Slashdot Mirror
Sony Music CD's Contain Mac DRM Software Too
brjndr writes "A MacInTouch poster has found that certain Sony CD's also contain a smaller extra partition for 'enhanced' content. Running one of the applications found within this partition installs kernel extensions containing DRM software by SunnComm. In Sony's defense you're told what is being installed within a EULA which pops up when the program is loaded. Thankfully we all read our EULAs completely."
[See my journal entry for my previous comments on this]
To summarise: it's impossible to protect against truly clueless users without severely inconveniencing everyone else, but Mac OS X at least lets you know something dodgy is going on (a request for administration rights, just to play a CD, say what ? No *other* CD's needed that!) I guess it helps to have gorms, though...
THM: It's a difference in attitude. It *does* make a difference.
Simon
Physicists get Hadrons!
This is a sign that Mac OS X has a large enough userbase for Sony to worry about Mac users stealing music.
Reasonable, yes, but legally workable not really, at least according to Sony. The sony eula says you must destroy any and all fair use copies of the music you possess, if you are no longer in possession of the actual cd. What a concept, your car gets robbed, you get cds stolen and then SONY makes you delete any copies you may have. I'd love to see it in court.
Why not find the names of the individual programmers who coded these rootkits, and make sure they're unable to ever get a job ever again? It was perfectly reasonable to keep Communist sympathizers out of Hollywood and government when Senator McCarthy went on his crusade -- why not keep DRM sympathizers out of the programming industry? Treat them like shit, refuse to hire them anywhere, and make them unable to ever afford food and shelter ever again without humiliating welfare subsidies.
Of course, criminals will always hire criminals; a thief will always have a chance at getting hired by the Mafia, so I don't expect this will completely work. Computer companies that have overgrown beyond their event horizon of personal responsibility such as Sony and Microsoft will always be a haven for crooks and guttersnipes. But every responsible company still around should outright refuse to hire anyone who's ever knowingly developed anything related to DRM; conduct background checks on every potential employee's employment history and slam the door in the face of any DRM sympathizer looking for a job.
Ummm..."Ha ha, it doesn't affect us!" At least, none of us who don't type in the administrator password without understanding why we're doing it.
Ha ha, only serious. Seriously, this isn't an "any computer" issue. This is an issue with the only "modern" OS that have been specifically engineered to run arbitrary binaries with privileges without challenging the user. It's isn't a matter of Mac OS X or Linux (or VMS or Solaris or SunOS or VM/CMS) being better, it's a matter of Windows being worse .
This isn't even a matter of Windows' original design, as Dave Cutler's original security model was solid and included a good separation of privileges away from the desktop user, drawing on the last half a century of computing experience. This is a matter of Microsoft Management specifically and intentionally deciding to screw you. They will say it was necessary to make a desktop OS usable by novices - Mac OS X does give the lie to such horseshit (and that is the only place Mac OS X specifically figures in this topic).
Yes, Sony deserves a lot of the blame. But Microsoft deserves just as much. You can start to "fight this stupidity" by not using Windows.
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
I just renewed my living-room home-entertainment system for almost 5000 euros. The two finalists were a all Sony set vs. Panasonic + Harman Kardon + Infinity. Guess which finalist got my money after reading up on the Sony DRM scheme... Yep, I'm a happy Panasonic+HK+Infinty owner. Added a One-for-All remote and the functionality is pretty much the same as using a complete set from the same vendor.
And this was definitely the last time I even consider Sony. Forget the new Playstation, if I have to choose from the two bad options M$ vs. Sony my money goes to M$ in this case.
As big a fan as I am of the Van Zant brothers, I just can't think of buying the album after all this. Luckily it was available without DRM somewhere else. It's a shame for the artists though, they didn't get thei $0.50 or whatever they make per sold CD.
I know my 5000 doesn't bankrupt Sony but if more of us start voting with our wallets maybe they will realize they can't keep on shafting customers every chance they get.
It may sound paranoid, but once they start messing with the kernel, you really don't know what they're going to do...
The CB App. What's your 20?
"November 8, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers. Please note, Service Pack 2a is a maintenance release designed to reduce the file size of Service Pack 2. It includes all previous fixes found in Service Pack 1 and Service Pack 2."
http://cp.sonybmg.com/xcp/english/updates.htmlHMM it does not compromise security? It installs a root kit, then it lets people hide a trojan on your computer. Who needs sony anyway, I have my game cube and X-box.
I'd really like to get my hands on one of those now. I sort of miss slapping it upside the carriage every time you were finishing a line. And a typo at the end of a page REALLY hurt.
... grumble, grumble, grumble, mutter, mutter, Millenium... Hand... Shrimp, I tol' 'em, I tol' 'em.
Citibank (I think) has a credit card mask generator. You can generate a credit card number for use online and then you tell the credit card company the spending and number of transations limits. You get a safe, one time use credit card number.
http://brandonbloom.name
Well.. Let see... I will NOT be buying the following:
1. Sony music CD's
2. Sony HD TV
3. Sony Playstation 3 and games
4. Sony Bluray DVD player
5. Sony Ericson phones
6. Sony VAIO laptop
7. Sony DVD burner
8. Sony digital camera
9. Sony video recorder
The only way Sony will regain my trust is if they were to:
1. publically admit that what they did was wrong
2. put a link on sony.com to a page explaining what exactly happened and provide software to uninstall the rootkit
3. recall all CD's on the shelf containing rootkit DRM
4. offer replacement CD's to all customers
A mate installs a Windows XP OEM version onto a PC. Activates it and everything is sweet. A few days later his pc is stolen. So he buys a new PC, because he still has the Windows XP CD, the manual, the license and all the little stickers, he goes to install it on the new PC. It wont activate. He rings Microsoft. They refuse to activate the software since its been activated on another pc, and that violates the OEM license. They suggest he reports it to his insurance company as stolen and they can pay for a new license.
So they encourage him to commit insurance fraud as the software has not been stolen, because he has all the software and the licenses to run it.
In Soviet Russia the insensitive clod is YOU!
The problem with these EULAs are that they are so verbose that any important facts are lost and I believe that is the intention.
That is how these Spyware companies gain "permission" and certainly how Sony has gained "permission" to install anything they want. Most users aren't able to read a 5 page legal document squeezed into a tiny little box very effectively.
We need to write our Congressmen and Senators and tell them that EULAs should be simplified, even standardized. I'd even suggest that some sort of color coding be required to indicate the severity of changes to be made. Unlike Homeland Security's approach, I suggest three simple colors: GREEN, YELLOW, RED (You might recognize these colors from your local STOPLIGHT).
GREEN - This EULA just contains standard legal protections of the company for their software.
YELLOW - This application will install some components to run at the same permission level as the user.
RED - This application will install SYSTEM-LEVEL COMPONENTS.
This may not be perfect, but the 10-pages of legal mumbo-jumbo is hard for even the paranoid to go through. For example, I installed several updates to my Mac OS X system (10.4.3, Java, Quicktime, iTunes, Airport) and EACH ONE contained an EULA that was extremely long.
The current system is broken and, unfortunately, we need to change the law to fix it because I know that the large companies with their lawyers have no intention of fixing it.
This kind of thing really illustrates Mac OS X's malware resiliency. There is no CD auto-run, so there is no way for these extensions to even be installed without the user manually double-clicking on this Start.app thing. From there, the user has to enter his administrator password, assuming he's an administrator on the machine. Only then will this DRM software get installed. So I don't expect this to cause too much trouble.
And even after that, it's not the gigantic pain in the ass to remove that the Windows stuff is. Removal is a simple matter of unloading the kernel extensions and deleting them with administrator privileges. For some reason, Windows seems to facilitate the development of software that installs silently and is utterly impossible to remove.
This is why it's not just the popularity factor that keeps OS X malware-free. It's a solid design based around the idea of minimal automation and least privileges needed. Even if OS X was twice as popular, any malware would still have the same hurdles to jump through.