Sony, Amazon Detail Rootkit CD Buybacks

An anonymous reader writes "Washingtonpost.com is reporting that Sony BMG today detailed a program that should allow customers who bought one of the 52 titles known to be tainted with the company's deeply flawed anti-piracy software to exchange them for CDs of the same title, sans rootkit of course. Oddly enough, Sony is offering those who want to return the CDs the chance to download MP3 versions of the discs, but only after Sony has received the returned discs. Amazon.com also is sending out e-mails to customers who bought the discs, offering to replace or refund them at no cost."

Download mp3s of the albums - Watermarking Test?

[sehlat]

And how will we know Sony isn't trying something *ELSE* with their dissatisfied customers as guinea pigs?

MP3 files

[arth1]

I bet that the MP3's will be watermarked with the individual downloader's unique ID, so Sony/RIAA can later sue their customers...

That said, what bitrate, frequency and codec is used for the MP3s?

Regards,
--
*Art

Re:MP3 files

[minuszero]

Judging by their alleged previous use, probably LAME encoded...

although you can bet they'll be DRMed too.

I am INCREDIBLY offended by Sony's actions

[Work+Account]

I have owned Sony Walkmen, Playstation, Playstation 2, etc.

I have owned dozens of Sony CDs.

I have 6 Sony audio components.

I will NEVER buy another Sony product ever again, and I urge ALL of you to do the same.

Re:I am INCREDIBLY offended by Sony's actions

[arth1]

I have owned Sony Walkmen, Playstation, Playstation 2, etc.

I have owned dozens of Sony CDs.

I have 6 Sony audio components.

I will NEVER buy another Sony product ever again, and I urge ALL of you to do the same.

Keep in mind that this is Sony/BMG, where Sony only owns 50%, and where BMG were the ones who brought DRM into the picture. Sony on the other hand is selling MP3 players and Vaio PCs with bundled ripping-hadware/software.

Anyhow, heads *should* roll over this in Sony. Instead I fear they will just sue First4Internet and pretend that ignorance is acceptable.

Regards,
--
*Art

Re:I am INCREDIBLY offended by Sony's actions

[BushCheney08]

Could you please point to your source regarding BMG being the ones who brought DRM into the picture? You make it sound like Sony is new to the music game. They've been at it for a very long time, via the Sony Group, Columbia Records, Epic Records, and many imprints that fall under those labels.

Re:I am INCREDIBLY offended by Sony's actions

[arth1]

Could you please point to your source regarding BMG being the ones who brought DRM into the picture?

Easy enough to google for. One recent entry.

Regards,
--
*Art

Re:I am INCREDIBLY offended by Sony's actions

[trudyscousin]

...and where BMG were the ones who brought DRM into the picture."

Is that so?

Sony pulled the same crap with Celine Dion's album A New Day Has Come in 2002 using their key2audio DRM--the scheme that could be defeated with a felt-tip marker.

As far as I'm concerned, there should have been the same degree of outrage then as there is now.

T3h 3v1L!!!!!!!111

http://img169.imageshack.us/full.php?image=helloki tty6na.jpg

Turn of the tide?

Nice of Amazon to do this, since it wasn't really their rootkit (or maybe they're thinking about potential liability, doesn't really matter).

It'd be great if Amazon and other big vendors refused to carry discs with this sort of horrible DRM. That'd probably get the music company's attention a little better than a few geeks organizing a boycott.

Updates

[dorkygeek]

Why does Sony not simply provide an update for their rootkit? Improved security, expanded DRM, and distinguished keylogging, get it all now with Sony's rootkit 2.0. New and improved.

Always at your service

sincerely yours, Sony.

what about..

[ltwally]

"Sony BMG today detailed a program that should allow customers who bought one of the 52 titles known to be tained with the company's deeply flawed anti-piracy software to exchange them for CDs of the same title, sans rootkit of course."

What about damages incurred to those who unknowingly installed the rootkit? What about the cost of removal? IMHO, it would be in Sony's best interest to offer something beyond just replacing the defective rootkit'd product... As an added incentive to Sony, such an action might look good in their up-coming trials from the lawsuits resulting from their rootkit.

MP3 poisoning howto

[dtfinch]

Let customers download the MP3s via a server side script which quietly puts their customer number for tracking and a hash for non-repudiation into the ID3 tags, which'll survive most transcoding. Then if it appears on a P2P network (not likely, unless it's not already there), they'll know who did it.

Merely a slap on the wrist, but the future is bad

[Coopjust]

Recalling the CD's is merely a slap on the wrist. It doesn't cost Sony as nearly as much money as a lawsuit, costs Amazon money, and it does not repair the damage to numerous artists names by this rootkit.

If Sony actually would own up to their stupid mistake, the artists wouldn't be impacted so much. Look at Van Dant's CD on Amazon. 1.5 stars, 300 reviews, most mentioning the rootkit. Do you think that he'll fare so well in the future.

I have lost faith in Sony. Propietary formats and other things were a little odd, but I accepted them. But rootkits, a patent for games that only play on the console they were originally put in...seems like a ridiculous infringement on user rights.

Rather than losing money to pirates, people will turn to better solutions and Sony will be the loser.

Re:Sans

[Sycraft-fu]

It'd be easy to tell probably. If the disc lacks a data sector, you can be sure there isn't one. CDs have different kinds of sectors for audio and data. So if it's all audio, there's no possibility of malicious software since there's no software.

Sony. Where do you want to go today?

[rice_burners_suck]

Sony BMG today detailed a program that should allow customers who bought one of the 52 titles known to be tained with the company's deeply flawed anti-piracy software to exchange them for CDs of the same title, sans rootkit of course.

No no no! They got it all wrong. They should do what my friend's landlord did when he kept complaining that the dishwasher didn't work: They came, turned it on, and when it made noise, they said, "It works fine." And of course, it didn't: First, it smelled disgusting in there, like there was rotten food inside the machine. Second, just because it sprayed (dirty smelling) water doesn't mean it "works fine." Third, if you put a dish in there that was clean to begin with, it came out dirty. And I believe that such a dishwasher makes a perfect analogy for compact discs that contain defective software.

So what Sony should do is this: They should publicly offer customers who bought one of the flawed CDs to exchange them for identical ones! As if we're talking about workmanship in the production of the compact disc proper and not the contents. Hey, just act like you don't know a darn thing about technology when it comes to this type of thing! And when the customer complains that the replacement still contains the rootkit, just say, "It works fine."

Sony. Where do you want to go today? (Hell, they almost make Microsoft look good in comparison. Almost.)

I spent 5 hours trying to get rid of this Rootkit

[digitaldc]

... 2 weeks waiting for my replacement disc, and when I opened my "Suspicious Activity" CD again, I just didn't really feel like listening to it any more.

Re:Sans

[LiquidCoooled]

On the Sony site, they are talking about a secure updater which removes the rootkit:

If you obtain regular security updates from a major anti-virus service, you should receive an update through that process. You may also download the update yourself from http://cp.sonybmg.com/xcp/english/updates.html.

The update its talking about simply removes the rootkit, but does not remove the copy protection portion.

Therefore, I believe these disks will still be executable in format (besides, any with images/videos on will need the media player software as well...)

Just read the home page on the sony site, they still don't get it:

Going forward, we will continue to identify new ways to meet demands for flexibility in how you and other consumers listen to music.

We just want true cds without any bullshit, plain and simple.

Sony and Satan

[MightyMartian]

Well the Devil had a brand new plan,
"I don't want any ordinary DRM!"
So he called his boys at Sony Corp,
"I'll make this fast and I'll make it short."

"There's a Limey company, as evil as hell,
They've got a rootkit they're waiting to sell.
So grab some cash, make it quick,
There's a half million networks we just gotta fix."

Now Sony knew the Devil well,
Why these guys were already half way to Hell.
So off they went to England fair,
And bought themselves a rootkit there.

To protect themselves and their evil scheme,
They wrote a EULA that would make you scream.
"No problem," they said, "we can do as we please,
We're all scummy bastards, so what's some more sleaze?"

But not all were asleep when they played Van Zant,
And the racket grew so loud Sony just had to recant.
"We'll take back all those discs, we really were wrong,
Oh, and you Mac users, your turn's coming before long."

Demographics

[Durzel]

Oddly enough, Sony is offering those who want to return the CDs the chance to download MP3 versions of the discs, but only after Sony has received the returned discs.

They probably want to determine what percentage of the people who were sufficiently outraged by XCP to go to the trouble of sending back the CD are interested in a MP3 version instead (and therefore the sort of people who would've probably tried circumventing said copy-protection in the first place) vs those who actually had genuine technical issues with it.

Good market research for them really.