Slashdot Mirror
Sony Music CD's Contain Mac DRM Software Too
brjndr writes "A MacInTouch poster has found that certain Sony CD's also contain a smaller extra partition for 'enhanced' content. Running one of the applications found within this partition installs kernel extensions containing DRM software by SunnComm. In Sony's defense you're told what is being installed within a EULA which pops up when the program is loaded. Thankfully we all read our EULAs completely."
[See my journal entry for my previous comments on this]
To summarise: it's impossible to protect against truly clueless users without severely inconveniencing everyone else, but Mac OS X at least lets you know something dodgy is going on (a request for administration rights, just to play a CD, say what ? No *other* CD's needed that!) I guess it helps to have gorms, though...
THM: It's a difference in attitude. It *does* make a difference.
Simon
Physicists get Hadrons!
Business idea:
Customers buy DRM CDs and hand them over to you. You give them back a copy of the CD with the DRM removed, for the cost of the blank CD and a small service fee. Hold onto the original CD with customer records as evidence that the customer bought the CD and has the right to copy for personal use.
Not workable?
Jesus saved me from my past. He can save you as well.
This is a sign that Mac OS X has a large enough userbase for Sony to worry about Mac users stealing music.
Fuck 'em. Really. In the ass. With a chili pepper.
In the past I've made a point of buying stuff I liked, either on CD or from an online retailer (iTunes).
Well, Sony just lost my business. And fuck them if they think I am going to subsidize this bullshit.
Goodbye Sony. Hello allofmp3.com.
If you walk the corridors of Sony Music right now all you can hear is the sound of a toilet flushing.
I'm not wrong. You haven't thought about it hard enough.
How does the DVD player auto start then when a DVD movie is put in the disc drive?
Jonathanjk.com
Why not find the names of the individual programmers who coded these rootkits, and make sure they're unable to ever get a job ever again? It was perfectly reasonable to keep Communist sympathizers out of Hollywood and government when Senator McCarthy went on his crusade -- why not keep DRM sympathizers out of the programming industry? Treat them like shit, refuse to hire them anywhere, and make them unable to ever afford food and shelter ever again without humiliating welfare subsidies.
Of course, criminals will always hire criminals; a thief will always have a chance at getting hired by the Mafia, so I don't expect this will completely work. Computer companies that have overgrown beyond their event horizon of personal responsibility such as Sony and Microsoft will always be a haven for crooks and guttersnipes. But every responsible company still around should outright refuse to hire anyone who's ever knowingly developed anything related to DRM; conduct background checks on every potential employee's employment history and slam the door in the face of any DRM sympathizer looking for a job.
Ummm..."Ha ha, it doesn't affect us!" At least, none of us who don't type in the administrator password without understanding why we're doing it.
Ha ha, only serious. Seriously, this isn't an "any computer" issue. This is an issue with the only "modern" OS that have been specifically engineered to run arbitrary binaries with privileges without challenging the user. It's isn't a matter of Mac OS X or Linux (or VMS or Solaris or SunOS or VM/CMS) being better, it's a matter of Windows being worse .
This isn't even a matter of Windows' original design, as Dave Cutler's original security model was solid and included a good separation of privileges away from the desktop user, drawing on the last half a century of computing experience. This is a matter of Microsoft Management specifically and intentionally deciding to screw you. They will say it was necessary to make a desktop OS usable by novices - Mac OS X does give the lie to such horseshit (and that is the only place Mac OS X specifically figures in this topic).
Yes, Sony deserves a lot of the blame. But Microsoft deserves just as much. You can start to "fight this stupidity" by not using Windows.
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
I just renewed my living-room home-entertainment system for almost 5000 euros. The two finalists were a all Sony set vs. Panasonic + Harman Kardon + Infinity. Guess which finalist got my money after reading up on the Sony DRM scheme... Yep, I'm a happy Panasonic+HK+Infinty owner. Added a One-for-All remote and the functionality is pretty much the same as using a complete set from the same vendor.
And this was definitely the last time I even consider Sony. Forget the new Playstation, if I have to choose from the two bad options M$ vs. Sony my money goes to M$ in this case.
As big a fan as I am of the Van Zant brothers, I just can't think of buying the album after all this. Luckily it was available without DRM somewhere else. It's a shame for the artists though, they didn't get thei $0.50 or whatever they make per sold CD.
I know my 5000 doesn't bankrupt Sony but if more of us start voting with our wallets maybe they will realize they can't keep on shafting customers every chance they get.
It may sound paranoid, but once they start messing with the kernel, you really don't know what they're going to do...
The CB App. What's your 20?
So, in effect, your computer is at less risk if you download Sony published music from peer to peer networks than if you try to play your Sony CD on your computer.
OK, here are the options you have.
Sony CD: Contains very poorly written DRM that may forever screw up your machine.
P2P: Spend days sifting through partial, corrupted and poorly named files to get the CD you want, risking viruses, lawsuits and your entire Saturday afternoon.
Online music stores (iTMS, allofmp3): Cheaper than a CD, quicker and safer than P2P, DRMed but easily circumvented in under an hour, if that.
Maybe Sony's subconsciously trying to elminate CDs in favor of complete on-line distribution.
"November 8, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers. Please note, Service Pack 2a is a maintenance release designed to reduce the file size of Service Pack 2. It includes all previous fixes found in Service Pack 1 and Service Pack 2."
http://cp.sonybmg.com/xcp/english/updates.htmlHMM it does not compromise security? It installs a root kit, then it lets people hide a trojan on your computer. Who needs sony anyway, I have my game cube and X-box.
I'd really like to get my hands on one of those now. I sort of miss slapping it upside the carriage every time you were finishing a line. And a typo at the end of a page REALLY hurt.
... grumble, grumble, grumble, mutter, mutter, Millenium... Hand... Shrimp, I tol' 'em, I tol' 'em.
The thing is, Joe Desktop is getting bombarded now with this story all over the main stream press. Heck it was even in my local Podunk newspaper!
I see this beginning to be the backlash of DRM for the average "Joe Desktop". Especially when the media is throwing in the scary worded "root kit" voodoo around.
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
it was also the source of the last Mac virus (well worm) that I am aware of. Perhaps that is why it wasn't included in OSX.
Well.. Let see... I will NOT be buying the following:
1. Sony music CD's
2. Sony HD TV
3. Sony Playstation 3 and games
4. Sony Bluray DVD player
5. Sony Ericson phones
6. Sony VAIO laptop
7. Sony DVD burner
8. Sony digital camera
9. Sony video recorder
The only way Sony will regain my trust is if they were to:
1. publically admit that what they did was wrong
2. put a link on sony.com to a page explaining what exactly happened and provide software to uninstall the rootkit
3. recall all CD's on the shelf containing rootkit DRM
4. offer replacement CD's to all customers
Play the CD into a Windows PC, and that shit gets installed without you even knowing.
On the Mac, you have to seek out and launch the DRM installer app on the CD (and why would you run it, other than curiosity?), and provide your password for the install to actually do its work.
And so it shall be with any attempts to create self-propagating malware for the Mac. Drive-by/unannounced installs of system-level shit is an utter impossibility. If a DRM purveyor funded by Sony can't figure out how to stealthily get their shit installed on the Mac, what hope do Windows script kiddies have of finding a way to do it? They'll just stick to the fertile grounds of Windows, no matter how big the Mac's marketshare gets.
Installers can install a lot of things without asking for a password. This is a *good* thing, otherwise you'd always have to enter your password to do anything, and hence it would lose all meaning. For example, an installer can add files to /Applications without a password, but if it wants to delete anything in /Applications, it needs the password to work. Of course most Mac apps install by drag-and-drop, but there you go.
A mate installs a Windows XP OEM version onto a PC. Activates it and everything is sweet. A few days later his pc is stolen. So he buys a new PC, because he still has the Windows XP CD, the manual, the license and all the little stickers, he goes to install it on the new PC. It wont activate. He rings Microsoft. They refuse to activate the software since its been activated on another pc, and that violates the OEM license. They suggest he reports it to his insurance company as stolen and they can pay for a new license.
So they encourage him to commit insurance fraud as the software has not been stolen, because he has all the software and the licenses to run it.
In Soviet Russia the insensitive clod is YOU!
The problem with these EULAs are that they are so verbose that any important facts are lost and I believe that is the intention.
That is how these Spyware companies gain "permission" and certainly how Sony has gained "permission" to install anything they want. Most users aren't able to read a 5 page legal document squeezed into a tiny little box very effectively.
We need to write our Congressmen and Senators and tell them that EULAs should be simplified, even standardized. I'd even suggest that some sort of color coding be required to indicate the severity of changes to be made. Unlike Homeland Security's approach, I suggest three simple colors: GREEN, YELLOW, RED (You might recognize these colors from your local STOPLIGHT).
GREEN - This EULA just contains standard legal protections of the company for their software.
YELLOW - This application will install some components to run at the same permission level as the user.
RED - This application will install SYSTEM-LEVEL COMPONENTS.
This may not be perfect, but the 10-pages of legal mumbo-jumbo is hard for even the paranoid to go through. For example, I installed several updates to my Mac OS X system (10.4.3, Java, Quicktime, iTunes, Airport) and EACH ONE contained an EULA that was extremely long.
The current system is broken and, unfortunately, we need to change the law to fix it because I know that the large companies with their lawyers have no intention of fixing it.
This kind of thing really illustrates Mac OS X's malware resiliency. There is no CD auto-run, so there is no way for these extensions to even be installed without the user manually double-clicking on this Start.app thing. From there, the user has to enter his administrator password, assuming he's an administrator on the machine. Only then will this DRM software get installed. So I don't expect this to cause too much trouble.
And even after that, it's not the gigantic pain in the ass to remove that the Windows stuff is. Removal is a simple matter of unloading the kernel extensions and deleting them with administrator privileges. For some reason, Windows seems to facilitate the development of software that installs silently and is utterly impossible to remove.
This is why it's not just the popularity factor that keeps OS X malware-free. It's a solid design based around the idea of minimal automation and least privileges needed. Even if OS X was twice as popular, any malware would still have the same hurdles to jump through.
$l.oo was a common style, dating back to the 1800s. Tho I expect it had its origins in early typewriters that lacked a zero.
:)
[Note lowercase L used for authenticity
~REZ~ #43301. Who'd fake being me anyway?