CD??), would FTC settle? Heck, i would be in Gitmo after being "renditioned" to Syria!
So if you are a corporate, all you get is a se

Re:

[mpe]

if i write a rootkit and distribute it inadvertently (because my GF burned it to CD??), would FTC settle?

The "inadvertently" bit would be tricky, in order for things to work the CD has to be mastered such that Windows automatically executes the malware when someone trys to play the disk. You need to do a few more things that just putting an executable on a data track.

Heck, i would be in Gitmo after being "renditioned" to Syria!

Or your GF or both of you...

Re:

[egypt_jimbob]

You need to do a few more things that just putting an executable on a data track.

Yes, you need to add one file called autorun.inf with two lines in it:

[autorun]
open=myrootkit.exe

Re:

[cdrudge]

a single user rootkitting a Sony server would never get away with only a $150 fee. Well, you probably could get more money back by firing the admin that was playing a CD on a server.

Re:

[laughingcoyote]

Actually, the $750 per song is for unintentional infringement. This action was obviously intentional and profit-motivated, the statutory damages in that case are $150,000 per infringement...which would be pretty good, I bet that would actually discourage them from doing this again, as opposed to this garbage settlement, which will have roughly the deterrent effect of fining you or me fifty cents.

Re:

[mpe]

Actually, the $750 per song is for unintentional infringement.

Even that is a highly inflated figure. Actual "loses" are under 10USD, possibly under one.

This action was obviously intentional and profit-motivated, the statutory damages in that case are $150,000 per infringement

Part of the reason to have such massivly inflated figures is to ensure that the amount of money involved is high enough for law enforcement to take an interest. With something like spamming, even when it involves outright fraud, t

Re:

[Technician]

Meanwhile, RIAA wants $750 per song... Isn't that a little unfair?

Yes, Sony is getting ripped off big time. Filesharers are simply getting $750 per title shared, not $750 per copy someone else recieved from him.

Sony is not getting charged $750 per song on the DRM CD. They are getting charged $150 for everyone who picked up a copy of the same set of songs from them. How unfair is that? I think they would love to have to pay $750/song for each of the CD titles they distributed regardless of how many copie

Not bad

[Anonymous Coward]

The terms of the settlement actually seem pretty good for the consumer. You can claim up to 10 times the price of a CD for damages, you can exchange existing CDs for unencumbered ones, and Sony has to deal with the embarrassment of advertising this fiasco on its website. And more importantly, this will hopefully send enough of a message to other DRM providers and users to make them pause before throwing more malware into their products.

The only thing I'd like to see added onto there is a clause requiring So

Re:

[Don_dumb]

The one change I would like, is for this to be labelled 'Malware' 'adware' or 'virus concealment tools' because barely anyone outside this site has any clue what a 'rootkit' is, to the public, this is just some "techy thing". Mention virus and people will take notice, they might not bother to protect themselves against them but they certainly know what viruses are. This would have had a different reaction form the public if they understood the issue.
Sometimes the IT world just doesn't make its case clear in

Re:

[MrNiceguy_KS]

I definitely agree about this being labeled Malware. Sony should be required to make a detection program available that users could run to see if their system is infected, and provide information to antivirus vendors so that it can be added to their detection signatures. They should make it's removal part of the next update to Microsoft's "Malicious Program Removal Tool" or whatever it's called.

Also, their player program that shipped with the rootkit CDs had a 'phone-home' function that loaded a banner

Re:

[danzona]

You can claim up to 10 times the price of a CD for damages

This would be generous if Sony had damaged a CD. But Sony damaged a PC, something that generally costs 100 times the price of a CD.

While I don't think Sony should have to buy everyone a new PC, I do think Sony got off light.

Re:

[HiThere]

This is a REALLY lousy settlement. Rootkits are dangerous, and this one is even more dangerous if removed according to the instructions that Sony first provided.

Most people who got rooted don't know. Were I to guess at a percentage, I'd guess around 93% of those infected don't know, but I might be underestimating it. This means that any settlement that doesn't require Sony to actively track down those still infected is a poor settlement.

Imagine that a company created a disease organism, and planted it in

By that rationale...

[GapingHeadwound]

From TFA

The US regulator said the anti-piracy software wrongly limited the devices on which music could be played to those made by Sony or Microsoft.

Hmmm... no mention whether Vista or other Microsoft operating systems will come under fire of the same arguement.

Re:

[EzInKy]

Hmmm... no mention whether Vista or other Microsoft operating systems will come under fire of the same arguement.


I doubt it. Microsoft has made it pretty clear that their software will be monitoring and controlling its users activities.

Re:

[grimJester]

Hey, your comment actually made me RTFA. Congratulations!

The proposed settlement requires Sony BMG to clearly disclose limitations on consumers' use of music CDs, bars it from using collected information for marketing, prohibits it from installing software without consumer consent, and requires it to provide a reasonable means of uninstalling that software.

From the summary, I thought this was about the rootkit, not the DRM functionality it was meant to protect. Why does the settlement require things tha

Banning things which are already illegal

[h2g2bob]

Quite - installing software without consumer consent is pretty much the legal definition of computer hacking. If I was to do that, I'd go to prison. If this is what they did, why isn't Sony's execs in prison?

Re:

[MightyMartian]

Because the average hacker isn't buying hookers for pathetic Congressmen.

Re:

[Anonymous McCartneyf]

That's what I getting for skimming the fine article.
The settlement requires things that the law requires to prevent Sony from grandfathering this sort of thing in. Sony rootkits had been known to install even when you clicked "No."
This settlement is both better and worse than I thought:
On the one hand, apparently this will cost Sony $150 per proven wrecked computer + one non-rootkitted CD per rootkitted CD (when you consider how highly the RIAA valuies songs, that's a major price for them)+ "change your

Comment removed

[account_deleted]

Comment removed based on user account deletion

If someone in their basement pulled the exact.....

[Anonymous Coward]

....same thing, their asses would be in the slammer in no time. Sony souldn't be treated any different. This was a computer crime, plain and simple.

Re:If someone in their basement pulled the exact..

[jimicus]

Yes, but Sony is a company and this is the USA.

All the rights of an individual with hardly any of the responsibilities.

How much per song can the RIAA get away with?

[Karem Lore]

I want THAT, per song on the CD that contains the rootkit...

Karem

So if I'm reading the settlement site correctly...

[Telephone Sanitizer]

Without a receipt for repair services the most that you can qualify for is $25 dollars, at their discretion.

If you removed the unlawful hack yourself, no matter how much pain and suffering it caused, there is every probability that they will compensate you exactly nothing.

(I mean nothing but the opportunity to exchange your defective CD for a slightly less defective one or a DRM-laden download.)

I think the kicker is that this is one of those fancy federal consent-decrees -- like the one that was used to "break" the Microsoft monopoly way back when. They agree not to be such meanies and in exchange, they receive total immunity from prosecution on any related federal charges and all state laws that conflict with the federal decision are automatically superseded.

I'm so glad that the feds are looking out for me. With punishment like that, Sony surely KNOWS they've been naughty. It's certain that they won't do anything like THAT again.

The REAL point of a class action lawsuit

[elrous0]

Here's a little breakdown of how class action suits *really* work:

• Suing lawyer gets $5 million
• Corporation gets protection from individual lawsuits
• Consumer gets a meaningless coupon

-Eric

Re:

[bigpat]

Suing lawyer gets $5 million

And that would make me happy in this case, seriously, Sony should burn for this who cares if people get reimbursed for damages. The victims of hackers rarely get reimbursed. The "damage" isn't the problem, they purposefully hacked into millions of people's computers to harvest personal information for profit. $5 million dollar fine would at least be a start regardless who saw the money. Far better people have gone to jail for doing much less.

Claim form help?

[Kredal]

The claim form you need to fill out for recompensation is at this link [sonybmg.com].

One of the questions is as follows:

7. Briefly describe the type of harm / damage / problem you experienced and the steps that you
took in response:

What kinds of problems, other than the pain of removing it, did people have? Was any actual damage done? Did anyone's computer get taken over? I'm just curious what a valid response would be to this, for when I fill out the form.

Apparently some did get taken over

[Moraelin]

Sony's rootkit didn't just cloak itself, but everything else that knew how. And I think there was at least one trojan which used just that. And I think Sony's first attempt to "fix" it actually created a security hole of its own. So, yeah, the damned thing was a security risk, not just an inconvenience.

Plus, I don't know, I think the very act of installing a rootkit on someone's computer pretty much qualifies as "taking over" by itself. If someone installed a rootkit on your machine, I'm guessing you'd be a

Re:

[sponga]

Excuse my ignorance but didn't it have to do with Trojans latching on to the key '$' sign or something to make the program run in stealth mode without being detected?

Software relicensing costs

[alandd]

A legally blind friend found that the Sony rootkit, when finally removed, triggered the licensing checks of his screen reader and accessibility software. He had to pay some hundreds of dollars (forget the exact amount) to the unsympathetic accessibility software makers (a whole other issue) to relicense so he could use the computer. Then, he had to re-install all his MS Office and other software to re-register them with the screen reader software.

Total cost to him: $140 for the removal service and $200+ t

tell them

[zogger]

That's the kind of stuff that needs to go to the FTC comments on this case. Encourage your friend (and he to any of his friends who might also have gone through the same deal) to write in what happened to them. This, in his case now, became part of accessibility laws, he is being discriminated against because of the extra cost and hassle of having to use that particular software, yet the settlement makes no provisions for that. Use that angle.

Understatement of the year...

[Panaqqa]

According to the FTC, the software also exposed consumers to significant security risks and was unreasonably difficult to uninstall.

Huh? "Reasonably difficult"? This damned thing broke Russinovich's [technet.com] machine, and he had to use several utilities he developed himself to get rid of it by looking deeper into the Windows OS than I think Microsoft ever intended (or wanted) anyone to look. How many /. denizens would have looked for this little gem using named pipes [wikipedia.org] to communicate?

"Difficult to uninstall"? Right...

Re:

[Panaqqa]

So it was a typo. Everybody makes them. Some are worse than others :(

I Chooose a Better Punishment

[N8F8]

I'll never buy something from Sony again until they change their anti-consumer practices.

Re:

[l0b0]

Ditto, except the last part. Sony won't see another dime from me. It's not like this was some kind of minor slip; I believe it shows the company's opinion of customer rights. Some trust is just too fundamental to break.

Re:

[MyNameIsEarl]

When I purchased my $2000 HDTV on Thanksgiving weekend last year I did not even consider Sony when making my comparisions. I went with the Sharp Aquos.

Re:

[MrNiceguy_KS]

I agree 100%. Sony will never see another dime of my money. I remember reading their early public statements once this was discovered. The only thing they ever "apologized" for was the potential security risks. It was quite clear to me that they feel it is 100% OK to install rootkits on peoples' computers, if they can do so without leaving security holes. They obviously believe that their music is so precious that they can do whatever they want to keep people from copying it.

Re:

[eMbry00s]

That's nothing to them. Voting with your dollars is a good way to make people forget the one vote per person thing. Thankfully America hasn't voted per dollar, and instead have made themselves a court system to handle these cases properly.

Re:

[Is0m0rph]

I'm the same way. May not make much of a difference but I won't buy anything Sony again and I haven't for quite a long time.

Re:

[cparker15]

Same here. Normally, I don't actively participate in boycotts, but this is one I plan to stick with. I refuse to give Sony any more of my money after this stunt. I managed to get all of my relatives to cancel their BMG mailorder accounts, too, in light of this debacle. I've had to make several electronics purchases since the cat was let out of the bag, and I've completely turned a blind eye to Sony products. Because of this, I've also avoided anything related to Sony products. I've been a loyal PSM [psmonline.com] subscrib

Two cents

[Bob54321]

American citizens who read Slashdot might want to put in their two cents.

No, thats all wrong. Sony is supposed to pay out...

Wonder who really gets to pay...

[ray-auch]

What's the betting that cost of this gets passed onto artists as deductions from royalties ?

Artist monthly statement:

Sales: $$$
Gross royalties (tiny%): $
Deductions:

      [ blah blah blah ] $$
      DRM legal costs $$
      [new this month]

Net Royalties: -$$$

[NB: you won't have to pay us because we're nice like that, we'll just carry it forward]

I have an idea for compensation

[badenglishihave]

How about a free PS3 instead? Oh wait, that would just introduce more Sony problems into our lives. Whoops.

Re:

[blueZhift]

How about a free PS3 instead? Oh wait, that would just introduce more Sony problems into our lives. Whoops.

Naahh, if you got a free PS3 you'd just be induced to run out and buy a Sony HDTV so that in the end Sony would still make money on the deal [proliphus.com]. They wouldn't learn a thing!;)

Damn them anyway!

[Anonymous Coward]

Sony's rootkit (which my teenaged daughter installed; damn it I had autoplay shut off for a reason!!!) cost me the price of an SB Audigy since I couldn't find sound chip drivers, and XP since my video card mfg didn't have Win 98 drivers for download. Around $200 plus an afternoon of my time; reinstalling W98, then going to Circut City and installing XP (three fucking times - it didn't like my CD burning software and had a popup on boot saying XP had disabled it, but XP wouldn't let me uninstall it because it had disabled it. Then it updated my networking drivers which disabled the internet. Great product that XP).

After being yelled at for ruining my computer, she broke the CD and threw it away, and I've lost the receipts for the SB and XP.

I think a more fair settlement would have been to just have Sony give $500 to every man, woman, and child on the planet, and have its CEO spend as much time in a US federal assrape prison as anybody who would have done this to Sony's corporate computers would have, after being caned in Singapore. Then when he was released from US prison, have the Chinese execute him and bill his family for the bullet.

If you work for Sony in any capacity at all, I hate your fucking guts. Please die and take your God damned company with you.

Sorry for the rant.

Re:Damn them anyway! Don't be Sorry

[Nom du Keyboard]

Sorry for the rant.

Don't be. You earned the right to it.

Now if your computer is old enough to be running Win98 (mine is as well), consider it's time to upgrade. Try to get XP installed by the factory, since you'll likely like Vista even less, and give the old computer to the daughter. After that, if she stuffs it up, it's her problem, not yours.

How much they should actually pay

[Kwesadilo]

Sony BMG should have to pay each infected person the amount of money that it would take to replace their infected system plus the money they lost from not being able to pull all of their data out of the fire. For the average user, this malware probably made their computer totally unsalvagable, so this seems reasonable.

Grrrr Rrrrr Aaah-Oogah!!!

[Nom du Keyboard]

(Subject Title is from the Dilbert Desk Calander for 1/28/2007)

So it took them this much longer to achieve exactly the same settlement, lawyers billing their time all along the way. That's government in action for you.

Blame engineers, not just CEOs

[MobyDisk]

Lots of people talk about blaming the CEOs for this type of behavior. But as a programmer, I think of the people who actually implemented this. Somewhere, there is some employee or contractor who wrote a rootkit for Sony. Maybe a few people. And somebody was paid to make an ISO image containing music tracks and a rootkit. I would love to know what they thought when he made that ISO image. Did he call his boss and say "Hey! There's a rootkit on here!" or not? How about the team of testers who had to

I'm just happy to know that

[unborracho]

I'm just happy to know that even though I never bought one of the millions of CDs that included this rootkit, at the end of the day, sony loses $130 for every CD sold with it. Honestly I think it should be more, but between that, the battery recalls, blue-ray, the shoddy PS3 sales, I think it's time for new management in Sony and they really need to turn themselves around as a company. In my mind right now, they are worse than Microsoft.

So does this mean...

[h4ck7h3p14n37]

That if I get caught planting rootkits on peoples' computers that it's only going to cost me $150 per offense, with no jail time?

Some Sony executives should be serving time. Isn't planting a rootkit on someone's machine a felony in the US?

Re:Vaginas for Jesus: Nice real nice, REMOVE IT

[Anonymous Coward]

This kind of shit shouldn't be just marked 'offtopic', it's spam and spam should be deleted. This goes also for the first post idiots and the goatse boys.

These are part of the answer why most internet publicists don't allow the public to comment the news. Which is a shame since some readers do have something interesting to say.

Re:

[Technician]

I put goatse in my hosts file. It doesn't show up anymore.

I know, offtopic.. just feeding the trolls.

Re:

[eMbry00s]

You just got trolled, man. People are just going to continue doing that shit until you stop responding in ways they find hilarious (that is, at all - they want to waste people's time).

Re:

[HiThere]

Why? If you don't like it, browse at level 2 or 3.

I'll grant that it's a bit crude, but many teens, esp. geeks, have been treated rather roughtly in the name of J.C., and aren't clever about expressing their anger. Their JUSTIFIED anger.

Personally, I feel that church should be totally separated from state. Meaning NO TAX BREAKS!! I consider powerful organized religions to be socially harmful. I'm only against outlawing them because any law I can think of that would do the job would have even worse soci

Re:

[Adambomb]

Because avoiding jail time is expensive, and how many individuals have deeper pockets than even an average sized corporation?

Sad, but true.