Slashdot Mirror
RIAA/MPAA Contractor Deploys Malicious Adware Trojans
RichardX writes "Overpeer, the organization responsible for seeding many peer to peer networks with damaged, corrupt and fake files has now found a way of hiding spyware and adware inside Windows Media files by using a DRM loophole and is using this technique to further pollute p2p networks." Several readers sent in a PCworld article on the same subject.
exactly are they getting away with this?
I'm not the devil.. just his advocate.
Isn't that blatently illegal?
"Remember, there never were pineapple-almond cookies here."
The failed buisness model bullying is starting to shoot itself in the foot. Hopefully enough average user will get this and complain loud enough to get the media involved.
High that explains why that Jessica Simpson song I downloaded suddenly made my head explode. :-)
It seems to me the contractor could be sued for such stuff. Intent of the person downloading is irrelevant.
Hack it so that it sends out complaint emails to RIAA and DOSes the RIAA website. Also make it crawl and fill out any RIAA forms on the website. Use random algorithms so they can only statistically cut down on the traffic.
Why aren't the police doing anything about it?
If they can do it, so can any hacker/cracker/virus writer. That's a good enough reason to never touch DRM inflicted Microsoft media files.
- For the complete works of Shakespeare: cat
why people trust wmv files when this can happen. Combine it with some ie security holes and you got a real problem. It'd be pretty easy to create a p2p wmv worm that infects the entire network.. no?
-- these are only opinions and they might not be mine.
It seems anyone the least bit concerned about DRM/sharing/etc wouldn't be using windows media anyway.
Sweet informative mod.
This should be the last straw to all the fire sharers out there.
People should stop taking such a passive stance to all the criminal acts commited by the MPAA and RIAA. Fight fire with fire.
Quell surprise.
This proves once again that you can't out-evil the major recording industry. Do something bad to them and they will do something worse to you. Only now it's the customers at the shit end of the stick and not just artists. Hell, Satan probably attends seminars on reprisal given by these folks.
US Democracy:The best person for the job (among These pre-selected choices...)
One more reason not to use Windows Media. How many do you need?
Serves people right for downloading a Windows media file anyway.
Why use WMA files?
How hard is it to simply stick to MP3s? I avoid WMA files like the plague. Even if there is an exploit for MP3s, I doubt it would be effective on all clients.
No, I don't trust in god. He'll have to pay up front, like everybody else.
Another reason to avoid the P2P clients for getting music and videos. Get legal and stay out of trouble by avoiding the P2P clients. A weekly virus- and adware-scan also helps.
...I'd think these people should be prosecuted to the fullest extent of the law. ;)
After all, two wrongs don't make a right, no?
SNACKS ARE AWESOME
Now your DRM can be used a weapon against you, how do you feel about that?
~ I am logged on, therefore I am.
It would be pretty funny seeing someone suing the MPAA for infecting their computers. After all, there're laws for that matter.
PS: Stuff like this is why i stick to stream formats like MP3, with no extra bullshit.
Going to one of her concerts is like watching those old 50's nuclear tests where they put soldiers in the desert 10 miles away from ground zero just to see what happens.
...But I digress. TREMBLE PUNY HUMANS!ONE DAY MY SPECIES WILL DESTROY YOU ALL!
People and companies that see their lucrative source of income starting to dwindle get desperate. Desperate companies (SCO) and organizations (RIAA, MPAA) make drastic moves, and those drastic moves are always overhanded.
record companies employ illegal tactics to enforce their view of the world, expecially when they think they see recognizeable dips in their revenue. Nevermind that they're not actually losing money - the perception of loss is all it takes.
right now they're saying to themselves (as justification for illegal activities) "desperate times call for desperate measures".
These are not desperate times, and those are overly-desperate measures. They're weak, and owned by the music, not the other way 'round.
...stay away. If it ends in .iso, .mp3, or .bin let it in. Oh, yeah, and don't use Kazaa.
it's certainly not news, but still..
can't wait till some judge's pc is infected this way and he wins a nice multimillion doller settlement
Shocked I say.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
I know! When I trade so called "illegal" files on p2p networks, I have .wma files filterd out. Good thing too! DRM is nothing but a disease IMO.
Which, I'm certain, will outlaw all malware except that used to punish people infringing on copyrights.
does anybody realize that this is a form of spamming?
The problem is that the only people with standing to make a legal complaint about this practice (i.e., sue them) are people who have downloaded the files and had damages caused to them from the spyware being installed.
However, at the same time, said people are admitting in court that they downloaded (or attempted to download) media for which they didn't hold the copyright.
One possible way around this is if someone already has purchased the CD/DVD and wanted to download a copy so they could archive the original (because they have CD/DVD hardware that couldn't rip the original to disk). Of course, this idea has not been tested in court, and would probably be a protracted and expensive battle to fight.
A copyright holder's agent (RIAA) offered it for download. Perfectly legit I would say.
"Isn't that blatently illegal?"
The Golden Rule: He with the gold, makes the rules.
Any sufficiently advanced influence is indistinguishable from control.
"just deserts for people who illegally trade copyrighted works for free" They could use these philosophy in other crimes -Distribute needles with diseases in order to deter drug use -Land Mines near borders to deter illegal immigrants -Cars that breakdown if they go over 65 and require expensive repairwork to fix I wonder why these ideas havent been thought these before.
I've never used Windows Media anyways.
I expect my music files to contain only music.
Web Design Tips
If not, who really cares? I mean...I shouldn't say that....this is probably very illegal, and I hope they get the crap sued out of them (thats one class action I wouldn't mind being a part of), but the reality of "the scene" is that 99.9% of all movie files transferred on the internet are in .avi format encoded with divx, so this will make the company some money from the **AA's, and do practically nothing, like everything else they've done.
Buy Steampunk Clothing Online!
to call attention to Internet sites that don't distribute DRM-enabled music; to artists and bands that offer their work freely online, and other entities that produce great music, video and other artistic content that aren't mercinary about controlling it and the lives of their fans.
Personally, most of the content that people want to restrict rights to sucks so bad, it's no big loss if they clamp down. I keep hoping that the more the record companies try to curtail the distribution of their crappy content, the more attention will be made to indy bands who make much better music and can't get any airplay.
Every time one of these stories runs, there should be a URL Role Call of great sites featuring artists who aren't interested in propping up the obsolete music distribution mafia.
All we need is a laywer that will take this on as a class-action thing.
Shut these bastards down... Once and for all.
---- Booth was a patriot ----
is mplayer and it runs as 'nobody', so nyah. Not that I would ever use Kazaa or anything...
...and I got a pop-up ad for a locksmith who also sold Vioxx.
exactly how does damaging the LEAST format downloaded on the net, affect the overall downloads??
Which versions of Windows Media format are affected?
They just raise the anty with stunts like this.
Makes one WANT to download as much as you can..Just out of principle...
Then perhaps send them a cd or two of what you got, as a nice 'thank you' gift.
---- Booth was a patriot ----
However, they do have all right to do this in some respects. They are putting up crap on a P2P network, just like any other idiot. Still, what gets to me is the system in general. When a lone hacker writes a virus, he gets jail time. When a corporation writes a virus...
But then, what should P2P users do? If they're so serious about P2P, they'll either take the risk or find a new way of sharing files that finds the trojans and whatnot.
Although really, I'm suprised the government isn't stepping in right abou... Wait, nevermind.
Marc Morgenstern, Loudeye vp and general manager of digital media asset protection, characterized Overpeer's actions as, "just deserts for people who illegally trade copyrighted works for free,"
Mr. Morgenstern's mindset is provincial. p2p networks span international borders. In Canada, downloading music from p2p networks is explicitly legal regardless of its origin. Thus, within Canada Mr. Morgenstern is promoting punishment of people who are not breaking the law, but merely going against his beliefs.
In Canada, those who attempt to punish people who haven't broken the law are called vigilantes and criminals. They go to jail when caught.
When is spyware a virus? Don't ask your average anti-virus vendor. When I tried to nail down Sophos on this issue they were evasive - to say the least.
If this trojan is killed by an anti-virus program, is it securing your machine or committing an illegal act? I had this very discussion w/Sophos' techs. I had just cleaned the VX/2 trojan out of a computer - and it took HOURS of work to get it fully out of there. I sent a sample to Sophos and they told me that it was legal adware.
My question was obvious: What methods are allowable for adware, and how is that any different than a virus/trojan.
VX/2 was installed on one of my workstations here through a fault of the OS (unpatched at the time). It installed itself without permission. It left no way to uninstall it. It attempted to shut down Adaware and resisted any attempts to kill it.
So.... THIS ISN'T A VIRUS? Then what the hell is?
And so, overpeer's actions come as no big surprise to me. And I have no doubt that the anti-virus people will continue to turn a blind eye because of their FEAR of a lawsuit.
Damnit, don't we PAY THEM to protect us against this sort of thing?
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
assuming the court will accept evidences obtained in illegal manner, of course. That will not stand half an hour.
No, really. It's like peeing in your own pool. You need DRM in order to sell music to people and to "control the rights". But at the same time, they're using DRM to attack people who are outside the system. So it kind of makes you feel unsafe about using DRM in the first place. Life is better outside of the DRM system.
BTW, I remembered the option for something like "automatically download rights management software" when installating Windows Media Player, what, 10 is it now? I hesitantly clicked yes. Now that I've done so, I can't find an option inside of the program to say no. Odd.
The amazing thing to me is that you're *still* all the same fucks. Five or six years and you assholes haven't changed anything but handles? You're the same people with the same enemies, the same hangouts, the same bullshit posts. Over and over and over and over. One would think some would come and some would go, leading to *change*. But no. You're the same fucks who clearly don't have jobs or a life. I mean, if you were kids by now you would have finished college, taken jobs, grown up, and maybe had kids of your own. I mean, what the fuck! I'd ask, where do you find the time... but... well... I guess I know *that* answer. Light up another bonghit, buddy... you're gonna need *something* for that 'everyday life' boredom trolls and other slackers must face....
I say sic the Fed on them, and their employer!
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
At some point, a virus writer or malicious hacker will redirect traffic to spread virus. Or they'll employ the same method and spread virus via P2P networks. Since most P2P users are accustomed to thinking fake music files come from MPAA, they will blame the MPAA for the damaged computers. Then lawsuits will come up. Whatever the outcome, this will focus media attention on the Draconian tactics of the MPAA and MS's DRM security weakness. Perhaps this will turn even more public opinion against them and put pressure on our lawmakers to do something. Wishful thinking? Probably but there's also a chance...
EvilCON - Made Famous by
Hmmm... Isn't there supposed to be some anti-Spyware/Ad-ware legislation in the works?
If so, how long until that goes MIA?
Insert Sig Here
Ah. Found it. Under the privacy tab, towards the top. The checkbox is "Acquire licenses automatically for protected content". Uncheck. I'm assuming that'll take care of this attack.
What many of you seem to fail to realize is that the purpose of this has nothing to do with actually damaging computers. Rather, what the recording industry is trying to do is stop people from using P2P. And they do this through fear. That's why they do the suing (your chances of getting sued are minimal, but plenty of people get scared and stop downloading). Now, plenty of morons (for who else would this tactic work on?) will hear that downloading music can give you viruses and adware - rumors will fly wildly.
At least, that's their hope. We'll see whether it works.
You are right about what the market will bear, but what's not talked about is all the licensing of music that goes on. Satellite music providers like Muzac, DirecTV, DISHnetworks, XM, Sirus and movies/TV programs needing music bring in big bucks to BMI/RIAA/Univeral, etc.
The RIAA isn't going to go out quietly. If every single person today stopped buying CD's, the most that would happen would be the last remaining Fye's and Sam Goody's would be closed - an event likely to happen anyway. Meanwhile, the licencing revenues generated for almost 80 past years continues to add to their coffers.
The RIAA can't/won't be stopped until the gov't steps in, and with all that money involved, it's no surprise that we're all the industries' bitch and 'loving' it...
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
...for me at least.
I'm sure as word of this spreads, other people will shun the format as well. Why does Microsoft always put these gaping security holes into their software? Sheeeesh...
I'm sticking to open formats that can't infect my computer.
Makes me wonder about what happens on a Linux box when you play these.
Both Xine and MPlayer use native Windows DLL's for playing some wmv files.
I'm guessing nothing happens, still this provides motivation for Mplayer and Xine to write their own versions.
Don't use windows media. If I search on a P2P program and the only result I get is a windows media file, it's probably the wrong thing anyway. I almost always download MP3s. I'm guessing this is talking about polluting WMA's in particular since putting 600mb faulty WMV files would probably be a bit easier to detect, especially if you're like me and check on things when they download. Plus, in my experience, I see WMV more than WMA. So just avoid windows media files and you're safe...for now.
If you don't want someone to copy something, don't give it to anyone.
Comment removed based on user account deletion
This is pretty old and not a 'binary-payload' issue with WMA files, more of a good old IE flaw. Windows media format has the ability to launch a web-page from a media file (i think it actually forces IE, not your default browser which is a violation of the anti-trust crap). Obviously this is just an instruction in the file and a patch could pretty easily turn it off, once the page is opened (in our favourite browser) the skys the limit. You could also disable this by filtering all windows media files through some program that took out the call, if anyone knows of the program or file format that would be cool?
Obviously no one with any know-how actually uses this format, but sometimes the file you want is in it, just be sure to play WMV/A files offline until you find a patch for Windows media player.
This comment does not represent the views or opinions of the user.
Isn't that blatently illegal?
You mean like...piracy?
I love that people question the morality of the RIAA's actions yet don't turn that moral eye towards...the pirates they're going after! Weird, huh? How one thing gets a complete pass, but when the copyright holders try to protect themselves, suddenly they're bad guys. That's because this website has become a pirate haven.
If Bill Gates found out about this, he could file a lawsuit against the MPAA/RIAA
and would love to know who's picking the class action suit up, cuz i want in :)
-dk
Dream with the feathers of angels stuffed beneath your head.
That's correct, isn't it? The RIAA is *publishing* their works on a P2P service. I bet a valid argument could be made in court there.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
I don't. I switched to Linux and stopped paying their ... I can't say extortion money, because I don't know that they write the viruses that they protect you against. But I don't know that they don't , either.
I do note that in the early days anti-virus programs were free, and many of them were quite sophisticated. E.g., I remember one that check-summed every application when it was installed, and warned you if the check-sum changed. (And allowed you to flag certain applications as self-modifying without disabling it's capability wrt the others.) And that was a FREE program. Just TRY to find the equivalent free program now!
(Mind you, that program would warn you, but it wouldn't protect you. So you had to keep your backups current.)
I think we've pushed this "anyone can grow up to be president" thing too far.
Stop using Windows Media files (or are they also talking about XVid, DivX, et al?)
At what point is it supposed to be obvious that a file you are downloading is copyrighted material. There is non-copyrighted material that is legal to share and copy. How, exactly do you *know* when you have done something that violates a copyright holder's rights?
Heavy handed doesn't begin to describe it. By this reasoning, only criminals download the music and movies. Never mind if they already own the CD, they're still criminals and deserve to have their computers messed with. I know a lot of people, myself included, will go out and buy a CD if it has a few tracks that I like. Now, the music industry wants me to buy the CD to find out or listen to five second clips of one or two tracks. I want to download the whole CD, listen to it once or twice, and then make my decision. So what happens when I start downloading shit that doesn't work, ane EVERYONE on the node has that copy? Well, I forget about that CD and move on to something else I can think of that sounds good. I mean, what if you walked into Wal-Mart, and everything in the store was sealed in white boxes. These white boxes have a price, a one-line description, and that's all. You ask if you can see one of these products, and they refuse, citing intellectual property laws. So when your help walks away, you open the box in a dark corner just to see if is what you want, and a goddamn cobra springs forth from the box and bites you. Same thing.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
1. don't steal or give away things that don't belong to you without permission from the rightful owner
2. if Windows Media format is being exploited with a trojan, then don't use that format
3. take a few minutes to write to your representative and explain why the behavior of Overpeer (if true) should be made illegal. mention how many computers are taken over by hackers and used for p2p--so that innocent computer owners can be victomized by Overpeer's trojan.
A virus is:
--Jargon File, via FOLDOC
VX2 is evil, but if you pay any attention to what the word virus actually means, you might notice that VX2 is not one.
...if not allowing Windows Media Player to ever access the internet (I've got it blocked by a firewall) will keep the malicious content out. I never let WMP phone home for any reason, and I always block it when it tries to access any DRM server.
Are there any simple tools out there for stripping these "features" from WMV files?
I am not familiar with al laws, loopholes and such, but one story comes to mind, and I wonder if itcould work here.
Digital - I download Music Ass infected DRM file; ruins my computer (however it may); I sue and win?
Real life - people break into houses, fall and cut themselves on a knife or the glass they broke to get in the house, then THEY sue the homeowner and WIN. They were physically stealing, yet still win a court battle on the saftey of the house they broke into???
See what I'm getting at?
-turtled
This plainly doesnt make sence. If the government goes after hackers for planting trojans and adware; hacking, why does the RIAA get away with planting trojans and aware it's self? If they wish to do that, then why do they stop hackers and not the RIAA? It's the same thing, just different people. With this downloading thing with all these torrent sites going down and all, I wouldn't really get too worked up about the torrent sites. I would get worked up about the sites that have all the cracks and cd keys. 'Cmon, where do you think the people who host these torrents get the keygenerators, serials, and cracks? They get them from crack sites! Just a few thoughts about that.. I still think it doesnt make sence though.
There's no place like 127.0.0.1
n.
The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.
How is what the **AA are doing (hacking into music downloaders' computers and installing malware to further their cause against piracy) any different?
If this is the way they think they must do business, lets give 'em h*ll!
The Hacker's Guide To The Kernel: Don't panic()!
This wouldn't effect well-established piracy geeks.
It will effect the home user who's scuffed up their originals, found that their DRM keys are unrecognised after an upgrade, and want to download a new (quite legal!) copy.
Anti-piracy measures or not, this seems like both a very unnecessary and dastardly way to go about it: the pirates won't get caught out, but the mostly harmless (snrk) home users will. Home users won't know where the spyware came from, so they won't be scared out of piracy.
It seems like glib, sneaky profiteering to me. They want the money from somewhere, and infecting the vulnerable is a way to get ads clicked.
How can it be that a company with security as its number one priority produce a format (WMV/A) that contains, on purpose, holes that let such things happen when it is suppose to replace formats that are free (as in beer and speech) and suffer no problem (see ogg vorbis). All this in a technology that is supposed to protect us (DRM). In fact we can clearly see that it protects MPAA and RIAA rather than customers. Is this a new? Obviously not. Neither DRM nor xxAA could pretend to serve public interest.
Such tactics show how low they can go. I wish it is criminal to act like this. If I look at it, I see a mix of SPAM, spyware and virii/worm.
MPAA, RIAA, DRM, WMV, WMA, Windows, etc. acronyms I would not touch a 3 meter pole.
for laughs in colleges on friday nights alongside "reefer madness" and the more ludicrous "reds under your bed" government propoganda films.
My rights don't need management.
But it has been around a bit.
I've downloaded WMV files before that say "you must update your DRM to play this". Or you have to acquire a key. Then they send you to a website that lets you get the key.
It was used as adware on eMule/eDonkey months ago.
Obviously you give away your IP addr when you do this.
Solution: only download MPGs.
Which is kind of funny, I wonder if it would make DRM less palatable to the general public if it can be subverted to corrupt people's computers like this.
1. Destroy own business
2. You know..!
3. Profit!!!!
http://slashdot.su/
http://www.pcworld.com/news/graphics/119016-n_1229 04_ads3b.jpg
The pic of the after-effects in the PC World article shows the file they tried to play as "Paris Hilton CD1." So they're even spreading this crap with ambiguouslty titled files that imply the content is a non-MPAA porno anyway?
Or PC World faked the picture. I wouldn't put the former above the MPAA, though.
If there was an install package to deliver it, the same package should clean itself up completely. Anything an uninstaller "leaves behind" should be considered "poopware", and is eligible for cleanup by a security program. That includes registry settings, COM objects, new versions of system DLLs, empty directories, everything.
This would actually have a positive effect on software vendors. If their uninstallers weren't thorough, they'd get on the anti-virus companies' bad list; and no reputable company wants their software to be associated with a virus.
Microsoft could do this automatically if their System Recovery tool took a checkpoint the first time a "new" program added a "new" registry key, tried to add a key in the systems portion of the registry, or tried to add a new file in any of the system directories. It wouldn't be that hard.
John
Let me get this straight...
I can't use IE due to security bugs so I use Firefox.
I can't use WMP due to the DRM probably/actually being exploited so I use Media Player Classic.
I don't use office due to bloatware etc so I use Open Office.
I dare not use SP2's lame firewall so I use Sysgate.
I don't use MS's Java engine, I use Sun Java
I also need to use AV software (AVG) and a spyware detector (Ad-Aware).
And MS just dropped passport support due to lack of interest.
That leaves me with what exectly?
Direct X. That's it. I pay good $$$/£££ for an OS only to replace all but one of the parts that I would use with free alternitives.
Seriously, WTF is going on here? All it needs is an Direct X exploit and it's game over for the entire OS (the parts that I use that is).
Who the fuck calls it "P-to-P"? I counted that three times in the linked article.
I've seen both "peer-to-peer" and "P2P" but never "P-to-P".
You mean something like MSAV?
http://www.easydos.com/msav.html
There are 1.1... kinds of people.
The problem is that the difference between a trojan and legit adware is that legit adware is backed by a company that can sue an anti-virus company. The two can be identical in every other way.
There was nothing trollish about the parent post. All it did was put forth an idea that some might disagree with. That is not the reason to mod someone down, and if you do so because of that, you are a fascist.
IANAL, but I thought you had to have a license agreement to install Spyware? If Overpeer is doing this and installing stuff on my computer without my knowledge, can I sue them for purposely infecting my machines and bill them my time for fixing them? MY fee will be $1 more than the amount I get sued for. Perhaps I was just confused. Perhaps I didn't know that Alisha Keys (or however you spell it) was an international superstar protected by copywright law... maybe I just thought the title of the song was catchy so I downloaded the file and got fucked in the ass by an evil corporation infecting my PC that I have to pay a computer store to fix. Yeah, the RIAA/MPAA will be even more popular for this move. Popular enough for a counter attack for sure.
You create your own reality - Leave mine to me.
...I'll be seeing the headline "RIAA/MPAA execute p2p users gangland style".
Servers see in increase BitTorrent's ports.
I've just had it with the blatant abuse and illegal actions the overly greedy Scrooges in Hollywood.. I have never downloaded any illegal software before, I have always used opensource and been devoted to it, I have used torrents to get my fix of linux distros but in 2 hours 5 minutes it will be 2005.. and I think this is a good a time as any to start giving some payback.. I will no longer buy music.. buy dvds and accept any form of restrictions.. if they are gonna keep selling me products they are going to have to start being honest instead of just renting it out at full price and calling it a service to the public.
It would seem to be that a company that has historically taken a bearing over security would want to close any "DRM loophole" as quickly as possible. But, with them wanting to get the MPAA and RIAA onboard with their DRM schemes, those things would seem to conflict.
I'll be interested to see their reaction. Looks like the proverbial rock and hard place to me.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
Agreed. It's a trojan. So what makes it different than Sub7 and Back Orifice?
The same nonesense about "their terrorists, our freedom fighters" some decade or two ago in Central America, Middle East, etc. In the end the "accomplishments" by both sides are equally bad...
ELOI, ELOI, LAMA SABACHTHANI!?
This should be the last straw to all the fire sharers out there.
People will pirate no matter what. They're not pirating because of some moral stance against the RIAA, they're pirating because they're getting shit for free that they normally have to pay for.
People should stop taking such a passive stance to all the criminal acts commited by the MPAA and RIAA. Fight fire with fire.
Criminal acts...you mean like copyright infringement? What are the MPAA and RIAA doing so wrong by protecting themselves? They are in the legal and moral right here. People are violating their rights as copyright holders.
This vitriol toward them is based entirely on justifications made in people's minds to paint THEM as the bad guys ("those evil corporations") so that they no longer feel like guilty thieves.
What's most interesting, is that the artists who create this material that's getting ripped off, who should be the BIGGEST factor in this equation, are often the smallest, and in fact are rarely mentioned.
Why don't you e-mail John Carmack sometime about his reaction to piracy, or to Doom 3 being the most pirated game in history with up to $1.5 million lost the weekend before the game's release? I have e-mailed him. His answer may surprise you.
I won't expect this to get modded up because this website has become sympathetic to pirates, not objective discussion.
The one thing that I find strange about this story is that try as I may, I can't seem to find any information from the "usual" security sources about exactly how this works--as far as I can recall, bugtraq and full-disclosure haven't touched these. Moreover, the only articles about this are the p2pnet one and the PC World one--and the former appears to be derived from the latter.
Both articles are also oddly vague--"security experts" are mentioned, but no specific names dropped, and there are no technical details given at all.
Can anyone provide independent confirmation of this? In particular, if you have details of how one can embed executable code in a wma or provide a sample of such code, please send them my way via brendandg [at] colby.tjs.org
A quick read says that the files open web pages where the person can click and install spyware....
It is not auto installing anything.....
Stop stealing music and movies. No one is entitled to entertainment, it doesn't matter if you can afford it or not. of course, this is going to get modded down by the /. crowd that thinks the world owes them a living and expects everyone to give them everything for FREE, then turn around and say that "Socialism is evil, abolish all social programs. True /.ers pay top dollars for their hardware, but, if there was a way to copy hardware illegaly, similar to copying audio and video, then the fucktards would be doing that as well.
/.ers anymore is that they are nothing more that spoiled brats that want everything handed to them even though it takes from soneone elses earned income, yet when one single penny is taken from them, they turn Libertarian and want all social programs abolished. Talk about a bunch of spoiled hypocrites. If that's all /. is anoymore, /. can go to hell.
The problem with
Let's throw the Patriot Act, and the DMCA in a cage and let them fight.
Hopefully, Two Go In, NONE come out.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
You need to meet more Windows users. You'd be suprised what you find.
Cause I think there's some good 'ol class action gumbo on the burner!
Go ahead and call me unreliable; reliable is just a synonym for predictable.
The RIAA/MPAA are doing this to try and stop pirates from illegally downloading their files? Do they really think anything but porn is encoded to WMV? (or.. so I've heard anyways). The pirates who are up to date could go on downloading whatever they want without ever coming across a virus/worm/adware/whatever because they simply don't use wma/wmv. all the music I see on bittorrent is ogg/mp3/flac/mpc/wav and /avi/mpg/vob/ogm/mkv.
This sort of stunt will only motivate people to pirate. They're not hurting an innocent little company when they pirate, they're ripping off a shady company that will resort to under-handed tactics. This will only drive more pirates into doing it even more, and feeling good about it. All they've done is remove the guilt from pirating.
(Not that they haven't been using under-handed tactics before, just now moreso, and they've lowered themselves to spammers/virus writers in the process).
Fsck 'em, bring on the torrents.
Who downloads WMA files over p2p anyways?
This is stellar. We'll punish the people who have NO CLUE what they are doing on Kazaa, like an 8 year old girl who hears at school that she can listen to brittney spears on her computer if she gets Kazaa (Its not like its any more illegial to her than watching MTV is), instead of the guys hosting tens of thousands of songs that actually read slashdot.
I guess thats big business for ya...
(1) Thoroughly piss off your customer base and discredit yourselves.
(2) ???
(3) Profit!
Who are you, by the way? Just curious as to why this guy would have a vendetta against you.
Sounds like the same kind of thing, though this one looks a bit more difficult to use (not sure, though, that might just be the documentation).
It definitely ISN'T the same one, as the one I was remembering was for the Mac. But I take your point, such things still exist. My counterpoint is that they don't seem to have been developing. (Probably partially because they weren't GPL. That seems to be almost a prerequisite for non-commercial software. [I know that's a drastic overgeneralization, and there are other licenses, but BSD, e.g., started *before* Linux did and is currently trailing.])
I think we've pushed this "anyone can grow up to be president" thing too far.
However, at the same time, said people are admitting in court that they downloaded (or attempted to download) media for which they didn't hold the copyright.
All they are admitting is that they downloaded a file and got malware installed by the RIAA. Perhaps they were not aware the music was copyrighted. There's plenty of bands I don't know about.
I can't tell by looking at a filename if I'm downloading a signed artist or a local group just trying to promote itself. And P2P isn't just used for copyright infringement, so the fact I used Kazaa to get the file doesn't implicate me.
Even the fact it's a nationally recognized band doesn't prove anything. I have an mp3 file of U2's "Beautiful Day". It is NOT stolen. It was downloaded from Interscope's website back when they were promoting All You Can't Leave Behind.
But the record industry can't deny they're ruining people's computers with their files. Is a single download mistake justify a computer being wrecked and the user perhaps loosing data?
Also, given that Microsoft's loophole is making all this possible, and the RIAA is exploiting that loophole. Since it is now a recognised error M$ either will have to fix it (putting an end to the music industry's little scheme) or they could be named as co defendants in any lawsuit that might arise from this (but then, IANAL, and there is that pesky EULA with 'at your own risk' clauses).
But I decided to actually go try to check it out. It looks like there isn't a general crime of intent, so there might actually be a good defense there.
Of course, the RIAA could just include the song in it and then you would be infringing, but then you could argue that they were distributing it which constiuted implicit permission to download.
Actually, in my experience it doesn't work as intended.
I have encountered a few protected DRM files which didn't actually required any license - They just opened a webpage... And I have had this unchecked ever since I installed WMP.
However, as I don't use internet explorer, I make sure it is in 'offline mode' - This seems to stop all of this nonsense, as the internet explorer object is what WMP uses for DRM.
Proxies are another way to go about this...
In general, though, Microsoft doesn't really give you any options when a DRM'ed file is encountered - It calls the mother site no matter what options you check/uncheck in WMP itself.
for downloading crap that these organizations push. Its all junk designed to make people buy useless crap and live in a fantasy world where everyone is a supermodel and nothing bad ever happens without a happy ending.
Of course what they are doing is bullshit, but what can the hapless masses do? These organizations and their affiliations have claws so long and so sharp that if they pulled them out of your tender hides you would probably bleed to death for lack of sensory input.
Do something original. Listen to something original. Contact the bands you like directly and ask to buy music straight from them if you MUST subscribe to mainstream media. Otherwise, go park your ass in front of the TV, eat some big macs, boot into your AOL/OS Optimized for Stealing Bandwidth from Dumbasses, crank up KORP, and get out the credit card youve given to half the internet through IE. If you dont have the money to live the way they want you to live, then you must not deserve to live. You COULD fight back and tell them to take their brainwashing bullshit music and movies and stick them in their ass... but then you wouldnt be COOL.
"...and if you don't like it, i believe you can go to hell..."
You are about to give someone a piece of your mind, something which you can ill afford...
I've seen arguments made that this is trespass. The analogy is that you have no more right to install software on my system than you do to install a webcam in my bedroom. But that's somehow been twisted so that unauthorized access to a big company's computers is a crime, but the same thing on an individual's or small company's computers is their fault.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
This will more likely kill the WMA format than P2P networks. If I were Bill Gates, I'd sue the RIAA, the MPAA and their hired guns.
How about someone creates a patch that removes the DRM exploit from the file? P2P users then download WMA files and patch them all just to be safe. Whenever the exploit is found in a file, let the user know which file was cleaned. That file is then known to have been obtained legally from the {RI|MP}AA.. convert and spread!
A computer makes it possible to do, in half an hour, tasks which were completely unnecessary to do before.
People should sue them and prove that they have infected your computer with pre-meditated, malicous purpose. They are not above the law and they have enough money to you, all the others and your lawyers.
If this is scripting, which it sounds like, it can easily be disabled. Disable Windows media scripting. This will disable videos from opening webpages and such. Nice. The article is vague, but this is what it sounds like. The webpages, would then load spyware through normal ie holes.
2*31*37*263
Scene releases are always clean of such cruft, of known quality, and easy to obtain.
...of another loophole in a M$ product. The *AA doesn't discuss the fact that M$ has left a hole in the DRM that a Mac Truck could drive through, or if M$ will even patch it. They love this hole - only until something goes wrong where an affected file is uploaded to a legit music site. Then they'll be screaming to have it "fixed".
It is not our abilities that show what we truly are... it is our choices.
Send one of these DRM files to Orin Hatch ASAP and see how he likes his computer destroyed. Sadly he will probably defend this action instead of deriding it.
WindowsMedia files have a command stream as well as audio and video streams. This command stream can do all sorts of bad things (such as open web pages) at specific points in the timeline. You can easily remove it using various windows media editing tools (and by creating a directx graph that doesn't use the connect stream). However, there are two points to remember here: 1) You can't edit a DRM-protected WM file, and therefore can't delete the stream (I think it is still possible to play it w/o the command stream, tho) 2) What seems to be going on here (according to the article) is that the DRM mechanism itself is used for the pop-ups, rather than the command stream. The way the DRM in WM acquires a license is by connecting to a licensing site and basically executing a URL - This is where the pop-ups/Xware come from, not the command stream. It is interesting to note that while WMP has an option to turn off 'automatic acquisition of licenses', in my experience that option does not prevent WMP from accessing license acquisition URLs. The only ways I found to stop WMP from doing that was to put IE in 'offline mode' and/or block the DRM URLs on a proxy server.
"Tauzin, when he was chairman of the House Energy and Commerce Committee earlier this year, negotiated to take jobs with two major lobbying groups, the Motion Picture Association of America and the Pharmaceutical Research and Manufacturers of America; he just took the PhRMA job."
Source: www.msnbc.msn.com/id/6771489/
They're hiring former Congressmen and Committee chairman. lol. They can buy their way to the kind of clout it will take to get their sweetheart legislation through our Congress, which is more than happy to sell the America public if the donations are high enough. Lobbyists are expecting to spend 2 billion dollars this year.
Don't complain, you elected them. And the first thing they do is loosen up the ethics rules so they can bone the taxpayer even more blatantly than they already are.
This is what the red state mentality considers good government. Chumps.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
If they are concerned over a lawsuit, then why can't they just call their product an uninstaller.
So does Anonymous Coward have good karma?
Regular household wirecutters on your network cable should do it. If it can't connect to their tracking site you don't have a problem.
Of course, you could just unplug while playing suspect files. Or get MP3s instead. Or buy the album. Or listen to the radio.
The options are limitless...
Phil
I guess today is a passable day to die.
This like all Malware is a very clearly against the law in the UK and most of Europe. The UK Computer Misuse Act makes it a criminal offense for a person to
"causes a computer to perform any function with intent to secure access to any program or data held in any computer"
Computer Misuse Act 1990
Depending on what the Company does with the data obtained they are likely also be in breach of the Data Protection Act 1998 which allows a £5,000 fine for each person offended against.
Similar legislation exists throughout Europe as part of the Information Society Policy Framework agreement.
If it becomes widely known that WMA can be infected with viruses, then couldn't that be a big problem for Microsoft?
Perhaps Overpeer is inadvertently doing much more damage to Microsoft than to P2P?
I am very dissapointed that the word "Overpeer" is not a link...
/. them to death!!
Come on guys, we could
All the vendor has to do is change the scope of their product to include adware/spyware and say so long to the legal issues. Users who want spyware can toggle this feature off.
Ad Aware removes spyware all the time, but its not an illegal act. The question facing anti-virus vendors is if they want to be dinosaurs or catch up with the new threats. Legality should make no difference.
Actually i think it's a great idea. We've had problems with break-ins in our neighborhood. Been hit twice the past two years, and nearly every neighbor has been hit too. Police dept says they can't do much about it.
So how about we set a stereo system out on the front porch and shoot the thief when he sets foot on our property? Like hell they're gonna steal my music!
When recording industries become vigilantes and the justice dept looks the other way, it certainly makes it acceptable for the rest of us. Road rage justice (I just DARE you to cut me off), merchants hanging shoplifters, etc. all is acceptable now. Even more interesting is that the punished party may not necessarily be the owner of the affected PC. Imagine Best Buy rent-a-cops torching your apartment building because they're getting even with you for shoplifting some CDs. So what if the building is owned by someone else? If the RIAA can torch anyone's PC if it has an infected file, it legitimizes any business coming after any property associated with any crime.
Quite a monster you've created, Justice.
Only losers use wma and wmv.
And i quote: "Kill them all, god will know his own"
A bullet may have your name on it but splash damage is addressed "To whom it may concern."
One would think that if you were the RIAA or MPAA and had employed a company to polute P2P networks with trojans, you'd have the trojaned files pop-up windows with anti-piracy statements instead of "punishing" people with advertising.
Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
Weapons of DRM (Distributed Restrictions Management)
seems the youthful art of vigorus protest has been replaced with typing crap on the internet. I blame video games and cheezits myself....
The goons have never given a rats patootie about words, never. It's held up as the sacred thing, the right of speech, well yes and no, speech is only as good as the intentions acts and deeds that backup that speech. If all you have is speech, you've lost, might as well move on and accept defeat.
;)
Back in the day, we protested, both ways, uphill and downhill and it wasn't all via zap comix and underground newspapers, what passed for the internet you have now.
Bah, must be the additives in the junk food or something.
heh heh heh
You mean those things can be used for transportation? Jesus, have I been barking up the wrong tree.
But wait, wouldn't that mean that they're condoning illegal online activities? Somehow, I don't think that's quite what they want.
And the l33t shall inherit the 34r7h.
It's time for a concerted effort to mass mail our files back to them. I thing 200GB per day for the next three years to the MPAA/RIAA and overpeer members and any and all named individuals in those organizations would be the minimum.
I would also like to see a concerted effort to indentify the personal email accounts and personal websites to bombard them with several hundred GB of files per day.
why don't they do something? Well, it's not 'legal' repercussions they're worried about. It's perfectly legal to build a tool to remove someone else's 'perfectly legal' software, you just need to indicate that it's _not_ a virus, and that it's 'legitimate adware' and then ask you if you'd like to 'uninstall' the malware. calling it a virus or a trojan would be something they couldn't do, but as long as they desinguish between a virus and an adware, then they would only need the resource and time to track down all the hundreds of thousands of malware variations, and create a detect and remove prcedure for each of them... something that your a/v company might not want to put so much extra resource into.
https://www.gnu.org/philosophy/free-sw.html
"They're weak, and owned by the music, not the other way 'round."
:)
Don't you mean 0wned by the music?
Generally the Republican party is very pro business.
This is a myth that does not hold up under scrutiny, yet some slashdotters continue to propegate it. Consider:
1. Generally the Fortune 500 is very balanced in donations to political parties.
2. The recording and film industry is exceptionally pro-Democratic (in donations and political support).
3. The richest businessmen in the US are strongly affiliated with the Democratic party, not the Republican party. Microsoft founder and chairman Bill Gates (who was called this week by former President Clinton in order to donate money per the tsunami disaster and embarress the Bush administration) has a growing relationship with predominant Democrats. Warren Buffet, chairman of Berkshire Hathaway, is a long-time established Democrat with great distain for Republicans and their pro-small business tax policy.
4. The Digital Millenium Copyright Act (DMCA) was supported by and signed into law by President Clinton. It was also sponsored by Republicans Boucher (VA), Doolittle (CA) and Barton (TX) and had very strong bipartison support.
5. Unions are businesses that are overwhelmingly pro-Democrat. Many industries lean overwhelmingly one way or the other due to lobbying efforts and recognition/support by the parties. So are powerful lobbying efforts such as the NRA, AARP, etc. In fact, about the only industries that are consistently pro-Republican and do not scatter donations to both parties are those that have been the target of Democratic looting (e.g. the fleecing of the healthcare industry by trial attorneys).
7. Nearly all trial attorneys, owners of much of the wealth in th US, are exclusively Democrats and have significant distain for the little guy. Think about all the class action settlements you've witnessed discussed on slashdot. While the trial attorneys receive tens of millions of dollars *each* in compensation (up to several billion dollars each as was experienced in tobacco class action settlements), the most the "little guy" consumer receives is a coupon for a discount off another purchase, or a few dollars with proof of purchase, etc. A recent Alltel class action settlement resulted in millions in cash being paid to the attorneys, while affected Alltel customers were provided with a $50 coupon off the purchase of a new Alltel phone (at list price, with an extension of their service contract for another service term). One was better off getting a regularly discounted phone at the electronics store rather than the settlement coupon offer.
8. Enron was greasing both parties (although the mainstream media portrays it as a "Republican scandel", prominant Democrats including Sen. Kerry were very closely affiliated with Enron). So was Worldcom, Global Crossing, etc. Marc Rich of Oil for Food scandel fame received a critically timed pardon from Pres. Clinton minutes before Clinton left office, freeing Rich from almost certain capture by Interpol authorities. Chinese businesses are notorious doners to the DNC and congressional Democrats.
Why does the "Republicans are pro-big business" myth continue to propegate? Primarily because it is effective in rallying members of large labor unions against the Republican party (by presenting a fictional advisary for them to hate in traditional Orwellian "5 minutes of hate" fashion). Those that actually believe the myth are referred to as useful fools by both parties. The reality is that businesses donate to whoever is effective in pursuing their objectives.
If you'd like to learn more about this myth, check out opensecrets.org which details donations by various demographics.
" In the UK what they are doing is illegal under the Computer Misuse Act. Basically if you happen to get attacked by this by them, report them to the police and press charges. This is a criminal offence and would net them a 5k fine and 5 years in jail when convicted... "
1) Care to quote us chapter and verse?
2) The one's who are getting caught by this, are already doing something illegal.
So what are you going to tell the judge, when he ask how you got hit by it?
"Oh I was downloading illegal copies of a file, and it installed spyware and adware."
Kind of like the burglar who complains that the homeowner shot him.
Judge and jury would laugh at you, and at worst throw the book at you for filing a frivilous charge.
It seems that if you _don't_ use MS technologies, you are OK from these types of attacks. To be safe from Spyware and adware, don't use IE, Outlook Express or Windows Media and you should be good-to-go. Do P2P users still use MS stuff other then the OS? There must be a lot of dumb P2P users out there if that is the case. Think about it. What person would try to get illegal music and download a encrusted DRMed format?
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
It is one thing to distribute a bogus media file that contains a "don't copy illegally" message. That copyright enforcment technique may be one of the better ones, because it mainly targets parties who illegally download copyrighted works. However, it is sneaky to secretly deploy software onto the user's system, or to install software without their knowledge. This includes but is not limited to spyware and adware.
when someone's kicking you in the head, you don't first stop and see what color shoe they're wearing.
You know. I mean, if part of your business somehow manages to survive until 2010, and demons invade from Mars or some shit.
Stop the demon foot, THEN see what color shoe he's got...
"This proves once again that you can't out-evil the major recording industry."
If corrupting material that copyright says is yours is evil. Then when P2P'ers come up with a new "hack" to get around the consequences of their actions that's considered virtuous.
Sounds to me like the war that P2Pers declared years ago is heating up.
what needs to be done is a complete all out assault on them. Let them flood the courts with lawsuits to prove how absurd their methods are. Let them add more lawsuits to further prove that the goverment is conpletely ran by business and that the judicial system is a farce. Ideally we as consumers need to quit funding their war chest but we will never quit buying cds and dvds despite our complete loss of fair use rights.
Lets think about this.
??AA puts their copyrighted files on a
network. And since they're putting it on what
everyone knows is a system used for sharing.
Then are they not then giving us the right to
use their material. They can't just upload their
stuff to a p2p app; then when you download it
say you're a theif and broke the law.
ALL Windows Media Files are now
shown to be very DANGEROUS
At any time now you can be infected with
MALWARE or SPYWARE when you use a Windows
Media File, from ANY source.
And, in fact, the official sources may
be the most dangerous...
The safest thing to do is NEVER use a
Windows Media File again.
How about an eye for an eye here?
Any way MPAA/RIAA slaves and drones can be targetted? How about thier network? Websites?
I find it hard to beleive they can actually think about going toe to toe with a whole internet with no love for these greedy bastards. Especially with the amount of script kiddies and virus/trojan/worms out there and being modded.
The whole AV industry is based on a ridiculous premise: that users habitually execute untrusted software, and the users want to be protected from anything bad happening. If the very premise is a contradiction and impossible to achieve, then the question of whether fraud (or incompetence) is happening, gets a little fuzzy.
The only rational thing for a user to do, is to stop executing untrusted software. And it works. It is very, very easy to use a computer without any sort of AV protection at all, and remain uninfected by viruses, spyware, etc.
In this particular case, the untrusted software is Windows Media Player. The very fact that it is capable of complying with DRM, proves that the software was not written with the users' interests in mind. If you run this stuff, you're giving your computer to someone else. Whether that someone else is Microsoft or the media companies or Joe Script Kiddie, is an unimportant distinction. If such a user then pays an AV company to protect them, then I can't see how they're dealing with the AV company in good faith. Thus, I have little sympathy for them if they are unsatisfied with the AV software's performance.
Good economic analysis. One part bugs me, though:
Of course, if there is an easy way to get a product free, people are unlikely to demand it at any price other than free
It is true that if you price a product above a person's price point, they will not buy it, but it is not necessarily true that people will always buy a lower priced substitute when there is a higher priced one available. Your claim only holds water if you assume that monetary price is the only motivating factor behind a buying decision. In reality, there are many other factors which determine whether someone is willing to buy a CD or download a song.
For example, going to the store may be a social activity. Some people value having the lyric book, and some people feel its important that they have a physical disc with their music on it. It's even possible that a person may buy a CD realizing that 1 or 2 percent of their money goes into the artist's pockets and would prefer to support their artist of choice. In my case, I buy CD's from non-RIAA artists who liscence their music under the Creative Commons liscence both because I like the music but also because I want to support that specific business model.
All of these other factors effectively raise the price of filesharing, sometimes to the point where the RIAA's business model becomes competitive again. Despite all that, I agree with what you're saying. I don't believe that they are pursuing a viable business model since the scarcity of bits and bytes is unnatural and virtually impossible to maintain, and a distributor relies almost solely on the scarcity of their wares to keep prices near a point where they can survive.
Light is filtering down from above. Would you like to use DIVE?
"People and companies that see their lucrative source of income starting to dwindle get desperate."
Funny. Certain citizens who see their free supply of illegal material dry up get desperate.*
"record companies employ illegal tactics to enforce their view of the world, expecially when they think they see recognizeable dips in their revenue. "
Pot complaining about kettles blackness.
"Nevermind that they're not actually losing money - the perception of loss is all it takes."
*leaps*
I believe I can fly.
I perceive the ground is coming up.
I perceive that I've smacked into the ground.
What went wrong?
"right now they're saying to themselves (as justification for illegal activities) "desperate times call for desperate measures"."
Pot, kettle. Haven't you met before?
"These are not desperate times, and those are overly-desperate measures. They're weak, and owned by the music, not the other way 'round."
Desperate isn't when the crimminal has you six feet under. Desperate is when he's chasing you.
*Reference the Supernova story for evidence.
You can use Kaspersky. You can set it up to use an "extended" database at no additional cost. The extended database not only monitors for viruses/trojans, but also spyware/malware. I had the program on my girlfriends computer, and it located two different spyware programs while the computer was idling (I'm assuming they were attempting to reinstall themselves, since I had used ad-aware about 30 minutes before). It pops up like a normal virus detection, too. I don't know how comprehensive the database is, but you may want to look into it.
Has this happened before? Remember a while back when there were groups putting out anti-piricy propaganda. I remember that one of the reasons not to share software was the danger of viruses. Is is possible that some of those groups were the ones writting viruses? Of course I can see why just any ordinary virus writter might want to attach his virus to an illegal copy of software. It would make is harder to trace the virus back to him. But I can't help but wonder if the disincentive of viruses might make anti-piricy groups want to write some of their own viruses.
And their insane amount of wealth having a few pennies reduced is enough to terrify them into thinking they have to actually work and make an honest buck.
Irregardless of whether it's a trojan or a virus or whatever - the fact is that adware infestations make computers unusable.
The antivirus companies have been slow to respond to this. Symantec has stated that while they are looking into adware removal antivirus is their prime business.
Because of this a new category of software for adware/spyware removal has been born. You are pretty much stuck using things like Adaware and Spybot. For corporate environments there are server based removal tools such as Pest Patrol. Although these products are a bit immature. No one program seems to catch all installed spyware either.
Sometimes my arms bend back.
My belief is that nothing on my systems should be changed and nothing installed without my explicit permission, otherwise it should be considered illegal and the offender held accountable. (Certainly not limited to the RIAA).
I learned the external-linking-script lesson back when WMV8 came out because all the porn spammers on usenet were loading up their WMV files with scripted DRM exploits. I downloaded Windows Media crap once, and never again.
I'm surprised nobody has mentioned the porn people yet. They've had a handle on this technology for years already.
"When a lone hacker writes a virus, he gets jail time. When a corporation writes a virus..."
The two aren't comparable.
The key idea here is "illegal copy", not "corporation" verses "individual".
<sarcasm mode></sarcasm mode>
As sad as it is, all that really happened...
You don't have to be even mildly coherent to understand why people are downloading/trading movies.
Isn't this kind of activity tantamount to "mantrapping", which is very illegal in the USA? For instance, if some person is swiping fruit off of your streetcorner fruit-cart, and you replace a good apple with a poisoned one, and that thief then swipes it, eats it and dies, you are guilty of mantrapping (as well as premeditated homicide).
While there is no threat of serious bodily injury in this DRM-enabled missive, it is clear to even a casual observer that the intent is to cause real harm to the downloader.
Who here thinks that if they were to put up a website offering the latest 'moviez' - which were in fact spyware or trojan-laden files, that they would not have the police or even the FBI banging at the door in less time than it takes to say 'rich web media content'? Do you think the plea of "I was only trying to help the MPAA!" would get your ass out of the sling?
I find this totally sickening.
There's a Starman, waiting in the sky / He'd like to come and meet us, but he hasn't got the time.
under the DMCA for subverting their security? It being endorsed by the MPAA/RIAA not withstanding, it's still a violation.
It's a very dark ride.
So you have to admit to downloading one illegal file? What's the penlty for downloading one illegal song or movie? It's not criminal infringment. I can't imagine it being more than a slap on the wrist. It would be like admiting that you saw the bankrobbers license plate while jaywalking.
P2P Wars: The Empire Strikes Back. What's next? Return of Suprnova?
Looks like its time to build a karma system into these P2P networks?
"causes a computer to perform any function with intent to secure access to any program or data held in any computer" Computer Misuse Act 1990"
Uh huh. So what does the law say when the "program" or "data" shouldn't even exist under copyright law (illegal copy)?
Obviously the laws quoted were ment to support copyright infringement by a select few.
1) Yet another reason to NOT use windows media
2) Yet another reason to NOT use windows
3) Yet another reason TO USE Macs
4) Yet another reason all slashdot users should attempt to visit http://www.riaa.org/ and http://www.mpaa.org/ exactly every 15 minutes.
The only rational thing for a user to do, is to stop executing untrusted software. And it works. It is very, very easy to use a computer without any sort of AV protection at all, and remain uninfected by viruses, spyware, etc.
The question is how do you trust any software? Right now I'm running an OS that came in the mail (Ubunutu Linux), how do I trust it? I'm also compiling a tarball that I DLed from Mozilla.org called Firefox. Once again how do I trust it? Looking at the endless C++ files doesn't tell me anything as I'm not knowledgeable enough and even if I was there has got to be at least a 100 MB of
code to wade through.
What it comes down to is that I have to have faith in the trustfulness of certain organizations or not run anything.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
"Sure, books and videos can also be pirated, but until they're as easily accessible as music is via an iPod or something similar, there's still money to be made. Hell, most bands make their money on tour from t-shirt sales."
Videos are all but as easily accessible now. I live in the middle of nowhere and can get broadband. And if the telco hasn't rolled DSL out an extra few meters to your home yet, if you have any friends at all you've got to have at least one with broadband.
Books? Books have always been easily accessible. There are these wonderful things called libraries, you can go in and read books for free! Books also have no copy protection on them, why, you could scan an entire book and nothing can stop you.
Not to mention that 'e-Books' (what a reprehensible idea; curling up with a hot steaming cup of coffee and a klunky, warm, irritatingly bright screen?) are as available as music and videos.
You know what the real model for success is?
Stop producing crap, and people will be happy to pay you for your efforts.
Really, it's a reason to steer clear of Microsoft. I don't think I'll have a problem using Xine. At the same time, I'll never make and distribute anything in those stupid formats. Why should I when the vast majority of the installed base will no longer trust the format and not be able to distinguish it from it's player?
This is a really big blow to Microsoft. The whole point of using their platform is to have easy access to the latest and greatest multimedia gadgets. Yet here you are not being able to trust the only player Microsoft wants you to have. At this rate, what's the point?
Don't give me BS about not having to worry if you are not into music sharing. The crackers and virus writers will be all over this backdoor and we'll soon see full auto worms propagating without any assistance from Joe Sixpacks, hapless Microsoft operator.
Friends don't help friends install M$ junk.
"Automagically" ain't no word.
No no no, the irony is even richer than that! Even given that it wasn't the **AA itself that authored this little piece of nastiness but one of their hired cyberthugs.
Remember when Microsoft was posturing to make Windows Media the core of the home media environment? Enhanced DRM on Windows Media files, enhanced playback capabilities, even stripped-down media-playing machines?
Then this happens. An overenthusiastic underling has used the hub of this system, designed mostly to cater to the corporations that provide the media and lock in the customers that want to view the media, as a Trojan Horse. Consequently, I think a lot of people are even less likely to trust the Windows Media Hub.
Microsoft should treat them as the houseguest who willfully projectile vomited on the good rug and then moved on to dry-humping the family dog. But, of course, they're rich reprobates, so they're probably immune. Microsoft may still pimp^H^H^H^Htreat its "partners" a little differently after this incident...
You cannot truly appreciate Dilbert until you read it in the original Klingon.
I don't thing this will bother xmms or xine, but I don't share music so I could care less either way.
The people who get burnt are going to be 12 year olds who don't know what they are doing is wrong in the first place. They get music for "free" on the radio, why should their computer be any different, they might think. Then boom, their computer explodes and they get taken for their life savings, even if it is only $2,000.
Friends don't help friends install M$ junk.
The next thing you know, they'll be seeding kiddy porn .mpg's listed as music videos, and then informing the FBI on you. Technically, I do believe that they could almost get away with that.
if they try this more often, and it runs through IE to connnect to the internet, to get to these websites, then just BLOCK IE from internet access.
just block IE from any sort of internet access.
i wouuld hope that would solve the problem.
Thanks /. for this alert. it's bad enough that we have to put up with MS' bullsh*t with Outlook express, and IE, now WMA/WMV files have to be the next spreader of malware.
Congrats, MS! Your on your way to destorying the internet, or yourself. Gods lets get Linux working so that grandma, can install it, and programs as easly as you can on Windows.
http://loving-chair-french.com/index.html
I still have all of your email address, comments, and images, but I will not send them out.
Peace. Now!
http://www.adultswim.com/
10 out of 10 terrorists agree anyone but bush.
I like to turn it up to 11.
Ever stop thinking and forget to start?
Some times you need that extra step.
chmod 0400 my_brain
misdemeanor, punishable for up to $5000 and up to 90 days in the clink for every instance of deliberate malware causing loss or damage to a computer.
somebody should document their machine, and when they get hit by this kerrrrrrrrrap, file a case with the police, and drag the overpeer weasels into court.
it would be nice to see some RIAA execs sitting in the can for years and years because they play like russian script kiddies.
if this is supposed to be a new economy, how come they still want my old fashioned money?
The article seems a little bit overboard in assuming that somebody might put a keylogger on it and whatever. They could do the same by just putting it on a random website. The user still has to click "Yes, run this program." once the page has loaded. Smart users are safe, and the dumb ones have already shot themselves in the foot.
all but three of the independent, locally owned, record stores within sixty-five miles of here have closed. that leaves three stores to serve a metro population of 1.7 million.
The Tony Martin case, shot two burglars, killed one, convicted and jailed for murder. UK law is a fine beast.
This is NOT a problem.There is a tool out there that can disable wmp scripting ability.http://www.javacoolsoftware.com/wmpscripti ngfix I got it to get rid of those annoying pr0n scripts and have NEVER had a problem with pop-ups on wmp since.And it's free!!
ACs don't waste your time replying, your posts are never seen by me.
Otherwise my foolishness might have gotten the best of me and I would have [i]bought[/i] my first acutal music CD in six months.
http://fakefiles.no-ip.org/filelist.php?type=fake& limit=none
To see people put in prison for 80 years for selling pot (small amount), is the real crime, those judges/cops/lawyers should be beheaded, they are the utter scum evil that should be drowned at birth.
.
So we have one instance of a mean judge crying poor how selling weed is "evil", yet catch a plane to Amsterdam, and bingo you can legally chuf away in a cafe.
Whats the judges opinion on that when its not really evil if a proper society can tollerate it?
Truth is those judges/cops/lawyers are tainted minds that have no logic and use 100% emotion and past prejuduce.
Bottom line - liquor makes tonnes of cash, so thats tollerated even though 100000s die each year. Money talks, if it means judical action causes billions in losses for companies, judges wont do it. But if 10000s of people get shafted/ruined lives because of the justice system, judges dont care, they get paid nicely, go home fuck their wifes or pool boys and live on
cannabisnews.com
Damnit, don't we PAY THEM to protect us against this sort of thing?
Nope. I downloaded it from Kaaz...er...I mean...I use AntiVir. Yeah. That's it.
Because intellectual property is a bogus concept, that should be abolished all completly. Then again, im not too pro regular property either, so maybe I am an extremist.
"It is not how things are in the world that is mystical, but that it exists." -Ludwig Wittgenstein
They're seem to be treating file sharing kind of like the wild west.
It's seems to me though that this kind of action creates a negative reaction. If I downloaded a malicious program from these folks and knew they did it on purpose I'd be 'taken it up a notch' (thanks seinfeld).
I wonder if that's a legitimate legal defense... I didn't upload the movie to share it or view it - I did it in retaliation of this malware program. Probably not.
If this program was modified to trash a hard drive would they be partly responsible?
Not much, except for shaky logic that explains how you gave them "permission" to install that software. I wasn't arguing that at all. I was just arguing the senseless virus violence :)
If not, then all the more reason to switch, considering you can still use said infected files and not be a victim.
Won't this further erode people's confidence in WMA's DRM format?
Sure we don't like what it does, but just as an objective comment, the hole could further impeded the adoption of any form of DRM format because of the current fear that it might be the next wave of virus carrier.
In US, you can easily buy enough major firearms to wipe out your neighbourhood but a few little fireworks are banned.
Seriously. It sounds illegal when it mentions trojans (beacuse there is nothing legal about them) and installing adware without any permission from the user is illegal as well. So are do they think its ok to murder someone if they already stole something from them? You can't break the law if they broke the law by stealing your music. Thats not how it works. Two wrongs don't make a right according to US law at least. Also lets consider the fact that I doubt any BitTorrent site will start hosting .wma files that point to adware. I also doubt that Microsoft will give the go ahead for their technology to be insecure so that the MPAA and RIAA can illegally screw file sharing computers.
So what does this boil down to? It basically means that it will do more harm to their PR then it will help them with their never ending war that isn't possible to win.
Dude, why bother paying for this stuff when there are place to get it for free that are high quality.
Not kazaa or whatever is in vogue.
But place where you can get high quality stuff well out of the reach of the RIAA and MPAA.
Only stupid people P2P anonymously. People in the know get their stuff for free...but not where most people think.
I probably don't have a leg to stand on, but wouldn't it be nice to make them stop using my idea to turn a profit? My brother and I did the cuckoo eggs mainly as a "proof of concept" as well as a promotional gimmick, but Overpeer is making serious money and wreaking serious harm. Any lawyers out there want to take on the case? :-)
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
some unintended
consequences wmv
the format is dead
windows media
audio and video
stick a fork in it, its done
overpeer will see
they will get what they deserve
this haiku says so.
Thats a good trick to infect MPAAs offices, make a fake Suprnova.org site that shows up blank to the world, but as a fake site for movies if the client ips are inside MPAA. Then when run in their computers, totally scan/report everything on their pc/network back to the website.
Liberty freedom are no1, not dicks in suits.
Arnold has just set fines for spyware in California, so say the BBC. So what's Holywood going to do when their little bitch Overpeer get's fined for all the spyware they are installing? Isn't DRM just another form of spyware anyway? Cheers to all as this winds itself out.
When are media companies just going to learn that the average person is not going to embrace DRM and will do anything to avoid it? I'm typical in that I have about 2,000 songs in my music collection. Does anyone really think that I'd go to ITunes and pay $2,000 for a music collection that will go away if my software gets hosed or when I want to transfer it to another computer one to many times? They are smoking some really bad pipe there a pipe dream. I've moved all those legitimate songs to ogg and I'm not getting anywhere close to WMP, ITunes or it's ilk. That's my way of managing my digital rights and these DRM dumb dumbs can kiss my ass.
Friends don't help friends install M$ junk.
if a corp is convicted of a crime, amke so they can not conducts business for a period of time(jail).
or, put the CEO,CIO,CFO in prison.
This way somebody is help accountable, and the business can continue.
The Kruger Dunning explains most post on
my computer goes:
"Hey p2p network, whatcha' fot"
p2p network:
"well I got this file right here!"
My computer:
"ok, I'll download it"
so it is offered up, otherwise how I would know it was there to download?
Since they have the copyright, and they put it up for distribution, is it copyright infringement?
The Kruger Dunning explains most post on
this is copyrighted material that is being distributed by the people who own the copyright.
not an illiegal substance.
The Kruger Dunning explains most post on
One thing that I noticed from the screenshots they provided with the article is tha the pop-ups that are generated by these files are for adult-oriented sites, which may feature explicit images or naming conventions in their content. Now, when(and I say when, because it's sure to happen) an eleven or twelve year old downloads and opens one of these files, and is bombarded with adult content?
Someone has just furnished adult content to a minor, but who, specifically, is responsible for it? This is a criminal offense, and I'm surprised the company didn't consider this when they created the malware.
how many people have work working for those ads that wouldn't have had work otherwise?
it seems to me that it is causing MORE employment.
The Kruger Dunning explains most post on
Only /. was fucking idiot enough to hire Michael Sims.
I thing 200GB per day for the next three years to the MPAA/RIAA and overpeer members and any and all named individuals in those organizations would be the minimum.
That would be rude and might be called a DDoS attack. Double foofoo on you for even sugesting it.
What would not be rude is asking the MPAA/RIAA every time you want to make a backup. You are required according to the flyleaf to contact them to get written permission to copy it after all. Everytime you download something you should ask them if you have permission to share it with others. Before you buy anything ask if they are members of the MPAA/RIAA and if so ask them to mail/fax you specific rights should you choose to buy it. Commit an act of civil obedience today.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
And as far as the legalities go, your guess is as good as mine. First off, I Am Not A Lawyer... My take is that they're commiting the same crimes that any other AdWare/SpyWare/Virii/Worm writer is guilty of and therefore has unclean hands with regards to ANY act of enforcement of the IP rights of the labels that use this bunch.
As for avoiding this- there's two answers...
1) Don't listen to their stuff in the FIRST place.
2) If you can't keep from doing that and insist on sharing the stuff, use MP3 or Ogg Vorbis, not WMA. I don't care how much "better" it sounds, like all things Microsoft, there's some nasty catch waiting for you in the end.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
If you're a private individual and you write a program that takes over computers without their users' permission and sends information about how they're used to a remote server, you're a hacker (or cracker, if you must). If you're caught, you'll be punished with years in jail, fines, and the ever-popular "no Internet access," just to ensure that you have no means to support yourself after you get out of jail.
If you're a large, multinational corporation and you hire someone to write a program that takes over computers without their users' permission and sends information about how they're used to a remote server, you're engaging in a mostly-legal business, "advertising" or "marketing." If you're caught, you might have to pay some civil penalties.
This is similar to the legal definition of spam: unsolicited commercial advertising is spam, but unsolicited political advertising is not.
Bias on /. terrible.
Now Microsoft is going to have to either figure out a patch for this WMA hole or find a way to show how this is really a feature. Fixing this security hole is going to break some things. This is just another example of how wonderful MS Windows integration is.
RIAA/MPAA Contractor Deploys Malicious Adware Trojans... It's absolutely illegal to send viruses, Worms & Trojens over the net. Here's the definition of Deploy: To perform a remote installation. Of a parachute, to release so as to let it fill out or to unfold and fill out. To make a Host Publisher application ready to use on the server, using functions in WebSphere Application Server, after transfer has taken place. Note that WebSphere documentation often uses the term install as a synonym for this process. (See also publish and transfer.) Act of sending components to target container, such as Jaguar and PowerDynamo. Act of sending components to target container, such as EAServer or PowerDynamo. To spread out ready for use. To make a weapons system operational. To use for an intended purpose or end. For example, when the Real Broadcast Network (RBN) is stated as having the largest deployment of RealSystem G2, this means RBN utilizes more of this technology on its network than anyone else. To create a copy of all the files in a project on one. place troops or weapons in battle formation to distribute systematically or strategically; "The U.S. deploys its weapons in the Middle East" Warning: Beware.....
If I hide something inside of another file and use that "something" to gain access to your computer, I'm commiting "cyber terrorism" by "unleashing trojans upon the intarwebs"
Are these companies not breaking the law?
Not a Twitter sockpuppet... but I wish I was.
I am sure most slashdotters are firmly opposed to piracy. However, given that the context is a thread on file sharing, it's probably safe to assume that you were not talking about taking control of a ship away from those legally entitled to it and rather intended the goodthink application of the same word to copyright violation.
Even assuming that I lived in a country where such sharing has been made illegal or even criminal (neither of which is the case), I would still insist that there is a qualitative difference between copying my term paper for your personal edification and copying my credit card information for your personal profit. Similarly, I distinguish between copying music for entertainment and surreptitiously gathering personal data for profit.
But that's just me.
So give it a rest already. Your straw man arguments are so bogus even a comatose person could refute them.
BTW, bonch, we're still waiting for the next front page troll. Hurry up!
Besides this disgustingly hackneyed attempt at 'securing' musician's rights, could this be part of an agreement between MS and the RIAA? With the plans for Microsoft to be releasing an online music store all of its own (much like iTunes), this could be part of their agreement with the RIAA in order to please the corporation? This is obviously a stretch, but Apple worked at pleasing the RIAA by not allowing music to be copied off the iPod. Maybe Microsoft is trying to please the RIAA by allowing them to take advantage of their DRM and use it to 'protect' their labels. The comment from Microsoft certainly seemed complacent enough that they didn't really care about this much.
The movie industry moved from the east coast to the west coast to avoid Thomas Edison's license fees. The long arm of the law was not long enough to stop them back in the day.
So every time you download a movie you make Thomas Edison happy.
Computer intrusion is only illegal when unauthorized. The MPAA/RIAA are both undoubtedly Microsoft "affiliates," and you signed away your rights at the door. Thank you, and enjoy your Windows XPerience!
Do you live in the real world Mr. AC?
You make it sound as if users should know the difference between 'trusted' and 'untrusted'. Hell, I'm not even sure WHO I should be trusting in the first place here! Microsoft? Yeah. It's their swiss cheese OS that's helped contribute to this mess!
But again, why is this the user's fault? You know what - it would be like getting on an airplane that crashes. You'd be like that guy from 'Airplane! - The Movie': "Susan they bought their tickets; they KNEW what they were getting into! I say, LET 'EM CRASH!"
So again, with your 'logic' we shouldn't expect too much from AV companies. In fact, it sounds as if you think having AV software is a terrible idea since people should only be running 'trusted' programs. I wonder how you might change your mind if your 'trusted' OS had a flaw that allowed an attacker access. EVERY OS has had security flaws at one time or other. The AV people are supposed to help with this - that is their purpose and it's why we pay them.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
UK law would expressly prohibit that kind of statement. All goods have to be offered without the need for data to be shared.
/.)
For this to be enforcable in the UK you would have a checkbox: [ ] I agree to the EULA, [ ] I am ok with my data being collected. The EULA part would be a necessity for installation, the data collection part would have to be optional.
The only case where this isn't gospel IIRC is when it comes to debt etc. wrt credit reference agencies, but that I believe is a caveat in the credit laws.
I could, of course, be completely wrong as I'm drunk (hey, it's new years), so caveat emptor as always and IANALBIPTBOO/. (I am not a lawyer but I pretend to be one on
I am NaN
Can't wait for the MS damage control riot squad to find out about this.
MS vs the MPAA and the RIAA. Who says lawyers aren't good for something?
"It is a greater offense to steal men's labor, than their clothes"
At least that's how I see it. And I'm not even a file trader.
Consider: The industry has been utterly unable to stop P2P to date, and a whacked-out move like this will probably be countered in a matter of days as the authors of SpyBot and AdAware catch on and release updated signature files.
Why go to the trouble of doing something that at least some in the industry know will be easily counteracted unless they're so flustered that they're not thinking straight?
The other indicator that makes me think this is sheer desperation are the comments from Marc Morgenstern. "Just deserts?" Criminys... He sounds like a grumpy kid who got his favorite marbles taken away or something.
Remember that at least one legislator, under pressure from the RIAA, once floated the idea of hiring system crackers to do their level best to try to sabotage P2P networks. The idea withered at the time, mainly because it would have run afoul of the federal Computer Fraud and Abuse Act.
However, it is evident that the RIAA was not so easily dissuaded. They've found a sneaky way to deliver what they, in their deluded way, think is going to be a knockout punch. Adware and spyware are not (yet) illegal that I know of. What better loophole to try and pull the stunts the industry's been wanting to pull all along?
How's it all going to end? Well, this kind of move will make all the file sharers and sharing networks even more mad at the industry than they were before (assuming that's possible). It will serve as yet another wedge driven between an industry that is clearly too greedy to see past the end of its collective noses, and God knows how many people who might have been customers under different conditions.
The biggest irony to me is that they STILL haven't gotten it through their thick skulls that their music sales are down mainly because they're putting out slop that no one really wants to buy.
Example: I used to buy at least a dozen CD's a month in the early-to-mid 90's. However, in the last six years, I've bought maybe half a dozen. If that. I'm just not hearing the raw talent that I used to.
Seems to me that the industry is a victim of their own delusions. I think a line from Adam Savage, found in the opening credits for Mythbusters, hits the issue spot on: "I reject your reality, and substitute my own!"
I predict an entertainment industry implosion, due primarily to pissed-off customers and a consequent reduction in sales, within the next decade.
Keep the peace(es).
Bruce Lane, KC7GR,
Blue Feather Technologies
"Overpeer is in our sights commander!"
:)
FIRE AT WILL!
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
--
"It is now safe to switch off your computer."
This reminds me of an idea I had, to protect P2P users from the **AA.
The idea is simple. The only way we can be certain that an anonymous user of a file sharing system is not a member of one of the copyright cartels is to verify that they are in fact a 'thief' themselves (as the **AA like to call copyright infringer's). We force any user wishing for us to respond with a search response or a file to first 'steal' OUR own personal Intellectual Property.
When our imaginary P2P loads for the first time a 64 bits of random bytes are generated. The random bytes are copyrighted to the user that just launched our application. Upon receiving a query or file transfer request our P2P app responds with a copyright notice explaining that no one may access our list of files without paying an arbitrarily large sum of money first (aka 1 billion dollars ), and that authentication is performed by the requester acknowledging our copyright notice with our copyrighted 64 bit key. The key is shared without protection beyond a simple 'I am entitled' 'i am not entitled' button. If the requesting user clicks the 'i am entitled' button the P2P app retrieves our copyrighted key and echo's it back to the 'file serving' user. There will also, of course be a 'do not bother me again' check box that it would be horribly illegal to check. Simple. No cascaded onion routing nightmare necessary
Besides, a system like this would be a great way to allow legitimate uses of P2P as well. One could even build in a payment system, so that those who wish to sell content distributed via P2P would be able to easily do so.
The seems like it would be a simple hack, and fairly foolproof until the unjust copywrong laws are changed, so someone tell me why it wont work.
What are the MPAA and RIAA doing so wrong by protecting themselves? They are in the legal and moral right here.
Whatever else may or may not be true, they certainly are not in the right when they infect people's computers with viruses. This is called vigilante justice and is most certainly NOT legally OR morally acceptable.
We have a justice system that includes such concepts as due process, and the **AA organizations have not proven themselves to be strangers to the courts up to this point.
Anyways copyright infringement is a civil matter while virus spreading is a felony. Big bad trumps little bad.
So, does these WMAs show the user an EULA before they install crap? If not, isn't this blatantley illegal?
I don't know why I am even bothering to reply to this but, this is not a red vs blue issue. There are 90 Congressmen turned lobbyist, with Democrat Dan Glickman being one of the worst(MPAA). Dick Gephardt and Tom Daschle (both Demorcrats) are seeking postions as lobbyists. Make no mistake there is not many people on our side in DC.
even thow i never use wma or wmv couse it was aruldy a unsafe format and thers better formats. most users do not use wma for anything so wmas appering on a p2p network would make most users avoide it anyways and get the mp3. as for are favret lobbyest expoliting drm is sad and from what iv looked at m$ is aruldy checking on it to see if there volitaing the liance and im shure theyare so i whont be suprised to see a story on hear sometime abought m$ ripping drm away from are favret outdated busness. noone liked drm in the first place and users aruldy avoided it at all cost now it only makes matters worse couse now people whont be avoiding it couse it sucks but rather couse it sucks and it can destory there pc. this is normaly what happons with outdated companys trying to force there outdated busness on people and people saying hell no we whont do it. the company tryes harder to get people away from the new busness and it dont work. they try even harder and it still dont work. this cycle keepy repetting untill the company tryes so hard they destory themselfs. no its not going to be the end of the big screen or cds but the current companys controling this meda will be replaced. people will always buy them i prefer a pressed dvd over a dvd-r anyday on a movie i like. i prefer my music on a pressed cd rather then on a cd-r couse the qualty is better however i will never buy a music cd from anything riaa sponderd couse of there underhanded tatics and not producing any good music for the last 5 years. the bad part abought this is the people that they take down with them couse its gonna et very bad for a long time couse unfortanly the us sheep yes i said sheep dont stand up for themselfs on laws they dont like anymore they just stay in the heard and keep to themselfs. just imagion if things where like they used to be and they pulled these tatics on the pople befor they became sheep they would be people in every city in the us in the streets demrasting/roiting over it and the company would have quickly thrown out of the us.
everytime I need to use one I don't want to waste any time reading what's printed on it.
*whup* "Get along, little electrons. Heeyah!"
not illegal. I think the RIAA is a sleezy organization, but its akin to those paint-clip things in retail stores. If you try to take the paint-clip off of the clothes, then you would get spayed with the paint. Spraying someone is paint would normally be illegal, but not if you're defending your merchandise.
[waits for laughter to die down....]. Seriously folks, Microsoft isn't going to let this spyware crap go on too much longer. Not out of their great love of their customers, but because it's costing them money. Lots of money. Support calls aren't free ya know (at least for Microsoft, for their customers all it takes is saying you have a virus and you're in like Flynn). And with Dell, Compaq, Gateway, etc acting as a call dispatcher for mssupport (and offering helpful tips on getting free support out of MS), Redmond's taken notice.
OSS should look at spyware as a one-time, temporary boon. Once Microsoft solves this problem you'll see interest among the general public drop like a rock. Use it while you can to make converts. Once you've got 'em using Firefox, it'll be just as hard getting them back to IE. Heck, they only reason most of 'em switch from Netscape 4.7 is their bank sites stopped supporting it.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
the files uploaded to p2p networks force users to watch 90 mins of fanta commercials before the movie, oh wait a minute, that was the at the cineplex, nvm, I am all messed up on cough syrup, so nevermind....
Wait, so what if I actually do own the copyright? If I have the physical CD in my hand for artist X and want to have a digital backup and for whatever reason decide to get that backup from a P2P network, would I have grounds for a suit? This would be different than what many have been saying- I would actually own the copyright to said song.
Good-Tutorials
if you get bit by this, you're in no position to fight back. Sure, you can sue for the damage done to your computer, but that money is dwarfed by what they sue for if you have just one pirated mp3, let alone the collection most people have. So the short answer is: they can get away with it, and they know it.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
"They have been remarkably devious in their propaganda."
No, they've actually been remarkably obvious in their propaganda.
"For example: My son watches a lot of Disney Channel..."
Well that just screams "BAD PARENT!!!".
"It was 100% blatant propaganda, complete with the corner record store going out of business, and people there losing their jobs, because she downloaded music."
Let me guess: you're one of those people who complains about the message of RoadRunner cartoons, because they encourage kids to go out and buy giant sling-shots, rocket powered skates and earthquake pills so they can kill innocent birds, right? But that being said, if P2P (or even iTMS-like services) become the primary method of distribution, that will indeed put corner record stores out of business; in fact, Amazon has already put a lot of smaller boutique record shops out of business (two in my suburb alone), a recording industry geared towards electronic distribution would certainly kill the rest. You're objecting to this being depicted, when in reality it is entirely accurate?
"It truly made me sick to my stomach that such ridiculous propaganda was being so shamelessly peddled directly to children."
Look at how well "Captain Planet" and a plethora of eco-toons have convinced so many kids (and by that I mean anyone under 30) that corporations are actually "evil". Of course the filthy rich have nothing better to do with their time than plotting to dump toxic waste in schoolyards, destroy sensitive environments, or blow up mouintains endagering the lives of hundreds of thousands of people. They're evil, after all.
In real life, however, it is a good rule not to attibute anything to malice that can be attibuted to thoughtlessness. Example: radium clock dials. Did the manufacturer decide to use radium so they could kill off the workers, or did the workers die becuase radium was the substance used? The former is evil, the latter merely thoughtless (admittedly to the point of lethal recklessness; much like drunk-driving). Now consider: why would a manufacturer want to kill it's workforce? It doesn't make any sense, not even financial (no pension plans back then), so its a clear example of thoughtlessness. Likewise, this trojan is not a self propagating virus, so there is no general malice involved, and it is likely to affect ONLY those who illegally download copyright material, so anyone affected who hasn't downloaded pirated material is the victim of thoughtlessness (or a practical joke).
"The "average user," and especially the media, is already convinced that p2p is synonymous with illegal activity..."
I'm afraid the "average user" is the person who scours the networks for top-40 music and the latest, unreleased on DVD movies. That IS what most people use P2P for, that is the nature of most P2P content, and that's why its so easy to convince them that P2P=illegal activity.
"...so this is unlikely to raise much of an uproar outside of the geek and college student communities"
It isn't likely to raise much of an uproar from geeks who make a living from writing software for money, since copyright issues affect them. Nor the real Open Source crowd, who understand that copyright legitimizes the GPL and makes it enforceable (and its doubtful many of them use WMP in such a way as this would work).And college students are (a) too diverse to market to; and (b) mostly broke, so the **AA's aren't really paying attention to them as customers anyway.
So that just leaves the try-hard wannabe geeks who think that wasting hard drive space with a DivX of "Dude, Wheres My Car" is somehow "1337". To them: IMO, file-sharing is basically an online dick-measuring competition: "My archive is bigger than yours". Who cares? Did you MAKE any of those films yourself, did you PLAY any of that music yourself, did you write the P2P app, the codec, even a skin for the player? Basically, if you had no active involvement other than clicking the "download" button, then you aren't
"You have been sold the software so now own it and can use it in anyway you like."
Not exactly: it may not be used in any manner that contravenes copyright regulations. You only bought one copy of the finished product, that doesn't entitle you to make or provide infinite copies or distribute derivative works (or even obtain a replacement if your copy is damaged).
In the privacy of your own home, however, you are correct. But "your own home" does not include P2P networks, which are, by definition, public.
"it would be nice to see some RIAA execs sitting in the can for years and years because they play like russian script kiddies."
And if they don't, because no one here really is a lawyer? Then what?
Well first of all. The first source obviously is "unbiased". Second the only thing this does is basically pop up ads "That page set off a chain of events that led to the creation of several Internet Explorer windows, each containing a different ad or adware." All the rest is basically speculation (what might be). And last and most important. Neither one proves that there's any connection between Overseer and the MPAA/RIAA. For all anyone knows. Overseer could have done this of their own free will (Plausable deniability.)
...to ads.
"Then, included in this they are using exploits and loopholes to install unwanted software on a user's machine designed to hurt the user's experience with their computer. "
There's always the same defense that BitTorrent sites use. "We're just providing links"
"But since the license dialog box acts just like an Internet Explorer window, it can display whatever is on the page it points to [URL] --whether a legitimate call for license information or a series of pop-up ads."
"Thats why ALL the RIAA suits against traders were against uploaders. "
Careful reading disagrees
"When we played the modified files, the License Acquisition dialog box showed a page containing ads and quickly spawned more IE windows, each containing a different ad."
Remember the legal ruling awhile back about the legality of linking? Hmmm...
So if I write a song, from whom do I get a license to put copies or phonorecords of that song up for download? I can't necessarily get the license from myself, as somebody else may own copyright in that song and have a Bright Tunes claim against me.
1) GOD GOD MAN! Get some whitespace.
2) Which hand exactly are they biting? The one that's saying that filetrading never hurts because they never would have purchased the product?
Or the hand that's saying they will never purchase the product because of "Don't like them. Don't like them at all. Keep my money to myself."
So by seeding malicious files, the xxAA is saying that none of the users downloading those files could possibly be legally downloading the ones that they are offering. I beg to differ.
[anecdote]
I once bought a CD. I lost the CD, but I still had the case and felt that it was OK to download some "backup" MP3s of the CD. I later bought another copy of it, but the fact remains that I used a p2p service (downloading copyrighted files) and I was completely in the clear.
[/anecdote]
When you look at the state of the world, how can you not become a radical, liberal anarchist?
By definition, it's not their copyrighted material that's being downloaded - it's trojan software that's being installed on someone else's computer without the owner's foreknowledge and consent.
This is like saying "Some people have burgled my house and escaped in a white car, so I'm gonna slash the tires of every white car I see."
IF those who deploy the software: >don't know that the person getting the trojan has broken the law (and there's no way they could know), and >don't know whether the person getting the trojan would consent to receiving it, then >those who deploy the software are criminal-crackers just as much as someone who defaces a website.
At least *some* p2p users *are* violating copyright, but statistical probabilities are no excuse for widespread harmful, criminal behavior.
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
If someone does then come along and claim you violated their copyright, they have to prove that you used their work in the creation of yours
The complaining copyright owner only has to show a "preponderance of evidence" that I have had "access" to his work, such as having heard it even once fifteen years ago on commercial radio or in a grocery store. The fact that the mus-icch industry floods the world with "access" to its works makes musical work copyrights a lot more like patents than one would immediately think.
I think so - (IANAL) IF those who deploy the software: >don't know that the person getting the trojan has broken the law (and there's no way they could know), and >don't know whether the person getting the trojan would consent to receiving it, then >those who deploy the software are criminal-crackers just as much as someone who defaces a website.
Actually, it doesn't even matter if the person getting the trojan has tried (or succeeded in the past) to violate copyrights - one illegal act does not excuse another in civil law.
At least *some* p2p users *are* violating copyright, but statistical probabilities are no excuse for widespread harmful, criminal behavior.
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
It's great where a company also can "claim" freedom of speech because they want to advertise like this. I though the 1st Amend. was o.k. along as it didn't disrupt or cause harm? If I have Trojans rolling around because a POS company decides I should have mass amount of Porn and "as seen on tv" products, can't I use my 1st amend to convince them not to do this by using the same tactics?
This SIG pulled due to lack of funding. (This damn war is costing too much!)
'Cause... after all... as an example, Gator (or whatever they call themselves now is not spyware. Or is it?
Of course, if you seriously have created a musical work and want to reduce your risk of being sued by key players, you may wish to pay your local monpolistic protection gang (e.g.: RIAA) to not sue you (and even to have their money/contacts/lawyers/hitmen/crackers/bribed judges and politicians/&c at your disposal). Do bare in mind that you may then be held responsible for any criminal activity they perform on your behalf though.
Joe Llywelyn Griffith Blakesley
[This post is in the public domain (copyright-free) unless otherwise stated]
How do you plan to prove "on the balance of probability" (which seems the same as USA "preponderance of evidence") that you never, even once, heard a given song that was on the top 40 fifteen years ago?
While they're putting trojans and other nasty stuff in files, the other side will be doing some ddos'ing and hacking right back at them.
Reading this shit makes me feel like taking down the
RIAA/MPAA websites myself, but I don't have that kinda power.
I wonder who will be the winner in the end?
Who to say RIAA is right? They overcharge, churn out crap, removed competition by having record companies join for more profit, and now this.
I like how Bush introduced Evangical Christian "morals" into the mainstream media and how everyone gets to yell morals.
Praise Buddha!
Does this mean that if I write a worm and embed it in a file say IbelieveIcanfly.wma or the something along those lines I will go away with it?
Or should they sue all those that click on it and get infected because they were obtaining copyrighted content illegally?
Yes email has been accepted by almost everyone and the law as a legal way of communication and sending files, plus the technology system and laws are trying to protect its integrity by tracking spammers, phishers, virus writters and all those bad guys.
However, this does not mean that the bad guys using p2p should go away with it. Worst of all this is a company that is endorsed by the RIAA a well known association though not sure whether it is still well respected by the masses, but this is an association that is always in court suing everyone from kids to big companies and sponsoring ads about moral behaviour and respect for the law. Aren't these double standards by the RIAA?
Okay, they may have calculated right, they have millions to dish to the lawyers and they may well be acting within the law or somewhere in the grey areas but they have no moral integrity. THEY ARE SADDISTS.
You may ban your child from eating candy and you are right to spank or ground him if he does but placing a thorny object carmouflaged as candy under you kids' pillow is not something humane.
The record industry is cutting its own throat. THey're screwing their customers and they deserve every bad thing that happens to them. I feel no sympathy for the business, and I no longer feel any sympathy for the artists who get conned into going along with them.
I bought several thousand dollars worth of music in the early 90s. In the last 5 years, I've bought less than $50 worth. I can live without the music and they can fuck off.
I'm not the only one who feels this way. The record companies are the 2000s version of buggy whip makers and they know it, and they're fighting it every step of the way.
> They can't figure out a way to maintain their current business model, and they haven't figured out a viable alternative business model, in the presence of filesharing.
Why do people think this is insightful? The fact is the entertainment cartels have created a perfect business model: Distribution Control. This means they get to tell you what to consume. Want to listen to the radio? You may only listen to their music. Want to watch TV? You may only watch their shows. Want to go to the movies? You may only see their movies. Moreover, with distribution control, they can set the price however they want. This is why you can't buy a worthless CD (only 1 good song) for $5. This is why CD prices haven't gone down, when it costs pennies to make.
> Under these criteria, the model of selling content that is easily obtainable for free IS destined to fail, whether demand exists or not, since the demand exists at a price point (free) that is by definition unable to generate profits.
You obviously bought their propaganda bait. P2P haven't proved anything for their increasing or decreasing profits. The music cartels have been reporting losses and using P2P as scapegoats, so they can pay less royalties etc...
Do you understand now? At each venue you attend or every product you buy, your money will go to them. Now, P2P/internet is a distribution channel they cannot control, which means anyone can publish anything that will bypass them. This is their real threat. Clueless consumers will have more choice and they don't want that. They want you to buy their products, not from someone else they don't control because they won't get any money.
I don't know why people keep saying if they only embrace P2P and they'll be extremely rich due to more sales. Unless you can guarantee them control through P2P, their business model just won't work.
Now that we know this, the only successful strategy is to boycott them. Don't buy, don't share, and ignore their products. We Customers (not Consumers) need to change because if we don't change, why should they - they're making billions at our expense.
"Just TRY to find the equivalent free program now!"
/usr/bin /root/thissum
/dev/null and you're all set. Put that, a couple of checks to see if you've been rooted, and chkrootkit into a daily or hourly crontab, and run rkdet, and you're on the way...
I wrote a script to do something like that once... It was kinda like this:
cd
ls | openssl dgst -md5 >
date >> changes
diff thissum oldsum >> changes
mv -f thissum oldsum
Not exactly sophisticated or flexible, but it works. Surround it with a FOR loop containing a list of target directories and redirect stderror to
"legit adware" Error... does not compute... How can something that hijacks your computer to shove advertisements in your face ever be legitimate, backed by a company or not?
Oh yeah, and write Overpeer to let them know about the law and that you're contacting your state AG about what they're doing. Might as well let them sweat a little while they wait to see what happens. :)
WMV and WMA files are far from popular file formats for movies and eps that are shared on BT sites :)
So its hardly going to cause issues for people that avoid these file formats like the plague
"WebTV: bringing the Internet into the shallow end of the gene pool since 1995" - Martin Bishop
I like to make up clueless people and think how I'd explain things to them. Consider it an intellectual exercise in lunacy.
Here's what I ended up with:
Me: Computer enthusiasts tend to consider the RIAA a greedy bastard who doesn't care about law or morals in getting what it wants.
Him: By the people who use file-sharing programs?
Me: Aye?
Him: Whom the RIAA considers greedy bastards who don't care about law or morals in getting what they want?
Me: Ehh... yeah. But there's a difference.
Him: Would it happen to be "it's us doing it?"
Me: *Glare*
I need to make them dumber.
I would argue that GPL has nothing to do with this type of tool no longer existing for the purpose of stopping malware since it's trivially easy for the malware to defeat such protection without some kind of encryption or signature validation in the checksumming mechanism.
MSAV and related checksum tools simply trap fopen() calls to executable files, hash()ed the executable, and compared the hash() value to the previous hash() value which is stored in an easily writable unprotected database/file before (dis)allowing the fopen(). If malware can easily infect a file, hash() it, and write the value for the infected file to the database without detection, checksumming is useless for determining if the file has been changed. (With MSAV, simply delete chklst.ms before infecting the executable, and the MSAV TSR will make a new chklst.ms file for you.)
The equivalent free program now is md5() which, without [G]PG[P] signing the file storing the hashes, is no more or less useless than MSAV and any other simple checksumming tool at stopping file tampering.
There are 1.1... kinds of people.
The easy solution is not to use windows to view the films. Their nasty malware is not compatible with Linux or OSX etc... :)
RebateFX.com - Spread rebates for Forex traders
All this stuff means more work for those of us who have to deal with and clean out end users' comps! So in the end, more money for us! Damn, I just wish **AA (Recording Industry's Alcoholics Annonymous and Movie Picture Industry's Alcoholics Annonymous) would end up in their own hole at some point!!!
-Palal
iTMS is still very expensive. This week, I bought a classical music compilation boxed set for £25. This contained 312 tracks, which works out at 8p (15 at today's exchange rate) per track. Contrast this with 79p/track on iTMS, and then factor in the fact that several of the same tracks are only available in complete albums on iTMS due to their length.
I don't condone music piracy. I don't download pirated music, and I have no intention of starting. This does not, however, make vigilante action on the part of the RIAA morally acceptable. The RIAA are not a law enforcement agency, and they are using criminal tactics. If you want a moral justification for piracy, then I think this action provides you with one - if it's acceptable for the RIAA to resort to illegal methods when they don't get their own way, then it's equally acceptable for other people to resort to illegal methods when they don't get what they want (i.e. reasonably priced music).
I am TheRaven on Soylent News
You asshole muslim arabs are getting what you deserve.
It has been a long time coming and I sincerely hope it ends in the middle east & north africa getting nuked and/or terminated by combat robots.
So you're not all bad... I don't care any more.
You can all drop dead with ants coming out of your anuses.
If Bush wasn't compromised with the Saudis the West would be taking out the fat pigs in Riyad.
Oh well, we'll just have to wait until Al-Quaida or someone else nukes a major western city.
Or maybe the asians will just invade you and take it all, who knows ?? We'll be ok cause we have deterrent. You will die. You and your pathetic medieval culture.
You banned the Matrix ffs hahahah how lame can you get !!!
As a Finn, I pay for every data storage that can contain music files a little amount of money to copyright holders association. This gives me the right to legally download music and movies for personal uses. However, uploading or sharing files is not legal unless they are shared within a small group like friends or family members.
Therefore, if I downloaded infected .WMA file - and I was sharing only the records of my garage band and other stuff I hold the copyrights - there is no crime committed on my behalf, but they have intruded my computer. EULA would not (most probably) hold in court as Finnish laws require that license agreements should be accepted as a part of the original contract - that being the time I pay for the OS media and licenses to the local merchant. Any one-sided announcement of changing license policy won't hold.
?SYNTAX ERROR
Well if this can be done by the *AA criminals you can bet your life it's already been exploited by the other criminals (who are now probably pissed off due to the clumsy *AA having exposed their previously nicely hidden back door)
So if anyone had any doubts left stop using WMA now (personally I've never touched it due it being crippled with DRM)
"Microsoft Security" is an even better oxymoron than "Miltary Intelligence".
Sky subscribers are morons. They pay to be advertised at !
Anti-Piracy Solutions
Overpeer's patented technology integrates seamlessly and transparently into the world's most popular file sharing networks - which are responsible for 90% of worldwide file sharing traffic. Overpeer monitors downloading activity on a real-time, 24x7 basis and can be highly effective in minimizing the availability of pirated titles and hindering consumer copyright infringement.
Overpeer operates a fully redundant, fully scaled architecture that enables our partners to respond cost-effectively to the tremendous volume of illegal file trading around the world. Our engineers, all experts in peer to peer networking, have created an extremely efficient, robust, and configurable system that can protect, market, and saturate our client titles on the major file sharing networks.
In an average month, Overpeer experiences over 25 billion digital download hits against its servers, effectively blocking the illicit reproduction of copyrighted material across 150 million unique user sessions. Our effectiveness is verified daily by independent third parties.
Promotional Solutions
Every file transmission by Overpeer in response to an attempted act of piracy represents an opportunity to promote the legitimate sale of a digital media asset. Overpeer's partners benefit from the conversion of illicit transactions into legitimate sales through their stores and services. Overpeer offers the following promotional solutions:
* Redirection to a web page selected by the content owner.
Overpeer's technology inserts itself into the tremendous traffic flow among peers and redirects would-be p2p pirates to authorized web sites where digital media owners and distributors can promote their artists, brands and products, build enduring connections with consumers, and convert attempted acts of piracy into sales.
* DRM-wrapped Files:
Overpeer's massive file delivery system can also transmit full-length files wrapped in digital rights management envelopes that carry specific usage terms. For example, we currently feed games with copy protection that allows users to play the games for a limited time and then pay to unlock them for unlimited use. Overpeer supports all DRM technologies and numerous back-end clearinghouse solutions.
* Geographic targeting:
Overpeer systems can target specific geographic regions for improved saturation, allowing for highly directed marketing of a regional or non-English title.
Data Mining Solutions
Activity on the world's file sharing networks represents the largest aggregation of digital media downloading on the Internet today. Through its proprietary technology and global reach, Overpeer's databases collect and analyze more than 11,000 data points per second of operation. We experience an average of 25 billion hits every month against our servers from more than 150 million unique users.
Overpeer's robust data mining tools and technology organize and analyze information captured on the networks to provide partners with a comprehensive real-time view into global downloading behavior across major file sharing networks. As a result, companies can gain access to compelling market and customer research and analysis, take strategic action to curb copyright infringement and promote traffic to legitimate distribution channels.
Don't expect M$ to patch this hole, either. That's a given.
It's just another reason why WMA files are evil and that you must stay clear of them.
Are you that blind with fear that you cant see it doesnt matter who is in office for this sort of crap to take place?
Both parties work this way.. its all about $. He with the most $ gets their way..
Time to get over your unnatural fear of Bush and see things for what they really are.
---- Booth was a patriot ----
Piracy has nothing to do with the fate of stuntmen and painters. CGI has a lot to do with their fate. It will kill them off the payroll. After that comes the actors. Actors won't be lost entirely but voice acting will not last long after the physical job of acting becomes disposable.
Laws are for people with no friends.
> the severity of a punishment has been disproven as an incentive to not commit crime.
Oh come on. With all due respect I have to call bullshit on that...
For one thing, the 'severity of punishment' is not objectively measurable. To some, going to prison for 6 months is practically a death sentence; to others it's a 6-month holiday at their home-from-home. To some, the threat of being hung from the ceiling on fishing hooks would serve as a brutal deterrant, whilst others do it voluntarily in their spare time anyway.
> Especially because most criminals don't stop to think of the consequences of their actions anyway
Common sense would suggest that 'most criminals' quite correctly estimate that the chance of being caught and punished is so slight as to be negligible, and the punishment will be outweighed by its value as a badge of honour in their own community anyway.
Estimating the tradeoff between risk and reward (or penalty) is a basic function of all brains, including human. Both factors are essential in making a decision, and both are assessed subjectively. The estimated cost of an action is something like: (risk of getting caught)x(cost of getting caught).
> You won't speed if you know that you have a near 100% certainty of a ticket, even if the fine isn't that high.
If the fine is the same absolute amount for everyone, then it will deter some from speeding, but others (eg the rich) will simply consider it as paying for the privilege of speeding. If the fine were a uniform $1, most people would just pay it and speed all they like.
If the chances of being caught are negligible, then the penalty must be much higher to compensate. To make an extreme example, if the chance of getting caught for speeding was small, but the penalty was public execution for you and your family, who would risk it then?
"Anyway, don't think for a second that the "average user" thinks p2p is "wrong" - most users I've encountered are just annoyed that it isn't easier to find things."
Why would I think that? When it's a non-average user, on a non-average forum telling me that?
you said it dude
Slashdot is now officially INFILTRATED by the powers that be's agents !!!
Agents from the MPAA, RIAA and IDSA are now allowed to perform full cavity searches.
Bend over everyone and don't forget to pretend to enjoy.
Overpeer's technology inserts itself into the tremendous traffic flow among peers and redirects would-be p2p pirates to authorized web sites where digital media owners and distributors can promote their artists, brands and products, build enduring connections with consumers, and convert attempted acts of piracy into sales.
Note that they say "selected by the content owner", and "where digital media owners and distributors CAN promote their" blah blah blah. Not that they MUST. In other words, they CAN promote their stuff, or they CAN put all sorts of evil crap on your computer. It's within the limits of the agreement.
Having said that, this causes me to wonder if Overpeer is actually responsible for the ads, or if the RIAA/MPAA told them that some other sort of content would be at the URL that the files pointed to - then pulled a Bait & Switch.
I am scientifically inaccurate.
Try Tools|Options|Piracy.
I thought "man, that should have clued you in right there that something bad was going to come from installing this. Acquire licenses automatically - add debit card number, and you're done." ;-)
"The most sensible request of government we make is not, "Do something!" But "Quit it!"
Your claims have some merit. But not a lot. It would be trivial for the program to use a unique file name at each installation, so the virus wouldn't know what file to corrupt. The program could do automatic full scans at shutdown, or run in the background whenever the screensaver started. etc. And if it were GPL, there could easily be a forrest of approximately identical programs with variations in precisely how they did things, so that the virus would need to deal with a vast array of possible approached. Rather like the way the Major Human Histocompatibility [something] does. You've got one basic series of defenses, but at reproduction time (install time) they rearrange themselves into a unique pattern.
... Well, you could wipe out the immune system, and live like a bubble boy syndrome case. Ugh!
Your comment that such an approach couldn't be successfully developed is defeated by pointing to an example of an evolved pattern that works this way. Ture, it's much more sophisticated than the primitive anti-virus programs that you find. But so was the primitive chordate immune system. Each cell in your body has a signed tag that it exhibits to the immune system to prove that it belongs there. The immune system routinely examines the tags. Sometimes it notices a viral infection. (And all it can do is destroy the cell to make room for another one...call it a clean install of a program.) Sometimes it makes mistakes, and a person would get, e.g., arthritis. The only fix known for that is a clean install of the entity...and people are reluctant to go along with that answer.
So, yes, there's no perfect answer. But the signed tag is a workable system. Checksums may be an oversimplified tag, but it's a place to start.
I think we've pushed this "anyone can grow up to be president" thing too far.
Thank you for reiterating the point of my first sentence by example.
It would be trivial for the program to use a unique file name at each installation, so the virus wouldn't know what file to corrupt.
It would be trivial for the malware to make and run a bunch of executable consisting of return(0) to determine, by monitoring the checksumming tool, not only what manifest files/databases the checksum tool uses, but also what checksum calculation is being used (even if we do your random number seed immune system thing). This, however, is not the point.
Unless you can trust the manifest not to change (sign it or keep it elsewhere), if the malware can tool around with executables or system it can also rewrite your manifest. No amount of obscurity in the checksumming mechanism (under whatever licensing regime) fixes that point of weakness.
Regarding the immune system: it protects a different kind of moving target than computer systems in that every cell type that should ever be in the body is already known to the immune system when it goes live. The immune system never needs to deal with new cell types, nor approve of new cell types in the body unlike computers which can have new software installed. Every cell that should be in the body presents a common set of surface peptides and proteins that are similar to a static string checksum (unique to the system on which it runs) compiled into the executable. Cells without that string or with proteins that are foreign usually get picked off. Also, in a body, there is no capacity for the system-wide checksum to change in a body, but in a well-maintained system files must be updated on a repeating basis.
The immune system isn't even that great at preventing infection, as evidenced by the many retroviruses in our genome (rooted!), and look at the spectacular failures that allow HIV and some kinds of cancer to exist in a body for examples of vulnerabilities.
In the end, the analogy is only apt if every file that will ever be in the system of files that require verification has its checksum stored in a non-mutable way before the system goes live. But on such static filesystems, malware are not a threat addressable with file integrity verification anyway.
There are 1.1... kinds of people.
Microsoft has its hand in many pockets - they may be playing dumb but they know exactly what they are doing. anybody who uses wma format and writes their site for internet explorer only should be fired on the spot. people have to realize that wma is not a standard it is a proprietary format that should be avoided at all costs. I live in an open source world and I do not use any of Microsoft's proprietary standards and I have lived to tell about it. People just need to realize that they don't need Microsoft to have their computing needs fullfilled.
I think you vastly underrate the success of the immune system. I'll agree it's not perfect, but very little is.
If the malware must "tool around with" (I'm assuming you mean carry) executable, then it becomes larger and an easier target. Rewriting the manifest doesn't help if you don't know where the immune system expects to find it. (And a smarter virus that could decipher this would be a much larger one, which would be more easily spotted.) Also, similar to the immune system, one would expect the antivirus program to have a list of known bad viruses, also stored at an unpredictable location. This would make creating vaccines against known infective agents relatively easy. As usual, one would want defense in depth, not only monitoring the programs resident on the computer, but also messages coming in through the ports. And zip/gzip/bziped files as they are encountered...i.e., before any of the contents had a chance to act. (This is analogous to the b-cells and the killer T-cells.)
Read only memory makes it easier to institute such measures, but it's by no means necessary.
Note that the anti-virus measures themselves will use up a measurable fraction of the CPU cycles...and it one is connected to a dynamic source of potential infective agents, it will need to be running constantly in the background, monitoring messaging activity. This merely means that there will be a cost to antivirus activity. That's a truth, sorry. It doesn't, however, mean that you can't do it. And all of this doesn't mean that tag scanning isn't a necessary auxillary method. Secessful security depends on defense in depth, not on one invulnerable method (because there aren't any).
I think we've pushed this "anyone can grow up to be president" thing too far.
"legit adware" Error... does not compute... How can something that hijacks your computer to shove advertisements in your face ever be legitimate, backed by a company or not?
If they were totally upfront about what their program did in every (reasonable) respect, and didn't pull any nasty stunts like not uninstalling properly, then they would have every right to be considered "legit adware".
BTW, being able to intimidate someone legally does not necessarily make something "legit".
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
I dunno. You're all still posting with the handle "Anonymous Coward" as far as I can tell.
dinner: it's what's for beer
If the malware must "tool around with" (I'm assuming you mean carry) executable
... not only monitoring the programs resident on the computer, but also messages coming in through the ports. And zip/gzip/bziped files as they are encountered...
... This merely means that there will be a cost to antivirus activity. That's a truth, sorry. ...
I intend the standard meaning, but as applied to the host system instead of cars.
becomes larger and an easier target.
IE/OE worms on the order of 150KB spread with great success, thanks. But file size isn't the point here.
This would make creating vaccines against known infective agents relatively easy.
Great! Now what does that have to do with checksumming existing files?
Those activities are far beyond the scope of a checksumming tool that lives on the system to verify the integrity of files already there!
Great! And puppies are cute. Please explain why any of that makes an unprotected manifest of checksums a sufficient antivirus tool.
Secessful [sic] security depends on defense in depth, not on one invulnerable method (because there aren't any).
Indeed. Plain checksumming of executables is neither necessary nor sufficient for modern antivirus tools to be effective, as illustrated by NAV and VirusScan which do not stop changed executables from running, as long as they are not infected with known malware. (This may be different for the non-enterprise versions of the tools, which I don't have access to at the moment.)
Interestingly, some firewalls such as ZoneAlarm do use executable checksums, but to protect _other_ computers by preventing altered files from establishing outbound connections.
There are 1.1... kinds of people.
One of the things that Scott Lockwood likes to point out at least three times a day is that he "owns a business". Or does he? According to the IRS, "LRSE Hosting" doesn't exist. So is Scott Lockwood a fucking liar, or merely a tax evader?
operation u c st dw ym i a t strike
This isn't even relevant to the question of criminalizing corporate behavior.
A fly-by-night is already doing something illegal.
What this would prevent is the entrenchment of those unethical and illegal companies. And an unethical company that is not a fly by night is given the choice of acting ethically or becoming another one of those fly-by-night companies. Oooh, the poor company, how could we even think of it?
mefus
In Open Society, GPL Software frees YOU!
Congratulations on hqaving your own buisness. I kope you are prosperous. Sorry for misspelling, I am drunk. My husband is in Iraq. Now that is a job you can be proud of, are you proud of yourself?