Sony BMG Settles Over CD DRM

aurispector writes "Sony BMG Music Entertainment will pay $1.5 million and kick in thousands more in customer refunds to settle lawsuits brought by California and Texas over music CDs that installed a hidden anti-piracy program on consumers' computers. The settlements, announced Tuesday, cover lawsuits over CDs loaded with one of two types of copy-protection software — known as MediaMax or XCP. Although it's great to see this as a victory for consumers, I can't help but wonder about the next wave of DRM schemes."

You are still a bunch of no good thieves

You are still a bunch of no good thieves

The Best Democracy Money Can Buy

[dada21]

Each State gets $750,000 -- customers will share "thousands more."

Nice. Real way to protect the consumer.

Re:The Best Democracy Money Can Buy

[cashman73]

Consumers won't get, "thousands more." From the article, "In addition, Sony BMG agreed to reimburse consumers whose computers were damaged while trying to uninstall the XCP software. Customers in both states can file a claim with Sony BMG to receive refunds of up to $175."

"Customers have 180 days to file claims, which must include a description of how their computer was harmed and documentation of repair expenses."

Granted, $175 is still a decent amount of money. So if you're computer was reasonably fscked, it would probably be a good idea to go through the paperwork. Unfortunately, Sony is probably betting that most people will probably decide it's not worth the hassle. Then, there's the fact that about half of the paperwork customers file will end up going to some overworked, incompetent paper-pusher office slave who will either take way too long to approve the request, or reject it for some bullsh*t reason,...

Re:The Best Democracy Money Can Buy

[jcr]

Granted, $175 is still a decent amount of money.

Nope. Sony got off very lightly here.

-jcr

Re:The Best Democracy Money Can Buy

[Sylver+Dragon]

I'm wondering how vigorously the claims are checked. If it's mostly just a matter of filling in the applicable paperwork and waiting for it, I can see people just deciding to get free money and filing a claim, regardless of actual damage. Heck, it might be fun to figure out how/where to get the form, what needs to appear on it and get as many people as possible to send one in. Sort of 'slashdot' the system.

Re:The Best Democracy Money Can Buy

[RobertLTux]

umm $175 would be just enough to pay some GeekSquad member to do a nuke and reload (kiss your data BuhBye)

Re:The Best Democracy Money Can Buy

[Joe+The+Dragon]

A real pc tech can remove the root kit for the same price with losing you data

Re:The Best Democracy Money Can Buy

[garylian]

That was my thoughts, exactly.

1.5 million, with the rest probably being a buck or two here and there. Hardly a punishment to a huge company like Sony BMG.

A quote from TFA: In a news conference Tuesday in Austin, Texas Attorney General Greg Abbot said the settlement sent a clear message.

"Texans deserve to be protected from harmful hidden software that threatens their privacy or the security of their computers," he said.

This wasn't a slap on the wrist. This was brushing the lint off of their lapels.

sarcasm on I feel SO secure knowing that my Texas Attorney General's office is protecting me so diligently. /sarcasm off

Re:The Best Democracy Money Can Buy

[Mex]

Sir, I am in Mexico and even here, 175 dollars is not "A decent amount of money".

Re:The Best Democracy Money Can Buy

[Gr8Apes]

Consumers won't get, "thousands more." Sure they will, that's the grand total that consumers will get. All of them. Together.

Re:The Best Democracy Money Can Buy

[ppanon]

Only if no-one has already exploited the rootkit and loaded lots more malware on the computer.

Re:The Best Democracy Money Can Buy

[kimvette]

Especially considering that if $RandomSlashdotter hacked one of Sony's servers to install a rootkit and got caught, Sony would be seeking millions for that one single incident, plus jailtime.

Sony execs should be doing time over this.

Re:The Best Democracy Money Can Buy

[jZnat]

I wouldn't exactly consider reinstalling the kernel and co as "recovering". There's no way to remove a rootkit other than overwriting the kernel...

Re:The Best Democracy Money Can Buy

[Frnknstn]

A real PC tech costs more than $175.

Re:The Best Democracy Money Can Buy

[babbling]

Exactly. $1.5m + $175 for each customer who is aware of this, technically adept enough to realise what happened and describe how it affected their computer, yet didn't fix the problem themselves and paid someone else to fix it (I think almost no one fits this description) is less than a slap on the wrist for Sony. They probably still made more because of the CDs that people can't put onto their MP3 player, meaning that they must rebuy their music in a different format.

Re:The Best Democracy Money Can Buy

[mgiuca]

Aw, you have to prove monetary damages? What about just, I installed it on my machine, it fscked it up, and I spent seven hours reinstalling and reconfiguring everything?

And off-topic, once you know it's got badass DRM on there, and you actually want to listen to the music, what do you do? I mean... the first thing that comes to mind is disable autorun, rip the CD, throw it away. It seems to me that all DRM does is encourage people to circumvent it.

Re:The Best Democracy Money Can Buy

[macdaddy357]

1.5 million. Million with an "M"? That is chump change to Sony. Why not order them to pay 25 cents? Punitive damages that really hit them in the wallet like 1.5 Billion with a "B" would be more appropriate.

Re:The Best Democracy Money Can Buy

Actually, you only get $175 if you have a RECEIPT for damages. If you just tried to fix the problem yourself (say, by doing a "format c:" and reinstalling your OS), you get a whopping $25! Hooray for settlements!!

Re:The Best Democracy Money Can Buy

[Setti45]

I see the vast majority of affected people falling into two camps on this one, depending on how strict Sony decides to be. 1) You are intelligent enough to either fix/format yourself, or know someone who can. Either way, there is no documentation of actual repair expenses. 2) Or, you know how to turn it on and off, and have no idea what a rootkit is, you just want it to work when the Geek Squad gets done with it. In the end, probably not following up on this, unless you were involved in the original class action. Either way, the consumer wins again.

Re:The Best Democracy Money Can Buy

[hey!]

So, what if you still have one of these CDs in your posession. Maybe you haven't tried playing it on your computer yet.

What they should do is offer to replace any affected CDs in your posession and give you a modest sum, say $50 total, for your trouble. The only proof you woudl need is posession of one of the bad CDs. There is no way to value the time and damage done by these things, so since the state AGs felt compelled to set such an absurdly low figure, they might as well set it even lower yet make it practical for the consumer to get reimbursed something.

Re:The Best Democracy Money Can Buy

[oni]

Now theoretically, if someone did hack one of Sony's servers and get caught, couldn't that person argue in court that, according to Sony, a reasonable reimbursement is whatever sony can show a reciept for (like a consultant fee) or $175, which ever is lower.

It would at least be worth a try. At least make Sony make a statement explaining the difference between their computer and your computer.

Re:The Best Democracy Money Can Buy

What more is there really to say? Law and justice is dead in America.

Re:The Best Democracy Money Can Buy

[Opportunist]

$175 is about the equivalent of 1-2 hours labour time of a decent computer technician. I'm not talking about nephew help, I'm talking about a professional that you hire to solve your computer troubles, who has to pay taxes thereof. Not only because you can't claim you paid your nephew 175 bucks to fix your crate.

So in other words, you will NEVER see that money. If anyone, the tech sees it. And if you hire a tech, be prepared to actually LOSE money in the process because he'll be busy more than those 2 hours (calc' in driving time and he'll reach 3 hours easily).

Let's not ignore that Sony launched this rootkit over a year ago. So IF you have been harmed by it you should ALREADY have hired said professional and you already had to pay that bill which you can now get (partly) refunded.

So, in a nutshell, NOBODY will be entitled to those 175 bucks.

Re:The Best Democracy Money Can Buy

[Duds]

Their computer runs a multi-billion dollar business.

Yours plays Doom.

That plus some lawyerspeak should do it.

Re:The Best Democracy Money Can Buy

Are you aware that knowingly making false claims to the court is considered perjury? Do you really think it "might be fun" to perjure yourself?

Re:The Best Democracy Money Can Buy

[Sylver+Dragon]

It just depends on what your definition if 'is' is.

Re:The Best Democracy Money Can Buy

[doesnothingwell]

Should have been a board member testicle sacrifice, by blunt force trama. Wooden mallet comes to mind first.

And Thousands more

[ePhil_One]

So not only $1.5 Million in fines, but THOUSANDS more in refunds? So this could cost Sony a total of $1.503 Million dollars? I was going to invest in Sony stock until I noticed that lst little caveat, raising the punishment a potential two or 3 tenths of a percentage point.

Sony is Doomed.

Cheap DRM Research

[mandelbr0t]

Doesn't sound like Sony got particularly chastised here. If I were Sony, or any other company interested in inflicting DRM on my customers, I'd happily pay the fees that they're talking about here. Total cost is less than $10M, which is a drop in the bucket for a large, multi-national corporation. If they succeed in inflicting their DRM, they win by taking our rights away. If they lose, then they get some R & D done about how to do better next time. If this judgement were to mean anything to the consumer, there would have to be significant punitive damages as well (I'm thinking in the neighbourhood of $100M or more).

Either way, not much to see here. Big company does nasty things with DRM, gets caught, walks away with dignity and wallet intact.

mandelbr0t

Nice move

[Link9064]

"Sony BMG also agreed not to distribute any compact discs loaded with any copy-protection software that hinders computer users from easily locating it or removing it from their computers." So that means it'll still be there, just out in the open to let consumers get at it, which will be hidden by some other measure that will continue to piss off the consumer.

Re:Nice move

[zentigger]

No, that means that it will be out there, but it will no be difficult to locate and remove.

That's it?

[Trojan35]

Sony, with $15.7 billion quarterly revenue? Would $1m even make it into the 10-Q's footnotes?

Re:That's it?

Sony, with $15.7 billion quarterly revenue?

1) Don't confuse revenue with profits. Its entirely possible to lose money with $15 billion in revenue. Recall the Dot Com mantra "We lose $1 on every item we sell, but make it up with volume!" 2) Don't confues the conglomeration of companies and divisions that is Sony with the Record group. If the Music group is not profitable, the will be sold or dismantled to folks who think they can make money on the product 3) Fines like this come right out of profits and cash, they hurt a lot, especially in an industry that is struggling to turn a profit (because of bad business decisions, piracy, or government mind control rays, whatever),

Re:That's it?

[Dunbal]

Would $1m even make it into the 10-Q's footnotes?

      Look at it right here, where it says "$34M - Misc".

Re:That's it?

[permawired]

Fines like this come right out of profits and cash, they hurt a lot, especially in an industry that is struggling to turn a profit (because of bad business decisions, piracy, or government mind control rays, whatever) Umm, sorry my friend... but SONY isn't going to "feel" this. Much like an elephant doesn't feel a few dozen skin cells fall off it's leg. To a company their size that just means some lab doesn't get a couple upgrades till next year.

Re:That's it?

[Anonymous+McCartneyf]

Hate to say this, but I don't think I have a problem with Sony Music/BMG being dismantled.

Tagged Peanuts

I wish I could engage in legally questionable activity in order to get billions of dollars, then only pay a measly 1.5 million for the privilage.

Re:Tagged Peanuts

[ScrewMaster]

Legally questionable, ethically suspect, morally bankrupt.

Re:Tagged Peanuts

Is that the going rate for ethics and morals? Count me in! I'll even throw in my soul.

Re:Tagged Peanuts

engage in legally questionable activity in order to get billions of dollars

"Get Billions" ... only true if their claims about "losing billions" due to piracy were true and the rootkit actually prevented that. Which it doesn't, and they don't. The truth is that they lost money all around on this. The real question is why BMG didn't lay down some 'internal investigation' and peg some low-level (scape)goat.

Re:Tagged Peanuts

[Chrisje]

I'm quite sure Sony does earn a buck or two by producing great consumer electronics and sponsoring the odd classical concert recording for re-sale. I'm quite sure their entire business and all the people in it are far from ethically bankrupt and morally suspect.

Frankly, I must object to the obvious hate-boi tone of this forum. Fanbois are bad, but hate-bois are just as bad if not worse.

Re:Tagged Peanuts

[ScrewMaster]

Frankly, I must object to the obvious hate-boi tone of this forum. Fanbois are bad, but hate-bois are just as bad if not worse.

Pseudo-French irritates me almost much, frankly.

So object away, but the reality is that a number of senior Sony personnel have committed acts that were sufficiently illegal to earn a substantial prison sentence for any ordinary white-collar criminal type. They walked away from it, and their employer paid a pittance for their crimes. Am I saying that the entire company is morally bankrupt? No, but in matters of business ethic some parts of Sony are highly suspect at this point.

Twenty-odd years ago, Sony was something of a corporate hero: after all, they took Sony vs. Universal to the Supreme Court and won. As a hardware manufacturer, Sony America stood up to the MPAA and sent a very clear message to that particular branch of organized crime. Sadly, as a media company they have joined forces with those selfsame corporate gangsters. I mean ... Sony sunk to installing rootkits on Windows machines unfortunate enough to have a Sony CD in them. Yes, they got caught flat-footed (thank you Mark Russinovich) but they still did it. I'm sorry, but Sony is suffering some legitimate ire on the part of its customers, ire that is entirely due to a degree of managerial schizophrenia rarely seen in the corporate world.

Re:Tagged Peanuts

[ScrewMaster]

The real question is why BMG didn't lay down some 'internal investigation' and peg some low-level (scape)goat.

Probably because so much information about the fiasco was already out, including the names of the two companies that provided the technology, and because they were already under investigation by a couple of Attorney Generals. Unless you want to lie to a court and fabricate evidence it's hard to pick a scapegoat at that point.

$2 million?

[letsgolightning]

Looks like about a 2 million dollar loss ($1.5m in direct damages, plus $175 per individual claim to be filed) for Sony for potentially installing this on 2 million (or more!)PCs. Is it just me, or does this almost seem like it can be worth it for Sony to keep going? This is a multinational conglomerate that was just... I want to say a slap on the wrist, but, it's not even that to them!

Next Step

[Mateo_LeFou]

Is anyone going after the antivirus/antispyware companies whose offerings gave the rootkit a pass?

Re:Next Step

[Whiney+Mac+Fanboy]

Hmmmmn, while we should indeed go after the anti-virus vendors, I think the next step should be to ask why some sony exec isn't recieving jail time for deliberate malware distribution to millions of PCs.

Re:Next Step

[lightspawn]

Is anyone going after the antivirus/antispyware companies whose offerings gave the rootkit a pass?

How about the OS vendor that runs untrusted code off a CD without as much as bothering to inform the user?

Re:Next Step

[mrchaotica]

No kidding -- and you know what the worst part is? If it had been an individual doing this, he would have gotten the jail time! But since it's a big corporation responsible, they get the best "justice" money can buy.

Anybody know the names of the dumbass judges/prosecutors that approved this? I, for one, would like to help them realize just how asinine this settlement is by bitching them out!

Re:Next Step

[xrobertcmx]

It could be worse. It could be like the Verizon Wireless coupon settlement that was just approved. $15.00 off your bill or a qualifying Verizon Wireless service. Customers no longer with Verizon Wireless must sign up for a Verizon Wireless plan to use the coupon. Tell me who approved that?

Re:Next Step

[Plutonite]

But if we asked that, they'd say we were new here..

Re:Next Step

Those companies were behaving in compliance with the DMCA. If they had detected it as a rootkit and removed it, they would have been circumventing DRM and guilty of a DMCA violation. The only outcome I would hope for if anybody sued them is the invalidation of the DMCA and those companies not eating any penalties, but I ain't holding my breath at this point.

Re:Next Step

[kjart]

How about the OS vendor that runs untrusted code off a CD without as much as bothering to inform the user?

Isn't this kind of thing the point of the security changes in Vista?

Re:Next Step

[mrchaotica]

Although that's true, pointing it out doesn't help the situation. In fact, I think you ought to refrain from doing so because it cultivates an attitude of sheepish acceptance.

Re:Next Step

[xrobertcmx]

Sheepish Acceptance on whose part? Not mine. All it did for me was convince me that when my contract with Cingular was up I wouldn't be going back to Verizon Wireless. I am one of those people with a regretable tendancy to bookmark the FCC complaint form and use it when I can't get proper service.

Re:Next Step

[kimvette]

Sure, until the exploits are found and implemented.

Re:Next Step

[Afecks]

how to disable autorun

3rd party program prompts before executing unknown code/drivers, prevents hooks, etc

If Microsoft adds this stuff by default they are being anti-competitive. If they don't then they are selling an insecure OS. Basically they are damned if they do, damned if they don't. Windows has plenty of leaks but there are plenty of ways to plug them. The days of relying on Windows to include everything for you should have ended in 2001.

Re:Next Step

[RareButSeriousSideEf]

Anybody know the names of the dumbass judges/prosecutors that approved this?

What incentive do Attorneys General and/or (especially) professional Class Action litigators have not to be dumbasses (or parasites) on geeky matters that make such minuscule media ripples?

Mind you, I enthusiastically support the freedom to enjoy the fruits of one's labor and to engage in commerce with minimal State intrusion. That said, representing a Class in a court of law is not a right, it is a privilege that exists *because* of the State. While I reject price-fixing in almost every case where the commerce involves two private parties, the current Class Action system has become ridiculously unethical, and something needs to change drastically to restore a sense of proportion between legal fees and (class award / # of members).

Step 1: Behemoth Corporation steals Class Y's underpants.
Step 2: Class Y gets ???
Step 3: Lawfirm Z profits!

Re:Next Step

[HeX314]

Why should it be the OS vendor's fault that you put an untrusted disc into your CD drive?

Re:Next Step

[AI0867]

so, if I write a rootkit that stores copyrighted stuff (it's own code maybe) somewhere on the harddisk and then makes sure that no-one can read it while it's active, does that mean that: -removing it -deactivating it -booting into an OS in which the rootkit doesn't work -doing anything else that makes the code readable would be a violation of the DMCA?

Re:Next Step

[be-fan]

Because it was at best negligent distribution of spyware (the software was contracted by their BMG subsidiary prior to their buying it).

Re:Next Step

[be-fan]

Clarification: it was contracted by BMG before Sony bought BMG.

Also, that's really the whole point of a corporation, the concept of "limited liability".

Re:Next Step

[Orgazmus]

If the rootkit is designed to "protect" something that is covered by the DMCA, yes.

Re:Next Step

[itlurksbeneath]

Step 1: Behemoth Corporation steals Class Y's underpants.
Step 2: Class Y gets ???
Step 3: Lawfirm Z profits!
In this case, the "???" is about 44 cents, I'd think.

Re:Next Step

[Chrisje]

This would then turn into a good case study for your Top Ten Reasons To Upgrade To Vista?

Re:Next Step

[FireFury03]

Also, that's really the whole point of a corporation, the concept of "limited liability".

Corporations have limited liability in financial matters, but is that still the case when a criminal offence is committed (as is the case here)?

Re:Next Step

[voice_of_all_reason]

This was a lawsuit (civil). Jail time wasn't even on the table.

Silly rabbit, the police rarely arrest rich white guys.

Re:Next Step

[voice_of_all_reason]

That is an awesome spin on the issue. Virus writers should definitely countersue everyone for altering their intellectual property.

Re:Next Step

Nice try retard but work on your reading comprehension. He was talking about running unknown code, not whether or not to include auto-run in Windows. You can still have auto-run without allowing unknown code to run. Please save your AC trolls for another time.

Re:Next Step

[freeweed]

Microsoft is being anti-competitive if they don't automatically run CDs inserted by the user? You're joking, right? Who has EVER made this claim?

I've seen some pretty blatant anti-MS trolls in my time, but I've never seen someone get so stupid as to accuse MS of antitrust violations for NOT including a "feature" in their product.

So um, no, they wouldn't be damned if they did this.

Re:Next Step

If Microsoft adds this stuff by default they are being anti-competitive.

Microsoft adds a bug (or really really amazingly stupidly irresponsible design "feature" depending on how you look at it) that automatically loads and executes code when the user inserts media, and then if they change the default behavior of Windows to no longer exhibit this bug (but still allow it), that's anti-competitive?! That's absurd.

Just change the default, Microsoft. Nobody is going to sue you over it. Sure, a bunch of "IT guys" who make a living by cleaning up viruses and spyware, are going to be upset, but they won't have grounds to sue you.

Re:Next Step

[putaro]

The "limited liability" applies to *shareholders*, not to corporations as a whole or to corporate officers. Limited liability simply means that shareholders are only liable for the amount that they invested in the company, nothing more. It doesn't place corporations above the law or limit the amount of damages that can be levied against them. What it means is that if a company is bankrupted by a liability you can't then move on to the shareholders and say "Hey, you owned a piece of this company that owes me money and therefore you own me more money". This is in contrast to a structure like a sole proprietorship where you, as the owner/operator of the company are also liable for all of its debts with no limit to that liability.

Re:Next Step

[Afecks]

I wrote "If Microsoft adds this stuff...". Notice the key word is add. Since autorun is already included in Windows I couldn't possibly be talking about adding that.

So hmm, what else could I be talking about? Maybe it was the "3rd party software" I mentioned that currently isn't a part of Windows? Nah... that would make too much sense!

My point is that every time Microsoft adds something to their OS that is already covered by 3rd party software they get bashed for being anti-competitive. You can't have it both ways. Either you want Windows to be all-in-one or you want a secure-by-default, stable baseline. I prefer the latter and I think Microsoft has delivered that with XP. At least as much as any other OS. I've never been hacked. Neither has anyone in my family thanks to my slipstreamed XP install.

DISCLAIMER: GNU/Linux is still much better in many, many ways but Windows isn't that swiss cheese that many /.ers make it out to be.

Re:Next Step

[Onan]

So OS vendors are not at fault as long as their systems are only insecure when we try to use them?

"Why should it be the OS vendor's fault that you connected your computer to a network?"

"Why should it be the OS vendor's fault that you turned your computer on?"

Re:Next Step

[644bd346996]

No. The corporate death penalty is just severely out of favor with the current US legal system.

Re:Next Step

[Anonymous+McCartneyf]

Whose fault is it that we can't trust discs that appear to be audio CDs?
Even if there was no such thing as Autorun on Windows, people would've tried to play the rootkitted discs--after all, they were store-bought and had music. The anti-virus programs didn't hunt down the rootkit because it was DRM, and normally you're not allowed to remove DRM without the permission of whoever put the DRM on.
Neither MS nor the user is responsible for the secret rookit installations.

Re:Next Step

[HeX314]

My point is mainly that if you are running any sort of mission-critical system, this disc would never be inserted. That's not to say that every user that unknowingly rootkitted their system by way of this DRM hack was responsible, quite the contrary. It is Sony's fault that the rootkit existed in the first place, it is Microsoft's fault that the operating system runs code (regardless of its ability to be trusted), and it's the user that is screwed over and learns from the experience.

Either way, though, I'm sure the issue of rootkits was brought to the attention of intermediate-level computer users, and THAT is about the only good thing to come from this.

hidden anti-piracy program?

It was a damn rootkit!

And by "thousands more" they mean...

[rob1980]

Thousands of unsold copies of some long-forgotten Mariah Carey album.

SparkArt?

[hotrodman]

After having dealt with some of these people, I'd say the next wave is coming from a little company called SparkArt. They also get into 'Viral Marketing'. SA deals with Sony as well, so this little company would be one to keep an eye on in the future......

Re:SparkArt?

[sweatyboatman]

Hah! The third project page (click the forward button) is for a "'viral' promotion" Project called Dr. M... DRM, get it? Oy.

Re:SparkArt?

[sweatyboatman]

should probably toss in a link: http://www.sparkart.com/

Re:SparkArt?

[hotrodman]

I'd also like to add that this is the company that injects fake files into p2p networks, and they are also responsible for plenty of astroturfing, but their biggest projects as of late, are in DRM.

This is sad.

[urbanradar]

Everyone saw it coming, but it's still sad. If I broke into your house and got caught, I would never get away with simply having to replace the broken lock and saying I'm sorry. But when Sony violate their customers' rights as gravely as they did, they get away with paying what amounts to little more than a token fee.

Re:This is sad.

[bazorg]

Now all we can do is have the Slashdot effect move outside the borders of teh intarweb. eveytime you see someone considering buying something from Sony, spread some FUD aloud so all shoppers hear you.

bullshit

talk about a slap on the wrist, the fine is pocket change to a global corp. like Sony!

Trusted Computing

[HAL9000_mirror]

"Although it's great to see this as a victory for consumers, I can't help but wonder about the next wave of DRM schemes."
With any disrupting technology, one can use it for "safer" computing or "treacherous" computing (remember P2P?!). It almost looks like entertainment industry is waiting to embrace this (one once it matures) and use it treacherously. BTW, my research area is trusted computing and I believe this technology is the first step towards safer computing. It is so very un-scientific to blindly disregard any technology at inception. All in all, you want it or not, corporations are going to push it into your home PC very soon...

Re:Trusted Computing

How will you defeat TCPA on your own machine? I'm guessing that you've thought about this, since you're a researcher.

I can see TCPA being very useful for business and military applications, but I feel ill at the thought of it being forced on home users.

Seems to me that the goal of the "attacker" is to get at the private key stored within the TCPA chip on his own machine. With that, the "attacker" can fake remote attestation, and with it, gain the ability to override TCPA and force systems to trust him. How would you go about doing this? Or would you use a different approach?

Re:Trusted Computing

[UncleTogie]

What about virtualization?

Re:Trusted Computing

[jZnat]

I use Linux; how exactly are they going to do this to me?

Not the DRM, the rootkit.

[jcr]

iTunes, RealPlayer and several other apps prove that it's possible to implement DRM without buggering the host OS. Sony's not in trouble for using DRM, they're int trouble for installing a rootkit.

-jcr

Re:Not the DRM, the rootkit.

[Lux]

Right. Only they're not in trouble.

Re:Not the DRM, the rootkit.

"iTunes, RealPlayer and several other apps prove that it's possible to implement DRM without buggering the host OS." ...man, Sony's got to feel bad now. You basically stated that RealPlayer can write software better than they can... ouch.

Re:Not the DRM, the rootkit.

[Speare]

While you're technically right, anything in the mainstream press which simply associates DRM with BAD is fine in my book. The rootkit is just one form of DRM, and that form is demonstrably worse than others, but a huge majority of people can't distinguish levels of badness. Since R in DRM is also about my rights, not just theirs, I think that the elected legislature and appointed independent courts should be the arbiters, not corporations. This is another part of what comes from treating the customer as a consumer.

Fair Compensation

[Alyred]

So, let's see. When Sony thinks that someone has "pirated" music, they sue them for, what, $1,500 per song, yet illegally invade people's computers and privacy and get off with a hundred dollars or so per person?

Where's the justice in that?

Re:Fair Compensation

[Alyred]

Really? You don't call my time removing this crap at $120 an hour per machine financial losses?

Re:Fair Compensation

[Lumpy]

Really? I was programming a revolutionary software app and the spyware destroyed all my work. I lost at least 4.3 billion dollars alone because of the Sony Rootkit.

Hey, if they can make bullshit value claims, so can I. They would claim more if they were "hacked" or if the newest Moby album was pirated.... ok maybe not the moby album...

Why?

[ArcherB]

Why did the states take the settlement? There is no way that Sony could have won this. TX and CA should have rode it out!

Re:Why?

[pembo13]

No offense dude. But that's a dumb qestion. The lawsuit was being headed by the regular corruptable people - Sony, a company very likely full of corrupted people, just passed the infection along. And so they got a small fine. Just enough to say that "something" was done.

Re:Why?

[hackstraw]

Why did the states take the settlement?

Its the way the legal system works. It makes little sense to take a corp to court when you are garanteed to get $750k. Its good enough, and even Sony is not stupid enough to pull this trick again. The state won, the people won, Sony lost, and even 10x more "profit" to the state would not really be more of a win.

Most cases like this are settled, and that is good enough. Its rare that a corporation treats this as "the cost of doing business" because the courts will lean harder the next time around.

I wish individuals had the same legal rights and negotiation abilities with the court system, but thats another story in itself.

1.5 Mil? Someone got paid

[BlueCoder]

60 million would be an insult. They spend more than that on ad campagnes. 1.5 million? That's like a paper cut. On the low side it should have been 200 million to settle. There is some serious corruption going on.

That tickle on the wrist sure hurt

[Reality+Master+101]

Sony BMG Music Entertainment will pay $1.5 million and kick in thousands more in customer refunds to settle lawsuits brought by California and Texas over music CDs that installed a hidden anti-piracy program on consumers' computers.

I'm sure the ashtray of the Sony CFO's Mercedes 600SEL will miss that pocket change.

I Bet It's A Big Deal Internally

[sweatyboatman]

they certainly could continue putting rootkits on their CDs, but they're not in the business of giving money away. These companies are big, but the different divisions (and sub-divisions) all keep records of profits and losses. This is going to show up in a big way.

I can see the meeting now:

Muckety Muck: Last quarter your unit had profits of $1.5mil. But this quarter you have a loss of $.5mil. Care to explain?
Sony Music Exec: Well we put this DRM on our CDs and got sued and settled for $2mil.
Muckety Muck: I see. Did the DRM reduce piracy? Or increase sales?
Sony Music Exec: Well... we can't tell if it reduced piracy. And, ahem, sales kinda collapsed after people found out we were getting sued for it.
Muckety Muck: That might just qualify for the dumbest business decision this year! No bonus for you and I'm taking away your parking space.

so while for Sony it's not a big deal, you can bet that the people that made the decision to rootkit their CDs are scrambling to save their careers.

Re:I Bet It's A Big Deal Internally

[NeutronCowboy]

Personally, I see the exchange happening a little differently...

Muckety Muck: Last quarter your unit had profits of $1.5mil. But this quarter you have a loss of $.5mil. Care to explain?
Weasely Sony Music Exec: Pirates! Yes, Pirates! With swords and parrots! Our DRM just wasn't strong enough to hold them off. But if you give us another 2 million dollars, we have this surefire thing that is guaranteed to work!
Muckety Muck: You sound full of confidence, so you must be right. Here's another 2 million dollars.
\Weasely Sony Music Exec already working on how to use that money to gild his Gulfstream

I see very little scrambling that will be done by Execs. At most I see some fingerslapping for the poor guy who implemented it.

Re:I Bet It's A Big Deal Internally

[asuffield]

You forget that the whole thing happened months ago. The exchange would go more like this:

Muckety Muck: Last quarter your unit had profits of $1.5mil. But this quarter you have a loss of $.5mil. Care to explain?
Weasely Sony Music Exec: My predecessor was trying to prevent piracy, but chose a flawed product to do it. It could have cost us tens of millions, but I managed to get it down to $2m. Also, if you give us another 10 million dollars, we have this surefire thing that is guaranteed to work!
Muckety Muck: You sound full of confidence, so you must be right. Here's another 2 million dollars, and a bonus for saving the company money.

These kind of decisions are always made by people who intend to have been promoted into another division by the time the lawsuits roll around.

Re:I Bet It's A Big Deal Internally

[aevan]

You guys miss the spin:

Muckety Muck: Last quarter your unit had profits of $1.5mil. But this quarter you have a loss of $.5mil. Care to explain?

Weasely Sony Music Exec: Well, last quarter we had this awesome protection system on our cds noone noticed, and losses to pirates were down. But by this quarter the DRM was found out and we had stopped using it.

Muckety Muck: You've proof your losses were from pirates after this DRM was removed, and not negative publicity from your actions?

Weasely Sony Music Exec: Directly, no. But when you look at the expected hurricanes this year and the actual hurricanes that occured, remembering global warming was the expected cause of them, and this graph showing the correlation between piracy and temperature, it's blatently obvious piracy has increased so our sales suffered.

I'm sure the Execs can shift the blame and spin the numbers to prove they were in the right somehow.

Re:I Bet It's A Big Deal Internally

[CmdrGravy]

Muckety Muck: Ah hah haha, more wine ?
Weasly Sony Music Exec:
Muckety Muck: Guffaw, the artists ! Hah hah
Weasly Sony Music Exec: up the ass ! Way Hey !
Muckety Muck: Consumers !
Both: Ah hah hah ha suckers ! Hah hahh hah !
Muckety Muck: More wine ?
Weasly Sony Music Exec: Golf ?
Muckety Muck: Yah, and then we'll go and fuck Mariah Carey yah
Weasly Sony Music Exec: She'll love it. Lets go.

Slashdot editors brainwashed or what?

[raap]

This story report is horrible! First it's the Sony rootkit. Name it as such. Not some "DRM" bullshit. Second: "victory for consumers" ? This is wrong on so many levels, I don't believe it. We are customers, not consumers. And no, it's not a victory, not at all. Sony did commit thousands of computer crimes for purely financial interests and got a slap on the wrist. Kevin Mitnick would be in Jail for 3000 years for this. And if my information is correct, the settlement states explicitly, that Sony does not recognize any guilt. Sorry for this rant. But how can such a misleading article be on the front page?

Re:Slashdot editors brainwashed or what?

But how can such a misleading article be on the front page?

You're new here, aren't you?

Re:Slashdot editors brainwashed or what?

[AK+Marc]

Especially within the last 6 months, the editors pick the more inflammatory submission about a topic (facts need not be considered) and slap on a useless and sensational title. The information in the articles is interesting, but only the most emotional and least factually correct are picked. I guess it drives up the page views.

The next wave?

Why wonder about the next DRM scheme? It's simple: don't get caught. Malware that's so well hidden that you won't know about it.

Re:The next wave?

[sqlrob]

That's what they thought they had with this. It can still be found. It's hard, but someone will see it and bring it to light. It may not be quickly, but chances are it will happen.

Re:The next wave?

[ScrappyLaptop]

But...that someone works for Microsoft now, remember? And if "he" does still have time to look for something like this, do you think it would ever see the public light of day? At best, a fix would go into a "security update" to protect you from undisclosed "malicious files" vaguely mentioned in a KB article. Oh, and that fix would also cripple some aspect of your OS.

drm not favored

think real hard about this one, .. given the choice consumers will choose non-drm over drm. It's really a hard sell to consumer. I'm for the unlimited download 5$/mo.club and the artist get paid directely from that, cut out the middleman, the artist/inventor get paid more money and that can be based on a useage of IP percentage.

Re:drm not favored

[egypt_jimbob]

...I'm for the unlimited download 5$/mo.club and the artist get paid directely from that, cut out the middleman, ... One third of the population is middlemen and they don't take kindly to being cut out. Seriously, that's what this is all about: Sony is a middleman and by downloading music we're cutting them out. To protect their precarious position, they tried to prevent copying. Their prevention turned out to be a bit heavy-handed and has now prompted more people to believe that cutting them out is a good idea.

What about criminal charges?

[zentigger]

If I hacked into thousands of computers and installed a root kit without permission, I'm pretty sure I would be facing enough jail-time to seriously stretch my sphincter. In Texas, I bet that would probably be enough to get the chair! Someone should be going to jail for this kinda crap, and Sony should have their corporate charter dismissed and the assets seized. (corporate death sentence)

Re:What about criminal charges?

[mpcooke3]

Now, now, don't try and make out that the law would somehow treat you "differently" to Sony.

All you would need to do is become part or a cartel that engages in international price fixing, rip off millions of music lovers and thousands of artists, hire hundreds of lawyers and lobbyists and you too will get a decent legal defence.

Re:What about criminal charges?

Completely off topic, but I'm from Texas. We haven't had the chair in many, many years. We now shoot people up with pioson and what them twitch to death for several hours. Totally more humane.

Re:What about criminal charges?

[Dunbal]

Sony should have their corporate charter dismissed and the assets seized.

      No, just take the board of directors who were in charge at the time, and throw them in jail. Whoops. Let's see if the new board decides to do this kind of thing again.

Re:What about criminal charges?

[Ender+Ryan]

Someone should be going to jail for this kinda crap, and Sony should have their corporate charter dismissed and the assets seized.

You know, I "hate" a lot of companies. In particular, I "hate" Microsoft -- although I only truly hate companies guilty of more egregious crimes. Not because they are the "most evil" company in the world, but simply because they interfere with my career, harass me at work, and have done a lot of damage in my industry(IMHO).

Still... MS corporate execs perjured themselves in court on a regular basis, to the detriment of the entire American public, throughout their whole anti-trust trial, and I never called for the disbandment of their entire company and the seizing of all their assets(how the parent got modded up... some mods must be demented). Do I think some of the top execs at MS deserve to do some time? Maybe. I believe they deserve a fair shake in court if it came to that.

Anyway, my point is this: many of you participating in this 2 minute hate, like the parent poster, are being absolutely fucking ridiculous.

That said, I do consider the "rootkit" to be criminal, and I do indeed think criminal charges should be considered. One must take into consideration, however, the "rootkit" was not developed by any division of Sony, and we cannot rush to conclusions that any of the Sony execs you folks are calling for immediate pound-me-in-the-ass sentences for had any idea what it was exactly they were doing.

Riiight. I'm sure a few other people care about being reasonable and objective... But let the furor will continue unabated.

Now go ahead. Call me a "fanboi" again.

Re:What about criminal charges?

[theLOUDroom]

the "rootkit" was not developed by any division of Sony

What an absolutely STUPID thing to point out.
If I shoot you in the head do I get off because I didn't design the gun?

Now go ahead. Call me a "fanboi" again.

Grow some balls and hold people responsible for their actions you fucking fanboi!

A private individual would be in jail for TENS of years for doing something like this. Seizing their assets and disbanding them isn't shit. I'm sure there are TONS of criminals who would rather have everything they own seized than spend ten years in prison.

we cannot rush to conclusions that any of the Sony execs

Which is why you simply take down the corporation instead. If companies know this is a real option in the future, you can be damn sure that next time you'll be able to trace it back to the person who gave the order.
Corporations understand one thing: money.
If a lack of accountability of their officers becomes a financial risk for them, it will suddenly disappear.

Re:What about criminal charges?

That said, I do consider the "rootkit" to be criminal, and I do indeed think criminal charges should be considered. One must take into consideration, however, the "rootkit" was not developed by any division of Sony, and we cannot rush to conclusions that any of the Sony execs you folks are calling for immediate pound-me-in-the-ass sentences for had any idea what it was exactly they were doing.

You truly are a stupid fucking moron. What you're saying, in effect, is that if you don't develop the rootkit yourself, but instead outsource the dirty work, you can fuck people with impunity.

Sony distributed it and they are responsible. Surely the rootkit developers will say they created the thing, but bear no responsibility for Sony's boneheaded use of it, so they bear no responsibility.

Fuck that "No one's to blame" horseshit. Sue both of the bastards and let them fight out who really pays.

The next time I buy a Canon camera or any other competes-with-Sony product, I'll take a picture of the product and send it to Sony with a letter explaining that the purchase was made because of their rootkit activities.

And don't even think of giving me any shit about how Sony music has nothing to do with Sony optics or any other products. The "different division" shit is just legal and accounting weaselshit to keep the whole fucking outfit from taking the whole rap.

In short, those motherfuckers all pee in the same pot. And I'm not looking to get a urinalysis done to find out which one is individually responsible.

If the top dogs won't turn out the fuckers-in-charge, they can all take the bad name.

Re:What about criminal charges?

[Ender+Ryan]

Do you have trouble sleeping at night, for fear of the bogeyman? You sure sound like a rabid, paranoid nutjob.

And you're pretty much wrong on all accounts, but I'm tired of participating in this bullshit.

Re:What about criminal charges?

[hey!]

That said, I do consider the "rootkit" to be criminal, and I do indeed think criminal charges should be considered. One must take into consideration, however, the "rootkit" was not developed by any division of Sony, and we cannot rush to conclusions that any of the Sony execs you folks are calling for immediate pound-me-in-the-ass sentences for had any idea what it was exactly they were doing.

If there is any uncertainty, a proper criminal investigation would eliminate it. There surely must be correspondence between Sony and the developer, including detailed product specifications.

There's a kernel of truth in what you say though. This kind of thing happens all the time in business, because normal people aren't inclined to examine their actions ethically. They go by what "sounds right", which is why the industry is so keen on the term "piracy".

If rootkit vendor had used the colloquial (but inaccurate) term "computer virus" to describe their product, Sony execs might well have been mortified. However, if the vendor described the actual operation of a rootkit in the context of reducing copyright infringement, carefully using neutral terminology, it is quite possible that the execs would see nothing illegal or immoral about it. Quite the contrary, since they were protecting their own legal and ethical rights, it might have seemed like a morally good thing to do.

Which is no excuse. You can't say "Gee, I guess I didn't think the consequences through very carefully," when you torch your neighbors house.

Re:What about criminal charges?

[zentigger]

many of you participating in this 2 minute hate, like the parent poster, are being absolutely fucking ridiculous.

This is exactly the attitude that allows corporations to drop any pretext of morality and run amok. Regardless of the fact that the Sony executives were presumable acting in alleged good faith that the rootkit was merely a harmless means of deterring copyright infingement, it is still their responsibility to know what it is and what it does. If the product they release breaks criminal laws then a crime has been committed. They haven't even been offered a day in court.

I'm not trying to put Sony above Microsoft or any other legitimized banditry, just keeping on topic.

Corporations today have such an absurd lack of accountability that I could rant on about it for days, and honestly, much more eloquent people than myself have done so already.

And as for being a "two minute hate" I'm afraid I have to take the moral high-ground on this one. I won't buy music produced on a Sony label, and Sony's other products certainly get pushed further down the list.

If more people actually gave a rats-ass and put their money where their mouth is we wouldn't have this problem, but the sad reality is nobody really cares, so the same people that spent hundreds of dollars to get their computers fixed will still go out and buy the next Britney Spears CD or whatever crap-du-jour Sony is pushing as entertainment.

Re:What about criminal charges?

[Anonymous+McCartneyf]

Well, let's go put the people who did develop the rootkit on trial. Admittedly, the corp. who did that was British, but if America can get bankers extradited under the anti-terror extradition act when all they did was give money to Enron, then it can certainly get execs extradited whose work disabled thousands of computers. (Or has the UK already crushed them?)

Meanwhile in a secret Sony Research Lab...

[vivin]

Sony Suit: Well guys, looks like our DRM scheme tanked. But $1.5 is nothing. Muahaha. That's lunch money for me. What new stuff do you have?
Researcher John: Well, we got this thing where we can put in subliminal messages into the music that our customers buy. Stuff like "P2P and Piracy rapes your mom!" or "Buy more sucky and/or mediocre music!" or "Mike is a fag!"
Researcher Mike: Shut up John!
Sony Suit: Oh that's good stuff! Anything else?
Researcher John: Well, Mike has another idea.
Researched Mike: (holds up cute puppy) We can threaten to kill this cute puppy if they pirate stuff!
Sony Suit: EXCELLENT! (pets cute puppy) Woo's a cute puppy-wuppy! Woo's gonna die to pwotect our intewests!! Oooohh!! Sooo cute! Yesyouare!! Yesyouare!!

Re:Meanwhile in a secret Sony Research Lab...

[JustOK]

I would hope National Lampoon would sue them if they tried the thing with the dog.

Re:Meanwhile in a secret Sony Research Lab...

[bblboy54]

Researched Mike: (holds up cute puppy) We can threaten to kill this cute puppy if they pirate stuff!
Sony Suit: EXCELLENT! (pets cute puppy) Woo's a cute puppy-wuppy! Woo's gonna die to pwotect our intewests!! Oooohh!! Sooo cute! Yesyouare!! Yesyouare!!

Thank God... now I don't have to feel bad about killing all those kittens every night.

so what's even lower than a slap on the wrist?

[lashi]

1.3 mil, hmm... I am sure that's even less than a slap on the wrist for Sony. So what's even lower than a slap on the wrist, a tickle on the finger?

so as a consumer, am I still allowed to sue Sony for "hacking my computer and breaking it."? Probably not, eh? How about I got and install rootkit on some Sony's computer?

-------------------

say what's on your mind - online confession and anon email @ my website http://www.sayitt.com/

Re:so what's even lower than a slap on the wrist?

[man_ls]

If you exclude yourself from the Class in writing, yes, you are. Otherwise, no, you are not.

Re:so what's even lower than a slap on the wrist?

[Dunbal]

I am sure that's even less than a slap on the wrist for Sony.

      Sure. It's actually a good investment.

      "What, you mean that for just 1.5M dollars we can put a rootkit on 2 million computers? Right on!"

I wonder how much Sony paid their lawers...

I get a feeling they billed Sony for more than $1,500,000. I realize they're already on the pay role, but I assume they still need to bill their time to the case their working on.

Not as bad as Microsoft...

[gamer4Life]

With Microsoft, you've got to PAY THEM to install virus-prone software on your computer...

I dunno

[hypermanng]

Though the payout on these lawsuits isn't high, the story represents far more of a disincentive for music vendors to pursue shady DRM-like courses than most posters seem to recognize. The dollar value is low, but it sets a precedent, cost them money in legal fees as well as lost development investment, and most importantly makes would-be corporate coalition partners skittish.

Of course, I expect like-minded corporations to fund a fairly concerted lobbying effort after this to create some stealth legistlation legalizing whatever skullduggery they please. The bill will be called the Media Freedom Act or something like that.

mod up ze parent!

My sentiments exactly.

No more trust

[Richard+Frost]

You mean the wave after the current wave of DRM we haven't detected yet?

what I hope is next

[ILuvRamen]

Although it's great to see this as a victory for consumers, I can't help but wonder about the next wave of DRM schemes."

whatever it is, I hope it's something where a riot of people with bats and chains can chase it down and attack it like on iRobot. Yeah, it wasn't really a DRM update that made the robots freak out but dammit, I wanna physically harm a DRM technology!

Re:what I hope is next

Just steal a Sony CD and microwave it, or throw it at things, or burn "Defective by Design" on it with a magnifying glass, or something

Re:what I hope is next

The robots, who were Digital entities, were Managing your Rights. Sounds like DRM.

each?

[nkkdprgrmmr]

so, 1.5 million to each customer, right? otherwise, that's bullshit.

Translation:

[Chas]

A couple law firms in each state made some money, Sony expends more effort farting than it takes to make 1.5 million, and the people fucked over directly by their CRAPWARE get a shitty pittance.

weren't 2 million pcs affected?

[AlgorithMan]

iirc 2 million pcs were affected, so everyone gets 75 cents?

Don't be so critical

[DietCoke]

I mean, they did agree to pay $1.5 Milllllion dollars!

Now please excuse me, I need to count the 15 pennies that I'm now entitled to.

Fuck Sony.

Completely unacceptable!

[gweihir]

First they should be criminally liable. What they did is computer-sabotage for commercial gain. Only prison-time is acceptable.

Second, they should have to pay everybody the cost of professional cleanup. I would say that is at least $150 per customer hit, probably more.

I think they got out of thi extremely cheap. Not acceptable for clearly criminal behaviour.

Re:Completely unacceptable!

[Nephilium]

As an aside... they are offering $175 to each person who complains to them about the rootkit... or fills out their form...

Not that I'm happy with the outcome... but they are getting hit for that... assuming people fill out the paperwork...

Nephilium

With some notable exceptions, businessmen favor free enterprise in general but are opposed to it when it comes to themselves. - Milton Friedman

Re:Completely unacceptable!

[gweihir]

As an aside... they are offering $175 to each person who complains to them about the rootkit... or fills out their form...

Ok, that is reasonable. But that they can get out of this without any criminal liability is just not ritght. In what way are they different from a common hacker, except that they commited the crime far more often, for commercial gain and in a conspiracy?

Re:Completely unacceptable!

Second, they should have to pay everybody the cost of professional cleanup. I would say that is at least $150 per customer hit, probably more.

Damned right. It's been said that computer invasion is the only crime where the extent and penalties are determined by the victim, not the perpetrator. i.e., even if little to no damage was done, the victim gets to decide what remedial action is taken. This is why security consultants always advise clients to go the whole "evaluation and repair" route -- just an hour with a couple of dozen techies will raise the dollar amount of "damage" into the felony offense range. What a hammer to hold over the perpetrator, if he's ever found.

In a similar manner, some years back, a rock climber clean-climbed the Transamerica pyramid in San Francisco. The fucking building is extremely earthquake resistant.

Yet, the pig-fucking management hired an engineering outfit to "evaluate" the climbed surface for "damage" so they could claim huge damages to hold over the climber. Nice deterrent.

Mod parent up!

Electronic Warfare / Electronic Terrorism - what else do you call something that compromises 1,000s of government computers, business systems, and home computers?
The rootkit trojan fiasco deserved a military response.

If the source of this digital infection was a certain middle east Muslim country,
the Bush administration would have been tripping over itself to start another attack.

nice job

[Treates2]

sony pays 1.5 mill. for their stupidicy.. wtf!! i smell some money being handled behind are backs. thats a billionare donating only 1.5 million every 5 years for charity.. it's freaking flip flopping fap fap fap fucking bullshit!!

Re:nice job

[Dunbal]

sony pays 1.5 mill. for their stupidicy..

      This from a state well known for its multi-million dollar medical malpractice suits. I guess you have to feel sorry for poor Sony, your average physician apparently is worth more than them.

Just boycott these companies.

[liftphreaker]

Consumers need to wake up and just boycott these companies. There is no other way to set things right. We need to talk with our money. As long as foolish people keep buying their DRM infested garbage these companies continue to thrive. Doesn't matter how glittery and shiny their next new toy is, people must just say no. The zune is another top contender for this treatment. Together with the DRM infested BluRay players and stuff.

Re:Just boycott these companies.

[exp(pi*sqrt(163))]

I was boycotting Sony until they released the best rear-projection TV on the market. What can I say? Should I watch substandard TV just to make a point?

Re:Just boycott these companies.

[NeutronCowboy]

Holy crap, batman - someone completely missed the point of a boycott. Note: you boycott a company if you decide that you are not going to buy their products regardless of their intrinsic merit. So yes, you boycott a company even if they release the best rear-projection TV ever, or if it comes with the kitchen sink and does your laundry, too. Finally - can I point out that you just placed watching TV on a nice TV set above having principles and following through with them?

Wow.

Re:Just boycott these companies.

No, but you could maybe turn off the TV and pick up a book. Maybe even a dictionary. You could maybe, I don't know.. look up the definition of substandard, because you obviously don't know what it means.

Or you could sit around, eat ding dongs, and be a good little Sony consumerist whore. I think your choice has already been made.

Re:Just boycott these companies.

[Dynedain]

I was boycotting Sony until they released the best rear-projection TV on the market. What can I say? Should I watch substandard TV just to make a point?

Substandard Standard
Best != Standard

Therefore not having the best does not mean having to settle for substandard.

Re:Just boycott these companies.

I was boycotting Sony until they released the best rear-projection TV on the market. What can I say? Should I watch substandard TV just to make a point? Yes, yes of course you should. You shill.

Re:Just boycott these companies.

[Chrisje]

Holy Crap, Batman!

Somebody just missed the point that there is no point in Boycotting.

1) Does it really Boycot Sony?
At some point in time, for instance, a fair amount of all the CRT tubes used in TV's of various brands were Panasonic (Philips in the background). Boycotting Panasonic, and getting a Grundig instead didn't amount to one heap of beans: The tube was Panasonic anyhow.

So, the few people that do hold "principles" higher than "a cool flat TV" probably will never know what market companies like Sony have their grubby fingers in. Somehow, somewhere, they will receive kickback on some patent they have, no matter what you buy and from whom.

2) Critical Mass.
Let it be known that /. is not representative for the world population. 'Nuffsaid.

3) Someone Else will Step In and Screw You.
Congratulations, in spite of the hurdles overcome in 1) and 2), you manage to drive the EvilDoers out of business. Does this mean that the next GreedyCorp Inc. will respect you? Of course it doesn't. My mother would say that she doesn't care if she got bitten by the dog or the wolf, if bitten she'll be anyhow.

Boycotts were a good idea back in the day when you discovered the village doctor was a pedophile and a quack. He'd get hungry and move out of town. In today's corporate environment, I very much doubt it's viable.

Re:Just boycott these companies.

[yet+another+fancy+ni]

So I should know all about every company I buy from, so that I can boycot those involved in criminal acts. Impossible. I expect the courts to deal with crime and punishment.

Re:Just boycott these companies.

[LikeTheSearchEngine]

"1) Does it really Boycot Sony? At some point in time, for instance, a fair amount of all the CRT tubes used in TV's of various brands were Panasonic (Philips in the background). Boycotting Panasonic, and getting a Grundig instead didn't amount to one heap of beans: The tube was Panasonic anyhow."

Possibly true, but taking the brand name $$ boost from one company and giving it to another is not insignificant. It certainly amounts to a heap of beans, maybe even a few hundred dollars per purchase. And if they don't receive a patent kickback, it results in a loss of the price of the unit AND the influx of the same amount of cash to their competitor.

"2) Critical Mass. Let it be known that /. is not representative for the world population. 'Nuffsaid."

No, but I strongly believe /. represents the IT or just plain geek community strongly. And I DO think that, over time, opinions of this community influence society as a whole. If nothing else, maybe IT directors at this firm or that will buy a panasonic projector rather than a sony one. A boycott doesn't have to be instantaneous to be effective.

"3) Someone Else will Step In and Screw You. Congratulations, in spite of the hurdles overcome in 1) and 2), you manage to drive the EvilDoers out of business. Does this mean that the next GreedyCorp Inc. will respect you? Of course it doesn't. My mother would say that she doesn't care if she got bitten by the dog or the wolf, if bitten she'll be anyhow."

In that case, rinse and repeat. Lets let all the criminals in prison go free, because if they're locked up, other criminals will take their place. It's not like we can get all the rapists off the street, so why bother?

I'd like to say your apathy is astounding, but... rather, it is typical.

Re:Just boycott these companies.

[LikeTheSearchEngine]

"So I should know all about every company I buy from, so that I can boycot those involved in criminal acts. Impossible. I expect the courts to deal with crime and punishment."

No, but if you happen to know the company is comprised of scum, maybe you should go ahead and choose to buy from someone else. No need to research every company you buy from, just boycott the ones you come to understand do evil things.

Re:Just boycott these companies.

[Jtheletter]

What can I say? Should I watch substandard TV just to make a point?

Uhhh.... YES. That's the point of a boycott, as soon as you actually buy something from them you've crossed the picket line. Additionally you need to TELL them you are boycotting them and why, if you just casually never buy a product from Sony it doesn't tell them you disagree with their policies/practices/etc it just tells them you're not interested in their products for some unknown reason.
Also, there's a big difference between "best" and "substandard", in fact it's in the words themselves. By definition, the best product is not the standard for that field, the standard would be something more like the mean or median product. There are plenty of other TV producers that make very high quality TVs of all kinds, and considering the transient nature of the title of 'best' in such a rapidly changing market, your lapse in your boycott is essentially for a title that will likely be irrelevent in 6 months if all you care about is what's the 'best'. But by all means, keep pretending you're actually making a statement until the next shiny thing comes along.

Re:Just boycott these companies.

[permawired]

Holy crap, batman - someone completely missed the point of a boycott. Note: you boycott a company if you decide that you are not going to buy their products regardless of their intrinsic merit. So yes, you boycott a company even if they release the best rear-projection TV ever, or if it comes with the kitchen sink and does your laundry, too. Finally - can I point out that you just placed watching TV on a nice TV set above having principles and following through with them?

He's obviously a US citizen, in the US we care more about TV than morals and principles. Sheesh, where have you been?

Re:Just boycott these companies.

[Chrisje]

It's not apathy. For the record, it's called pragmatism.

Anyhoo... You wrote:

> No, but I strongly believe /. represents the IT or just plain geek community strongly.

To be honest, I work for one big, fat, blue IT and Hi-tech vendor. Known for Printers, a flavour of Unix, and an anonymous wooden shed in Palo Alto. I've done support, consulting, and technical Pre-Sales work.

Given all of that experience, in a number of countries in Europe and in the EMEA geography as a whole, I can tell you that you're wrong. /. is an American-centred fringe site of geekdom. Most people in the "business" are not geeks. They are professionals to do a particular job, and when they go home they might enjoy their gadgets, but it's not said they are linked to this fringe movement.

Furthermore, I can tell you that I can count the people I know in high-tech who read /. on the fingers of one hand. Currently, I live in the Middle East. Let me tell you, most people here are the same as the ones in North-western Europe. They don't read /.

I'd argue that most people that purchase things from particularly Sony are not geeks per se. They are strong in very decent, easily operated and durable consumer electronics. Little bit more expensive than others sometimes, but according to many, well worth the extra buck. Do you think /. will sway these crowds into the loving arms of Philips, Apple, HP, IBM, MicroSoft, Samsung, Canon or Nintendo? I fear not.

Re:Just boycott these companies.

[exp(pi*sqrt(163))]

I think you should just go back to your classroom where you can join the other kids in your class in playing at raging against the system, it just looks stupid here. Oh, and hold the dictionary the right way up so at least it looks like you know how to read it.

Re:Just boycott these companies.

[exp(pi*sqrt(163))]

Um...the standard for making TV these days is HD at 1920x1080. I waited 10 years to buy a TV since my last one because I was waiting for a consumer TV to meet that standard at an affordable price - partly because I work in the film industry and consider NTSC to be too poor an approximation to film to make it pleasurable to watch. So please spare me all the lectures on consumerism, the next shiny thing and the meaning of "standard". It's amazing how much crap the average /. reader extrapolates from a small comment. And it's amazing how some people identify owning a TV with watching pabulum (though that isn't necessarily directed at you).

Re:Just boycott these companies.

[LikeTheSearchEngine]

I don't know, maybe not if people who are informed continue to be "pragmatic."

People who dislike Sony for their business practices are not limited solely to slashdot. For a fact, I know that I have personally not given sony $1500 of my money (rather to Kodak and MS), and I have roughly 20 friends and colleagues who know about the whole rootkit mess who didn't before. I didn't ask them to boycott sony, but (especially) the ones who had bought from the label were peeved to say the least.

I didn't say slashdot is comprised of the majority of geeks, I said it represented them. I didn't even READ slashdot when I found out about this mess. The majority of technical minded people I know don't read slashdot either. But they still aren't thrilled to find out about clandestine viruses on their computer which will destroy the OS install before being removed.

Re:Just boycott these companies.

[Jtheletter]

So please spare me all the lectures on consumerism, the next shiny thing and the meaning of "standard". It's amazing how much crap the average /. reader extrapolates from a small comment.
Well let's see, here's your original comment: I was boycotting Sony until they released the best rear-projection TV on the market. What can I say? Should I watch substandard TV just to make a point?

You claim to have been boycotting Sony, presumably from the article this thread is attached to your boycott was because you disagreed with some or all of Sony's recent malevolent behavior, probably regarding rootkits. And yet as soon as they make something you want, you drop your boycott. Hint: that's not a boycott, or at least, not one worth a damn. So in that regard why should you be spared a lecture in consumerism, specifically what it means to boycott something since you don't seem to be practicing what you claim.
As to the meaning of standard, again you're claiming that anything less that the top of the line model is sub-standard, which is a load of crap. "Standard: an average or normal requirement, quality, quantity, level, grade, etc." That's a widely accepted definition of standard, which would not encompass the best of the state-of-the art in any field.
Now for affordable 1080p TVs here are some choices from a 10 second froogle search. On the first page alone there are 6 different manufacturers offering comparable products, so clearly Sony is not the only company providing this technology. It could certainly be argued that theirs is the best of the bunch, but you can't claim that you broke your boycott because Sony was the only possible option, merely the one you liked the most.

You're the one who claimed to be boycotting Sony when in fact it was a boycott of convenience at best, AND you asked the question "Should I watch substandard TV just to make a point?" Don't be surprised when in a public forum you're given an answer to a question you posted, rhetorical or not. Sorry you don't like the answer but own up to the fact that you were never really boycotting Sony as that would have required you to not consider their products in the decision to upgrade your TV. I have not extrapolated anything from your original comment, merely addressed it in detail.

Re:Just boycott these companies.

[exp(pi*sqrt(163))]

own up to the fact that you were never really boycotting Sony

OK, I can't resist your thorough and cogent analysis, and I concede you've outed me. I was just marking them down when weighing up features. But I'm definitely not going to buy a PS3. Or a Vaio. And I'll try really hard not to buy any Celine Dion either, even if she gets really good reviews.

They still have these DRM CDs for sale in Mexico

About a month ago, I bought a CD that had version three of the MediaMax software in Mexico, that infected my Windows XP machine. This was a two-year-old CD--they haven't pulled these CDs from the shelves down there.

The infection is actually quite easy to remove. The Wikipedia article details how to remove it. It's really simple:

sc query sbcphid
sc stop sbcphid
sc delete sbcphid
del \windows\system32\drivers\sbcphid.sys

Shot heard around the world.

"Although it's great to see this as a victory for consumers, I can't help but wonder about the next wave of DRM schemes.""

What did you expect when pirates declared war against content providers? Hugs and kisses?

Re:They still have these DRM CDs for sale in Mexic

[xeno314]

You realize that this isn't the same DRM/Rootkit that is in controversy (XCP) here, right? (That's specifically noted in the Wikipedia article you cite.)

5 OTHER states still have suits.

[headkase]

/. writeup totally confused: Read a better writeup. California and Texas have settled - five other states still get to rake Sony across the coals.

Re:5 OTHER states still have suits.

[Anonymous+McCartneyf]

And maybe the FTC will rake Sony over the coals, too.
Those of you who think Sony needs a criminal trial for installing damaging rootkits? The FTC should be the entity to arrange it.

Oops 13 other states.

[headkase]

My bad.

Just bitch on slashdot. That'll show 'em.

"Consumers need to wake up and just boycott these companies."

Yeah, that piratebay sure is some strong "boycotting". Let's copy some CD's for our friends in protest.

"There is no other way to set things right."

Don't do the crime if you don't want to do the time.

"We need to talk with our money."

"I'm not hurting anyone because I never would have bought it anyway".

Mod parent up!

[sowth]

That is not flamebait. It is good security to ask before executing unknown code.

$1.5 Million Dollars?

[fallungus]

A company like Sony can find that much money under their sofa cushions.

Never trust a multinational

[tryptych]

I think John Cleese said it best from his 1980's UK ad campaign for Sony:
We like to think we give people what they want, because it comes from those awfully nice Sony people."

iTunes is crap.

[fluffy99]

Um, iTunes on the PC has a bad reputation for causing problems. iTunes installs a service that constantly watches the CDRom and USB ports regardless of whether iTunes is actually running. These drivers and hooks are left behind when you uninstall iTunes. Having those drivers still in there makes it impossible to do a repair or in-place upgrade from the CD if Windows gets corrupt. I spent a few hours trying to recover a computer last week and finally had to do some registry crawling to get the remaining iTunes drivers and registry changes out of there.

Re:iTunes is crap.

[Whiney+Mac+Fanboy]

ese drivers and hooks are left behind when you uninstall iTunes. Having those drivers still in there makes it impossible to do a repair or in-place upgrade from the CD if Windows gets corrupt.

I've never heard that before. Is this documented anywhere?

Re:iTunes is crap.

[fluffy99]

It leaves the upper and lower filter drivers on the CD-ROM in place and causes this http://support.microsoft.com/kb/311755/en-us. Early versions of Roxio/EX CD Creator did this as well, which blue screen quite a number of NT4 machines when you tried installed SP4.

Re:iTunes is crap.

[Whiney+Mac+Fanboy]

It leaves the upper and lower filter drivers on the CD-ROM in place

When you completely uninstall itunes? Anywhere this is documented?

Re:1.5 Mil? Someone got paid

[slughead]

60 million would be an insult. They spend more than that on ad campagnes. 1.5 million? That's like a paper cut. On the low side it should have been 200 million to settle. There is some serious corruption going on. $200M would be over 112% of Sony BMG's 4th quarter 2005 profits.

Source:
As part of coparent Sony's earnings report today, Sony BMG reported net income of $178 million on sales of $1.49 billion for the three months ended December 31. As was the case with Sony, the label giant's performance was bolstered by increased cost savings and reduced restructuring charges.

sony will likely pay nothing

[Trailer+Trash]

I would pretty much bet that they'll charge this whole thing against the cd sales of the artists that had this crap on their cds, effectively costing sony nothing. Remember that this is a company that still makes artists pay for "breakage" on iTunes sales.

Re:They still have these DRM CDs for sale in Mexic

The article Slashdoe links to (not to mention the summary) mentions both MediaMax and XCP.

$1.5M is about $10M too little

[From+A+Far+Away+Land]

Sony needed to be smacked a lot harder than this. They probably make that much by selling a couple Britney clone CDs.

Re:They still have these DRM CDs for sale in Mexic

[jibjibjib]

Read the summary. It explicitly mentions MediaMax copy protection.

My solution to prevent being a victim...

[Regul8or]

... of Sony's bullshit. Don't buy their crap to begin with. If it has the Sony name anywhere on the product then chances are you're getting less and paying more. This goes along with all of their proprietary bullshit that they try to force on consumers. They keep failing, but they keep trying. PASS.

Re:My solution to prevent being a victim...

[Yetihehe]

Or buy as many PS3 as you can and convince your friends to buy one. PS3 is worth more than it costs, so Sony is paying for every PS3.

Re:My solution to prevent being a victim...

The retail stores already "bought" the PS3s. The only thing that happens when you buy a PS3 is the retail store makes the difference between what they paid Sony and what you paid the retail store.

Re:My solution to prevent being a victim...

[Anonymous+McCartneyf]

Sure. All you gamers who want to give Sony a financial hit, buy a PS3 right now, since they're losing money on the consoles. But remember: for maximum effect, you should buy only one game (or Blu-ray) for that PS3. Sony is willing to lose money on machines if they make it back with their content.
People who are buying PS3s for extra Linux machines but are otherwise angry at Sony, shouldn't buy any games at all. There are free Linux games, right?

Re:1.5 Mil? Someone got paid

[Anonymous+McCartneyf]

So? People on the wrong side of copyright lawsuits, inc. the ones Sony files, are likely to pay more than a quarter of their yearly income to the RIAA.

so what

this changes nothing. i'm still never going to purchase another cd from a sony artist. i'll gladly download one, however. gg, sony.

DRM = Digital Restrictions Management

[Roark+Meets+Dent]

People should start referring to DRM this way, it's not "Rights" management. DRM = Digital Restrictions Management

Re:DRM = Digital Restrictions Management

[15Bit]

No, it is Digital Rights Management. Its just not YOUR "rights" they're managing...

Re:DRM = Digital Restrictions Management

[Faylone]

I guess it still fits, it's mutilating our rights after all.

Re:1.5 Mil? Someone got paid

[Chowderbags]

And I'm sure that a copyright infringement suit would end up costing most people a lot more than 112% of their net income for a 3 month period.

But it's really much worse, because any individual who did what Sony did could be convicted under the Computer Fraud and Abuse Act, and sent to jail for up to a decade. Instead, Sony has to give up what, 10% of their profits over a 3 month period? Less than 3% of their yearly profit (give or take)? How is that justice?

Re:1.5 Mil? Someone got paid

[PhotoGuy]

A papercut? That is something that draws blood, causes annoyance, and some pain and discomfort. This judgement is more akin to a slight itch on your arm you scratch subconsciously...

Bleh

https://secureweb.rustconsulting.com/sonybmgcdtech settlement/Instructions.aspx

What is this crap? They only offer you downloads of the music you bought? I wish Sony had a mascot, so I could throat punch him...

Other suits

[phorm]

So that's California and Texas. Are there any other States/countries/etc that are still bringing about charges/damages against Sony?

Settlement Claim Form

[phalse+phace]

"Heck, it might be fun to figure out how/where to get the form, what needs to appear on it and get as many people as possible to send one in. Sort of 'slashdot' the system."

Here you go.

Re:1.5 Mil? Someone got paid

[name*censored*]

$200M would be over 112% of Sony BMG's 4th quarter 2005 profits.

So? Jailtime for break-and-enter is ~10,000,000% of the time it took me to commit the crime. And, as we all know, time=money.. so you're saying we should cut sentancing time for people down to 5 months, worst case scenario? Or does this kind of ultra-lenient sentancing only apply to the rich? Justice may be blind, but apparently it can hear the chink of coins into overstuffed piggybanks...

Anti DRM, anti Sony, or Anti Rootkit?

Seems most comments here, are anti-DRM, rather than the rootkit aspect of it.

Sony, as are any other company entitled to protect their property.

How many people are sueing Symantec for their security holes than let malware onto peoples systems?

Re:They still have these DRM CDs for sale in Mexic

[xeno314]

I stand corrected. My fault entirely, didn't realize there was any complaint except for the XCP.

There's a bigger win for consumers here

[rnilz]

I agree that the settlement is complete bs in terms of figures. However, don't forget that Sony and other record labels are more cautious about forcing DRM down consumer's throats, and I think it's likely that this rootkit has a lot to do with it. If this ruling means that Amazon can start selling DRM free music under a subscription model (and probably iTunes as well - who knows, Apple might even provide a legal de-DRM tool for existing music you bought), then I think the fact that 'we won the DRM war' should be seen as a good settlement as well.

But I guess we'll have to wait and see what the labels decide.

Re:1.5 Mil? Someone got paid

[slughead]

So? People on the wrong side of copyright lawsuits, inc. the ones Sony files, are likely to pay more than a quarter of their yearly income to the RIAA.

The average individual law suit was for $2000 or so. You're telling me most people (who own computers and presumably have broadband access) make less than $2000/quarter ($8000/year)?

People seem to think that corporations are evil, faceless, and have infinite amounts of money.

When a corporation is sued for a large sum of money, people lose jobs and it's almost never the ones who deserve it.

If you were to take $200 million from Sony BMG, which has been seeing declining sales almost constant since 1998 or so, you'd be putting hundreds of people out of work.

As another poster said, the people in the company who were responsible for the rootkit have probably either been fired, disciplined, embarrassed, or penalized in some other way. At any rate, Sony wont be doing it again.

As for the consumer, getting up to $180 for a computer virus is a pretty good deal. It may not "punish" them in the way us bloodthirsty Americans would want to see, but makes up for what they did wrong. When all is said and done, this really was just an inconvenience.

Re:1.5 Mil? Someone got paid

[slughead]

But it's really much worse, because any individual who did what Sony did could be convicted under the Computer Fraud and Abuse Act, and sent to jail for up to a decade. Instead, Sony has to give up what, 10% of their profits over a 3 month period? Less than 3% of their yearly profit (give or take)? How is that justice?

Perhaps the laws against individuals are too strict, rather than the laws against corporations being too light.

Oops, we already know that to be true.

Up to $180 per computer affected is reasonable, makes up for the damage they've done, and makes sure they'll never do it again. That IS justice.

Not Enough-Make Them Pay

[LikeTheSearchEngine]

For installing a virus on millions of PCs, they receive a fine which amounts to roughly $1 per offense or less?

Incredible.

Enact your own vengeance by enforcing a personal boycott of Sony. Nothing they make is unique, so buy from elsewhere.

I invite you to go to Sony's HQ in NYC

If you go to Sony's headquarters in New York City, they spend more than $1.5 million decorating the place for the Christmas holidays. No. I'm not making this up. Somebody who lives/works in Manhattan should walk by and confirm what I'm saying.

$175?

[bilbravo]

I don't know what type of "damage" could have been done to these machines. I doubt any hardware was destroyed, and software is simply able to be reinstalled. I think (IMO) that this isn't for "damage", it should be for inconvenience.

That being said, can I just get a refund for the CD? It sucked.

1.2 Million to politicians

[MacDork]

thats a billionare donating only 1.5 million every 5 years for charity

I think you misspelled politician. Sony lobbied politicians to the tune of 1.235 million dollars last year (2005). Politicians and judges aren't going to protect you. There is no justice in a totally corrupt system like America's system of "democracy."

Re:1.5 Mil? Someone got paid

[241comp]

Your forgetting the difference between profits and income. This isn't anywhere near 1/4 of Sony's income for the year. And yes, most of those sued probably make less than $8K in profits each year (that is, the leftover after all expenses are paid). Especially considering that the US currently has a negative savings rate meaning we're (on average) spending more than we're making.

Once again class action suits only benifit lawyers

[bigbigbison]

Has there ever been a class action lawsuit where the company didn't get off easy, the consumers got anything more than a token kickback and the lawyers didn't get rich?

I suppose this result is marginally better than most because in a large number of the class action lawsuits the individuals only get coupons or something lame.

However, $1.5 million is nothing for a company as large as Sony. According to the article each state involved gets $750,000. However, the article also says that in California 450,000 of these disks were sold. So Sony is giving back less than $2 per disk -- they made more than that on each disk! So they still made money on this deal.

Value

[xycadium]

1.5 Million? What? That doesn't do anything ... ANYTHING at all as far as making up for what they did. Sony should be paying out a hundred million or more to each suing state and some execs should go to prison. This will only promote further, even more horrible acts of computer crimes by large companies.

Re:1.5 Mil? Someone got paid

[Cheile]

How exactly is a fine that is likely to total less than $2million after all is said and done a deterrant to a company that is worth 43 Billion dollars? To put it into context this would be like a normal person being fined somewhere between $2 and $6. It's not even a cost of doing business, it's loose change, and a tax deduction at that.

Funny how for most people fines for illegal activities come in the form of a large percentage of the person's net value, but when you start talking about corporations less than 1/10 of 1% of book value is seen as a heafty fine.

Pleaaaassee...

Huzzah, we have a precedent!

[Opportunist]

So if I infect willingly and purposefully computers and gather information about my customers, install backdoors so I can come back (should the need arise) and so on, I'm gonna have to pay 1.5m bucks and that's it? The data alone is worth a magnitude more!

I'm surely working for the wrong side of the biz... eh? What do you mean, officer, jail time?

Civil Charges vs. Criminal Charges

[boyko.at.netqos]

Here's the thing. Everyone is saying that they need to go to jail.

But this was a civil trial. They broke the law, yes, but it was civil law that they broke. It was a class action suit for financial damages.

The reason they're not facing jail time is because no one went to the local constabulary and said: "I would like to press charges - my computer was hacked, this is how they did it, this is where they admitted to it."

Then you might see a criminal trial.

Re:1.5 Mil? Someone got paid

[Qzukk]

$200M would be over 112% of Sony BMG's 4th quarter 2005 profits.

And? If the company is allowed to profit by damaging other people's computers, then it will continue to do so. By removing any profit from this particular misadventure, it will certainly cause them to think twice before trying it again, knowing that it would lose money.

Ideally, someone would sit down with a calculator and tally up all of the revenue from sales of these CDs, and force Sony to return that money. That would guarantee that the enterprise was a money-loser while still ensuring that damages are proportionate to the damage done.

Pro-Sony writer

"Anti-piracy" software? Preventing piracy might have been someone's original motivation for the attack, but the actual behavior of the software that Sony shipped, had little to do with piracy. Did this rootkit modify the host's "copy" command or ftp-uploading code, or something like that?

let Greg know how you feel

[orgelspieler]

if you have feedback for the Texas AG, he can be emailed at greg.abbott@oag.state.tx.us

I don't think the punishment was harsh enough, but you have to wonder why there were only 2 states with the balls to punish these guys.

What About the Business Costs?

[h4ck7h3p14n37]

We all keep hearing these stories where some punk kid hacked a web server and the company that owned it then spend hundreds of thousands of dollars investigating and fixing their security problems. Is Sony now liable for similar damages against businesses that were infected by Sony's rootkit? A $1.5 million dollar settlement sounds like it's orders of magnitude too low considering the potential cost of cleanup.

IANAL, but I'd guess that if you don't accept the settlement from the class-action lawsuit, then you still retain the right to sue in civil court. Don't you typically have to sign an agreement waiving your right to sue for damages when you accept settlements like this?

SafeDisc?

[Digiratus]

So does this give me any kind of legal precedence against the Macrovision Corporation for installing their unsolicited SafeDisc copy protection driver to my PC? It is suggested there may be a local local privilege-escalation vulnerability similar to the kind that Microsoft has patched in their own services: http://www.securityfocus.com/bid/17070/info/

O yes, if you've Installed any games or programs using SafeDisc *and there are lots of them* it is there.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Secdrv

I wouldn't be at all surprised if Sony's own SecuROM protection has something similar.