Slashdot Mirror
Sony Rootkit Phones Home
strider44 writes "Mark from Sysinternals has digged a little deeper into the Sony DRM and discovered it Phones Home with an ID for the CD being listened to. XCP Support claims that "The player has a standard rotating banner that connects the user to additional content (e.g. provides a link to the artist web site). The player simply looks online to see if another banner is available for rotation. The communication is one-way in that a banner is simply retrieved from the server if available. No information is ever fed back or collected about the consumer or their activities." Also on this topic, Matt Nikki in the comments section discovered that the DRM can be bypassed simply by renaming your favourite ripping program with "$sys$" at the start of the filename and ripping the CD using this file, which is now undetectable even by the Sony DRM. You can use the Sony rootkit itself to bypass their own DRM!" Update: 11/07 14:21 GMT by H : Attentive reader Matteo G.P. Flora also notes that an Italian lawyer has filed suit against Sony on behalf of the Italian equivalent of the EFF. Translation availabe through the hive mind. Update: 11/07 15:18 GMT by H : It does appear that in fact Sony does see through the $sys$ - see Muzzy's comment for more details.
Somewhere in the distance, I hear Nelson shouting, "Ha ha!"
What happens if it phones home with a really big packet?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I smell a DMCA violation on the /. front page!
Cue the Sony lawyers in 4..3..2....
CDex 1.51 had no issues ripping this CD.
"No information is ever fed back or collected about the consumer or their activities."
Other then your IP address, date and time it's connected to the net, the CD you're listening to, how often you listen to it...
Is it the game of working out ways to piss off Sony by circumventing their crappy DRM?
The Register
World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect.
----
Did you like the placement of the comma?
Mark has also just posted how First 4 Internet, the creators of the rootkit, have made a rebuttle on Mark's claims: http://www.sysinternals.com/blog/2005/11/sonys-roo tkit-first-4-internet.html
DRM software bypasses... itself?! Wait...
Most ony customers care little for this Sony solution. My 12 year old sister doesn't seem to care one bit. Sony has the "right" to provide this feature as you're not being forced to buy it.
You're responsible for checking out a product before buying it. I won't buy any music ROM disc that doesn't have the "CD" certification logo, unless it is from an indie band. I still rip eve y CD from a CD player with an optical out into my PC. Safety first.
You obviously never read the original article. Sony didn't advertise in any way shape or form that this was on the CD, so even you wouldn't have been able to "check out" the product before buying it!
I don't have (and don't plan to buy) one of these CDs, but I would think that any external communication or use of your net connection would have to be disclosed in the EULA. It could be covered in some legalese catch-all such as "as necessary to provide enhanced services", etc. This is the kind of reason I'm immediately suspicious of anything that begins, "For your convenience"... It rarely is.
Of course, this presumes that the product and the producer don't take active steps to deceive the consumer, and presumes a technically-sophisticated consumer capable of analyzing the technology involved. Your idealistic scenario kind of falls flat when it runs into the real world.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
comment posted by Matti Nikki :
Also, go check Contents\GO.EXE in the cd and search for string "LAME". This is possible LGPL violation, since LAME mp3 library has been statically linked against the executable. You can see that version.c has been compiled in since it generates those version strings, and I found tables.c as well. Didn't locate any code though, apparently removed by optimizing compiler due to being unreferenced, but I couldn't test for all LAME code as I don't have proper tools available (such as sabre-security bindiff)
Well, even though it IS possible to just not buy the stupid Sony CDs, the issue is that there is no denying that Sony is a major market force, and as a major market force, it is going to serve as a template to other companies. Yeah, others probably will copy this and that is the issue.
If others are apathetic about it, then that's fine, but they shouldn't complain when people who do care want to take issue with Sony's actions. If enough consumers take issue with it now, the message will become clear enough in the baby-stages of the new CD DRM that at least some companies will refrain from doing this. The idea isn't to just complain over a little thing, but to stop something that people do not want to happen. I don't see an issue with that.
And it's not necessarily that anyone denies Sony's rights to provide this either; people simply do not want it, or are indifferent to it. Those who are indifferent shouldn't care either way, and those who don't want it shouldn't have to have it, and as a corporation, Sony should listen to the consumers a little and realize this is technology that people do not want.
Of course, this leads a lot into the discussion of wanted technology vs unwanted technology and how a lot of the larger corporations nowadays just put enough money into things so that they live long enough to be considered common place, and hence gain acceptance, which is altogether a frustrating business model which made me stop watching television long ago...but yeah...different topic.
Stop voting in the booth, vote in the checkout aisle.
You know as well as I do that if you don't do the bidding of the right people, you won't find yourself with any "shelf space". Its white bread or wheat bread, anything else is illegal. Feel free to vote in the checkout aisle, just don't complain to anyone when your rye bread is nowhere to be found.
I have to hand it to Sony marketing execs. Ordinarily they would be hard-pressed to sell even a few dozen copies of that CD. Throw in some DRM and now you have millions of geeks buying the CD trying to break it (or verify somebody else's claims of having broken it). That stuff is so good you can't even torrent it.
you're not connected to the net? I know, horrible thought to comprehend but there are those of us who aren't plugged in 24/7.
What happens then? Do you get an error message? Does the CD not play? What if you block the ad retrieval via your firewall?
What if I turn off the monitor and walk away while the CD plays? Am I stealing ala Jack Valenti and not watching commercials on tv?
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
These copy protection schemes are NEVER goign to work as long as the content is still available to play on regular cd players. Even if it's not, it will be hacked as long as some hacker thinks it might be an amusing way to spend an afternoon.
why are sony SO unbeleivably stupid as to think otherwise. They must be wasting hundreds of thousands of pounds on this utterly useless rubbish, that even the least technical of people can bypass.
These things are so childish no hacker would even bother with them, as stated this one even defeats itself!
It only takes one breach to distribute a copy, why piss off thousands of genuine paying clients?
The mind boggles, the only people winning are the copy protection companies living happy lives doing nothing but ripping Sony off.
aren't they supposed to do maketing studdies on things before release?
maybe employ a 16 year old to independantly test the schemes for them rather than taking the word of the people selling them this rubbish
(I'd have said 10 year old but it wouldn't be legal)
revenue lost to purchasing clients who will have to return product as it wont run. $X,0000
revenue lost to potential clients who will be scared off buying in the first place. $Y,0000
estimated reputation damage to company. priceless.
estimate of no. of pirated copies prevented. ZERO.
So you can use their own rootkit to bypass their own DRM. And exactly what level of control do you even have at the point where you are screwing with a rootkit to rip CD's on your own computer?
I hope Microsoft is paying attention here, because this could set an EXTREMELY bad trend here. Why do we have these "certified" drivers? Because a lot of them were crap. Now we have software injecting stuff directly into the OS. I can't say this is going to help MS in the security and stability department.
Just my luck, when I make it to slashdot it's something I've analyzed wrong. I tested to rename my ripping software to begin with $sys$ and it ripped it fine, but apparently something else was the deciding factor. I can't reproduce that effect!
There's definitely something fishy going on, however, with two magic lists in the DRM system (one in installer, one in $sys$DRMServer.exe), and the drmserver scans running processes and open windows, testing them against those lists. So far I haven't figured what it does when it finds a match. The code is written in C++ and although I've found the function call, it's virtual and I need to figure which vtable is being used and it's bitchy without a debugger. I'm not going to run this crap on my development systems, and my test machine doesn't even have net access, too much work to setup debuggers on it just yet :(
Anyway, the lists for everyone to see:
http://hack.fi/~muzzy/sony-drm-magic-list.txt
http://hack.fi/~muzzy/sony-drm-magic-list-2.txt
The first one is from installer, the second from drmserver
-- Matti Nikki
Yes, that is what the sony reaction look like. They just behave as this is a non-issue.
But, by not adding an uninstaller, not putting it it in the EULA what it is doing and playing the blaim game to apple*, their software is not better than the worst spyware. They think they can install anything on a users PC, but this might be plain illegal.
If you do not care about spyware and viri, please let it pass, but if you care for your privacy and/or your pc you should not "vote with your wallet", but name it what it really is.
*(their faq keep babbling you can not transfer it ot itunes because apple did something to make their api incompatible, instead of watching their DRM solution)
As posted previously on another SONY DRM/rootkit article, here is a google search through Amazon listing the DRM'ed CDs:o m+intitle:%22%5BCONTENT/COPY-PROTECTED+CD%5D%22&nu m=100/
http://www.google.com/search?q=sony+site:amazon.c
SysInternal's Mark Russinovich has posted a new entry about Sony's XCP DRM technology.
According to his post, it seems Sony's fix "patch" makes a little "contact home" contacting Sony servers. This even when sony claims that their software didnt made contact with them.
Slashdot covered previously the intial XCP rootkit story.
The inquirer has an interesting article on the Sony DRM technology overall.
And it seems community have found several alternate uses for the XCP technology which include hiding game cheating software and even to bypass DRM technology
Ubuntu is an African word meaning 'I can't configure Debian'
I've always been under the impression that Japanese companies (or those largly held by) were a bit more ethical than their American counterparts. Sony has proven to me that my impression was completely in error. Unless they come very clean, very quickly, I will do my utmost to avoid purchasing any Sony product ever again, be it a new cam corder, an entertianment system...or even blank media.
here 'ya go ... which raises an interesting question - what if ET tries to play a Sony CD - what is the timeout option for the "phone home" packet if the ping times are overly long?
Hulk SMASH Celiac Disease
I could see Sony continuing this with their memory sticks. What's to stop them from installing a rootkit anytime you got a digital camera or an mp3 player from them?
Matt Nikki in the comments section discovered that the DRM can be bypassed simply by renaming your favourite ripping program with "$sys$" at the start of the filename and ripping the CD using this file, which is now undetectable even by the Sony DRM. You can use the Sony rootkit itself to bypass their own DRM!"
All I've seen from people on this issue are ways to get around the DRM. Yes, there are MANY ways to get around it, audio line-out to a DAT or an iPod, using linux, a mac, CDex, Audiograbber, Audiohijack-pro...
But that is all just retarded, if you're buying this CD and you use it as Sony want you to use it, it is NO different than if you buy the CD and rip it with some workaround. Sony don't SEE a difference. The MP3s will be on DC++ anyway, it's not like they will lose sales to people ripping it for their iPods or whatever.
And if you do buy the CD, (regardless of wheter you rip it or not) you have just voted. Corporations are the Governments of today and with your purchase you vote. And buying any content protected CD regardless of what you do with it is a VOTE to Sony that DRM is acceptable to you. And that means next time it won't be some crappy nobody C&W CD that is taking over your PC, it'll be the big Sony acts. And then the big EMI acts and WB acts and so on.
Vote with your cash, buy non-DRM encumbered CDs or else just steal it. I'd prefer to take the moral issues and risk of stealing rather than just be Sony's bitch and install their shitty rootkit on my computer.
Lest anyone at Microsoft or Sony not understand why they don't "hear from my XP box"...
It is because the damned thing is NEVER allowed online!
And if and when I eventually go to VISTA, I won't allow it to go online either.
Microsoft has simply created an unbelievable amount of ill-will and lack of trust in me.
My Macs are the only thing I trust to go online, with the exception of running XP in emulation on my Mac.
Yeah, let's demolish the entire system of law while we're at it -- I'm sure the market will provide something better.
// This is not a sig.
Call me crazy, but why don't you use a prog from the magic list to rip a protected cd under the watch of ye ol rootkit? I'm sure it's intentions will be revealed!
What's the goal here? To stop the people who buy CDs and rip copies for a few friends... by driving everybody to rely on safer online distribution exclusively?
NPR had a story about this, and did a reasonable job of it. If they would cover it a few more times as things progress, maybe Sony will get the picture.
Currently I own 2 Sony products--a Clie and a Cybershot. If this kind of thing continues, however, I will make these my last Sony purchases of any kind.
There is a good reason that this matters, not just to us, but to everyone: Sony has obviously lied about their actions, and should be held responsible. If we as consumers don't stand up and say "stop", then this will get worse. Currently computers are very powerful, but with more and more of this crap, we will all soon need Cray's to run even the simplest game smoothly because of the myriad background services that are hogging resources. I've already decided that as soon as I can I will ditch Windows (all that I need is money to buy SPSS/SAS for linux, or the ability to run SPSS in wine, and I'm good)--for the same reasons.
If I get rid of windows, then sony can't pull this crap.
Finally, is there a non-Sony-provided version of an uninstaller for this crap? I don't trust them!
"We don't know what we are doing, but we are doing it very carefully,..." Wherry, R.J. Personnel Psychology (1995)
If something isn't done about this soon, clearly network effects will result in pretty much every "CD" being DRM-encumbered, containing, as Sony did, software that actively damages the configuration of the systems the CD is meant to play upon. However, it would be entirely wrong to hold companies like Sony to account for this. They, after all, are merely trying to make money. It is entirely right that they should do so by taking advantage of ignorance to encourage people to do things that are entirely not in their best interest. If businesses were not able to do this, if businesses had incentives to make money when honest, then freedom itself would be at risk. Liberty would be in peril.
What kind of "choice" is it where you do not need to be a technology geek to decide whether or not to buy a "CD" of music? What kind of "freedom" does one have if every vendor of cellular service is telling the truth about their talk plan prices? How are we free if we do not, in practice even if we rarely do, have to hire a lawyer before taking a job or even installing software? Can we be described as supportive of liberty when a shop cannot put a price label on an item that actually reflects the retail price minus some "mail in rebate" the customer might not even qualify for, and if they do, might not get anyway?
Those who defend the intervention of government into these matters ignore market forces. Just as, say, if people like purple cars, the market will eventually end up producing purple cars, so it follows that what we're seeing here is market forces. People, through their unwillingness to spend every waking moment researching every aspect of the products they buy before they buy them, refusing to visit factories to determine environmental and employment issues, refusing to educate themselves about 14 bit 44.1KHz encoding, refusing to examine the contracts of the artists who produced the works, refusing to understand the lower level Win32 APIs and the registry, refusing to even design proxy-device drivers to understand these basic concepts, demonstrate that they want ignorance, and they consider being taken advantage of, being fooled, as actually a thing of value. We cannot have honesty in business when the market wants dishonesty.
But, no, there are those who want to smother consumers in regulation and red-tape. They want to prevent consumers from getting the products and services they deserve. And why? Because the more dishonest the market becomes, the more they scream and think something needs to be done.
This quagmire of people complaining about the market when the market is actually providing them with what they asked for will not disappear by itself. Resources need to be devoted, and unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.
You can help by getting off your rear and writing to your congressman or senator. Tell them that the market is important to you. Tell them that you appreciate the work being done by Sony, Steam, Kevin Jones Staples and Off
KMSMA (WWBD?)
Ah, but you didn't say illegal, you said wrong. The equation of the two is perhaps the greatest threat to liberty in the modern world.
Real Daleks don't climb stairs - they level the building.
If you care about this, then don't buy Sony games, music or movies. If you don't care about DRM and spyware issues then by all means go out and buy more product from them.
Is sending a clear message that you will not tolerate corporate abuses worth going a few months without shelling out $18 for a CD that has two decent tracks on it?
Accept nothing less - the public firing of the VP who oversaw the department that gave the green light to this - or no purchase of any Sony game, music or movie.
Personally I don't think enough people value unhacked systems enough to make the sacrifice. My prediction is that Sony will essentially get away with it, may have their insurance company pay a few settlement checks, and make a better attempt next time around. Or simply write enough checks to MS to ensure that the DRM is included in the Colonel (weak joke about a police state... sorry). And write enough checks to Motorola and Intel to make sure that DRM is included at the chip level. And write enough checks to US Senators to make sure that the law will back them up next time.
Again, the only recourse is to refuse to buy Sony products until a VP is fired. Nothing else will work.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
Isn't it a problem if you can't read the EULA before buying the product? And since you unpacked the CD you are actually stuck with it.
This is totally insecure, but very convenient.
Instead of rushing in and demanding a law to battle this "problem," just leave it alone. The market continues to provide exactly what people want.
Most ony customers care little for this Sony solution. My 12 year old sister doesn't seem to care one bit. Sony has the "right" to provide this feature as you're not being forced to buy it.
And that's exactly why we have the responsibility to make a big fuss about it.
When someone does something bad, we, as responsible citizens, have to educate others about it. We have to make a big fuss so that people realise why they shouldn't want CDs infected with DRM. To remain silent would be to give consent for Sony and pals to keep right on shafting us.
Voting with your wallet is a good start. But we need soapboxes too. There's no point voting with your wallet if nobody knows what you're doing or why.
Isn't the solution pretty simple? Anyone surprised that Sony is pulling shit like this? They're one of the major members of the RIAA, MPAA, CRIA... Don't be a stupid consumer -- it's ridiculous to both spend your money on something that upsets you, only to get upset more. Warn your family against Sony products
Don't get your panties in a wad, genius. The LAME string exists because that is one of the pirate programs that the DRM software specifically looks for. Simply having the string in your program doesn't make it a LGPL violation. That would be LAME.
Duh.
This "rootkit" doesn't even have to be present now that the virus/trojan/spyware writers know it is possible. Re-implementing this feature would just be one of the first steps of installation. Shouldn't people be demanding a fix for this from Microsoft?
Edward Burr
Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
But the fact still remains, CDs which have the "Compact Disc Digital Audio" mark on them cannot include DRM as it is against the CD spec. I agree that not showing software may be installed is a bad idea if not actually illegal (I haven't seen a CD in question so I don't know if it has a "This CD may install software" notice), but if you buy a "Compact Disc Digital Audio" marked CD which then installs something it is in fact false advertising, and IIRC the CD mark is quite strictly enforced.
How many people can read hex if only you and dead people can read hex?
Lets stop pretending that retailers allow you to return CDs.
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
If I play this CD and it "phones home", then "they" know
- I have played the CD
- if I need a new banner
- they know where to Send it to
- they know how often I listen to it (via how many times I've checked for a new banner
I say Bull. There is a lot that can be said about me based on the idea that this rootkit phones home.~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
"First things first -- but not necessarily in that order"
-- The Doctor, "Doctor
It won't install under Virtual PC. It requires that the CD is in drive during installation, and doesn't detect this to be the case when using Virtual PC. It probably just can't handle multisession CDs...
:)
Anyway, as a bonus, even though the rootkit doesn't install in virtual PC, it still calls home and tells sony about you
-- Matti Nikki
Market my ass. The Music Industry, like many "mature" industries in the modern world, is effectively an oligopoly that uses government regulation as a means to perpetuate their market stance. This is the reality of capitalism. The "industry" doesn't always win in their control over the government; states have the unenviable role of being force to mediate between contrary demands, and only the most impressive of dictatorships can even pretend to be consistent in its behavior.
Intellectual Property is an even trickier area -- the concept that ideas have market value doesn't go back very far: maybe to the era of verbose hacks like Charles Dickens. Anyway, the problem here is that with IP, "The Market Provides" doesn't work as an argument, since IP guarantees a monopoly over a certain product. Don't like paying $110 for a Star Trek season DVD? Tough -- nobody else can sell that, and IP gives the owner the right to ask whatever price he likes. Yet the limited number of companies that control the market generally fix those prices fairly high. Remember the LP to CD transition? In changing formats, the retail cost of a recording doubled, artist royalties dropped, as did the production and distribution costs for the new media. But prices have "hard" value. What happens when these oligopolies decide to go after stuff with intangible value, such as personal information? If one company decides to make "phoning home" and "customer profiling" part of the package, they'll probably find most people won't object. And the other handful of companies that control the market can and will follow suit -- that's not a slippery slope; it's maximizing revenues. That leaves us with the choice of wearing tinfoil hats and living in caves, or surrendering valuable information about how we live our lives.
That's not a choice, and it is a good reason for governments to get involved on what are in effect unconscionable terms being foisted on the purchaser.
Then again, in a society where Google never forgets, I probably should be posting as AC if I wanted to maintain my privacy.
Perhaps, but I'd guess that this cd would pass the tests and get the mark because it plays in everything except a windows pc w/autorun (and only then because their shitty software breaks your machine)
That said, it is a damn sleazy thing to do - both in terms of screwing the people who buy the CD and in terms of the decision to purchase this (ultimately useless) DRM.
Apparantly a lot of the higher ups in this DRM company also have high level positions in Sony. Would anyone here be surprised if any of the execs at the DRM company received bonuses around the time period that Sony chose their DRM?
If this is given enough public attention, perhaps shareholders may get pissed.
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
Btw, Since distracting CD-ROM functionality by randomizing the signal a little seems to be "OK", you can expect the record companies to target P2P apps with future DRM systems. If it's OK to screw your system and ripping software, it's going to be ok to screw your p2p if they think you're sharing their stuff. This kind of malware along with DRM is a slippery slope, and you'll never know where it ends if you tolerate it even a little.
-- Matti Nikki
J.
You're only jealous cos the little penguins are talking to me.
Sorry, no bonus. The Van Zant CD with the rootkit has a CDDA logo. It's a multisession CD with real audio tracks with malware on a data track. Plus apparently one extra data track without filesystem, no idea what that is, shows up in my ripper.
In the front cover, no notice of protection. On the side, no notice. On the back, facing towards front, on left side of the cover (you know), there's "Content enhanced & Protected" text. On the reverse side, it says "Certain computers may not be able to access the digital file portion of this disc. Use subject to applicable end user license agreement". It says it needs a mac or PC with windows, pentium II, IE5, DirectX 9, 128M ram. Says that ripping with windows media player 9.0 works, and is compatible with Windows Media portable devices and Sony Walkmans.
So, yea, it pretends to be a CD. I don't know the standards to know if this is really a valid audio cd since it's multisession. It's definitely about trying to screw the consumer, though, since it tries to break the cd playback ability of the computer with the malware it ships with, under guise of "DRM".
-- Matti Nikki
I am using ZoneAlarm if anyone wants to know.
An alternative to VMWARE is the excellent, and free QEMU.
to see the kit added to major antivirus detection list.
Trojan detected: WIN32.DrmSony.SPY@mm - Threat: medium; class: Spyware, Rootkit, OS-damage.
Known to cause CD drive malfunction, secretly uploads third party data, prevents certain userspace programs from running, hides from the OS, installs itself without user consent.
OS infection prevented.
Warning: E:\ Volume is Read-Only. The virus cannot be removed (cause: Data written to non-erasable CD.)
Recommendation: Back up all non-infected data from the medium by re-burning it to a new blank CD, destroy infected disk.
Anagram("United States of America") == "Dine out, taste a Mac, fries"
to see where this will go.. how long before your cd has to dial into an advertising scheme of some sort before you can listen to to the music you paid for.
[I have no name!:/]# _
No I didn't. I entered into a contract for sale of goods with the record store, the terms of which were that I handed over some cash and they handed over a CD. That contract was fulfilled to the satisfaction of both sides. I have no other contractual obligations of any kind.
Real Daleks don't climb stairs - they level the building.
Now, I didn't buy that CD (or any others in the last five or six years) but if I had, I'd like to see where the terms and conditions of the contract that I SIGNED AND AGREED to are. If they are available for viewing BEFORE I make the purchase AND they explicitly indicate everything that Sony is allowed to do to my computer if I choose to put it in my computer, then you have a point. If not, then it is nothing more than a con, equivalent to me mailing you a letter that you open to see "the act of opening this letter means you agree to give me all your worldly assets, and none of your debts". If you feel Sony isn't WRONG, then you'd better fork over everything you own when you get that letter, because it's the same thing. Now, if I posted "the act of opening this letter means you agree to give me all your worldly assets, and none of your debts" and you open it, well, that's fair game because you had the option, and if you weren't a dumbass, you wouldn't open it. That's the difference. Sony is not providing OUTSIDE of the purchase the terms and conditions that you are claiming binds the purchasor, and Sony is NOT refunding your money if you disagree with what you find inside.
Ripping this CD is both illegal and wrong; if you bought this CD, you entered into a contract with Sony
Breaching a contract may be illegal, but buying a product is not the same thing as entering into a contract. Not even implicitly. It never has been.
The whole EULA thing has thrown some mud into the water, but the distinction remains...you don't enter into the contract until you click "accept"...simply buying the product does not automatically accept the EULA.
With CD's, there isn't even an EULA, hence no contract. Their content is protected under copyright law alone...which is quite a different thing from a contract (and includes clauses which may allow for personal backups).
Also, whether or not ripping it is wrong is not so finally decided. Morality tends to be a bit relative, and obviously some people have different opinions on the matter than you do.
I purchased the 2 Fast, 2 Furious soundtrack from Barnes & Noble several years ago to see what the Digital Restrictions were like.
If it were only the sound that offended me, I would have simply thrown away the disc after my experiment (and trust me, this is by far the worst movie soundtrack I've ever encountered). However, I had problems actually listening to the disc.
I took the CD back to Barnes & Noble and explained the problem. They offered to exchange my opened disc for the same title. I then proceeded to explain that all discs in the lot were defective and that it was intentionally crippled by BMI (if I recall correctly). After less than 7 minutes talking to management, I left the store with cash in hand for my returned, defective disc.
Sometimes returning things is not easy, but if you can make the case that you were sold defective goods, any sane manager will accept the return. Your assertion is only true if you take the initial answer they give you.
Microsoft has simply created an unbelievable amount of ill-will and lack of trust in me.
This article is about Sony and their creation of ill-will and lack of trust, not Microsoft. Yes, yes. Sony's rootkit is designed for windows, autoplay, etc and so on, but you really can't blame Microsoft in this case. It is just as possible to create a rootkit for any Macintosh or Linux machine, they just haven't because most of their customers use windows.
As for autoplay being a bad idea, it is and it isn't. I remember back when autoplay was first introduced (I can't beleive it was 10 years ago) the whole idea was that you would buy a product from the store, insert it into your computer, and bam, you're off. I remember thinking it was a pretty cool idea at the time, although only one program actually did it as cool as the Microsoft commercials, SimCity 2000. (You would insert the CD-ROM, and then play the game, w/out installation). While in retrospect it wasn't the best idea security-wise (at least without some sort of warning), I would be sad to see autoplay completely dissapear, since I'm lazy and enjoy my computer anticipating what I want it to do.
No, this is some horrible mistake! I think the man you really want is Harry T uttle
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I thought about this and then realised that the problem is that you're still PAYING them to produce this crap. This bothers me. While its great that you can get the music you want, and its cleary "fair use" to make a "backup" of the original disc it turns my stomach to realise that they are basically getting away with this crap. What you are doing is validating their plan.
The only solution I see is to make a copy, then take the original disc(along with all packaging), along with the crufty old player that CAN'T read it back to the retailer and demand your money back as the disc won't function in your player. You'll likely have to demonstrate that. If the disc is so crippled, then it can't really meet the CDDA standard etc etc etc.
Oh, yeah. You'll want to throw away that copy you made earlier. ahem.
man, I feel like mold.
See? Not advertised in the EULA. So how are you supposed to know about it? It's one thing when it's hidden at the bottom of the EULA in small type - it's something else when it is ommitted from the EULA altogether. The comments in the article also detail problems several people had with the software - like a gamer with a 64-bit system who had his CD/DVD drive 'disappear' after installing this software - a piece of software with NO uninstall utility. All you get from Sony is a patch that removes the hiding of $sys$ files - they so far have refused to provide an uninstall utility for the software itself.
It's called Red Book. It's a different "file" system than ISO 9660. It is standard, but it's not rippable as an ISO image.
That which is done from love exists beyond good and evil
Everybody in industrialized nations will always have access to more than enough medium for their brains to drown in. Money made directly from the sale of media, is in this case, a secondary concern.
The only things people might have a more difficult time gaining access to in our DRM future are positive, un-tainted messages. Though with choice and intent, people can find those easily enough as well.
So don't sweat the reverse psychology; we'll still all be able to listen to the next pop star with relatively little trouble. --In fact, as per usual, it will probably take a degree of concentrated effort to avoid whatever dark-side, soul-draining message of slavery is being broadcast.
"Hit me Baby, one more time."
Ugh. The stuff is like nuclear fall-out. Destructive and near impossible to avoid.
-FL
I do have to agree with your comments. I agree that other OS's can have software added in bad ways. What I would prefer to see is that the OS's that I run, never allow any install to occurr without me personally OKing the operation. Maybe that would be obtrusive, but that is what I would wish.
But what I do object to in MS Windows is the concept that Microsoft has designed their "system" with the input from their 'strategic partners' like Sony, to allow these sorts of things which have happened, which is basically designing an OS to be primarily setup behind the scenes away from the user, such that the OS is at the beck and call of Microsoft and its partners. Microsoft is thus responsible for this mess, at the 'root' of the problem. They thus deserve my dissing and scorn. They have caused a LOT of wasted hours out of my life that should never have ocurred.
This attitude has caused an incredible amount of harm on so many levels that I am surprised some enterprising attorney has not filed a suit against Microsoft and tried to get class action status to represent all individual Windows users.
Don't they need rye bread to breed the ergot that fuels the management / marketing team?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
1 April 2006
PRESS RELEASE: Announcing The Hider®
The Hider® is a run-time library that your program calls during initialization. It randomizes strings of your choosing, including window names, application names as they appear in the Task Manager, and other strings. It also comes with The Launcher® which will copy your program to a random file name, encode it and add a decoding module, and run it from there.
This program enables your program to hide from "detectors" such as the infamous Sony 2005 Rootkit.
The developers license prohibits the use of this The Hider® and related programs in DRM applications, viruses, and other malicious software. Violators will be prosecuted under the DMCA and other laws.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I emailed this post to your english teacher. She's dead now. Are you happy?
Finding other idiots on
Heh, it's OK. I should've nuked the first comment the very moment I realized it was wrong, not after getting submitted to slashdot. I didn't realize I could do that since I only created blogger.com account to post to Mark's blog and was totally unaware of any features it had :o
:)
Ohwell, all publicity is good publicity, even if it makes me look like a jerk for a day
-- Matti Nikki
The illegality arises when you uninstall the DRM crap but then still access the copywrited work. If you uninstall this particular DRM and no longer listen to the music, then you're in the clear.
So I forfeit the rights that I payed for when I bought the CD? Something doesnt add up here....
Beware of he who would deny you access to information, for in his heart he dreams himself your master.
The installer list has iTunes Pro on it, that comes as a bit of a surprise to me. iTunes Pro is the app used by Apple to add music to the iTMS. Sony wants to prevent consumers from running this app or to prevent Apple from adding those CD's to the iTMS? What would the point of this be?
Weird.
Cwm, fjord-bank glyphs vext quiz
If you or anyone you know has purchased a compact disc with the XCP2 copy protection program (apparently most of Sony's releases since August 2005) and played or attempted to pay the compact disc on a Windows personal computer, you may have a claim against Sony and other parties. If you would like representation in this matter, please contact me at: LAWYER ADVERTISEMENT
What sort of "legitimate application" needs to be hidden using a rootkit? What sort of definition of legitimate are they using, anyway?
Second favorite part:
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
In the past, while working on a friend's infected laptop, cleaning out malware, I took down the names of some of the installed junk, and in frustration, I reinstalled the OS, and created 0-byte files with the same names as the spyware files, then I set them to read-only, and permissions only to the SYSTEM and a dummy admin user account. For the past year or so, she hasn't had nearly as many episodes of needing me to clear off her system. Part of that may be because of the copy of Spybot Search and Destroy, Norton, and the fact that she now uses Firefox.
But creating an 0-byte Aries.sys stub, making it read-only, may prevent the installation of the real-deal.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Hey, if the lists are used to stop us from ripping by detecting the name of the executable, why dont we jsut use an open source solution, and change the name prior to compilation? That way, anyone can make their ripper be called anything so it wont be detected. Is it that simple, or am I misunderstanding the situation?
Your write! We wood loose most of the poasts on Slashdot if we only looked at thoze with correct speeling.
Then again...is there much worth reading here even if we do include the posts with incorrect spelling?
Note to self: Stop putting jokes in my insightful comments so I can get something other than +1 Funny!
Another approach would be to install hooks into the API functions for playing a CD and browsing the filesystem above the kernel level. This would be easier to detect (simply invoke the system calls directly, rather than via a userspace API), but probably as effective.
You could probably persuade users to run the software by putting an HFS+ session on the disk first so iTunes wouldn't see it as an audio CD, and putting the application on this session with the same icon as a Finder uses for CDDA tracks - or simply use the auto-install feature (which would prompt the user for confirmation, but how many people would click no?)
I am TheRaven on Soylent News
Well, fuck, if you're using open source software anyway, rip the damn thing under Linux, and avoid the rootkit altogether.
I've upped my standards, so up yours.
'Fair Use'. I have a legal right under international copyright law to format-shift any media in my possession. I also have a right that allows me to make backups - be it recording onto cassette, ripping to my ipod, making a backup/mix CD, whatever - its perfectly legal, and ICL recognises that. It's wrong for me to *Distribute* any of those copies I make, but not to make them. That's the distinction. Also, there is no contract. A contract has to be presented BEFORE the item it is attached to is given/sold/leased/whatever. To attach terms to a sale after the sale is made is simply deceit - I don't know about the U.S, but here in the UK it is actually ILLEGAL for a company to attach terms in that manner. Hence, Sony's EULA is in no way binding. The only protection the CD has is Copyright law. As long as the purchaser remains within the laws fair use constraints (I.e, not re-publishing it), there is nothing unethical, or illegal taking place. Unless you live in the USA with its shitty, overly-broad DMCA.
Just my luck, when I make it to slashdot it's something I've analyzed wrong. I tested to rename my ripping software to begin with $sys$ and it ripped it fine, but apparently something else was the deciding factor. I can't reproduce that effect!
Too late. This is the kind of falsehood which will become true merely by repetition. It is too good a story not to tell. You will see it repeated over and over on site after site. Occasionally people will try to follow up with corrections but they will never get the attention that the original false report got.
"A lie can travel halfway around the world while the truth is still putting on its shoes." - Mark Twain
Web-form for comments to Sony Music is here ->
/. effect to good use!
http://www.sonymusic.com/about/feedback.cgi
Also the snail mail address is given as well:
Sony Music Online Services
550 Madison Ave, 24th Fl
New York, NY 10022-3211
Lets put the
-- Experience is a wonderful thing. It enables you to recognize a mistake when you make it again.
'Fair Use'. I have a legal right under international copyright law to format-shift any media in my possession.
First of all, IANAL. Now that this has been stated, although I disagree with the music industry, I am tired of crap like this being posted. Fair use is not a legal right, it's a set condition under which you can't be prosecuted. The Fair Use doctrine states that although illegal to make copies unless you are the copyright holder, you can get away with it if you qualify under X, Y, or Z.
In addition, the 'Fair Use' doctrine is U.S. Copyright Law. It is not international copyright law. This is why iTunes is technically illegal in Australia, because it can copy cd's. Although most countries have a similar exception to the copyright law, Fair Use is by no means International Law.
Other than that I must say, I hate how the entertainment industry is screwing with my rights. I think we all need to educate ourselves better with what is going on, so that we may better fight this bullshit. It's blatantly obvious that our Government does not have the best interests of it's citizens in mind while passing these laws. Hell we are still stuck in the middle ages of art because nothing ever goes back into the public domain anymore.
Can I get an eye poke?
Dog House Forum
I believe you meant "using Itunes to copy a CD is technically illegal in Australia". Murder is illegal in Australia, but that doesn't mean knives are illegal.
-----
PGP Key ID 0xCB8FF658
What about spoofing results back to Sony HQ to throw off the statistics?
Yes. In fact, if someone wrote a script that mimics the rootkit with regard to talking to Sony HQ that just spits out random bogus data, I'd run that script all day (after getting a programmer friend to check it for malware).
It's our duty to poison phishers' and corporate data harvesters' databases.
You make the mistake of thinking you can educate the fundamental stupidity out of people. You can't.