Slashdot Mirror
More on Sony's "DRM Rootkit"
A couple of days ago we posted a story about Sony DRM installing a rootkit. Since then we have seen many more stories on the subject that I thought were worth sharing.
manno gave us a link to the inquirer and salemnic sent us a page from the washington post. smallfries gave us one from PC Pro.
It's nice to see this story not getting lost in the cracks since the implications are gigantic.
So is it or isn't it enough for a lawsuit? Anyone know of any developments in this area?
The Digital Couture Collection
Even if this doesn't go to court, at least this is getting some attention... and ANY bad attention for DRM makes me happy.
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
We Got Root
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
"infected with DRM"
Love it. Great phrase. Maybe it'll catch on.
Mark Russinovich's blog has a lot of detail about this particular package, including some info on how to get rid of it...
War is God's way of teaching Americans geography
So they're gonna root all my cds? Yet another reason to switch to KaZaa/Grokster/Mule/DC++
*sigh* Silly executives, rape is for kids.
You're nothing; like me.
With Slashdot reporting this 10 times a day I doubt it will get lost :)
Ok sure, so boycotting Sony is not realistic. Or is it...? We can really do without them. Screw their stupid DRM'ed Memorysticks, we have our SD and CompactFlash. Screw their VAIO's, we have Dell and Taiwanese laptops.. Screw their TV's, we have better ones from other brands. Screw PS3, we have XBOX2 and Nintendo Revolution. Screw PSP, we have Nintendo DS. Once they get the collective shaft, well, other companies will think twice before pulling shit like this.
That this sets a precedent, and that Sony don't wriggle out of this, at the very best it could point out some of the absurdities of the DMCA.
Not a dupe, an update. Surely additional viewpoints on an issue as large as this warrants additional coverage.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Just never buy a cd again.
Me, I think I'll just pirate all my music from now on. That way I don't have to worry about any of this DRM nonsense!
The malware installed is created by a company called First4Internet.
/. community with me? ;)
They're based in Banbury, Oxford and their CEO is Mathew Gilliant-Smith DBC.
6 South Bar Street
Banbury
Oxfordshire
OX16 9AA
United Kingdom
All info (and more) available on their website here http://www.first4internet.com/contact.aspx/
That's about 20 minutes in the car for me, should I go pay them a visit - taking the best wishes of the
It's software like Sony's that makes windows unstable. A clean install of Windows with only "certfied for windows XP" software is rock solid. It's once you start added badly written drivers and other code the mucks into the OS that it becomes unstable. As the systeminternals article indicated, the driver doesn't follow the rules for unloading itself and other violations that can lead to the blue screen of death. Perhaps MS should increase the level of warnings about non-certified code, but users would still click-thru and blame the OS when it crashes.
It's not a Windows-specific problem, it's just that Sony has only implemented it for windows.
Interesting.. Some reports Finnish reader of this news in Sektori.com (in Finnish) reports Contents\GO.EXE file seems to contain parts of the LAME player. Can anyone verify this? Is Sony distributing LGPL software on the CDs?
"Although it is not true that all conservatives are stupid, it is true that most stupid people are conservative."
....OK. so you will let any corporation or other entity enter your computer, house, car, body, etc to modify what is found there, without your knowledge, under the guise that *they* need to protect *their* property rights?
Welcome to 1984 and the birth of facism is America....
keep with the herd, please and "Baaa" only when spoken to
Sony could be held liable in a class-action lawsuit. Anyone can design a virus and name it "$sys$" now, and AV software won't be able to detect it if this rootkit is installed. An IM worm could use this naming scheme, only infect a few thousand people, and the news would report, "SONY's DRM software used to hide latest virus". It'd be a horrible blow, and they'd totally deserve it. I still think we'll see a virus/worm that does this before the end of this month.
On a related note: World of Warcraft hackers are now using Sony's DRM rootkit to hide from "the Warden". I tried to submit this as a standalone story, but since I saw this DRM news update, I figured I'd post it here.
Is Sony aiding and abetting cheaters?
On the off chance that you're not a troll:
Sony has the key to your computer.
The key is digital, thus an infinite number of copys can be made of the key.
The key is digital, so anyone with enough time can make a copy even if they aren't from sony.
Once someone besides Sony has the key, they can distribute it on the internet, and now EVERYONE will have the key to your computer.
Is it scary now? Do you think your bank plays music from sony CDs? Do you want everyone in the world having keys to your bank?
That's because you are an idiot. No, really.
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
It might be interesting to note that in this newspaper article (sorry, only in Swedish), the Swedish CEO of Sony states that the copy protection is not used for CD:s sold in Europe and that "no copy protection will be introduced before it works well both for consumers and copyright owners" (which can of course be interpreted in many ways).
It burned 1-2% CPU _when the player was not running_, for starters... Read the article.
No seriously, I agree. Sony's inconceivably bad behavior has to be dragged, squealing and flailing, into the sunlight where it can be properly stomped to gory death with hobnailed boots. No mercy, no PR coverup, no plausible deniability. Corps have to understand, with visceral fear-of-agonizing-death understanding, that this kind of crap will not ever be tolerated. This is a trend which must be stopped cold dead. These shenanigans have to be punished with such finality that any observer centuries from now will intuitively know the immediate and unalterable consequences of this kind of crap.
Welcome to the Panopticon. Used to be a prison, now it's your home.
If you RTFA, you'd know that Sony's DRM allows anyone else to use the hole they have created to put files on your system that will not be detected by antivirus software. That's not a big deal to you?
Does anyone have a good contact address (email or phone) for Sony to register their dislike of this approach. Active, informed consumers should let companies know their likes or dislikes about product features. Voting with your dollars is always an option as is sending an email or giving a call to management.
In a quick inspection of the Sony and Sony/BMG website I could not find any e-mail address for management. Any suggestions?
Suuuuure, that's what they WANT you to think. The next thing you know the FBI will come crashing thru every window in your house perfectly syncronized, and haul you and all your crap off. When you beg and plead to find out what you did wrong, they'll slap you and tell you corporate spies have the right to remain silent.
They'll run amok with your computers and then let you take the fall.
Genius.
All hail the root-overlords.
You're nothing; like me.
Of course, IANAL, IAAEE.
Sustainability and energy independence essay
...I did the responsible thing *cough*. I e-mailed Microsoft and expressed my concern about how this mucking about with the kernel stood in the relation to the EULA, support (who the hell wants to support a kernel patched with unknown code supplied by a third party) and future patches and upgrades. This could cause it to fail to validate like a warez'd install, cause breakage because a patch half-overwrites the hack and any other number of wierd things. I also expressed my concern of how this would reflect on the security and userfriendlyness of Windows (read: Windows has enough issues without Sony messing around). I really hope Microsoft comes out and tell Sony what they think.
Live today, because you never know what tomorrow brings
I guess I'll send them a sharply worded letter first, but I really don't see any way that I can do any business with a company like this. Not even as a shareholder.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Apparently this rootkit does not run on Mac OSX. Yet another example of the vast library of software available only to Windows users. :-(
i ng
Look at Sony's FAQ,
http://cp.sonybmg.com/xcp/english/faq.html#listen
The protected CD looses all features and appears as a normal CD on a Macintosh. This really sucks!
Im switching to Windows!
search first4internet
happy
http://news.com.com/Sony+CD+protection+sparks+secu rity+concerns/2100-7355_3-5926657.html?tag=nefd.le de
AYRABTU
Sustainability and energy independence essay
On some windows versions you can do some crazy stuff by putting non-breaking spaces (ascii=255) characters into filenames.
The other way is to make them a hidden AND system file (you can do it using attrib from the command line). Under default explorer settings these files won't be listed anywhere. This is what windows uses for the Recycle bin and stuff.
Nothing to see here people, move along etc. Making a mountain out of a molehill with this one.
Just because you don't care what gets surreptitiously installed on your e-Mac, doesn't mean real users are going to stand for this.
*has
*intentionally
sorry
That'll teach me to use a brighter screen setting.
Even if you do agree to give Sony the rights to your first-born child in the EULA, wouldn't this violate laws in some states, such as the Consumer Protection Against Computer Spyware Act in California?
English is easier said than done.
I thought this is called a slashback?
Any news on how Symantec, Mcafee, and the other so called security firms are treating this? I'd certainly expect an up-to-date anti-virus software to stop this from installing.
If someone says he and his monkey have nothing to hide, they almost certainly do.
What are *you* waiting for,
LOSER!
(caution: side effects of using proprietary software includes possible loss of freedom and data.)
Sony and the Rootkits...
You don't perchance work for Sony, do you?
That aside, anything that hooks into the internals of an OS without my clear and informed authorization is a problem.
you've got a piece of code in your computer that only gives Sony access. nobody else.
Please tell me you don't really believe that. Considering how many of MS's products have opened backdoors for people, you're going to trust Sony to "do it better" and leave this software completely secure? It might not suddenly allow crackers "on some IRC network" to get in, but it sure opens up a lucrative bit of research for them- finding the security holes in a DRM rootkit that people don't even know is installed.
Imagine the trouble in fixing that with a patch.
Could be that Sony and the major music labels are using this to create intentional fear, uncertainty and doubt. Who ever said the record labels want you to play music CD's on your computer, in fact wasn't there a genuine effort by the RIAA cartel to create CD's that wouldn't work at all on a PC? If they can't get the end user to cease this undesired activity they can always frighten the luser into submission.
Stick that music CD into my computer? No you don't, I'll become infected with malware.
Yes, perhaps it's as the subject suggests, a wild conspiracy theory. It's not as though this industry wanted to create laws to legalize hacking P2P users or anything.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
Any malware whose filename/registry keys start with $sys$ will be shielded from antivirus and antispyware software by XCP. This gaping security hole represents a great opportunity for script kiddies. Sony should do the responsible thing and immediately recall all rootkit-infested CDs.
That you agreed to something and then they installed their software based on your agreement?
You either work for Sony or you didn't read any of the several articles on this topic. From TFA:
I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall.
Further down...
Getting rid of the rootkit proved nigh impossible and caused further problems, according to Russinovich.
This isn't a simple matter of not having read the EULA and having buyer's remorse. This is a matter of a company deliberately misleading you. If still not convinced, read the article a little further:
Russinovich noticed that the rootkit's 'cloaking code hides any file, directory, Registry key or process whose name begins with "$sys$". To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.'
Hmmm... A program that not only hides itself, a la rootkit but also gives a convenient way for any virus, trojan or malware to hide itself as well!
For some icing on the cake - no uninstall is made available.
I'm a big tall mofo.
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.
Emphasis is mine. Anyways, nothing is the EULA says that I can't just go and delete it. Sure, it may reinstall, but can't we delete it the minute we eject the CD? Can we write a script to do that?
Get a Mac? According to the FAQ, the disc appears as a normal CD on a Mac. Anyone know if the content is the same, or are there extras that you get for enabling viruses on your PC?
The problem is that Windows allows some program to mess around with vital drivers and other system internals without screaming murder. This is a clear case where proper use of permissions would prevent potential damage to a system. While Sony is definitely in the wrong for taking advantage of this, the structure of Windows allows this rootkit to be installed.
I submitted this story last night, and it didn't get posted.
Well Sony has all the reasons to mess with PCs stuff. They don't *really* want people to use their PC for any media stuff... Sony wants everybody to use custom hardware solutions made by Sony. PS3, PSP, Memory Stick,.....
So messing with your PC looks like a good thing to do for Sony (especially since it also f*cks with MS).
I think they mean non-uninstallable.
http://www.windows-sucks.com/content/ms-hidden-fil es.shtml/
Everyone send your congressman a complimentary CD, then send them a letter a week later explaing what Sony did to them.
Has this passed? Is it applicable?
0 2929:
(4) inducing the user to install a computer software component onto the computer or preventing efforts to block installation of a software component;
http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.
If they used racketeering laws to go after the RIAA, why not antispyware legislation against this?
Posted by: Dickrichard | Nov 1, 2005 11:03:07 PM
;)t ml but nothing really beats searching.
I'm posting this via a proxy just in case Sony doesn't like what I post...
After reading this news story I decided to go after this software and defeat it, and I did.
The following is how you kill this hidden install. I did this in Windows XP Pro, so attempt on another OS at your discretion. This will require Administrator rights. Please read through the entire instruction set, and if you don't feel comfortable attempting this, then don't. The rest of you, follow me
1. hit windowsKey+R to open the RUN command. Type services.msc to run the services dialog. Find 'Plug and Play Device Manager' in the list, right click and choose Properties. Under the General tab of the box that comes up, in the middle there should be the "startup type" of the service. Set this value to "disabled" and click OK. Next find the service named 'XCP CD Proxy' and set its startup type to disabled as well. You won't be able to stop these services, only disable them from starting next time Windows starts.
2. Download and run the latest Blacklight beta from http://www.f-secure.com/blacklight/ This program will find the 'super hidden' CD proxy files we're trying to get rid of. When it finishes searching click next until you reach the screen that shows you all the hidden files it found. Select all these files and click the "rename" button to the right. Windows will restart once you click OK, and the files will be renamed.
3. Once Windows restarts you will have lost any and all CD/DVD drives. DON'T PANIC! Hit windowsKey+Pause/Break to open up your System dialog. Click on the Hardware tab, then on the "Device Manager" button. Your system will not list any CD/DVD drives, but you should see IDE slot(s) that have little yellow circles with exclamation points over them indicating a device with a problem. In order to restore the drivers to their un-sony-altered state you must right click on the affected device and choose "uninstall driver". Do this for each device with a problem.
4. Now that you have uninstalled the affected drivers, simply navigate to your Control Panel via the Start Menu and choose "Add Hardware". The add hardware wizard will run and find your previously disabled devices. Your drives are now restored and functional, and this potentially dangerous menace vanquished.
5. Advanced users may now go and clean up the mess, but this step is not necessary. Delete renamed files, and dare I say it, registry keys that pertain to Sony's program. Use this list for reference: http://www.europe.f-secure.com/v-descs/xcp_drm.sh
As an added note, once I got my drives back up and running, I popped in the CD that put this program on my computer. I was able to use a multi-session aware program (Roxio) to access the audio portion of the disk and rip MP3s to my hard drive where they will now be listened to in my preferred player the way God intended it to be. Oh, and the only illegal thing that went on here was what Sony did!
CONSUMER 1 - SONY 0
P.S. Once you rip MP3s from your Sony disc, burn it the old fashioned way, with gasoline and a match!
Just say Digital Restriction Management, and it'll dawn. Say the corporations use the word "Rights" just to make people believe it is good for them.
This whole thing *could* be a pilot of Sony, testing the water for Microsoft and the others of TCPA. Now, we're seeing a backlash, but then they offer it through Microsoft Windows, and all is supposedly good again.
Don't sell your freedom so cheap.
So, technically they are in the clear (in the same way that they would be in the clear if they said "the SOFTWARE will reside on YOUR COMPUTER until pigs grow wings"), but what they are doing is still morally very wrong...
As far as being able to uninstall it via "add/remove programs", I wasn't aware that this made software dismissable via legal grounds.
It's just not a matter of failing to supply some user-friendly functionality to make it extra easy to uninstall.
Such functionality might take time to develop, and so a case could be made that the developper just didn't feal it worthwhile to spend the effort...
But in this case, the developers went out of their way to make it extra difficult to detect, let alone remove, their software. Even without Add/remove functionality, you could still remove the files and registry keys manually, if the software was just sloppy, rather than malicious. But in the present case, the software's files and reg keys are hidden, so you can't just remove them. And if you do find the trick how to de-activate the rootkit, removing the resources will break the OS if not done properly (disabled CD driver), meaning that for a normal user the only alternative is to reinstall the OS. Not nice!
You are assuming that Sony has (a) written the code properly, and (b) there's no way to exploit this code externally from the running system. Anything that hides itself from the running process list and prevents itself from being uninstalled is a potential hole in your system. Example...there is a buffer overflow in Sony's DRM software, which you can't remove because you can't see it. It's running as a driver, as the "system" user, which means it can do pretty much anything it wants. A userspace program (LimeWire?) triggers this DRM by trying to play a Sony DRM'd song, and triggers the buffer overflow exploit. Once this exploit is triggered, the attacker can download whatever they want to the compromised machine, creating another zombie, or whatever they want really.
This is just an example, I'm sure a real cracker could come up with something doable.
Ok, if they wan to play that, then the reverse play is that you have to download music as data files because music CDs constitute a threat to your computing environment. In effect, they just legitimatized music downloading as a way for consumers to escape injury (in the legal sense) from their crapware.
If enough people complained to Sony and stopped buying their products, they would likely change this policy. But as many people have said, the vast majority either are ignorant of this or simply don't care.
Hmm.. lets see. If I recall correctly:
1> SONY installs a rootkit and did not say they were installing a rootkit. A much less damaging form of spyware would have been able to accomplish the tasks that SONY claimed the rootkit was intended for. (If your PC were a neighborhood, you might agree to having a security patrol, but I doubt you would agree to giving them the keys to your home, code for your alarm, and potentially access to your bank accounts, tax returns, and video library)
2> The rootkit SONY installed has known vulnerabilities - meaning that folks other than SONY would be able to use the rootkit for their own purposes. (Back to PC as neighborhood, not only is that security watch doing a whole lot more than you realized, but anyone who knows the secret handshake is a fully authorized member of the patrol - with the same authority as the head honcho.
Now, think of what a class action lawsuit will mean when every member of the afdfected class can claim financial damages based simply off the documented costs of repairing "damage" to systems done from "I love you". (Several thousands of dollars minimum PER PC) - or, to put it another way:
3> Profit! (but not for SONY)
You either believe in rational thought or you don't
Boycott all of Sony Music - this includes labels like:
Arista Records
BMG
Columbia Records
Epic Records
J Records
Jive Records
LaFace Records
Legacy Recordings
Provident Music Group
RCA Records
RCA Victor Group
RLG - Nashville
Sony
So So Def Records
Verity Records
As a recording engineer / producer I'm against piracy - but I also hate DRM screwing with my machine and making it hard to enjoy the music I purchased in the way I want.
Support indy labels, and write letters to artists you like that are on majors - tell them to move on to an indy label or start their own.
And if you're really mad (as I am) boycott all of Sony. While Sony music walks to its own drummer, the parent company can't be loving the bad publicity.
I stopped buying all Sony products (including the pro gear I use as an audio engineer) when they initially started their annoying DRM. It is easy to break, but makes normal use of the CD harder.
obviously you didn't look too hard.
Open up any windows directory.
Go to tools.
Folder Options.
Go to the view tab.
Find the radio button that says show hidden files and folders.
Click that button.
Say OK.
I bought a sony minidisc player a few years ago. It was a lovely bit of kit in the era before iPods, which allowed you to transfer mp3's onto minidisc. Unfortunatly the incredibly buggy (windows only) software and associated DRM crud that provided the interface between it and my pc completely crippled it to the extent that I got rid of it as soon as possible. I vowed never to give sony my hard-earned again. So far I've stuck to it, which has probably cost them in the region of £2000 based on various gadget and electronic equipment purchases I've made since.
This is part of what you need if you want to listen to Sony's music legally.
On the one hand, it's perfectly legal for me to play that CD on my laptop without running that software. Even assuming a clickthrough license is valid, I can simply refuse to accept that license, refuse to install the software, and treat it as an ordinary audio CD. If I'm not running Windows on my laptop, in fact, I don't even have an opportunity to use their spyware-enhancer.
On the other hand, even if it WAS a legal requirement, any contract that involves on or the other of the parties performing an illegal act as a requirement for fulfilling that contract is void. There's a reasonable case that this software violates the DMCA and thus the license is invalid.
Which takes you back to the first hand.
I showed the last to one of my coworkers, who immediately started worried about a recent Switchfoot CD he played on his machine. Sure enough, not only did the CD have DRM on it, but it seems to have installed the same rootkit as the example given in the Sysinternals website. Which of course makes me wonder, how many CDs did Sony put this into?
I'm starting to think it'd be worthwhile to create a domain policy to prevent this malware from running on any of our network machines....
Shameless plug for my photos on Flickr
Oh, and screw purchasing a PS3. Sony wants to screw the consumer, then screw them. I never really did like Sony, but this is just another good reason.
If consumers don't complain loud enough, then other companies will feel that the "rootkit" style DRM is now acceptable and everyone will start doing it. I wonder what then happens when multiple DRM schemes are patching the kernel function table and adding filters to the IDE chain...my guess is that without some serious quality development and testing, lots of consumers are going to have dead Windows installs because they legally paid for "content-protected" music...meanwhile everyone else is happy with their MP3s.
$2B OR NOT $2B = $FF
I've seen something similar done with telemarketers and there is a court precedence upholding it.
Place ads in major newspapers stating you are going to charge individuals and/or companies who install software or change system settings without prior authorization, $1000 per hour to restore my system with a $1000 minimum charge. The newspaper ad serves as public notice to your business intent.
You probably need to place an ad in every major city where you plan to charge the comapny or individual.
Definitely place an ad in Redmond, WA.
Users should form a site that lists software and service companies and what state they are located in.
Check with your lawyer first. Laws vary from state to state.
The problem can exist for any drivers that operate under kernel mode, which is unfortunately true for Linux as well. Fortunately, while Linux supports fewer devices than windows and the functionality is often more spartan, (i.e. 3D graphics cards) we are fortunate that they don't make it into the kernel until the are solid.
The BSD zealots have a point here - it is more secure to have all drivers run in separate sandboxes, so a borked driver won't bring down the whole OS.
My rights don't need management.
A clean install of Windows with only "certfied for windows XP" software is rock solid.
.NET development suite before.
you've never used the
it's far from rock solid. Same as Microsoft Office 2003 I get crashes there as well on a regular basis with all the users here. Open a office 97 word file with a simple macro and watch how sometimes it blows up.
windows XP with NOTHING elese installed and unplugged from the net and with no 3rd party drivers or any performance hardware is rock solid.
as soon as you use it it becomes less stable. Not unstable but less stable.... bluescreens maybe every 3 months or so.
Since what you jokingly recommended was vandalism, and thus illegal, you really should have posted that AC.
Of course we all know you were kidding, and you didn't mean it as a serious recommendation, but if someone were to go out and do it, and the jackasses who developed this root kit see your post, then you could find yourself on the receiving end of some legal hassles.
"Live Free or Die." Don't like it? Then keep out of the USA
I propose to introduce a death sentence for corporations as an international treaty: After a corporations gets caught screwing their customers or bribing (campaign contributing for you in the US) politicians they are forced to sell everything belonging to the company and the money is donated. Neither employees nor shareholders get anything. That should help bring some honesty back to big business.
Linux is not Windows
Hello.
I have just learned about the malware that Sony has started to add to "compact disks" (in quotes, because Sony breaks the CD standard) via poorly-written DRM software from First4Internet. It is simply unconscionable that Sony would resort to such unethical lengths to prevent the pirating of a software. In fact, criminal trespass comes to mind, given that the software differs from what is described in the EULA and non-removable.
I'm outraged at this behavior demonstrated by Sony, and I can assure you that I am no longer a Sony customer. In short, although I am a computer enthusiast/technologist who builds his own systems and enjoys gaming, and although I am a scientist who uses high-end computing resources on a daily basis, I won't be purchasing any of the following from Sony in the next few years:
1) Stereos and portable audio equipment
2) Flat screen televisions, plasma TV's, etc
3) High-end computer LCD monitors
4) Laptop computers
5) Computer CD and DVD drives
6) Sony-branded CD, DVD, and floppy disk media
7) PlayStation 2 or 3
8) PlayStation Games
9) PlayStation Portable
and needless to say,
10) Sony and BMG music.
If you break standards on DVD equipment, add Sony and Columbia TriStar movies to that list.
Thank you for making my future purchase decisions so much easier.
Sincerely,
****
OpenSource.MathCancer.org: open source comp bio
Hi, Folks
I ahve long known that Sony is NOT one of hte biggest electronic firms selling within Japan. In fact, it is known for its quick development turnarounds and use of second and third-rate parts. In the rest of the world, however, it remains a giant that oversells its products and dumps most of its old stock onto the third-world market.
This should come as no surprise.
"Me, I think I'll just pirate all my music from now on. That way I don't have to worry about any of this DRM nonsense!"
And what's so insightful about being a pirate? You don't actually solve any of the problems. You're just hiding from them. The companies get bigger, and your "Fair Use" rights (amoungst others) gets smaller.* And the best solution you can come up with is "Well, I'll get mine!". Stupid! Simply stupid.
*And that's just one of the side-effects, assuming you've actually been paying attention for the past couple years.
Send him a Sony DRMed CD, then rename all of the files on his hard disk so they start with $sys$, then watch the fun....
Make no mistake, the mebers of Van Zant are just as culpable in this as Sony Music. please let them know at
Vector Management
Ken Levitan and Ross Schilling
P.O. Box 120479
Nashville, TN 37212
Phone: 615-269-6600
Fax: 615-269-6002
Thank you Tapeworm
We'll know Wine is finally ready when it can get nailed by a Windows rootkit.
:-P
Great. Now I've got this image stuck in my mind of a fat Orson Wells saying "We will sell no Wine before its time."
Slightly offtopic question: I come from the Linux side and was unaware that BSD could sandbox drivers. How does this work, how well, and on what BSDs?
Is there a list of CDs that are affected, except the one Mark Russinovich used.
Timo's Audio Software http://www.esseraudio.com
Wouldn't GNU/Linux be the same way if you were running as root? Aren't there lots of people that will just give up their root/Administrator passwords the second some unknown software says it needs them? There's a Sony FAQ about this software that's a few links away from the F-Secure article. It contains the following gem:
"You must log on to your computer with Administrator rights or Power User rights to fully use the disc. Normally, you should have Administrator rights, unless you are working in a corporate environment in which case, you'll need to contact your IT department to have them install the software for you.
On Windows XP Home Edition system you will need Administrator rights (typically the default setting) as well, not User rights."
Yes, you and I realize that's some ridiculous bullshit, and that if you disable autoplay the CD will act just like, well, a Real CD. Most users will think, "I'd better figure out what these Administrator rights are and install them on my computer so I can play this CD. I hope that doesn't cost me more money." Another box popping up saying, "this program want to overrite vitalfile.sys, this is very risky, are you OK with this?" wouldn't really help anyone that didn't already know; they just want to hear their music.
You're absolutely right, though, that this does represent a problem with Windows. Windows should not allow this, Unix should not allow this, BeOS should not allow this, VMS should not allow this. Windows actually has an easier way to handle it than most OSes, since it knows about the user's GUI and can pop up an alert (the Linux kernel would have to figure out whether the user was running at the console or in X or with some other crazy setup).
I've been thinking about potential solutions; perhaps offer a physical device with which you must confirm any module load? But this handcuffs remote users (for most systems there's probably no need to ever remotely load moduls, though. I wouldn't mind, as long as there was an option.) It would be convinient if when a module was loaded for the first time the OS could analyze it and figure out what types of behavior it would modify, and present this information to the user. Though if the idea is to modify other modules, like this program seems to do, a different type of protection (probably user-level) is required.
The only real layer of security is users, because only they can overlook the technical methods that software is using to make the value judgement, "Do I want this on my computer?" Running as Administrator or root by default diminishes a user's ability to make this judgement and puts them paradoxically in less control over their computer. That is one aspect of this for sure that can be placed squarely on Microsoft and Windows. If Apple can completely switch around thier OS technology and tell companies, "if you want to run nicely on OS X then re-release all your software", then certainly Microsoft could use its gargantuan power to pressure companies to write software that follows a sane security model. It would solve many problems with Windows as it is used today.
I found that Real player's ability to write files to a Minidisk made it a far more functional alternative than the actual software that Sony makes for minidisk players.
It's the primary reason I kept realplayer on my windows PC for so long.
Then I got an iPod, and the Minidisk player went the way of the dodo for me.
"Live Free or Die." Don't like it? Then keep out of the USA
What gets me is this DRM crap is I doubt Sony's given any thought to how this all scales over time. Assume that ALL record companies start using this method and every one is different. You could quickly end up with 8 or 10 different rootkits on your machine - everyone of them trying to manage your CD player - and who knows, maybe your harddrive. Then assume that Sony and the other companies decide that they need update their rootkits over time - with versions that aren't compatible with each other... you could end up with different rootkit for each CD you've ever loaded into your machine. Having several hundred rootkits installed on a machine would probably cause some serious performance and security issues, assuming they could all peacefully co-exist. This is one massively broken idea that Sony has and it has to be stopped NOW.
JR
By circumventing trivial measures on my computer to prevent people from installing rootkits, Sony is in violation of the DMCA. One problem--I don't own a single Sony product. Oh well, I guess I'll just have to settle for being a vicarious victim.
Sooo...if you download the cd illegally, you have a small chance of getting a virus...but...if you buy it legally your guarenteed....hmmmm....go pirating
...to call this action the FELONY that it is?
If I gave you some medium that did this, EULA or not, I'd go to jail.
Compound this with the person who inerts this CD (and thereby is the party who agrees to this EULA) being a MINOR... this entire situation is complete insanity. Is there no concept of authority anymore? Any a$$hole that can sit at my keyboard is automatically a fully authorized proxy for me? In effect I have ZERO authority, and FULL accountability?
In short if the next Bagle variant contains a good EULA, it'll be perfectly legal.
help me i've cloned myself and can't remember which one I am
From the Washington post:h tml
Full page: http://blogs.washingtonpost.com/sec...raids_hack.
"As long as the attacker's file begins with that prefix, it will go undetected by most antivirus programs out there," Hypponen said. He added that installing the Sony program on a machine running Windows Vista -- the beta version of Windows' next iteration -- "breaks the operating system spectacularly.
So.. Not only does it embed itself in current versions of windoze, but it seems to whack the upcoming Vista(Longhorn). Gee.. Ya think that would be a 'problem' for folks a few years from now when they play those CD's on their shiny new computers?
This is what happens when you get this 'low level' regarding wedging drivers so close to the core.
And ya think MS would 'work with sony' to 'fix' this?
Such a collaberation would be prima facia evidence that MS is just as evil regarding DRM. But then again, we already know this regardless. MS DRM and their 'trusted computing' is a joke. Yet, if they were to modify low level driver to 'accomodate' Sony's ROOTKIT, thats just going TOO FAR. Obviously performance and stability would still be taking a back seat to MS's so-called 'security initiatives' of last year.
Again... Its an evil web Sony is weaving. I'll be very curious as to what MS will do about this regarding Vista. Will they go for stability and simply advise everyone not to load that Sony junk at risk of whacking the machine? Or will they 'accomodate' Sony by patching the native MS drivers to 'work with' a single, particular,specific and narrowly defined Rootkit?
Let the games begin!!
Follow this link to send a comment to Sony. I know I won't be buying their products anymore, and I sure as hell let them know.
Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
... for stuff like this. If you care enough to REALLY do something about it, there are really only two things to do:
Intentionally or otherwise, what the program is exploiting a flaw in a popular operating system in a way that not only enables them to control access to the data on the CD -- which itself is illegal, but fat chance the government will help you with that -- but it in so doing opens up the machine to facile infection with illicit software which it will then actively cover up and make detectable only to very knowledgable users. If DHS is serious about cyber terrorism, they shouldn't be letting companies subvert the already weak security of the predominant operating system and prime them for becoming unwitting pawns in terrorist activity.
Make a simple flyer explaining what's happened and the implications and see if local record stores would be amenable to helping out. This could be as little as having them stuff an info packet in their bags, to leaving a stack of Live Linux CDs that do nothing but permit a user to duplicate a CD to CD-R without the offending software, or even have a "SafeDupe" day where a few people setup a table where purchasers can show proof of purchase and bring a blank CD to have it "SafeDuped" for them. Obviously, most record stores won't want to rock the boat, but a well-spoken and sincere person (armed with copies of coverage from the mainstream media talking about the problem) ought to be able to find at least one or two store managers with an ethical streak.
It's perfectly legal to make such copies, and if you don't believe me, ask a lawyer or download the Bern Convention on Copyright and read it yourself.
And remember kids, calm, cool, and collected. No name calling, no vitriole. Attribute not malice where stupidty is explanation enough, etc. And do make sure that whatever you do is entirely on the up-and-up, transparent to everyone involved, and that the press and SonyMusic are well informed on the subject.
Sony has a feedback page for their music site here.
I just sent them to following message:
I've been following the news about the Root kit being installed by many of your copy protected CDs. I'm disturbed by the fact that, among other things, it allows any application to hide files by adding the text $sys$ to the beginning of a file name. How long before this is used by viruses and spyware to hide from virus scanners.
I'm also disturbed by the fact that you can't uninstall the DRM software, and that trying to do so renders your CD ROM drive non functional.
I have no desire to have to reformat my PC and reinstall the operating system from scratch to get rid of what is, to be blunt, a massive security hole.
I will not be purchasing any Sony label music in the future. This included the purchase of Sony labeled music through iTunes. I was going to get my brother a Playstation 3 this Christmas. I will NOT be doing this. I will also stop buying new games for my existing Playstation 2, and am seriously considering selling the game system and the games I've accumulated.
I will not purchase Sony products in the future. I have no desire to pay for something that deliberately damages my computer.
I plan to check my home PC for any signs of this DRM root kit, and if I find it, Sony will be receiving an itemized bill for the time taken to reinstall the operating system and my applications.
"Live Free or Die." Don't like it? Then keep out of the USA
Take it back to the store, and say: "The CD is defective. It doesn't do what it says it does. It does not prevent me from making unlawful copies of it."
Which has absolutely no bearing on Sony's deceptive business practices, the legality of which can still be questioned in a court of law, as can the interpretation of the DMCA, FYTW.
Because no one has the time and financial ability to go up against Microsoft, Sony, etc. So, regardless of YOUR opinion on the subject
First of all, my opinion is irrelevent, as is yours. I didn't realize we were discussing our opinions in the first place. The only opinions that matter as far as the law is concerned is a Judge and/or Jury's.
you can certainly guarantee that this particular EULA will stand until another fails.
That simply does not follow. There is no reason to assume this particular EULA will not be tested in court. Why are you making that assumption?
Sticking feathers up your butt does not make you a chicken - Tyler Durden
I used to really like Sony products, but if they keep up with stuff like this, Then I will see them HERE
"So, technically they are in the clear..."
In the good ol' USofA, there is no technically clear in civil litigation. All you have to prove is something as simple as your reasonable expectations. Doesn't matter what the EULA says or if they did anything illegal.
IANAL, but it is my impression that in the eyes of the US courts, you not only have to follow the letter of the law, but you have to ensure that you are conveying a reasonable perception about what your product does. That fine print means nothing if the court finds it too difficult to read, or makes unfair claims (ie - By installing this, you transfer ownership of your computer to us... which is what a rootkit comes closest to without physical possession.)
Civil cases aren't really about the law. They're about damages, and a propoderance of evidence (more than 50% in your favor... a lot less than the reasonable doubt standard of a criminal trial). It may not be against the law for you to spraypaint your trees pink. But if I'm your neighbor and plan on selling my home, I have every right to sue you for damaging the property value of my home. Getting a few other neighbors to testify, and it'll win just on proponderance of evidence.
IMHO, I'd sue the hell out of Sony in a class action lawsuit. Look at it this way: you may not win a lot of money each, but it'll probably be enough to repurchase that CD and a few others with no DRM.
I8-D
should be filled out by all angry individuals... http://cp.sonybmg.com/xcp/english/form8.html
I just upgraded to Symantec's Internet Security Suite 2006. Latest, greatest, and safest...
oh sh...
"The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk, and that its team worked closely with big antivirus companies such as Symantec to ensure that was the case." -cnet
Does anybody know if there is a Linux port of this RK? Or will it run on WINE? I would really love to have this RK on my Linux box. I think it's the only thing stopping me from using Linux on the desktop at the moment.
Google's snapshot of the FAQ from a week ago
Uncopyrightable: The longest word you can write without repeating a letter.
Hardware: I own two Sony Widescreen TV's one of which weights over 250 lbs., two DVD players, two VHS, one PS2, a Sony VIA laptop and one Multiscan 200ES, a Sony Mp3 car stereo system and I will never purchase any Sony products again.
Software: I rip every peice of shit software enhancement they give away out of everything I purchase.
Entertainment: I own a lot of it and will never purchase any Sony product again.
This is the straw that broke the Camel's back.
Are you on crack? Sony has hacked your computer. They've installed software without your knowledge and without any way to detect it. Worse this software will allow anyone who knows about the $sys$ prefix to now install their software without your knowledge.
This is a huge deal. I hope Sony's execs are put in jail for hacking.
You know, I just thought of something. There's no reason for an operating system to unconditionally trust and run arbitrary binary code from a CD-ROM. And yet that's default behavior on most systems. Autoplay's "run by default" is just as bad as if a web browser runs an executable with no confirmation upon download. So certainly that aspect of Windows is *teh evile* and if any other desktop environment is considering that, they're not helping. Frankly, there's no reason to have an automatic daemon to control device mounting imho, which is why I'm glad that I use an operating system that gives me the choice to mount when I want to. Somehow I doubt this flexibility is coming soon in Windows, given Microsoft's commitment to DRM. (though I often don't place much faith in a user's ability to handle security, I think that most people could handle mounts and unmounts, particularly considering they don't even need it for audio CDs).
I copy audio CDs I don't own. I make new audio CDs out of them, or rip them to mp3s or ogg files. THERE IS NOTHING ILLEGAL ABOUT DOING THIS. Of course, I haven't let myself be brainwashed yet by the DRM police, as you obviously have.
Copy free or die.
This reminds me of the funniest thing I've seen lately...Paul Kantner's album, "Blows Against the Empire" was recently re-released on CD. For those of you who are too young to have heard it when it came out around 1970, this album advocated violent overthrow of the US government, theft of government property, active draft resistance, drug use, and other assorted bits of anarchy. On the cover of the jewel box, and on the CD itself, it now has large FBI anti-piracy warnings, threatening you with government prosecution for attempting to pirate this album...ironic, nicht wahr?
There is no God, and Dirac is his prophet.
Well, I guess that should've been obvious, but... Since it's modifying the registry, any security app that warns you of registry changes (like SpyBot's TeaTimer) should pop up a warning and give you the option to prevent this from installing itself in the first place.
On Sony's website I looked at the CD in question. At no point does the website tell you there is copy protection on the CD.
So Johnny Uninformed buys a the CD online. He will have no idea he is recieving a DRMed CD until after he pays shipping and recieves the product.
This would piss me off!! I have had this happen to me in the store though as well. I have bought CD's only to realize it was DRMed once I got home. !@#$ this piece of $#@!
I have two solutions 1) return it 2) use my sony CD player with optical output and record it to my sony minidisc in high quality. Transfer the recording to my sony computer where I share it with the world to download in high quality DRM free greatness.
#2 is hypothetical but possible. I like the idea of screwing sony with sony products but then you'd actually have to buy sony products and they win anyway! By the way the minidisc would only allow you to transfer that recording off the minidisc once. Way to restrict my personal use with every product you make.
If Sony made prosthetics would they restrict how I used my limbs?
Just when you thought it was safe to return to the music store.
Guess its back to downloading DRM free MP3s...
If you think about it a tumbler lock is most certainly an analog device. Each pin is not "On or Off," if it was I could see your point. Each pin has a range from the minimum height to the maximum height. Also tolerances in the system allow for a match without an exact match.
How do you figure it's digital?
Now an electronic keypad would be digital but you specifically mentioned a tumbler lock.
If SONY circumvents the security I have installed on MY machine with their rootkit are THEY in violation of the DMCA?
Hold on...
If you have Windows and you really need to play the CD's (not that I suspect many casual users would even think of using the CD drive in the computer - most people I work with don't know you can even do it. I've even been asked if I can play a CD in a DVD drive and, incidentally, vice versa) ripping them to MP3 is suddenly safer, easier and, taking the users time into account, cheaper. Plus you don't need the disk in the drive. Good move, record companies the world over. You've just signed your own bankruptcy.
To those tech-savvy people who want to play their CD's in their computers, why have you got Autorun enabled, why do you treat the onboard media playing software as any different to any other software (virus risk etc.) and why would you allow someone to install ANYTHING, no matter how tiny, onto your hard disk just to play a CD on the computer?
CD's play in the computer as a by-product of the technology. Most of the time, data and audio CD's never mix so if it's been this difficult for the past few years to play a god-damn audio CD in your computer, who still bothers?
You want to play a CD on a computer, keep autorun turned off (it only saves two double-clicks at great security expense) or alternatively hold down Shift as you load the drive, rip it to MP3 and never use the "software" that comes with it. If you wanna play it on your CD players, make audio-disc copies (you just did it to MP3 so dragging those MP3's onto Nero takes about a minute and you have a completely DRM-free audio copy for the car, safe use on the computer and a backup should your CD ever stop working (breakages, can't play it in Windows Vista etc.). Most decent MP3 software completely bypasses this sort of thing so long as the disk doesn't get a chance to Autorun or be installed.
It probably never hits about 70% of the CD-playing public as they never put it in their computer. It shouldn't ever hit anybody clever enough not to install unchecked software. The middle ground (those who want to make a copy with some piece of rubbish written in Visual Basic or those who want to play it on their computer) are a small minority.
"Sony customer support. You want to uninstall our DRM software? Ok, whats your name? Address? City and state? Zip? Ok, please wait while we submit your information to local law enforcement."
So, are they placing DRM rootkits on the SOE game disk ?
Don't know what the voltages are now, but used to be anything below, say, 0.5 was off, anything above 4.5 was on, anything in between was a no-no.
Sure sounds like lock tumblers have a lot in common with transistors.
Infuriate left and right
Quit goofing around with all this chat. Here's the email address of Sony's president, Nobuyuki Idei, Chairman and Chief Executive: nobuyuki.idei@jp.sony.com Let's just ask him what he's going to do about it.
*** Don't be dull.***
I don't know why this /. article was posted, as I doubt any of the links add anything to the original. What would be nice is to hear a statement from Sony, who are probably trying to figure out how to damage-control the situation now that their dirty little secret is all over the Internet.
Arguing about vi versus Emacs is like arguing whether it's better to make fire by rubbing sticks or banging rocks.
For example, there's this and this for starters.
Shouldn't they be providing a tool to make this easy for their posters?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Since I believe everything I read on Slashdot, my primary login in XP has always only had User privileges. Given how thoroughly this thing appears to insinuate itself into the system, would that have defeated its attempts to install?
Is that an adequate defense against this kind of sabotage? Or should I just admit that running as User has been nothing but a pain in the butt?
'This writing business. Pencils and what-not. Over-rated if you ask me. Silly stuff. Nothing in it' - Eeyore
Not a bad idea at all, that one!
not gonna work.
the whole point of a rootkit is that it wriggles so deep into the system that it can hide from 'show hidden files and folders', as well as hiding entries from regedit.
do you really believe that a regular 'hidden' folder would be undetectable by AV scanners?
I gess Sony will refund people for the lost CPU cycles.
Buy and return.
Buy something from Sony, like PS2 or a camera, and then return it the day after. AFAIK, return items go pretty high up in the supply chain. Tell why you are returning it.
Any problems with this?
Apple's iTunes installs new CDROM drivers in the same way. I believe Apple was doing this before Sony.
Nothing. It looks and functions as a normal audio CD on a Mac.
Under Windows, yes it will prevent iTunes from ripping it and putting the music on your iPod. Several bands (and I believe even Sony) have instructions for copying music onto the iPod using Windows and they generally involve burning the included WMA files of the music on a regular CD and then reripping it (yes you will lose quality), but the much better solution (that they don't tell you about) is to just hold down the shift key while inserting the CD which will disable the autorun.bat script.
It's actually rather funny looking at their instructions because they'll have several pages of instructions for Windows machines to copy the music onto iPods and for the Mac, they just say "The audio CD will function normally and without restrictions on a Mac.".
All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
I havn't bought a Sony product since 2001 when they were grossly rude to me during a customer service related call.
So yes, it's very easy to boycott sony.
Hmm. I guess except movies- I may have seen a columbia picture at the theatres. I know for some I have bought a ticket to movie "B" and then seen movie "A" instead to avoid them getting my cash.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Mr. Thomas Hesse
President, Global Digital Business
Sony BMG Music Entertainment Company
550 Madison Ave.
New York, NY 10022-3211
I wrote this guy last summer after reading a piece in the New York Times featuring him discussing Sony's oh-so-wunnerful SunnComm copy protection. I can't locate the original NYT article, but this one says almost exactly the same thing.
I didn't receive a reply. I thought I stood a good chance of receiving one since I couched my language in civil terms and didn't call him a pig fucker. So, see what works for you.
Those who can, do. Those who can't, write technology blogs.
As of 11:50ish, a set of stories about this topic are now on google news. The ones I read cast it in the light of interfering with computer operation, and being potentially dangerous.
A hospital in Somewhere, USA uses XYZ Software's Medical Manager suite. This application runs on a Windows based network. One of the internal databases is called $sys$PatientAllergies which keeps track of which patients are allergic to certain medicines. A patient, John Doe, is admitted for having potentially serious illness. Mr. Doe is highly allergic to medicine XXX and tells the nurse he could die if used on him. Sometime after the nurse enters this information into the Medical Manager, she plays her new copy of Sony's latest release with said DRM technology. A short while later Mr. Doe takes a turn for the worst becomes unconcious. Only two medicines can save him, medicine XXX and a less effective alternative. The doctor on hand checks the Medical Manager suite for any allergies Mr. Doe might have and sees that there are none because Sony's root kit has silently hidden Medical Manager's $sys$PatientAllergies database. Mr. Doe is given medicine XXX and dies within minutes.
Is protecting your copyright worth killing for?
I've been using Studio.Net full-time ever since it was in beta. I haven't had a bluescreen in years. I think your issues lie elsewhere.
This is reported everywhere as a rootkit, something that can't be uninstalled, and that may compromise your system. It is, in fact, a virus. Personally I hope anti-virus software will start detecting it, reporting it as virus to the user ("Sony DRM virus found!") and remove it.
Hey, I mentioned this article to my wife who actually works for Sony-BMG right there at HQ on 550 Madison, and even she didn't reply to me. no kidding!
We might also want to notifiy companies that Sony's Music CDs infect Windows machines if played, and that they should immediatly notify their employees that it is against company policy to play Sony CDs in any company computer.
I am sorry! Hijacking a person's computer on the flimsiest excuse is nothing short of piracy! Down with software pirates!
6. I have heard that the protection software is really malware/spyware. Could this be true?
Of course not. The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system.
Also, the protection components are never installed without the consumer first accepting the End User License Agreement.
If at some point you wish to remove the software from your machine simply contact customer service through this link. You will, though, be unable to use the disc on your computer once you uninstall the components.
I call shenanigans. They say it's not designed to be intrusive, yet it hides itself by creating a security hole and it messes with your drivers. They say it's not installed without the consent of the user to the EULA yet the EULA doesn't appear to give sufficient details to make an informed choice as to whether or not you want this on your system. They offer a removal tool; however, once applied, you will not be able to use the CD in your system at all. This last implies that the tool either does an incomplete removal or adds further software to your system (does the removal tool come with an EULA?)
Sony's Form
A real live person will call you back Amazon titles with the protection
I'll refer you specifically to Velvet Revolver's new cd
Because the 1st user review goes on to explain that DRM sucks and gives directions for removing it.
Here's your chance to get a live Sony rep to call so that you can voice your displeasure, waste their time and generally jerk them around as long as they'll stay on the line. This is one of those moments where I wish TrollKore and The GNAA were still around. Those trolls would eat Sony alive. I don't know how, but I'm sure they'd manage to give Sony the verbal version of Goatse.
[Fuck Beta]
o0t!
And if you haven't already, check out magnatune . Their motto: "We're a record label. But we're not evil." Too bad Sony can't say the same.
Loose lips lose spit.
Matt monitors slashdot, he'll see it, so there's another avenue that gets read by a host of political and law types in DC.
And just in case he missed it, I will now send in a "tip" on his form box.
It's digital because you use your digits (fingers) to operate it... that what I'm guessing anyway.
Actually, that gives me a great idea. A lot of newer anti-copying programs, anti-cracks, etc try to detect running apps (such as programs used to mount ISO images, etc) that could allow copying. Why not remake the crack too allow the ISO-mounters to work... it woul be incredibly ironic if Sony's attempt to enforce draconian protection produced a new and wonderful way to avoid other protection(s).
A friend of mine played his music CD on my laptop earlier this summer. It's title was "Lakshya" (soundtrack from an Indian movie) and while he was listening to the CD, I noticed on the CD cover a quite tiny print saying that the CD was copy protected. I wonder if my XP Pro has a rootkit in it now? How to find out if the copy protection did not install some other software on my computer?
Last time I checked windows had a way to disable autoplay on cds..
...it may seem harsh and difficult, but you *can* do better. Despite /. stereotypes, there really are more fish in the sea. I've been happily married for 6+ years, now. It's not perfect, but we generally reach understandings. My wife does take much interest in social issues and we frequently enjoy engaging in thoughtful discussions on such matters. You deserve someone who will stick to ideals that are more compatible with your own. Your marriage will be better (probably last longer) and you will be happier if you wait for someone that does. I'm sure she's nice and all, maybe very pretty (looks aren't everything -- many so-called "average-looking" women are actually better in bed), but one of the greatest problems facing our society is intelligent people of principle, like yourself, degrading themselves by reproducing with apathetic ignorami like your fiancee. I'm not trying to be rude, just give you some advice. Sometimes the truth hurts. Some more advice: Marry foreign. I've found that non-USian women are generally more principled, intelligent, reasonable, less materialistic, and even better in bed. American women can keep their apathetic and unjustifiable "men-can-do-no-right--women-can-do-no-wrong" attitudes, but they need to learn that they will lose their men if they choose to do so. </rant>
---
A lock tumbler is either positioned correctly or it isn't. "Correctly" means with a certain distance, and that does not make it analog. If a tumber could be half open, or 3/4 open, or .2464 open, then it would be analog.
Mechanical does not imply analog.
There are physical digital computers, made from fluids, gears, many things. Physical does not imply analog either, or physical circuits would make all computers analog.
Are you next going to say pregnancy is analog?
Infuriate left and right
...those CD's do not autostart on my computer and the only thing I can see is something like this :
T rack16.wav
Directory listning of d:\
Track00.wav
Track01.wav
Track02.wav
...
C:\>
Is somethig wrong with my PC ??
The best solution is obviously to avoid buying CDs. I am just thankful now that I stopped funding the record companies attacks on consumers back in 1998. Haven't bought a single CD since then, and never again will until DRM is gone, and a public apology is forthcoming for this abysmal behaviour. I believe in the right to make as unlimited copies of material I have purchased, the right to edit it, reencode it, and use it for whatever personal purposes I desire. I have no intention of paying for content that is governed by the unacceptable conditions that record companies impose. Record companies should not have the right to prevent me from converting content that I have purchased to whatever format I find suitable, and recording it to any media that I choose. If they insist on such a right, they and their products are of no use to me.
The greed of these people is sickening. They are damaging themselves far more than limited piracy ever would. People are willing to pay for the ease of simple downloads, providing the price is fixed, and reasonable (eg. $0.10 / track or less). Anything else is greedy and unacceptable.
...you'll need to contact your IT department to have them install the software for you.
ROTFL! That has to be a joke. No competent IT department would install shit like this, even if it wasn't malicious.
How do you remove it? Please explain.
its a misdemeanor but maybe...
S 115.00 Criminal facilitation in the fourth degree. A person is guilty of criminal facilitation in the fourth degree when, believing it probable that he is rendering aid: 1. to a person who intends to commit a crime, he engages in conduct which provides such person with means or opportunity for the commission thereof and which in fact aids such person to commit a felony; or 2. to a person under sixteen years of age who intends to engage in conduct which would constitute a crime, he, being over eighteen years of age, engages in conduct which provides such person with means or opportunity for the commission thereof and which in fact aids such person to commit a crime. Criminal facilitation in the fourth degree is a class A misdemeanor.
Yeah, I saw a yard gnome once, it didn't scare me - Space Ghost
1. Click Start, click Run, type regedit in the Open box, and then press ENTER.
2. Locate and click the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\CDRom
3. To disable automatically running CD-ROMs, change the Autorun value to 0 (zero). To enable automatically running CD-ROMs, change the Autorun value to 1.
4. Restart your computer.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
who bought us AutoPlay in the first place. Surely this sort of abuse was concievable back then...
The wording suggests that the software can be deleted, and this si what a user would expect. Additionally, the wording implies that the protection is for this particular CD, whereas the software in fact also scans any other CD used. Given that scanning CDs is a service, this is clearly a case of "obtaining services by deception" - the legal wording for fraud.
http://cp.sonybmg.com/xcp/english/updates.html
SOFTWARE UPDATES/ PLUG-INS
November 2, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers.
http://updates.xcp-aurora.com/
So, is Sony preinstalling this software on new VAIOs?
telling Sony you aren't going to buy $10 CDs won't get their attention but how about "because of your unethical/arguably illegal tactics I will also be buying:
./-ers do, make quite a few). and to think I thought I was "going over to the dark side" getting an xbox (better HD support)...
1. a $4K DLP Samsung instead of a LCOS Sony
2. a $1K Mini-DV camcorder from anyone else instead of MicroMV Sony
3. a $400 X360 (+software) instead of a PS/3
etc."
as luck would have it I already did all three (well, Xbox vs. PS/2 for now) but unless/until they discontinue this practice AND publicly acknowlege/apologize the Sony brand is off my list for all big-ticket purchases (which I, as I suspect several
..there is something about women ...like being from Mars ....and not caring about what is installed for/on them ..and population issues
Dont generalise!
It seems that a CD employing this technology could potentially damage your system. For example the Washington Post article reports that it breaks Windows Vista 'spectacularly'.
If a store was aware of the possibility that the CD could cause damage, but still sold you the CD, would the store then be complicit in any subsequent damage that occured to your system?
Would it be wise for stores withdraw these CDs from sale in case they do cause damage, to avoid possible future legal action?
Could someone with a knowledge of the legal issues comment on this?
competent IT department
I understand each of those words seperately, but they don't make any sense to me in that order. You suggest a weird concept.
Socialism: a lie told by totalitarians and believed by fools.
Sony CD First4Internet XCP DRM Software Security Issue
...with a simple solution : Use another product.
Riiiight, because corporate execs don't have enough power to abuse sharehlders and employees as it is, we need this? Throw the execs in jail; don't punish some guy on a manufacturing floor who puts Sony CRTs together, or someone who owns Sony through a mutual fund without even realizing it.
Socialism: a lie told by totalitarians and believed by fools.
In apparent response to all this fuss, Sony has released an update that "removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs." However, an attempt to access the link to this update using my preferred browser (Mozilla Suite) resulted in the message "Sorry, your Internet Browser does not support ActiveX Controls. Please use Microsoft Internet Explorer to continue."
--Dan
Web Tips
Costs:
- Licensing or purchasing the DRM software
- Running a support line for handling uninstall requests. I'm betting that a single call to this line wipes out the profit gained from selling several CDs
- Various indirect costs through bad press, annoyed users, and loss of future business. This software will convert a certain number of paying customers into pirates not just out of anger, frustration, or revenge, but because black market music is safer
Benefits:Unless the damage done by casual pirates is greater than the cost of implementing this DRM scheme, it's a stupid idea.
The RIAA is notorious for releasing inflated numbers about the cost of piracy, but actions like Sony's seem to indicate that the member companies actually believe that these losses are real. I can't think of any other reason why a company would expend so much to plug what seems to be a tiny hole. Maybe they're thinking that if you can't rip the CD, you'll buy the song again from an online service.
Yes, I've heard the suggestions that you should complain to the artists on Sony's label. But I think that Sony needs to hear as well. Complain to SonyMusic: http://www.sonymusic.com/about/feedback.cgi/
Sony clearly steps across the line here, and I seriously hope (though IANAL) that courts would find them liable here.
First the rootkit contains files which attempt to hide themselves from ordinary detection measures. Secondly, it deliberately compromises system security.
If the EULA argument holds up, I can hack into anyone's system or network by sending out email attachments that require the user to click on a EULA and give me unlimited access to their computer. I mean, there is a reasonable limit to what one can be expected to agree to, and what a reasonable interpretation of a balanced contract can be.
LedgerSMB: Open source Accounting/ERP
First I would be curious to know why Windows supports hiding of files in such a way? Secondly would it be better for everyone if this sort of file hiding was removed from windows all together?
Jumpstart the tartan drive.
Express your outrage in a letter to Sony Investor Services contact. State that you will no longer purchase Sony products, and will be very leery of Sony as an investment in your retirement plans due to this clear demonstration of Sony's lack of ethics in its business practices. Physical letters work best. The address, from Sony's 2005 Annual Report, is:
d ex.html
... Sound business practices require that business decisions give due consideration to the interests of Sony stakeholders,including shareholders, customers, employees, suppliers, business partners, local communities and other organizations."
Sony Corporation of America
Investor Relations
550 Madison Ave, 27th Floor
New York, NY 10022-3211
If you want a laugh, check out Sony's views on Corporate Social Responsibility site at http://www.sony.net/SonyInfo/Environment/about/in
From that site: "The Sony Group recognizes that
I wonder how they think installing rootkits on customer computers promotes the interests of Sony's customers!!!
Someone should rip the audio files and put them on Bit Torrent, this way no one else will have to deal with that sony sh!t. Its pretty obvious that the governement is more concerned with protecting these big companies that its citizens, and if no one fights back, they will just keep pulling this crap, or worse.
Scott Swezey
For the record, off of the top of my head, Morrowind released with SafeDisc protection which was disabled via patch. The Sims 2 released with a restriction against running Daemon Tools, but had a workaround on their tech support site. I'm sure there have been others.
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
I called Sony to inquire about how to remove this "rootkit". As I expected, I was transferred several times. After 40 min. of transfering, being on hold and explaining the situation, I did not get an answer. Can someone post the removal instructions here on Slashdot, or point to a place that has them? Thanks.
10GHz: you got a license to operate at 10GHz?
-- I have a private email server in my basement.
By, saying that all audio CDs should not be played, you took the heat off of Sony. You basically told them that audio CDs are inherently a problem. This would lead to the belief that the problem is not Sony's. You also punished the employee. If companies follow your advice, employees that want a little music through the day will now be denied the use of any CDs. You should make sure that you highlight that SONY is the problem, and that they have software on their CDs that infect computers with DRM.
Malware Malware Malware
Virus Virus Virus
Rootkit Rootkit Rootkit
Spyware Spyware Spyware
you are SO sleeping on the couch tonight...
"All your CD players are belonging to us?"
Just hitting ctrl+alt+del and actively watching your performance monitor uses up to 3% of your CPU. Just FYI, so even without the player running, I wouldn't be able to tell to begin with, nor would most. And.. I thought the original article originally said 5-10% of your CPU?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
If your use is impaired (especially if you have costs to recover) you've been damaged. Consuming large amounts of CPU, impairing the operation of peripherals and requiring time and/or expertise to return the computer to its original state is damage.
Sustainability and energy independence essay
Hmmm... you think clicky-clicky is easier than editing text files?
Don't even compare Windows and Linux. Just compare Windows-with-registry with Windows-with-INI-files. Use the command line tools available *on* Windows. It's a hell of a lot easier to find stuff in AUTOEXEC.BAT, CONFIG.SYS, and WINDOWS\*.INI than to find it in the registry.
Now try it again with UNIX tools, which are designed for such work.
Of course, once you've done that, and you've created an automated GUI tool for doing the job, it's about as easy to do it in either environment... and there's more people writing those tools on Windows because there's more people USING Windows and more need for those kinds of tools.
But, damn, that's not Windows versus UNIX, that's F-Secure versus FSF.
It's legal to rip the CD with other tools without agreeing to the EULA (you have to if you're not running Windows), so don't agree to the EULA in the first place.
Hi,
I wrote a review of the discs for amazon.co.uk. Look for 'Get Right with the Man' in their Uk store. I explained the issues about the copy protection. Unlike amazon.com which flags the CD as copy protected, the UK site doesn't mention this at all.
Perhaps unsurprisingly my review hasn't yet made it onto the site. Why do British consumers get less information than their American counterparts?
WOW. That is dedication. If I actually spent the time beforehand figuring out exactly which studios made what and who owns what studios, I might just do the same. But, *sigh*, I'm afraid I'm far too lazy for that...
You paid money for their disc. Then you had to work extra hard just to use it.
How do you see Sony as scoring 0 here? They still got your money.
Don't buy DRM CDs. If you do, the only things available will be DRM CDs. And eventually, they'll get the DRM right (or right enough) that you can't get the stuff off. Then where will you be?
http://lkml.org/lkml/2005/8/20/95
Well at least Microsoft is a little more forecoming on its shortcomings and will admit they @#$%^ up.
When? They'll admit to something that sounds good that lets them save face and doesn't actually commit them to doing anything about any real problems. The real mistakes that they've turned into a major part of their core business model? Things that would actually make a real long-term improvement in the security of Windows and in the reliability of the world's information infrastructure? Hell no.
They're still at the "we don't need safety belts" stage. Denial. It's not their fault. Really.
If you download something and choose to "Open from current location" in IE, or "Open with..." in Firefox, it saves the file to this hidden directory. If you choose to open it manually after you've saved it to your hard drive, it's somewhere you can see, as you had to navigate the directory tree to be able to save the file.
Nothing untoward about this at all.
"City hall" in German is "Rathaus" Kinda explains a few things......
He just opened up his lecture yesterday talking about the rootkit, and telling us to get fired up/complain/boycott/etc. He also kept bringing his lecture back to Sony a few times after that (e.g. something like "I don't like this, about as much as I don't like Sony putting this stuff on people's computers").
IIRC, he used to be the Associate Dean of CS at my uni (or some similar high position) until last year, so he's got quite a bit of local clout.
I support the Center for Consumer Freedom
The Inq is mainstream? I am press? Wow, thanks. :)
-Charlie
That according to F-secure installing the Sony program on a machine running Windows Vista -- the beta version of Windows' next iteration -- "breaks the operating system spectacularly."
... etc.
Woo-hoo, I can just see it now:
Ballmer: Sony's crap does WHAT!!!!!!?
[Picks up his desk and thows it across the room and through the wall.]
Ballmer: I'm gonna fucking kill SONY, those wimps! I've done it before and
If you want your life to be different, live it differently.
I resent your misuse of the word 'Hacker', which by its original intent and nature should be a title of honor given to respected specialists of their trade.
Please, in the future, call the people who install rootkits by their designated name: crackers.
I used to work in a county budget office.
The PC on my desk ran several proccesses to manipulate a $2,000,000,000 dollar budget, checking for accounting errors, backing up the database, printing reports. Along with Payroll information for Prosecutors, Judges, Sherriff's deputies, jail guards, tax assessors, election officials... (the highest payed employee was the Coroner) Think how interesting the home address, SSN, etc. of some of those folks could be to, for example, a convicted murderer.
I also listened to music while working (David Bowie, 'Earthling' for the most part)
I'm glad I bought my own seperate CD player in, instead of using the one built into the PC.
Secunia has released a security advisory about the Sony DRM at this link: http://secunia.com/advisories/17408/
ok so all the /. community gets pissed and boycots sony. does sony care that much? when will a disgruntled /.er break into sony's computers and install there very own f****** rootkit except with a whole slew of $sys$ viruses? anything to cause them the pain they are causing windows users with this.
See latest washington post item. As if this makes things all peache.
Well your First4Internet DRM shit just fucked up my home computer, This is to inform you that I will NEVER purchase ANYTHING from you, ever again. You have just lost a shitload of money, and I will make sure to inform anyone that listens, of your horrible DRM shit. The audacity to install such bullshit on a system, is amazing. Apparently I am not the only person that is now officially boycotting all your "infected with drm" crap.l ?tid=233&tid=17
http://yro.slashdot.org/yro/05/11/02/1421250.shtm
When your sales drop significantly this year, dont blame it on pirated goods, or a poor market.... its poor products, people wont stand for this shit anymore.
PS. I will grab every last sony Item I own and return it to the store I bought it from, Hell, I may even keep buying SOny items, opening em up, and returning them as defective... I'll bet that will screw up your sales as much as you have screwed up my system.
Do NOT goto this URL http://www.forthesims.com
https://tips.fbi.gov/
This has to be illegal. Call the cops on them!
They were really rude and the supervisors didn't give a damn and I got really pissed off. In another few years I probably won't even remember why I'm mad (it was a minor matter of a less than 30 bucks and really more about getting an apology that they boned me and I told them at the time it would probably cost them future purchases and pointed out the couple thousand bucks of electronics I had previously purchased from them).
I'm not mad any more. But now it's a habit.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
It really doesn't... Until they pull your name out of the hat and decide you have to cough up a couple hundred thousand dollars. Then it matters!
Fish....More than just sushi
From the Slysoft web site: http://www.slysoft.com/en/anydvd.html
AnyDVD tackles Sony DRM Rootkit Virus!
If AnyDVD is installed and active on your PC, the new so-called "Sony DRM Rootkit Virus" has no access to your system and the affected audio CD appears unprotected regardless! Another good reason to get AnyDVD!
I know I'm a little late with this reply but this topic has had me fuming all day. Maybe this has already been said, but I had a thought:
Is it safe to assume that Sony sells these discs in both copy-protected, and non-copy-protected flavors (different markets, laws, whatnot)? So if I'm at store #1 and I see some poor kid about to buy a copy-protected CD and I tell him to go to store #2 where he can get it non-copy-protected and he does and then makes illegal copies, is that a violation of the DMCA? After all, I disclosed how to get around the copy protection (by shopping elsewhere)...
Tell someone where to shop = jail time. ?!
I used to like Sony...
Myself, I just paste a stick over the offending EULA with a replacement contract, such as:
"By allowing the purchaser to break the shrinkwrap seal, the software vendor and all associated parties explicitly agree that the following license agreement replaces and overrides all others:
1) The user can use the enclosed media and any software and/or data contained thereon for any and all purposes.
2) The user has authorization from the copyright holder to make copies for any purpose the user desires.
3) The user has a right to full support of the software, including but not limited to, access to any and all revisions, corrections, or enhancements which may be made to it in the future."
I then give them a few seconds to respond before I proceed to open the software, consumating said license.
Thanks for playing the non-negitiable "shrinkwrap license" game. You have lost.
"National Security is the chief cause of national insecurity." - Celine's First Law
I thought US law would apply but now that you have pointed out that it is a UK company responsible it is straightforward Criminal Law. We need expert opinion from a UK based IT law specialist but this definitley falls inside the remit of the Misuse of Computers Act and the Unfair Contracts Act. It also explains what happened to the laptop a friend is bringing round for me to fix on Sunday.
If you are reading this, go to the parent post's link: http://slashdot.org/~xtracto/journal/121088 and then follow the link to (at least) one randomly selected product at amazon. Look at the reviews, and mark "helpful" all the reviews that mention the DRM.
That will do a little more to get the message out.
Liberty uber alles.
A year ago didn't we have the same argument regarding the Beastie Boys album To The 5 Boroughs? Hey! EMI! It always amazes me that apparently intelligent people make mountains out of molehills so quickly. Everyone's immediately gone all "Sony have deliberately contaminated my PC". On what evidence? And why? If you read the article it's harshest claim is that the software appears to act like a rootkit and may, potentially, prove to be a security risk. Turn off your PC's. Now! A higher risk is being connected to the internet! Sony are completely within their rights to stop you copying (or, at least, to try to stop you!) your CDs. When you buy a CD you are buying something which you are not allowed to copy. Read the small print people! In most of the world the copy-protected CD is normal. Suddenly it appears in the USA and it's the end of the world? Get over it! And, get around it! There are any number of online guides to guide you through the process. I used to think that the /.'s were intelligent. With every day, I'm less and less sure.
Sony Issues Patch As Hackers Pounce On Rootkit
w 0G4T0DqlJ0Gp
Sony posts a patch that reveals files previously hidden by a rootkit.
But that may be closing the barn door after the horses have bolted.
http://update.techweb.com/cgi-bin4/DM/y/erme0GTTV
We would be interested in speaking to U.S. residents that have purchased any Sony BMG audio CD protected by the XCP copy protection scheme. We have looked at many DRM cases and Sony went too far with this particular scheme. You can contact us at gw@classcounsel.com or at http://www.classcounsel.com/
A blog entry that has the news1 1/calif_ny_lawsui.html
a ily/graphics/ca_complaint_110805.pdf
http://blogs.washingtonpost.com/securityfix/2005/
and a link to the court paper
http://www.washingtonpost.com/wp-srv/technology/d
C - the footgun of programming languages
So... What is she wearing ?