Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bad Day To Be Sony

Posted by Zonk on from the who-needs-customer-loyalty dept.

Not only is Sony no longer selling the RootKit CDs, Arend writes "According to a USAToday article, Sony is to pull their controversial rootkit CDs from store shelves." A nice gesture, but a little late. bos writes "Sony's DRM rootkit has been found by Dan Kaminsky to have infected at least half a million networks, according to an article by Quinn Norton for Wired News. Dan has even put together some pretty pictures of the breadth of the infection." With so many people infected, it's unfortunate that wiredog writes "From The Washington Post comes the news that serious security flaws have been found in the software that Sony is distributing to users who want to remove the Sony rootkit. The article says: 'Because of the way the tool is configured ... it allows any Web page that the user subsequently visits to download, install and run any code that it likes.'" Oops. Even Microsoft is getting into the act. ares284 writes "Microsoft said it would remove controversial copy-protection software that CDs from music publisher Sony BMG install on personal computers, deeming it a security risk to PCs running on Windows."

34 of 812 comments (clear)

  1. How to boycott? by dada21 · · Score: 5, Interesting

    I'm not a "boycott!!!" kind of guy. When I was younger I used to be, but no one ever stuck to it. This "error in judgement" is definitely something that I am adding to my (really small) short list of company-groups I won't buy from. I already won't buy CDs without the "CD" logo. I won't buy Sony TVs or receivers for the last 4 years because of their terrible support policies. I won't buy anything from Menard's either. And now Sony music CDs are permanently out.

    How do those who are active boycotters stick to it? Do you actively pursue telling others, or is it just a "one person, one dollar, one vote" kind of life lead?

    I could care less if other people want to support Sony artists or Sony products. All mercantilistic (using government to acquire wealth) corporations are bad, but that doesn't mean that every business is bad. Sony has actually been one of the least mercantilistic corporation I've tracked over the years, but their releasing of items without proper quality control is what kills them time and again.

    And I believe that is the problem with this rootkit. Sony didn't test it properly. If they had tested it properly and kept it within its own little world on a customer's PC, I don't think the fallout would have been so excessive. They didn't test the product, they relied on the customers to do so. Luckily for Sony, the customers weren't happy and were vocal about it.

    That is the free market at work. People unhappy about a company or a product have much more of a voice with the web being so readily available. The more the Internet allows billions of citizens to align on different issues, the more we'll see that a free market "democracy" is better than a democracy built around the use of force.

    Vote with your dollars.

    1. Re:How to boycott? by achacha · · Score: 5, Insightful

      Have to agree with you, I have added Sony to my very small list of companies not to buy things from. Yesterday I bought a camcorder from Canon even though both Canon and Sony were final runner ups, I put my 800$ on a Canon for one reason... Sony DRM is an insult to consumers and I am sure my miniscule decision will not matter but I feel good that I will not be giving money to a company that thinks it is ok to distribute a rootkit with their music CDs. And I actually checked the music CDs I was buying to make sure they were not from Sony. The only way we can have our voices heard is not by making noise but by not spending money ontheir products... when you affect their profits it hurts a lot more and while I am one person and my immediate actions will not even affect the company, I am hoping there are more people out there that believe in honest practices.

    2. Re:How to boycott? by enraged78 · · Score: 5, Interesting

      I myself have been boycotting CD's produced by the any label associated with the RIAA for the last three years. I have not purchased any CD's for myself, or as gifts for others. I do not plan to do so until three conditions are met. First, artists are properly compensated for their music. By properly compensated, I mean more than a nickel a disc, which works out to less than that due to 'questionable' accounting practices. Second, that that RIAA ceases all current lawsuits against users who "illegally" downloaded music, and returns all moneys garnered from users who "settled" with the racketeering, um, I mean consortium. Third, that the RIAA cease to destroy both public domain, and fair use policy. In order for the public to respect the RIAA's property, the RIAA needs to stop illegally extending copyright by purchasing politicians. Oddly enough, all this purchasing power seems to stem from the 12-18 year old market. That same market does not possess the ability to vote, and I find it rather strange that all their hard earned dollars are being redirected towards buying our public officials for the highest dollar. Sony products in general will no longer be purchased by me until these and many other wrongs are rectified. Their policies are criminal, their once good hardware products are now sub-par, and their greed is insurmountable. This is no longer a free market question. This is now a corporation buying legal power to function as a makeshift mob. I for one will not stand for it by purchasing thier products.

    3. Re:How to boycott? by PunkFloyd · · Score: 5, Funny

      Here's to correcting the worlds grammar one person at a time.

      Wouldn't that be the world's grammar? :)

      -pf

    4. Re:How to boycott? by Moofie · · Score: 5, Funny

      "Vote with your dollars."

      I don't have enough of them to matter.

      --
      Why yes, I AM a rocket scientist!
  2. PS3? No thanks, Sony; you screwed the pooch by Rude+Turnip · · Score: 5, Insightful

    I'd like to thank the fine folks at Sony for helping me decide which next-generation gaming console to buy (hint: It doesn't begin with the letter "P" or end in a "3"). It's a sad state of affairs when Microsoft has to come to the rescue and un-fsck your security blunders.

    --
    Bill Clinton: Pimp we can believe in. - The Shirt!!!
  3. The natives are restless.. by grub · · Score: 5, Informative


    Read the comments for this protected disc by Van Zant on the Sony label.
    ,br>OUCH.

    --
    Trolling is a art,
  4. Vulnerability by Anonymous Coward · · Score: 5, Insightful

    So we have a vulnerability on machines that was pushed out intentionally by somebody. We know who that somebody is.

    The question is, will they get punished for this by the authorities? The FBI and police seem to be happy to jail writers of virii or worms or those who spread vulnerabilities to unsuspecting systems. Why shouldn't the product manager responsible for this pay for his crime of making the nations computers even more insecure?

    Considering the rootkit is installed without owners realistically being aware, doesn't that make it equivalent to a form of worm, virus, or other type of nasty?

    I seriously believe that someone should be doing jail time for this. Such a punishment would make any other malfeasants think twice before thinking that they don't have to obey the law.

  5. FBI? NSA? Homeland Security? by The+Rizz · · Score: 5, Insightful

    Why hasn't Sony been raided by the Feds, yet?

    If this had been an individual, or small business, you know they would already be behind bars awaiting trial for violating some law or another... possibly even being brought up on some sort of national security-related charges.
    ( Someone in a secure/top secret/classified government network has probably stuck one of these CDs into their machine at some point.)

    I want to know why the Feds aren't treating Sony like they would anyone else ... break into their offices, confiscate every single piece of electronics and CD in the place, and never give them back, ever (or at least, not until years after you've replaced everything).

    1. Re:FBI? NSA? Homeland Security? by SilverspurG · · Score: 5, Insightful

      Because we live in a democratically elected plutocracy.

      By associating it with democracy, though, that makes it all better. We're all supposed to be happy that corporate profits supersede individual rights and property.

      --
      fast as fast can be. you'll never catch me.
  6. buy second hand? by speedfreak_5 · · Score: 5, Insightful

    I'm a music nut. I've tried the boycott thing with mixed results. But what has "worked" for me lately is buying CDs and vinyl second hand. Unfortunately, They may already have the money from the original purchase of the music, but if you buy second hand, someone gets money and you get a CD or record and the RIAA partners get nothing.

    --
    Why yes I am paranoid! Thanks for asking!
  7. No Refund by rozthepimp · · Score: 5, Informative

    From Sony regarding the XCP CD received today in an email: Sony has already addressed the issue of the security concerns via the Service Pack 2 update on our website. According to the terms of the EULA that you agreed to when first installing our software, you agreed to obtain and install any recommended updates. All major security vendors have and Microsoft have announced that the installation of the SP2 update removes their concerns over the original technology used on our CDs. Sony BMG does not offer a refund/return program for this product.

  8. Re:How to boycott? Website by saskboy · · Score: 5, Informative

    I just found the website claiming to lead the charge http://www.boycottsony.us/ in the boycott.

    I've been including information I think is important about the Sony case on my blog too since the story broke, but other sites have much more detail. I just try to break it down so the average joe knows what's going on if their brain turns off at acronyms like DRM.

    --
    Saskboy's blog is good. 9 out of 10 dentists agree.
  9. How about Criminal Charges. by Anonymous Coward · · Score: 5, Interesting
    If practically every kid who cracks into some network gets jail time; how about some criminal charges against whomever the idiot in Sony that approved this.


    Seriously - if some company hires a hitman to do illegal stuff they get in trouble. Why can Sony hack my network without any repercusions.

  10. Criminal charges against Microsoft too. by Anonymous Coward · · Score: 5, Interesting
    From TFA: "Microsoft said it would remove ... copy-protection software


    That's a clear DMCA violation.

    If DVD John gets in trouble for less, surely whomever at Microsoft decided to do this should suffer the same.

  11. Buying CDs is unsafe... by ncoder · · Score: 5, Funny

    Download them from the net. It's much safer. ;)

  12. Re:PS3? No thanks, Sony; you screwed the pooch by Guppy06 · · Score: 5, Insightful

    "I would like to point out that at Sony's size, the different divisions have little or nothing to do with each other."

    They're associated well enough to have the name "SONY" branded on them. Good enough for me.

  13. To kill DRM, make Joe Consumer Mad... by Starker_Kull · · Score: 5, Insightful

    About the only way DRM will be tamed (I think, in the long run, it will be eliminated completely, but that will take people completely rethinking intellectual "property" as a lega concept) is if it intereferes or damages an average person's system. That is perhaps the biggest "problem" with DRM - its many failure modes usually screw you out of your content - or in this case, screw up your system. And it's a great, wonderful problem, because all we need are a few more screw-ups like this, and average people will start to associate "DRM" with "Sucks/Breaks" and avoid it like the plauge.

    Go Sony! Do it again!

  14. Quite the reverse by Vainglorious+Coward · · Score: 5, Insightful
    I would like to point out that at Sony's size, the different divisions have little or nothing to do with each other. So the same people who make decisions for the music products are not the same people who make decisions at the playstation divisions . From what I hear, there is some pretty intense inside fighting going on between the people who make mop3 players, and the music division.

    That sounds to me like more reason to boycott, not less - the impact is not compartmentalised, but spreads across their entire business. It also gives ammunition to those on the inside who are fighting against the shenanigans. Sony need to get the message that their actions don't just do damage to their CD sales business, they also create a serious dent in the Sony "brand" as a whole.

    --
    My next sig will be ready soon, but subscribers can beat the rush
  15. Phone Sony about the problem by Anonymous Coward · · Score: 5, Informative
    [...] with pitchforks in hand. Nevermind silly little boycotts.
    Although I can quite understand your feeling, I think it's always wrong to resort to violence, and in my mind even to boycotts, if you haven't at least tried to talk to the other party.

    According to the feedback page for Sony USA, you should call their Quality Management Department at 800-255-7514 (609-722-8224 in New Jersey) "if you believe a Sony Music product has a manufacturing defect".

    I would seem reasonable to give them the courtesy of doing what they ask for, and phone them before doing anything else.

    1. Re:Phone Sony about the problem by swillden · · Score: 5, Funny

      According to the feedback page for Sony USA, you should call their Quality Management Department at 800-255-7514 (609-722-8224 in New Jersey) "if you believe a Sony Music product has a manufacturing defect". I would seem reasonable to give them the courtesy of doing what they ask for, and phone them before doing anything else.

      Yes, please call them.

      Several times.

      Per day.

      Each.

      :)

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:Phone Sony about the problem by TheUnknownCoder · · Score: 5, Informative

      Well, you all know how Sony treats its (ex-)customers, and calling them will get you nowhere. So instead of calling or emailing Sony, contact the US Department of Justice , and demand an action against Sony. They have never charged a big corporation with a computer crime, but I believe that Sony should be the first one, and let it set an example.

      --
      Uncopyrightable: The longest word you can write without repeating a letter.
    3. Re:Phone Sony about the problem by MrNiceguy_KS · · Score: 5, Insightful
      I just sent them off an email and I'll call tomorrow when the switchboard is open. I'm sure I'm not the only one. Just remember, be polite and reasonable, and if using email, read over your message before you send it. Don't scream that Sony execs should be shot, just point out that Sony is breaking computer crime laws by damaging the security of thousands of computers. Point out their use of a fraudulent EULA that implies their software can be uninstalled. Mention that, even though they have recalled the CDs in question, the crimes have already been commited.

      I don't think it will help a whole lot if the DOJ gets 100,000 emails that all look like typical /. posts.

      --
      Redundancy is good And also good.
  16. Way to shoot yourself in the foot, Sony! by atomic_toaster · · Score: 5, Insightful

    Okay, I've fallen for your lines about downloading and not paying for mp3's "taking money away from artists", that downloading is illegal and immoral and God knows what else. Or maybe I've just gotten tired of trying to find a good copy of a song online. Or I might simply prefer to have a high-quality copy of my favorite album(s) so that, if for some reason my computer should crash, I can convert a new copy to MP3 and lose nothing but a little time.

    For whatever reason, I buy one of your CD's, pay the $18 CAD or thereabouts for a new release. But this is the computer age, I don't even own a stereo, so I want to play the CD on my computer.

    The first thing I notice is that the CD is DRM-ed to death so it's a pain in the ass to convert the songs to MP3 format; so much for listening to the music that I've bought on my iPod. (If I live in Canada, I may have also paid for this music twice, once through the purchase of the CD, and a second time through the levy on my iPod as "blank media".) Oh yeah, and for some reason, neither iTunes nor Winamp will play the CD.

    The second thing I notice (because who really reads the EULA?) while researching how to crack the DRM, is that, among other things, if my house is burgled I will have to delete all the mp3's from this disc. (Because, you know, a burglar would spend all that time copying the MP3's from my hard drive instead of stealing the whole damn computer. And man, if I own a laptop, they're just going to leave it on the desk and take my crappy TV instead...) Also, if I don't update the software whenever it prompts me to, I will lose all access to the music that I have purchased. And I can't listen to the music on a work computer, nor can I re-sell the CD that I have just purchased. WTF?

    But then my system crashes, and some virus I can't get rid of keeps me from accessing all the data on my hard drives that I haven't backed up in ages (of course). And how did this virus get on my system? Through a root kit that the Sony CD installed without even telling me it was doing so, thank you very much. ...

    Alright, Sony, now you've shot yourself in the foot. You've basically persuaded millions of CD buyers out there (you know, the people who were actually paying for your product?) that it's easier, safer, and plain old less annoying to yoink MP3's from thier favorite website or file-sharing program.

    Way to go.

    (Idiots.)

  17. Re:PS3? No thanks, Sony; you screwed the pooch by oGMo · · Score: 5, Funny
    They're associated well enough to have the name "SONY" branded on them. Good enough for me.

    Ah yes, broad generalization and stubborn ignorance, that'll solve the problem. Isn't that why they want DRM in the first place?

    --

    Don't think of it as a flame---it's more like an argument that does 3d6 fire damage

  18. Re:FBI? NSA? Homeland Security? BullSh*** by coinreturn · · Score: 5, Insightful

    The kinds of machines that are in these secure environments are locked down big time...most don't even have a CD-ROM attached to the machine. The networks are closed (no direct internet access) and the machines with CD-ROMs/RWs have their lasers aligned differently so as to not be able to be read on a standard drive...one of the benifits of purposefuly misaligning the laser that writes the disks to be read in these machines is that you can't just insert a standard CD... Yes, contrary to what the media would have you belive, the folks in secure/top-secret/classified government positions are not stupid...

    All I can say is I am in the know with regard to such matters and you are so amazingly wrong it is unbelieveable. There may be EXTREMELY isolated cases of such Machiavellian security measures, but it has been my experience that music CDs are always making it into secured areas and being played on secure machines.

  19. The most bizarre aspect to this story... by anandamide · · Score: 5, Interesting

    Did anyone look at some of the titles they chose to infect with this thing?

    Bob Brookmeyer - Bob Brookmeyer & Friends
    Horace Silver - Silver?s Blue
    Dexter Gordon - Manhattan Symphonie
    Ahmed Jamal - The Legendary Okeh and Epic Recordings

    Bob Brookmeyer???? Was Sony afraid of the cadre of L33t h4xx0r d00dz pirating their catalog of elderly jazz trombonists?

  20. not a pooch, much bigger by tomcres · · Score: 5, Funny

    Sony didn't just screw the pooch, my friend.. this is more than that.. straight-up goatse!!

  21. What will work by SuperKendall · · Score: 5, Insightful

    I also agree boycotts will not work. A major reason? Because there's no way Sony can measure what you are not buying. If you can get enough people not buying something it might work, but as the poster said that task is really impossible when it comes to Sony as a company.

    So what will work:

    Litigation. That's a great start because it costs them money they can count (legal fees) instead of four people not buying some Sony product. It looks like this might end up costing them big.

    Harrass customer service. It is not as effective but if a lot of people start consuming customer service with calls, again this costs them a measureable amount of money and also makes the VP in charge of customer service very angry. You want angry people at the same level in the company as the ones who are putting in things like the rootkit.

    The main goal in all this should be to try and make a public example of Sony so that other companies do not do the same thing, and Sony themselves will not want to try again for quite some time.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  22. Sony also accused of price-fixing in Britain by paj1234 · · Score: 5, Interesting

    It's an even worse day to be Sony, in the UK. Today's newspapers have headlines like "Sony accused of Internet rip-off" and "End to online bargains as Sony forces prices higher".

    According to The Times, "the practice of charging different prices to Internet retailers and high street stockists -- known as dual pricing -- was started by Sony and has been followed by other manufacturers." Here's the article:

    http://www.timesonline.co.uk/article/0,,2-1872549, 00.html

  23. Re:PS3? No thanks, Sony; you screwed the pooch by swillden · · Score: 5, Interesting

    I would like to point out that at Sony's size, the different divisions have little or nothing to do with each other.

    Irrelevant.

    Not that the people working in the other divisions, who didn't make such stupid decisions, deserve to be punished, but the way to stop companies from doing crap like this is to hit them where it will hurt the top-level decisionmakers: their stock price. To do that, you have to damage their profits, and the best way to do *that* is to decrease their revenues by not buying their stuff. If Sony's stock takes a 20% drop as a result of some decisions by the entertainment division, the C-level execs will take action, and if they don't then the board of directors will, and if *they* don't, the stockholders will. If it gets nasty enough, no one in Sony will ever again dare to do something that has even the remotest possibility of bringing that sort of shitstorm down on their heads.

    Not that I believe a lot of "boycott Sony" shouting and posturing on slashdot will really affect their revenues noticeably, much less their stock price. But still, the theory is sound, even if follow-through is insufficiently widespread to make any difference.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  24. Italian criminal probe requested by VENONA · · Score: 5, Informative

    It's widely published that legal actions have begun in California, New York, and Italy. The Italian situation is not just some class-action lawsuit. A complaint was filed with a criminal investigation unit last Friday.

    "The complaint alleges that XCP violates a number of Italy's computer security laws by causing damage to users' systems and by acting in the same way as malicious software, according to Andrea Monti, chairman of the ALCEI-EFI. "What Sony did qualifies as a criminal offense under Italian law," he said in an e-mail interview.

    Should police determine that a crime has been committed, prosecutors will be required to begin criminal proceedings against Sony, Monti said."

    Sony has declined to comment.

    From:
    http://www.computerworld.com/securitytopics/securi ty/story/0,10801,106064,00.html?source=NLT_PM&nid= 106064

    --
    What you do with a computer does not constitute the whole of computing.
  25. Re:artists properly compensated? by Em+Adespoton · · Score: 5, Insightful
    It's called a Cartel. Just like the diamond merchants do everything they can to restrict the injection of "other" diamonds into the marketplace, RIAA companies restrict the airplay and venues available to new artists. This means that in most cases, if you want to make a living off of your music, you have to sign with an RIAA member, in order to get the startup financing, airplay, and venues that are generally required to become popular. Most artists eventually give up and sign, even if they don't like the conditions of the contract.

    However, with the advent of internet-based human networking (IM, blogs, etc.), this is starting to change. You still can't get the old airplay and venues, but it is now affordable to distribute your music over the internet, using word of mouth to increase demand. Similarly, you might not be able to book the good venues, but with blogs etc., people can find the alternative venues that don't get ad-time in newspapers, on the radio, or on TV.

    So in summary, artists often are victims, but with the new technologies of the last 10 years, more and more artists are able to emancipate themselves and survive.

  26. Don't expect a DMCA case by AngryNick · · Score: 5, Insightful
    Sony will choose to ignore this violation of their DMCA rights. What's funny is that, assuming M$ offers the removal tool to all Windows users (as opposed to secretly whacking the rootkit with the next SP), then the users will be in violation of the Sony EULA...the same EULA that says you must delete the licensed materials from your computer if you declare bankruptcy or fail to install updates to the rootkit(see Article 9, paragraphs 2 and 3).

    New sig:
    --
    Days since my last Sony purchase: 602