Posted on 11/13/2005 12:52:35 PM PST by dickmc
The uninstall tool posted by Sony BMG to get rid of its controversial digital-rights management software is worse than the original software, a security company says.
Computer Associates, maker of eTrust PestPatrol anti-spyware software, says that the technological protection measure (TPM) uninstall routine itself can be classified as spyware.
Sony BMG equipped some of its music CDs with a "rootkit" that did not explicitly say it was being installed on a computer. Rootkits are tools used by hackers to hide their tracks when they take over an innocent user's machine.
Sony's TPM went further, CA says. The media player that Sony ships with those CDs sends the IP address of the computer and the user's listening habits back to Sony and perhaps all its partners, without notice, consent or choice.
And that, CA says, is a classic definition of spyware ..
More at: http://www.theglobeandmail.com/servlet/story/RTGAM.20051111.gtsony1111/BNStory/Technology/
(Excerpt) Read more at theglobeandmail.com ...
There is an old German army story that goes as follows:
The German army screened their officer candidates into: Energetic or Lazy and Smart or Stupid.
Candidates that were: Stupid and Lazy were rejected but went back with their existing rank as they made good cannon fodder
Candidates that were: Smart and Energetic went immediately to Officers school
Candidates that were: Stupid and Energetic were demoted to privates with a black mark on their record against ever being officers because of their great potential to do damage. .
.
Clearly Sony screwed at their Officer Selection School!!!!!!!!!
I can not believe any corporation can be this stupid. If they tried to loose customers, get sued, get bad PR before the prime gift buying season, etc ... a better job could not have been done. According to the net:
1. Misleading EULA
2. Some of the software is actually installed before the EULA appears
3. A DRM that cloaks itself while opening your computer to a virus
4. A removal tool that simply uncloaks the DRM but does not remove it
5. A DRM company that was supposedly spun off from Sony to try to avoid legal liability
6. A DRM that phones home to Sony telling them what CD you are playing
7. Several attack Trojans is already out there exploiting the vulnerability that their DRM causes
8. A DRM so ineffective that it won't even load or install on a MAC
9. According to a Netherlandss site, Sony the great intellectual property protector, actually stole Lame code ( probably the best mp3 encoder in the world) and embedded it in its DRM
These idiots deserve every thing that they get. They have done everything that any PR person would tell them not to do. A class action suit is already filed in California!
BTW: The DRM is apparently installed by the Autorun function (which many people disable anyway) and the wav files are still there for use. Enough said about that. Sony apparently owns a whole slew of record companies, like Columbia, RCA, etc., so you may be able to catch this from others also.
***********************************************************************************
Sent to Orrin Hatch...................................................
Hey Orrin:
Your buddies over at Sony have now implemented a DRM because of your act that has screwed up hundreds, if not thousands, of computers. You did read the Washington Post today, didn't you??
Already a major lawsuit underway in California with possible criminal penalties. Even Homeland Security involved with a statement today.
Want to learn more:
Product withdrawal announcement:
http://news.ft.com/cms/s/018223e4-52f0-11da-8d05-0000779e2340.html
Technical details and issues:
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html http://www.sysinternals.com/blog/2005/11/sony-you-dont-reeeeaaaally-want-to_09.html
Get you hands out of Sony's and Hollywood's pockets and back in your own.
Better yet why not make an early Christmas: Give a nice Sony CD to all of your friends and each of your office workers with a computer. I'm sure they'll like all the viruses and trojans. Perhaps they'll also enjoy reinstalling their operating system and software, not to mention loosing all their files from the Sony DRM net vulnerability.
Hope you have a better day than the computer users in Utah.
************************************************************************************
Sent to Amazon, Best Buy, Borders, and Circuit City on Friday:
Dear *****************,
As you may know, Sony today withdrew a copy protection software on CD's that your store is selling. The software embedded in these CDs has the potential to damage PC systems. Also, viruses are already on the net exploiting the software as an entry point. A copy of the withdrawal announcement shown below was delivered this afternoon to your ******** road store in Pittsburgh.
You will probably want to talk to your legal department promptly about what liabilities you may face if you continue to sell the related music CD's in your stores now that this issue has been brought to your attention via this notification.
Product withdrawal announcement: http://news.ft.com/cms/s/018223e4-52f0-11da-8d05-0000779e2340.html
Technical details and issues: http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html http://www.sysinternals.com/blog/2005/11/sony-you-dont-reeeeaaaally-want-to_09.html
I am retaining a copy of this advisory for my records.
Thank you,
***********************************************************************************
The Department Of Homeland Security also weighed in on Sony's Rootkit DRM scheme, albeit indirectly. DHS Assistant Secretary for Policy, Stewart Baker, speaking at an event about combating intellectual property theft, said:
"There's been a lot of publicity recently about tactics used in pursuing protection for music and DVD CDs in which questions have been raised about whether the protection measures install hidden files on peoples' computers that even the system administrators cant find...It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days. "
************************************************************************************
Some added comments:
1. As widely discussed already, Sonys marketing model is all wrong. One good song on a $15 or $20 CD. Few singers and groups ever get royalties anyway. A DRM protection scheme that screws up their customers computers. Personally I could care less: I havent liked any music since the 70s, but thats probably just me.
2. A Sony DRM that: wont even load on Macs, wont even activate on Windows if Autorun is disabled, and as told to me by a local store that read about it in the local newspaper, can be bypassed by simply using the shift key when the CD is loaded. Some DRM!!!!!!!!! Only good for screwing up stupid customers, the exact people Sony needs to buy their CDs.
3. A fact that Sony certainty knows, but has not told their stockholders: There is no DRM protection scheme that can keep an Audio CD from not being copied. Not one, not now, not ever!!!!
Why?? Any audio CD that will ever be sold, needs for compatibility to run on an ordinary CD player. Your CD player is a dumb machine that does not read any software or encrypted material. Not now. Not ever. There are too many out there. Neither Sony or anyone else, including Orrin Hatch, will ever change that. This is an inescapable and unavoidable technological fact. All the political wishing or pocketed politicians will not make this fundamental fact go away.
All CD players worth their salt, and some which dont, have a S/PDIF optical output which is a way of getting the digital information directly into your high tech amplifier. Almost every garage band now has a $300 sound card in a computer that can read S/PDIF inputs and make a bit perfect digital copy.
Even if Sony and Orrin could get them all outlawed (which will never happen), all an enterprising person would need to do is to solder a wire from the CD Players $2 Burr-Browns left and right audio outputs and run it directly into a computers sound card. No capacitors, no amps, no preamps to change the sound. Todays $100 sound cards today are absolutely amazing. Most have 24 bit analog to digital converters of exceptional quality. The result would be so good that no listener, repeat no one, could tell the difference from playing the original Cd or that copy.
Personally, I dont copy music, I dont put it on the net, and I dont file share or download music. Its illegal and there hasnt been any thing in the last two decades that I felt worth hearing anyway. However, does Sony really believe, particularly after last week, that there is not at least one computer owner somewhere in the whole word that is not so pi$$ed off that he will not rip every Sony copy protected disk and put it on the net simply to get even or prove it can be done!!!!
Sony is on a fools errand if they think anything they do with DRM will keep their music off the net! The more they alienate customers, the faster it will get there. Period. End of Story. Sonys market model is the walking dead. They are either too dumb or arrogant to realize it.
4. If you have not read Cryptonomicon by Neal Stephenson, you should. It is now out long enough that your library will also have copies. It is a long, but interesting read, of which part of the plot is setting up a net data haven in the Philippines. It also has a neat appendix that explains how PGP was developed and works. Does Sony really believe that this will not happen? Fuji, one of the stans, Venezuela, one of the central American countries, the Caribbean? Im surprised it hasnt happened already. The business model is perfect. Put all the songs on the net and sell them for $1. Keep 25 cents and deposit 75 cents in the off-shore bank account of any group or artist that wishes to sign up. They can go visit their money from time to time. What is Sony to do? Subpoena every packet on the net? Get NSA or Carnivore to monitor music downloads rather than terrorists? Not even Orrin Hatch can pull that off.
*******************************************************************************
The bottom line:
No matter what Sony does, there is no way to keep bit perfect copies off the net! Not today, not tomorrow, not ever! Only a fool would think so, it is a fools errand to try. Dont lecture me about not downloading music being unethical, illegal, immoral, etc. I dont download it and dont like it anyway. But, there is no way to put this toothpaste back in the tube. Aint never going to happen because of the fundamentals of the audio CD technology. Moreover, the more Sony pulls things like they just have, the worse it will get and the faster the music will get on the net. Only an idiot would believe otherwise.
Only a fool would stick to a business model that went out with the buggy whips. Will Sony change their business model? I doubt it and I really dont care, except for the bands and artists who are being screwed by Sonys failure to admit to the facts and move on.
There's a Sony rootkit detection and removal tool at:
http://www.sophos.com/support/disinfection/rkprf.html
Unfortunately I can't vouch for this tool because I don't have Sony spyware on my computer, but anyone who needs a solution can have a look and try, at their own risk.
Microsoft should sue them too.
This is why I no longer use Windows on my PCs.
Linux plays these cds without an issue.
I've yet to see a list of the CD's that Sony produced with this software on them. I know Brian Wilson's Christmas CD has "something" on it, but that's not made by SONY.
Titles anyone?
They have also ensured that I will never buy another music CD from them.
A company that would attempt to send a message to music thiefs by punishing the customers who are actually paying for their music is incredibly stupid and not worthy of my business dollar.
There is a symbol on the packaging with copyright protected or similar written on it. Also, there is a test where you create a new text doc on the desktop and if it disappears following creation you are infected. The file name has to be $sys$canary$ or something like that.
Agreed. Best novel I have read in 10 years.
Copy notepad.exe to the an open folder window (or the desktop) and rename it to $SYS$notepad.exe
If the file immediately disappears, the Sony/BMG rootkit is active on your system.
According to the EFF, the following CDs contain the DRM in question:
Gawd, I must be getting old!! I only recogize Dion & Neil Diamond!! And, I have the original Dion release.
"Sony deserves all the bad things that are going to happen to them. "
Sony also has problems with their computer service. My boss had a Sony Vaio laptop that spent months in the shop just to have a display replaced. And this was under warranty. It was explained repeatedly that the computer was for business, yet no action was taken until months later.
In the end, Sony has been banned. Any new computers from that point forward are Dells.
No, not really. Those are all relative unknowns(with some noted exceptions), some only well known in Europe, some Jazz, Easy listening, etc. It appears to me that Sony was testing the waters with these. If they did the same thing with a big release and it ended up screwing the pooch as this has, it probably would be a very expensive legal problem. Better to introduce this quietly into the slipstream and limit exposure initially and see what happens.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.