Slashdot Mirror
More on Sony's "DRM Rootkit"
A couple of days ago we posted a story about Sony DRM installing a rootkit. Since then we have seen many more stories on the subject that I thought were worth sharing.
manno gave us a link to the inquirer and salemnic sent us a page from the washington post. smallfries gave us one from PC Pro.
It's nice to see this story not getting lost in the cracks since the implications are gigantic.
Even if this doesn't go to court, at least this is getting some attention... and ANY bad attention for DRM makes me happy.
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
We Got Root
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
"infected with DRM"
Love it. Great phrase. Maybe it'll catch on.
So is it or isn't it enough for a lawsuit? Anyone know of any developments in this area?
A lawsuit on what grounds? That you agreed to something and then they installed their software based on your agreement? I have a feeling that the "oh, no one reads those things" isn't really going to work all that well against Sony's legal team.
Hereis a link to F-secure's "detailed" writeup about what the DRM installer puts on your machine.
Don't buy DRM'd CDs as they don't allow you to exercise fair-use. Sadly, most people don't care anymore.
So they're gonna root all my cds? Yet another reason to switch to KaZaa/Grokster/Mule/DC++
*sigh* Silly executives, rape is for kids.
You're nothing; like me.
With Slashdot reporting this 10 times a day I doubt it will get lost :)
Ok sure, so boycotting Sony is not realistic. Or is it...? We can really do without them. Screw their stupid DRM'ed Memorysticks, we have our SD and CompactFlash. Screw their VAIO's, we have Dell and Taiwanese laptops.. Screw their TV's, we have better ones from other brands. Screw PS3, we have XBOX2 and Nintendo Revolution. Screw PSP, we have Nintendo DS. Once they get the collective shaft, well, other companies will think twice before pulling shit like this.
That this sets a precedent, and that Sony don't wriggle out of this, at the very best it could point out some of the absurdities of the DMCA.
Not a dupe, an update. Surely additional viewpoints on an issue as large as this warrants additional coverage.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Just never buy a cd again.
Me, I think I'll just pirate all my music from now on. That way I don't have to worry about any of this DRM nonsense!
Based on the grounds that it re-routes the windows instructions on how to play *all* audio CDs. If you remove the DRM by force, you lose the ability to play other music as well.
Nice that you've read up on the matter,
It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs
"WebTV: bringing the Internet into the shallow end of the gene pool since 1995" - Martin Bishop
The malware installed is created by a company called First4Internet.
/. community with me? ;)
They're based in Banbury, Oxford and their CEO is Mathew Gilliant-Smith DBC.
6 South Bar Street
Banbury
Oxfordshire
OX16 9AA
United Kingdom
All info (and more) available on their website here http://www.first4internet.com/contact.aspx/
That's about 20 minutes in the car for me, should I go pay them a visit - taking the best wishes of the
It's software like Sony's that makes windows unstable. A clean install of Windows with only "certfied for windows XP" software is rock solid. It's once you start added badly written drivers and other code the mucks into the OS that it becomes unstable. As the systeminternals article indicated, the driver doesn't follow the rules for unloading itself and other violations that can lead to the blue screen of death. Perhaps MS should increase the level of warnings about non-certified code, but users would still click-thru and blame the OS when it crashes.
It's not a Windows-specific problem, it's just that Sony has only implemented it for windows.
Interesting.. Some reports Finnish reader of this news in Sektori.com (in Finnish) reports Contents\GO.EXE file seems to contain parts of the LAME player. Can anyone verify this? Is Sony distributing LGPL software on the CDs?
"Although it is not true that all conservatives are stupid, it is true that most stupid people are conservative."
how to get rid of it...
Except that he put a link to a form, and not to a way to get rid of it. Looking further into the sony website the code used seems to originate from http://www.xcp-aurora.com/ . Maybe that is the root of all problems.
Sue Sony -> Sony sue Aurora -> Lawyers will get rich and happy.
My wife's sketchblog Blob[p]: Gastrono-me
Sony could be held liable in a class-action lawsuit. Anyone can design a virus and name it "$sys$" now, and AV software won't be able to detect it if this rootkit is installed. An IM worm could use this naming scheme, only infect a few thousand people, and the news would report, "SONY's DRM software used to hide latest virus". It'd be a horrible blow, and they'd totally deserve it. I still think we'll see a virus/worm that does this before the end of this month.
On a related note: World of Warcraft hackers are now using Sony's DRM rootkit to hide from "the Warden". I tried to submit this as a standalone story, but since I saw this DRM news update, I figured I'd post it here.
Is Sony aiding and abetting cheaters?
On the off chance that you're not a troll:
Sony has the key to your computer.
The key is digital, thus an infinite number of copys can be made of the key.
The key is digital, so anyone with enough time can make a copy even if they aren't from sony.
Once someone besides Sony has the key, they can distribute it on the internet, and now EVERYONE will have the key to your computer.
Is it scary now? Do you think your bank plays music from sony CDs? Do you want everyone in the world having keys to your bank?
That's because you are an idiot. No, really.
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
I think the issue here is that Sony does not tell you that they are installing the software ANYWHERE. In addition to them adding the software without your permission, its software that can create a "safe haven for viruses" (the software makes everything that has "$SYS$" in the filename turn invisible), according to the PcPro writeup.
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
It might be interesting to note that in this newspaper article (sorry, only in Swedish), the Swedish CEO of Sony states that the copy protection is not used for CD:s sold in Europe and that "no copy protection will be introduced before it works well both for consumers and copyright owners" (which can of course be interpreted in many ways).
It burned 1-2% CPU _when the player was not running_, for starters... Read the article.
No seriously, I agree. Sony's inconceivably bad behavior has to be dragged, squealing and flailing, into the sunlight where it can be properly stomped to gory death with hobnailed boots. No mercy, no PR coverup, no plausible deniability. Corps have to understand, with visceral fear-of-agonizing-death understanding, that this kind of crap will not ever be tolerated. This is a trend which must be stopped cold dead. These shenanigans have to be punished with such finality that any observer centuries from now will intuitively know the immediate and unalterable consequences of this kind of crap.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Umm, nice to see that you didn't read the EULA either.
Your hair look like poop, Bob! - Wanker.
Of course, IANAL, IAAEE.
Sustainability and energy independence essay
...I did the responsible thing *cough*. I e-mailed Microsoft and expressed my concern about how this mucking about with the kernel stood in the relation to the EULA, support (who the hell wants to support a kernel patched with unknown code supplied by a third party) and future patches and upgrades. This could cause it to fail to validate like a warez'd install, cause breakage because a patch half-overwrites the hack and any other number of wierd things. I also expressed my concern of how this would reflect on the security and userfriendlyness of Windows (read: Windows has enough issues without Sony messing around). I really hope Microsoft comes out and tell Sony what they think.
Live today, because you never know what tomorrow brings
It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs
I assume that you were trying to somehow infer that I didn't read the EULA? Well, I did, but I'll post the important part of it here because it's fairly apparent that you did not, or at least didn't fully comprehend what it said:
As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.
See that part about "the SOFTWARE will reside on YOUR COMPUTER until removed or deleted"? That's what people agree to when they click "I agree" on the EULA screen.
As far as being able to uninstall it via "add/remove programs", I wasn't aware that this made software dismissable via legal grounds. I thought it just meant that you could proudly wear the "Made for Microsoft Windows" on your retail box.
I guess I'll send them a sharply worded letter first, but I really don't see any way that I can do any business with a company like this. Not even as a shareholder.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Or maybe they get their money because they know how to spell.
Apparently this rootkit does not run on Mac OSX. Yet another example of the vast library of software available only to Windows users. :-(
i ng
Look at Sony's FAQ,
http://cp.sonybmg.com/xcp/english/faq.html#listen
The protected CD looses all features and appears as a normal CD on a Macintosh. This really sucks!
Im switching to Windows!
"Sadly, most people don't care anymore. "
You have got that backwards. Those who know what DRM is cares.
The problem is that not many people know about it.
Some lawyers seem to think so.
On Mark Russinovich's Blog, at least one guy claimed to be a lawyer and he asked California residents who were affected to contact him about a lawsuit.
C - the footgun of programming languages
Even if you do agree to give Sony the rights to your first-born child in the EULA, wouldn't this violate laws in some states, such as the Consumer Protection Against Computer Spyware Act in California?
English is easier said than done.
If you can manage to find the hidden software files and do delete tehm as suggested in the EULA, you will no longer be able to access your CD drive.
Funny how no mention of those points are made in the agreement.
Yes, it says "software", but it doesn't say "I agree to allow Sony to install software commonly associated with hackers that may infringe upon my computer's security". And I think that'll make a bit of a difference.
Any news on how Symantec, Mcafee, and the other so called security firms are treating this? I'd certainly expect an up-to-date anti-virus software to stop this from installing.
If someone says he and his monkey have nothing to hide, they almost certainly do.
Sony and the Rootkits...
You don't perchance work for Sony, do you?
That aside, anything that hooks into the internals of an OS without my clear and informed authorization is a problem.
you've got a piece of code in your computer that only gives Sony access. nobody else.
Please tell me you don't really believe that. Considering how many of MS's products have opened backdoors for people, you're going to trust Sony to "do it better" and leave this software completely secure? It might not suddenly allow crackers "on some IRC network" to get in, but it sure opens up a lucrative bit of research for them- finding the security holes in a DRM rootkit that people don't even know is installed.
Imagine the trouble in fixing that with a patch.
Could be that Sony and the major music labels are using this to create intentional fear, uncertainty and doubt. Who ever said the record labels want you to play music CD's on your computer, in fact wasn't there a genuine effort by the RIAA cartel to create CD's that wouldn't work at all on a PC? If they can't get the end user to cease this undesired activity they can always frighten the luser into submission.
Stick that music CD into my computer? No you don't, I'll become infected with malware.
Yes, perhaps it's as the subject suggests, a wild conspiracy theory. It's not as though this industry wanted to create laws to legalize hacking P2P users or anything.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
Any malware whose filename/registry keys start with $sys$ will be shielded from antivirus and antispyware software by XCP. This gaping security hole represents a great opportunity for script kiddies. Sony should do the responsible thing and immediately recall all rootkit-infested CDs.
It is not stated in the EULA that this rootkit will be installed, plus there's no way to uninstall it through add.remove programs.
You can contact Sony directly and they will send you tools to remove the DRM software.
The F-Secure blog talks a little about this. It appears their removal software installs ActiveX controls.. just really messed up.
- complain to editors about posting dupes
- editors start to link to their previous stories
- posters visit those previous stories, and copy links FROM THE previous FREAKING ARTICLE itself
- ???
- profit!!
How does this stuff get modded up?As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.
Emphasis is mine. Anyways, nothing is the EULA says that I can't just go and delete it. Sure, it may reinstall, but can't we delete it the minute we eject the CD? Can we write a script to do that?
Get a Mac? According to the FAQ, the disc appears as a normal CD on a Mac. Anyone know if the content is the same, or are there extras that you get for enabling viruses on your PC?
Well Sony has all the reasons to mess with PCs stuff. They don't *really* want people to use their PC for any media stuff... Sony wants everybody to use custom hardware solutions made by Sony. PS3, PSP, Memory Stick,.....
So messing with your PC looks like a good thing to do for Sony (especially since it also f*cks with MS).
Has this passed? Is it applicable?
0 2929:
(4) inducing the user to install a computer software component onto the computer or preventing efforts to block installation of a software component;
http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.
If they used racketeering laws to go after the RIAA, why not antispyware legislation against this?
Sadly, most people don't care anymore.
The other day, I was driving with my fiance when we got on the topic of cd's. She proceeded to tell me that there's this great cd that I need to get because the band is really good. I proceeded to tell her that I haven't purchased a cd for almost 4 years now because of my dislike for the RIAA. After explaining everything to her, she just got all flustered and said that she didn't care about all that crap. She didn't care that even though she paid for the cd, she didn't fully own. She didn't care about all the bully tactics the RIAA uses. She didn't care about any of that, she just wanted the music.
I agree with you that the majority of the people just dont care. As much as I try and inform people of all the crap the RIAA pulls, it just goes in one ear and out the other.
For now, I suppose I'll just continue on with my silent protest.
The greatest experience we can have is the mysterious.
- Albert Einstein
Or, better yet, don't buy a Sony music CD. Sony gets sued all of the time for various reasons - it's part of the cost of doing business. Their stockholders are used to it. A significant drop in sales will be far more likely to get attention.
Posted by: Dickrichard | Nov 1, 2005 11:03:07 PM
;)t ml but nothing really beats searching.
I'm posting this via a proxy just in case Sony doesn't like what I post...
After reading this news story I decided to go after this software and defeat it, and I did.
The following is how you kill this hidden install. I did this in Windows XP Pro, so attempt on another OS at your discretion. This will require Administrator rights. Please read through the entire instruction set, and if you don't feel comfortable attempting this, then don't. The rest of you, follow me
1. hit windowsKey+R to open the RUN command. Type services.msc to run the services dialog. Find 'Plug and Play Device Manager' in the list, right click and choose Properties. Under the General tab of the box that comes up, in the middle there should be the "startup type" of the service. Set this value to "disabled" and click OK. Next find the service named 'XCP CD Proxy' and set its startup type to disabled as well. You won't be able to stop these services, only disable them from starting next time Windows starts.
2. Download and run the latest Blacklight beta from http://www.f-secure.com/blacklight/ This program will find the 'super hidden' CD proxy files we're trying to get rid of. When it finishes searching click next until you reach the screen that shows you all the hidden files it found. Select all these files and click the "rename" button to the right. Windows will restart once you click OK, and the files will be renamed.
3. Once Windows restarts you will have lost any and all CD/DVD drives. DON'T PANIC! Hit windowsKey+Pause/Break to open up your System dialog. Click on the Hardware tab, then on the "Device Manager" button. Your system will not list any CD/DVD drives, but you should see IDE slot(s) that have little yellow circles with exclamation points over them indicating a device with a problem. In order to restore the drivers to their un-sony-altered state you must right click on the affected device and choose "uninstall driver". Do this for each device with a problem.
4. Now that you have uninstalled the affected drivers, simply navigate to your Control Panel via the Start Menu and choose "Add Hardware". The add hardware wizard will run and find your previously disabled devices. Your drives are now restored and functional, and this potentially dangerous menace vanquished.
5. Advanced users may now go and clean up the mess, but this step is not necessary. Delete renamed files, and dare I say it, registry keys that pertain to Sony's program. Use this list for reference: http://www.europe.f-secure.com/v-descs/xcp_drm.sh
As an added note, once I got my drives back up and running, I popped in the CD that put this program on my computer. I was able to use a multi-session aware program (Roxio) to access the audio portion of the disk and rip MP3s to my hard drive where they will now be listened to in my preferred player the way God intended it to be. Oh, and the only illegal thing that went on here was what Sony did!
CONSUMER 1 - SONY 0
P.S. Once you rip MP3s from your Sony disc, burn it the old fashioned way, with gasoline and a match!
So, technically they are in the clear (in the same way that they would be in the clear if they said "the SOFTWARE will reside on YOUR COMPUTER until pigs grow wings"), but what they are doing is still morally very wrong...
As far as being able to uninstall it via "add/remove programs", I wasn't aware that this made software dismissable via legal grounds.
It's just not a matter of failing to supply some user-friendly functionality to make it extra easy to uninstall.
Such functionality might take time to develop, and so a case could be made that the developper just didn't feal it worthwhile to spend the effort...
But in this case, the developers went out of their way to make it extra difficult to detect, let alone remove, their software. Even without Add/remove functionality, you could still remove the files and registry keys manually, if the software was just sloppy, rather than malicious. But in the present case, the software's files and reg keys are hidden, so you can't just remove them. And if you do find the trick how to de-activate the rootkit, removing the resources will break the OS if not done properly (disabled CD driver), meaning that for a normal user the only alternative is to reinstall the OS. Not nice!
Boycott all of Sony Music - this includes labels like:
Arista Records
BMG
Columbia Records
Epic Records
J Records
Jive Records
LaFace Records
Legacy Recordings
Provident Music Group
RCA Records
RCA Victor Group
RLG - Nashville
Sony
So So Def Records
Verity Records
As a recording engineer / producer I'm against piracy - but I also hate DRM screwing with my machine and making it hard to enjoy the music I purchased in the way I want.
Support indy labels, and write letters to artists you like that are on majors - tell them to move on to an indy label or start their own.
And if you're really mad (as I am) boycott all of Sony. While Sony music walks to its own drummer, the parent company can't be loving the bad publicity.
I stopped buying all Sony products (including the pro gear I use as an audio engineer) when they initially started their annoying DRM. It is easy to break, but makes normal use of the CD harder.
This is part of what you need if you want to listen to Sony's music legally.
On the one hand, it's perfectly legal for me to play that CD on my laptop without running that software. Even assuming a clickthrough license is valid, I can simply refuse to accept that license, refuse to install the software, and treat it as an ordinary audio CD. If I'm not running Windows on my laptop, in fact, I don't even have an opportunity to use their spyware-enhancer.
On the other hand, even if it WAS a legal requirement, any contract that involves on or the other of the parties performing an illegal act as a requirement for fulfilling that contract is void. There's a reasonable case that this software violates the DMCA and thus the license is invalid.
Which takes you back to the first hand.
I showed the last to one of my coworkers, who immediately started worried about a recent Switchfoot CD he played on his machine. Sure enough, not only did the CD have DRM on it, but it seems to have installed the same rootkit as the example given in the Sysinternals website. Which of course makes me wonder, how many CDs did Sony put this into?
I'm starting to think it'd be worthwhile to create a domain policy to prevent this malware from running on any of our network machines....
Shameless plug for my photos on Flickr
Easy. Slashdot punishes you for moderating stuff down, and moderators know this, so pretty much everything that's even remotely interesting gets modded up.
quidquid latine dictum sit altum videtur.
Don't buy DRM'd CDs as they don't allow you to exercise fair-use.
If 'fair use' is a natural right then any entity that attempts to crush that is criminal.
Your attitude is lazy, here's some fun with it; don't like not being able to sit up the front of the bus, then dont ride on the bus.
Don't like the cancer from the toxic waste dump in your town, then leave.
Don't like to have the police perform secret searches on your home, don't buy a home, dont move into that town, state, country, etc.
Facile examples but they are along the same line of thinking. If an entity is actively stamping on peoples natural rights then that entities behaviour can be forcefully stopped by society, through the power of government, one of the things that government is supposed to exist for.
There seems to be some strange thought pattern here that nobody must let the idea even cross their mind that a corporations' behaviour may be wrong and that it is ok to put a stop to it through Government. Somehow a fairly large group of people have decided that corporations should have less responsibility to a country than the citizens that it is supposed to benefit do. That the only thing that lowly citizens should be 'allowed' to do is *absolutely nothing* (which is exactly what a 'boycott' is, total and utter inaction).
Undoubtably this thought process is a mutation of various anti-communist, anti-socialist and pro facist (in the true sense) ideologies coming to their logical end..
Your argument is also objectively pro virus/spyware and malware. Using your argument any virus or malware author, to be safe from prosecution simply has to show some form of EULA, something that has been joked about here often but dismissed as absurd. (You probably didn't make that connection in your rush to promote your ideology).
--Awaiting the flurry of half thought out responses misinterpreting my words.
Hello.
I have just learned about the malware that Sony has started to add to "compact disks" (in quotes, because Sony breaks the CD standard) via poorly-written DRM software from First4Internet. It is simply unconscionable that Sony would resort to such unethical lengths to prevent the pirating of a software. In fact, criminal trespass comes to mind, given that the software differs from what is described in the EULA and non-removable.
I'm outraged at this behavior demonstrated by Sony, and I can assure you that I am no longer a Sony customer. In short, although I am a computer enthusiast/technologist who builds his own systems and enjoys gaming, and although I am a scientist who uses high-end computing resources on a daily basis, I won't be purchasing any of the following from Sony in the next few years:
1) Stereos and portable audio equipment
2) Flat screen televisions, plasma TV's, etc
3) High-end computer LCD monitors
4) Laptop computers
5) Computer CD and DVD drives
6) Sony-branded CD, DVD, and floppy disk media
7) PlayStation 2 or 3
8) PlayStation Games
9) PlayStation Portable
and needless to say,
10) Sony and BMG music.
If you break standards on DVD equipment, add Sony and Columbia TriStar movies to that list.
Thank you for making my future purchase decisions so much easier.
Sincerely,
****
OpenSource.MathCancer.org: open source comp bio
Make no mistake, the mebers of Van Zant are just as culpable in this as Sony Music. please let them know at
Vector Management
Ken Levitan and Ross Schilling
P.O. Box 120479
Nashville, TN 37212
Phone: 615-269-6600
Fax: 615-269-6002
Thank you Tapeworm
Is there a list of CDs that are affected, except the one Mark Russinovich used.
Timo's Audio Software http://www.esseraudio.com
Additional items from the EULA:
Because you can't spell "slaughter" without "laughter"
Follow this link to send a comment to Sony. I know I won't be buying their products anymore, and I sure as hell let them know.
Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
... for stuff like this. If you care enough to REALLY do something about it, there are really only two things to do:
Intentionally or otherwise, what the program is exploiting a flaw in a popular operating system in a way that not only enables them to control access to the data on the CD -- which itself is illegal, but fat chance the government will help you with that -- but it in so doing opens up the machine to facile infection with illicit software which it will then actively cover up and make detectable only to very knowledgable users. If DHS is serious about cyber terrorism, they shouldn't be letting companies subvert the already weak security of the predominant operating system and prime them for becoming unwitting pawns in terrorist activity.
Make a simple flyer explaining what's happened and the implications and see if local record stores would be amenable to helping out. This could be as little as having them stuff an info packet in their bags, to leaving a stack of Live Linux CDs that do nothing but permit a user to duplicate a CD to CD-R without the offending software, or even have a "SafeDupe" day where a few people setup a table where purchasers can show proof of purchase and bring a blank CD to have it "SafeDuped" for them. Obviously, most record stores won't want to rock the boat, but a well-spoken and sincere person (armed with copies of coverage from the mainstream media talking about the problem) ought to be able to find at least one or two store managers with an ethical streak.
It's perfectly legal to make such copies, and if you don't believe me, ask a lawyer or download the Bern Convention on Copyright and read it yourself.
And remember kids, calm, cool, and collected. No name calling, no vitriole. Attribute not malice where stupidty is explanation enough, etc. And do make sure that whatever you do is entirely on the up-and-up, transparent to everyone involved, and that the press and SonyMusic are well informed on the subject.
"So, technically they are in the clear..."
In the good ol' USofA, there is no technically clear in civil litigation. All you have to prove is something as simple as your reasonable expectations. Doesn't matter what the EULA says or if they did anything illegal.
IANAL, but it is my impression that in the eyes of the US courts, you not only have to follow the letter of the law, but you have to ensure that you are conveying a reasonable perception about what your product does. That fine print means nothing if the court finds it too difficult to read, or makes unfair claims (ie - By installing this, you transfer ownership of your computer to us... which is what a rootkit comes closest to without physical possession.)
Civil cases aren't really about the law. They're about damages, and a propoderance of evidence (more than 50% in your favor... a lot less than the reasonable doubt standard of a criminal trial). It may not be against the law for you to spraypaint your trees pink. But if I'm your neighbor and plan on selling my home, I have every right to sue you for damaging the property value of my home. Getting a few other neighbors to testify, and it'll win just on proponderance of evidence.
IMHO, I'd sue the hell out of Sony in a class action lawsuit. Look at it this way: you may not win a lot of money each, but it'll probably be enough to repurchase that CD and a few others with no DRM.
I8-D
should be filled out by all angry individuals... http://cp.sonybmg.com/xcp/english/form8.html
Does anybody know if there is a Linux port of this RK? Or will it run on WINE? I would really love to have this RK on my Linux box. I think it's the only thing stopping me from using Linux on the desktop at the moment.
Not to sound trollish, but perhaps you should reconsider this marriage?
Can't you sue for the product not technically being an audio CD in the first place? Maybe I'm mistaken (and if I am I'd like to know) but an audio CD meets certain standards detailed in the Red Book that anything with DRM in fails to meet. So some shop is bound to advertise Sony CDs as audio CD's ergo that retailer can be sued perhaps?
Professor Karmadillo Songs of Science
If SONY circumvents the security I have installed on MY machine with their rootkit are THEY in violation of the DMCA?
You only need to sue if there has been a violation of civil law. What Sony have done violates criminal law on several counts -- it is deception, misuse of a computer, criminal damage and aiding and abetting the misuse of a computer. Don't call a lawyer, call the police!
Je fume. Tu fumes. Nous fûmes!
You clearly haven't been reading the articles. Others have stated what the EULA was and it wasn't changed to include information about the hidden malware until after these articles started getting out. Furthermore, just because it is in a EULA does not make the EULA valid or legal. A company can put lots of stuff in the EULA it doesn't mean they hold up in court. Most cases in the US regarding EULA's have come down to judges dictating that they are far to restrictive and illegal.
Buy and return.
Buy something from Sony, like PS2 or a camera, and then return it the day after. AFAIK, return items go pretty high up in the supply chain. Tell why you are returning it.
Any problems with this?
In an ideal world, that would be the case. In this one, the police aren't going to go after a corporation which employs tens of thousands of Americans because they did something to individual users' computers. And if they did, Sony can afford to drag it out in court forever (the same way Exxon is still dragging out the Exxon Valdeze fine - they don't need to pay it until the case is closed).
Nothing. It looks and functions as a normal audio CD on a Mac.
Under Windows, yes it will prevent iTunes from ripping it and putting the music on your iPod. Several bands (and I believe even Sony) have instructions for copying music onto the iPod using Windows and they generally involve burning the included WMA files of the music on a regular CD and then reripping it (yes you will lose quality), but the much better solution (that they don't tell you about) is to just hold down the shift key while inserting the CD which will disable the autorun.bat script.
It's actually rather funny looking at their instructions because they'll have several pages of instructions for Windows machines to copy the music onto iPods and for the Mac, they just say "The audio CD will function normally and without restrictions on a Mac.".
All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
Mr. Thomas Hesse
President, Global Digital Business
Sony BMG Music Entertainment Company
550 Madison Ave.
New York, NY 10022-3211
I wrote this guy last summer after reading a piece in the New York Times featuring him discussing Sony's oh-so-wunnerful SunnComm copy protection. I can't locate the original NYT article, but this one says almost exactly the same thing.
I didn't receive a reply. I thought I stood a good chance of receiving one since I couched my language in civil terms and didn't call him a pig fucker. So, see what works for you.
Those who can, do. Those who can't, write technology blogs.
This is reported everywhere as a rootkit, something that can't be uninstalled, and that may compromise your system. It is, in fact, a virus. Personally I hope anti-virus software will start detecting it, reporting it as virus to the user ("Sony DRM virus found!") and remove it.
Hey, I mentioned this article to my wife who actually works for Sony-BMG right there at HQ on 550 Madison, and even she didn't reply to me. no kidding!
6. I have heard that the protection software is really malware/spyware. Could this be true?
Of course not. The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system.
Also, the protection components are never installed without the consumer first accepting the End User License Agreement.
If at some point you wish to remove the software from your machine simply contact customer service through this link. You will, though, be unable to use the disc on your computer once you uninstall the components.
I call shenanigans. They say it's not designed to be intrusive, yet it hides itself by creating a security hole and it messes with your drivers. They say it's not installed without the consent of the user to the EULA yet the EULA doesn't appear to give sufficient details to make an informed choice as to whether or not you want this on your system. They offer a removal tool; however, once applied, you will not be able to use the CD in your system at all. This last implies that the tool either does an incomplete removal or adds further software to your system (does the removal tool come with an EULA?)
Moreover, it says when you terminate the agreement you have to remove ALL parts of the software. Sony hides part of the software and makes it hard to impossible for you to fulfill your obligations under the contract. They didn't tell you beforehand and there's most likely a law against that (putting a clause into a contract while actively hindering the signee from fulfilling it, forcing him to commit a breach of contract). Entrapment? Otherwise it'd be too easy to put some impossible (but on first glance harmless) clause into a contract that triggers upon termination and causes the signee to unknowingly violate the contract and be liable under the damages clause. Imagine AOL implemented that into their service contract.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
The really crappy part is, is that this only hurts the legitimate users. People who wish to pirate the CD will just pop it in a Linux computer and rip it. Or they will just disable autorun on their CD drive. I'm not sure about this method specifically, but this seems to bypass every copy protection mechanism i've seen on music CDs. The rest of the users, are stuck out in the cold, using crappy players that come on the disc to play the CDs, as well as not being able to copy the CD onto their hard drive. Which kind of violates your fair use rights, depending on how you interpret them. Not to mention the fact that they have software on their computer that may be hard to uninstall, and may be doing things the user doesn't want it to do.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
The copy protection on the Velvet Revolver album was a lot less insidious than their new system.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
Express your outrage in a letter to Sony Investor Services contact. State that you will no longer purchase Sony products, and will be very leery of Sony as an investment in your retirement plans due to this clear demonstration of Sony's lack of ethics in its business practices. Physical letters work best. The address, from Sony's 2005 Annual Report, is:
d ex.html
... Sound business practices require that business decisions give due consideration to the interests of Sony stakeholders,including shareholders, customers, employees, suppliers, business partners, local communities and other organizations."
Sony Corporation of America
Investor Relations
550 Madison Ave, 27th Floor
New York, NY 10022-3211
If you want a laugh, check out Sony's views on Corporate Social Responsibility site at http://www.sony.net/SonyInfo/Environment/about/in
From that site: "The Sony Group recognizes that
I wonder how they think installing rootkits on customer computers promotes the interests of Sony's customers!!!
Yeah, he just wrote the book on how to detect rootkits, and play with the internals of Windows. Maybe Warner Von Braun isn't the rocket scientist slashdot makes him out to be. I'm sure that cutting and pasting text from a EULA would be beyond him.
By, saying that all audio CDs should not be played, you took the heat off of Sony. You basically told them that audio CDs are inherently a problem. This would lead to the belief that the problem is not Sony's. You also punished the employee. If companies follow your advice, employees that want a little music through the day will now be denied the use of any CDs. You should make sure that you highlight that SONY is the problem, and that they have software on their CDs that infect computers with DRM.