Slashdot Mirror
Sony Rootkit may Lead to Regulation
An anonymous reader writes "Computerworld has a story about DHS officials meeting with Sony to read them the riot act, following the rootkit fiasco. From the story: 'A U.S. Department of Homeland Security (DHS) official warned today that if software distributors continue to sell products with dangerous rootkit software, as Sony BMG Music Entertainment recently did, legislation or regulation could follow.'"
Why are people not in jail for this yet?
(yes, that was a rhetorical question).
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
"The recent Sony experience..." This phrase makes me wonder if Sony is going to be a catch phrase.
"I just bought a DVD with rootkit software on it."
"You've been Sony-ed", or,
"That's the Sony experience!"
Sony's root kit disabled the Department of Homeland Security's root kit. I can see why they might be miffed.
So they have not been punished for their crime,
They are not even being told they will get punished if they do it again,
It seems to say, if you do it again, only then will make it illegal so you can't do it a third time.
(Gee, I'll have to try that one next time I get busted by the cops - its only my first offence, officer, you shouldn't lock me up until I've done it at least 3 times)
Ohh, you mean legalization and decriminalization of these behaviors, so that this does not become an issue again. Anything less than a total ban, backed up by some serious time in a federal pound you in the ass facility, means that someone has been bought out.
Lets hope the industry learns soon. There are recent products shipping with rootkits on them like the german release of Mr. and Mrs. Smith. http://www.f-secure.com/weblog/archives/archive-02 2006.html#00000810
Hooray!
I told my senator to tell the RIAA and Sony to go f##k themselves... I guess he listened.
Why merely threaten legislation if it continues to happen? Laws against "products with dangerous rootkit software" wouldn't seem to harm anyone. Enact the legislation now.
From TFA:
I guess that depends on what you mean by malicious. As far as I'm concerned, anyone who distributes trojans is either malicious, or mentally insane — on the same level as the man who thinks he's a poached egg.
You mean this was legal?
Red Leader Standing By!
While Sony's software was distributed without malicious intent, the DHS is worried that a similar situation could occur again, this time with more serious consequences. "It's a potential vulnerability that's of strong concern to the department," Frenkel said.
Would someone please define malicious? I think it WAS malicious.
------------
The American Heritage dictionary:
malicious (m-lsh's) pronunciation
adj.
Having the nature of or resulting from malice; deliberately harmful; spiteful.
-------------
Thompson-Gale Legal Encyclopedia:
Malicious
Involving malice; characterized by wicked or mischievous motives or intentions.
An act done maliciously is one that is wrongful and performed willfully or intentionally, and without legal justification.
--------------
I'd say that given Sony's generally agressive posture with regards to personal/individual fair use and copyright infringement, I think they could easily be characterized using words like "angry" and "vengeful." And regardless of the emotional component, it was certainly wrongful, willfull, intentional and without legal justification.
To have the government threaten to enact legislation is like having a parent wave their finger at a naughty child warning him not to break ANY MORE of the neighbor's windows.
Laws have already been broken and all we're seeing is warnings implying this may be made illegal in the future.
Last time I checked, the DHS doesn't work for the Legislature. Their job begins and ends with enforcing the existing laws.
If you were blocking sigs, you wouldn't have to read this.
...thinks that DHS would love for this to happen again.
I could almost see them thinking, . o O (...and the best way to do it would be to stringently regulate consumers' computers, so that we can watch for intrusions of this sort in future and prepare for them. Oh, do it again Sony? Ohpleaseohpleaseohpleaseohsnausagesohplease!)
You cannot truly appreciate Dilbert until you read it in the original Klingon.
A 17 year old writing a stupid trojan that does little but spread receives a 2 year sentence in jail and is only safe from compensation since companies didn't want to have the public know their systems are insecure.
... yeahsure) receives... a recommendation not to do anything like this again or else we might have to think about creating laws banning this behaviour (hey, those laws exist, enact them!).
Read: Juvenile dick-waving without commercial interest -> 2 years prison.
A large corporation spreading a rootkit with their product to their paying customer with the intent to cripple their customer's software performance (not being able to use it as intended, by manufacturer or user) that also has the capability of spying on their behaviour (allegedly they didn't use that function, but
Read: Commercial malvolent infiltration of customer's computers -> Nada.
The world sure is changing. When I was still in school, adding "commercial" to a crime sure upped your sentence by some magnitude. Nowadays it seems to be your "get out of jail" card if you commit a crime with financial interest.
Al Capone simply died too early. He'd love these times.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I was about the download the demo for Battle for Middle Earth 2 the other day, only to read that the goddamn DEMO comes with the StarForce malware.
According to Wikipedia, Ubi Soft, Digital Jesters and Codemasters routinely use StarForce on new games. Forget about consoles, THIS is what might kill PC gaming permanently.
Being bitter is drinking poison and hoping someone else will die
If you are looking for a good reference to understand a rootkit I recommend Matt Vea's article "Rootkits: The 'r00t' of Digital Evil." He wrote it back in Novemeber when the Sony fiasco was first revealed. Link: http://www.omninerd.com/2005/11/22/articles/43
The important thing to keep in mind is that, while SONY may have a software division, the product sold wasn't even a software product at all, and no disclosure of a software product was discussed in any terms of sale, etc. The whole software angle was completely surrepetitious. It's not just "software distributors" that need policing here. When it boils down to it, this SONY division had no business "engineering" software into their product; they had little grasp of the ethics or the technical implications of what they were doing... or at least that's what they tell us now. For all we know, they were fully aware and just did it anyway thinking plausible deniability was all they would need when it came to light. If indeed they thought so, they would seem to have been prescient - nothing has happeded because of it. I for one am a bit surprised at that.
Can I bum a sig? I left mine at the office.
for distributing Celine Dion CDs. I don't mind rootkit (haven't bought "CD" in 10 years), but for Pete's sake, someone feed that woman.
"Don't let fools fool you. They are the clever ones."
The CB App. What's your 20?
No. The principle of capitalism ist: Privatize profits, communalize costs. Sony BMG was just trying to profit privately from non copyable media while externalizing the costs to thousands of PC owners.
I'm sure good things will come of this. :/
No, that just makes it good business, according to the reprehensible predatory practices that are currently deemed as acceptable business behavior. Corporate execs and shareholders alike love nothing better than to externalize expenses, and they really don't give a damn who has to bear that burden, as long as it's not them.
On a side note, Sony BMG settled the class action lawsuit filed against them by the EFF. If you want replacement CDs released by Sony BMG that don't have XCP or MediaMax on them, head to http://www.eff.org/sony for more info.
It's your chance to stick it to the man.
I've often wondered why things like this rootkit exist in the first place. Does Sony only employ those who are morally bankrupt? Surely someone at some point in Sony would have said "Hey, this is kinda evil".
You might also want to keep in mind that "true capitalism", as well as "true communism" are mind constructs that are completely impossible to setup in the real world because there is no way that most people are actually going to play nice. If they can screw you to increase their benefit, they will. Which is why an external regulatory agent is needed (even though that idea is apparently blasphemous to the US mindset).
May contain traces of nut.
Made from the freshest electrons.
Why is DHS the one that is playing enforcer here? How does policing corporations in private fit into their responsibilities of providing homeland security?
With computer crimes there's some kind of investigation from local and federal law enforcement (FBI maybe?) and maybe a public hearing or two to give the appearance to voters that something is going to be done.
Please point out the obvious here because I'm missing it.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
It really bugs me that DHS and generally everyone else are looking at this issue as if the security vulnerabilities in the Sony rootkit are the main issue. And perhaps it is to them, but not to me. The real issue is that Sony is installing software on computers without the owner's permission, and it's software that intentionally hobbles hardware/software you paid for. That's like being upset, not because a thief stole your TV, but because he left the back door unlocked when he left.