Posted on 11/23/2005 10:35:17 AM PST by ShadowAce
Analysis What next for CD buyers?
For all the lawsuits, over-the fold-coverage in mainstream print and on primetime TV, and howls of anguish from the blogosphere, Sony Music has sailed through the rootkit CD fiasco largely unharmed.
The only figure that matters - the bottom line - appears to be unaffected by the fiasco. CNet's John Borland reports, and as retailers confirmed to The Register, that Sony hasn't lost sales from popular titles infected with the notorious XCP copy-restriction technology.
The poorly written software leaves a PC wide open to hackers, and attempts to remove it can disable the CD drive. Sony Music reluctantly announced a recall and exchange program for XCP-infected CDs last week.
But the CD buying public doesn't seem to care. One large retail store, Amoeba Records in tech savvy Berkeley hasn't seen a single infected CD returned to the store. Chart rankings and Gracenote lookups don't reflect a fall off in sales for the affected CDs.
Far from being a historic turning point in the public's perception of nefarious DRM tactics, that many hoped, it's proof that the CD buying public is impervious to technology warnings, or at least extremely slow to cotton on.
We may have feared as much. One in four PCs connected to the internet in the UK is "owned", in other words, fatally compromised by malware. And yet good technology advice isn't hard to find: news stand magazines and part-works offer lucid explanations, most newspapers feature weekly PC advice columns, and much more information is only two clicks away on the internet.
So more information in itself isn't the answer.
Will the lawsuits succeed where education has failed? Yesterday the Electronic Frontier Foundation and the state of Texas duly filed suit against Sony.
Don't hold your breath.
For all the angst in the US about 'tort reform' and the prominence given to excessive damages won by 'ambulance chasing' lawyers, the effect is negligable. If the Microsoft trial taught corporate America a lesson, it's that litigation can be considered a minor operational expense. Business treats it like a spot fine for littering.
Sony Music can also take heed from the limitations of internet based activism. The New York Times reports that over 700 Amazon.com reviews pointed out the dangers of XCP DRM, and that "... snarky Internet shoppers have quickly turned Amazon.com's tagging system into digital graffiti" - attaching the 'rootkit' warning tag to Sony XCP CD titles.
Why, then, has the saturation and uniformly negative coverage of Sony's DRM failed to harm sales?
Your guesses are as good as ours, but it's hard not to conclude that the WiReD myth of a 'Rip Mix and Burn' population has been somewhat overstated. Only a third of CD purchasers actually play music on a PC. And a vanishingly small number of them appear to want to take their music anywhere other than where it's directed to go by the manufacturer. If a CD plays in the home stereo and the car, then that's quite enough digital freedom already for most people.
This may have less to do with a public acceptance of artificial restrictions such as DRM than the fact that music tends to stay in hardware 'silos', and digital music tends to stay where it's bought, largely through apathy and forgetfulness.
And given an atomized tech savvy population, tagging and bleating in the safety and comfort of their own PCs, Sony's nefarious tactics have failed to harm the business.
Ultimately, there's little to change our view that DRM restrictions are an expensive and economically inefficient stop-gap, an absurd attempt to replicate the inconvenience of physical product in a digital form. But equally, the 'Chicken Little' scenario of DRM as the means of introducing a vast lock down is a paranoid fantasy. Sony now knows it only need keep the CDs playing in home and car stereos, and it can swat away the digital rights lobby like flies.
A better analogy, and one we've made many times, is that we're in a Prohibition era: this is a transitional age, one where the inconveniences of DRM are borne by a minority of the population. That happens to be us.
Ominously the Recording Industry Ass. of America president Cary Sherman congratulated Sony Music for its ethnical behaviour, comparing it favorably to software companies.
"The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware," Sherman told a forum of student journalists.
"They have apologized for their mistake, ceased manufacture of CDs with that technology,and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?"
Note the semantic redefinition of XCP as bad coding, simply a bad implementation of a good idea.
Expect more XCPs. You only have to follow the money. ®
Well, yes, it does make things easy for hackers. All they have to do is name the file containing their worm or virus $*****$ and the user will be unable even to see it.
Antivirus companies have been reluctant to deal with the problem, for fear of being accused of tampering with copy protection, which normally is a criminal offense.
I too, will be ignoring ALL Sony products for the next decade or so. I did the same when Intel got caught. It's not difficult.
There are always alternatives.
BTW. Whose doing the monitoring? Is this a poll or marketing result that Sony could buy, steal or spin to hide the truth?
Not that they would EVER do something sneaky and underhanded, of course...
"Once the protection installs itself on your computer, allowing every hacker in the world in, there is no way to remove it."
well, I doubt that. In fact, I can think of one way right off the bat. I'm sure a way that doesn't involve a reformat will pop up here pretty soon.
Of course it's a problem. But in the grand scheme of things i don't really consider it a big problem that will only be fixed when I have I am standing on a pile of rubble that once was Sony Corp.
AV companies typically check for viruses before they execute any programs, so once it is saved on disk it is basically too late. The only virus that uses the cloaking that I know of requires the user to click on an email attachment, then it executes and hides itself using the rootkit although it could have just as easily contained its own rootkit but that virus writer decided to be lazy.
That's false.
Xbox360 reportedly very unstable, prone to crashes (pics)
Heroes pull woman from Xbox blaze
You may want to pause before jumping to purchase a XBox 360. Or at least check your home owners' insurance.
Oh I am sure you can deal with it just fine, working for SONY and all.
The average user, however, is screwed. He is neither a geek not a programmer. Most users can't even mess with the registry.
A lot of tech-savvy people, including myself, buy digital music through iTunes, which of course is not affected by this at all. Apple has an excellent record of not cheating the people who buy music from them. I've been very happy with their music store and my purchases from it.
Those who really care about this issue wouldn't buy Sony's copy-protected CDs no matter what, or they would know how to defeat the copy protection. Apparently all you have to do is put some tape over the outside section of the CD and it will work just like a normal CD.
D
There was a story published just today or yesterday (I think it's on FR somewhere) about some outfit that bought an XBOX 360, took it apart, and determined that the cost of its parts is so high that Microsoft is losing something like $100 to $150 on each sale. (They're following the time-tested Gillette model: Sell the razor for next to nothing, and get the consumer hooked on the expensive blades that they have to buy over and over for years to come.)
It's almost certain Sony will do something similar. So if you want to screw Sony, go ahead and buy a PS3; just be sure to only play bootlegged copies of the games. (Assuming the PS3 games turn out to be crackable; the PS1 and PS2 games sure are.)
Personally I wouldn't buy either as they are both terrible deals compared to PCs (which is where I game / spend all day lurking on FR) but its a case of the lesser of two evils.
Most people haven't a clue what a rootkit is or why they should care. But if I were at SONY I wouldn't start gloating quite yet.
Sony BMG has nothing to do with Sony Computer Entertainment.
Get the PS3 if you want it.
The computer entertainment division is well known for releasing truly asstastic "products" in the form of patches to its games that have done everything from drastically changing gameplay after you plunk down more money for an expansion to causing massive Direct X corruption just by playing the affected game.
Patches are absolutely mandatory to log into the gaming servers.
Internet Security Systems Protection Alert
November 15, 2005
Sony BMG Bundled Software Vulnerabilities – November 2005
Description:
Sony BMG bundles copyright protection software made by First 4 Internet called XCP-Aurora. This software is installed when a user attempts to play a protected CD in a computer. Although the user is expecting to install a music player the user is actually prompted to install the copyright protection software. The software consists of several pieces of low level software that have the ability to monitor and hide from the operating system.
The software installs a device driver that will hide any file or process that begins with $sys$. Several Trojans are now actively taking advantage of this cloak. Two separate issues have been identified. First the software does not provide an uninstall feature. If a user tries to manually remove the software, the system will become unstable. Furthermore the software is also forced to launch in the special diagnostics mode of Windows, called safe mode.
X-Force R&D has also discovered that XCP-Aurora has vulnerabilities in the driver, which run with the highest privilege level and would allow an attacker to perform privilege escalation. This vulnerability will result in memory corruption that will allow attackers to execute code in kernel mode. This allows a regular user to take full control of an exploited machine.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.