Slashdot Mirror
More on Sony's "DRM Rootkit"
A couple of days ago we posted a story about Sony DRM installing a rootkit. Since then we have seen many more stories on the subject that I thought were worth sharing.
manno gave us a link to the inquirer and salemnic sent us a page from the washington post. smallfries gave us one from PC Pro.
It's nice to see this story not getting lost in the cracks since the implications are gigantic.
"infected with DRM"
Love it. Great phrase. Maybe it'll catch on.
So is it or isn't it enough for a lawsuit? Anyone know of any developments in this area?
A lawsuit on what grounds? That you agreed to something and then they installed their software based on your agreement? I have a feeling that the "oh, no one reads those things" isn't really going to work all that well against Sony's legal team.
Hereis a link to F-secure's "detailed" writeup about what the DRM installer puts on your machine.
Don't buy DRM'd CDs as they don't allow you to exercise fair-use. Sadly, most people don't care anymore.
Ok sure, so boycotting Sony is not realistic. Or is it...? We can really do without them. Screw their stupid DRM'ed Memorysticks, we have our SD and CompactFlash. Screw their VAIO's, we have Dell and Taiwanese laptops.. Screw their TV's, we have better ones from other brands. Screw PS3, we have XBOX2 and Nintendo Revolution. Screw PSP, we have Nintendo DS. Once they get the collective shaft, well, other companies will think twice before pulling shit like this.
That this sets a precedent, and that Sony don't wriggle out of this, at the very best it could point out some of the absurdities of the DMCA.
Based on the grounds that it re-routes the windows instructions on how to play *all* audio CDs. If you remove the DRM by force, you lose the ability to play other music as well.
Interesting.. Some reports Finnish reader of this news in Sektori.com (in Finnish) reports Contents\GO.EXE file seems to contain parts of the LAME player. Can anyone verify this? Is Sony distributing LGPL software on the CDs?
"Although it is not true that all conservatives are stupid, it is true that most stupid people are conservative."
People seem amazed when they learn what DRM technology is capable of. Interestingly, I'm afraid that most casual readers wouldn't understand the implications of DRM, even if it actually received a substantial amount of press. I know that "rootkit" isn't the most commonly used term.
In fact, to a casual reader, it would almost seem as though anything with an acronym such as "Digital Rights Management" would be designed to protect your digital rights. It's entirely misleading.
If all else fails, Sony can always use a scapegoat and proclaim that the managers had no idea any of this was happening. An unknown malicious programmer must have done it all!
Do you like German cars?
I guess I'll send them a sharply worded letter first, but I really don't see any way that I can do any business with a company like this. Not even as a shareholder.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Some lawyers seem to think so.
On Mark Russinovich's Blog, at least one guy claimed to be a lawyer and he asked California residents who were affected to contact him about a lawsuit.
C - the footgun of programming languages
Even if you do agree to give Sony the rights to your first-born child in the EULA, wouldn't this violate laws in some states, such as the Consumer Protection Against Computer Spyware Act in California?
English is easier said than done.
If you can manage to find the hidden software files and do delete tehm as suggested in the EULA, you will no longer be able to access your CD drive.
Funny how no mention of those points are made in the agreement.
Could be that Sony and the major music labels are using this to create intentional fear, uncertainty and doubt. Who ever said the record labels want you to play music CD's on your computer, in fact wasn't there a genuine effort by the RIAA cartel to create CD's that wouldn't work at all on a PC? If they can't get the end user to cease this undesired activity they can always frighten the luser into submission.
Stick that music CD into my computer? No you don't, I'll become infected with malware.
Yes, perhaps it's as the subject suggests, a wild conspiracy theory. It's not as though this industry wanted to create laws to legalize hacking P2P users or anything.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.
Emphasis is mine. Anyways, nothing is the EULA says that I can't just go and delete it. Sure, it may reinstall, but can't we delete it the minute we eject the CD? Can we write a script to do that?
Well Sony has all the reasons to mess with PCs stuff. They don't *really* want people to use their PC for any media stuff... Sony wants everybody to use custom hardware solutions made by Sony. PS3, PSP, Memory Stick,.....
So messing with your PC looks like a good thing to do for Sony (especially since it also f*cks with MS).
Has this passed? Is it applicable?
0 2929:
(4) inducing the user to install a computer software component onto the computer or preventing efforts to block installation of a software component;
http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.
If they used racketeering laws to go after the RIAA, why not antispyware legislation against this?
Sadly, most people don't care anymore.
The other day, I was driving with my fiance when we got on the topic of cd's. She proceeded to tell me that there's this great cd that I need to get because the band is really good. I proceeded to tell her that I haven't purchased a cd for almost 4 years now because of my dislike for the RIAA. After explaining everything to her, she just got all flustered and said that she didn't care about all that crap. She didn't care that even though she paid for the cd, she didn't fully own. She didn't care about all the bully tactics the RIAA uses. She didn't care about any of that, she just wanted the music.
I agree with you that the majority of the people just dont care. As much as I try and inform people of all the crap the RIAA pulls, it just goes in one ear and out the other.
For now, I suppose I'll just continue on with my silent protest.
The greatest experience we can have is the mysterious.
- Albert Einstein
People are using Sony's software to violate the ToS of World of Warcraft.
Something that they tried to HIDE on people's computers to RESTRICT them. People are now abusing it against Blizzard. Blizzard has 'just cause' to start a lawsuit.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
I perfer my idea but sure, or you could take in an old box and drop it on the front desk and go "Excuse me, you've installed a virus on my PC via a Sony CD. Will you be removing it or should I charge by the hour at £X00(add as many 0s as you likee, but 2 sounds about right) for having to remove it via a repair guy (don't say you, it seems supicious).
:D
Demand compensation (for petrol to get there), the money to fix it and if they refuse tell them you'll take them to court for the damages (claim the box was used for something important like hosting websites and the rootkit has not passed some safety tests that all servers must pass at your company).
Aww the fun of being a sick little geek
I like muppets.
I showed the last to one of my coworkers, who immediately started worried about a recent Switchfoot CD he played on his machine. Sure enough, not only did the CD have DRM on it, but it seems to have installed the same rootkit as the example given in the Sysinternals website. Which of course makes me wonder, how many CDs did Sony put this into?
I'm starting to think it'd be worthwhile to create a domain policy to prevent this malware from running on any of our network machines....
Shameless plug for my photos on Flickr
Hello.
I have just learned about the malware that Sony has started to add to "compact disks" (in quotes, because Sony breaks the CD standard) via poorly-written DRM software from First4Internet. It is simply unconscionable that Sony would resort to such unethical lengths to prevent the pirating of a software. In fact, criminal trespass comes to mind, given that the software differs from what is described in the EULA and non-removable.
I'm outraged at this behavior demonstrated by Sony, and I can assure you that I am no longer a Sony customer. In short, although I am a computer enthusiast/technologist who builds his own systems and enjoys gaming, and although I am a scientist who uses high-end computing resources on a daily basis, I won't be purchasing any of the following from Sony in the next few years:
1) Stereos and portable audio equipment
2) Flat screen televisions, plasma TV's, etc
3) High-end computer LCD monitors
4) Laptop computers
5) Computer CD and DVD drives
6) Sony-branded CD, DVD, and floppy disk media
7) PlayStation 2 or 3
8) PlayStation Games
9) PlayStation Portable
and needless to say,
10) Sony and BMG music.
If you break standards on DVD equipment, add Sony and Columbia TriStar movies to that list.
Thank you for making my future purchase decisions so much easier.
Sincerely,
****
OpenSource.MathCancer.org: open source comp bio
Make no mistake, the mebers of Van Zant are just as culpable in this as Sony Music. please let them know at
Vector Management
Ken Levitan and Ross Schilling
P.O. Box 120479
Nashville, TN 37212
Phone: 615-269-6600
Fax: 615-269-6002
Thank you Tapeworm
Is there a list of CDs that are affected, except the one Mark Russinovich used.
Timo's Audio Software http://www.esseraudio.com
The EULA, which you cited, is intentionally vague and misleading, and certainly does not absolve Sony of responsibility for the above problems caused by their SOFTWARE. Also, just because it's in the EULA, sorta(!), does not make it legal. Sony is clearly being deceptive with these products and their EULA, and there are laws on the books to protect consumers from such action.
The DMCA is deceptive and vague but yet it still stands. Welcome to law.
Furthermore, it is not a safe bet to assume an EULA is a binding contract, there is precedent both ways on this, it depends on the EULA and the judge's opinion, and there are all kinds of laws regarding contract validity.
There is yes, but the EULA hasn't been truly tested, thus why it still stands. You know why? Because no one has the time and financial ability to go up against Microsoft, Sony, etc. So, regardless of YOUR opinion on the subject, you can certainly guarantee that this particular EULA will stand until another fails.
What gets me is this DRM crap is I doubt Sony's given any thought to how this all scales over time. Assume that ALL record companies start using this method and every one is different. You could quickly end up with 8 or 10 different rootkits on your machine - everyone of them trying to manage your CD player - and who knows, maybe your harddrive. Then assume that Sony and the other companies decide that they need update their rootkits over time - with versions that aren't compatible with each other... you could end up with different rootkit for each CD you've ever loaded into your machine. Having several hundred rootkits installed on a machine would probably cause some serious performance and security issues, assuming they could all peacefully co-exist. This is one massively broken idea that Sony has and it has to be stopped NOW.
JR
- 6. I have heard that the protection software is really malware/spyware. Could this be true?
- How do I uninstall the software?
The uninstalling the doesn't say much, it just points us to a form that asks: Where you purchase the disc, Artist Name, Album Title, Store Name, Email Address. That's it. Now, let's say I want to uninstall this rootkit and I fill out the form. What will they do? Send me the instructions on the e-mail? From what Russinovich wrote, it's not a simple and easy task that the average user could do. So they have to send someone over to my house to uninstall this beast from my computer?Couldn't Sony foresee the reaction on actual consumers: "I wanna buy this CD, but it has DRM (rootkit or not). Maybe it'll play on my car stereo maybe not. Maybe I'll be able to listen to it on my Discman (made by the same Sony), maybe not. Forget it, I'll get it online."
David Berlind has some interesting takes on the whole DRM issue.
Uncopyrightable: The longest word you can write without repeating a letter.
"So, technically they are in the clear..."
In the good ol' USofA, there is no technically clear in civil litigation. All you have to prove is something as simple as your reasonable expectations. Doesn't matter what the EULA says or if they did anything illegal.
IANAL, but it is my impression that in the eyes of the US courts, you not only have to follow the letter of the law, but you have to ensure that you are conveying a reasonable perception about what your product does. That fine print means nothing if the court finds it too difficult to read, or makes unfair claims (ie - By installing this, you transfer ownership of your computer to us... which is what a rootkit comes closest to without physical possession.)
Civil cases aren't really about the law. They're about damages, and a propoderance of evidence (more than 50% in your favor... a lot less than the reasonable doubt standard of a criminal trial). It may not be against the law for you to spraypaint your trees pink. But if I'm your neighbor and plan on selling my home, I have every right to sue you for damaging the property value of my home. Getting a few other neighbors to testify, and it'll win just on proponderance of evidence.
IMHO, I'd sue the hell out of Sony in a class action lawsuit. Look at it this way: you may not win a lot of money each, but it'll probably be enough to repurchase that CD and a few others with no DRM.
I8-D
Can't you sue for the product not technically being an audio CD in the first place? Maybe I'm mistaken (and if I am I'd like to know) but an audio CD meets certain standards detailed in the Red Book that anything with DRM in fails to meet. So some shop is bound to advertise Sony CDs as audio CD's ergo that retailer can be sued perhaps?
Professor Karmadillo Songs of Science
If SONY circumvents the security I have installed on MY machine with their rootkit are THEY in violation of the DMCA?
I wonder how ms, mac and winamp feel about this anti-competitive behaviour against music players?
Nothing. It looks and functions as a normal audio CD on a Mac.
Under Windows, yes it will prevent iTunes from ripping it and putting the music on your iPod. Several bands (and I believe even Sony) have instructions for copying music onto the iPod using Windows and they generally involve burning the included WMA files of the music on a regular CD and then reripping it (yes you will lose quality), but the much better solution (that they don't tell you about) is to just hold down the shift key while inserting the CD which will disable the autorun.bat script.
It's actually rather funny looking at their instructions because they'll have several pages of instructions for Windows machines to copy the music onto iPods and for the Mac, they just say "The audio CD will function normally and without restrictions on a Mac.".
All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
This is reported everywhere as a rootkit, something that can't be uninstalled, and that may compromise your system. It is, in fact, a virus. Personally I hope anti-virus software will start detecting it, reporting it as virus to the user ("Sony DRM virus found!") and remove it.