Sony takes DRM too far

  • Thread starter Thread starter Burnout
  • 22 comments
  • 1,179 views
It is very possibly illegal. Sony could be in for a big fat lawsuit...
 
Very nasty but not nearly as nasty as Microsoft and ABI cudding up together or the Real Player encoded information packets. If this continues much longer I might go Linux. Anyway did a search, no rootkits on my systems!
 
It would seem that in due course all music bought will have some kind of copy protection eventually. Even Mac and Linux users will succumb in the end! :nervous:
BBC News
 
Shannon
For DRM rootkits to be installed, they must first be initialized. They do this through the Windows Autorun feature. Solution? Disable autorun.

... or just not buy copy protected CDs.

http://poptech.blogspot.com/2005/11/block-cddvd-drm-and-rootkits-easily.html
Click to expand...
👍

Most people shouldn't have to worry about stupid crap like that, though.

The worst part is how easy it makes coding a virus, simply using the prefix "$SYS$" to hide it. Dumb, dumb move.

Seems like in this case, the only people getting screwed are their loyal customers. People that download the CD not only get it free, but also don't have to worry about things like rootkits.

"Hi, my name is Sony, please don't buy my music. Oh, one more thing, if you do, we'll screw you."
 
There's a big backlash starting up over this, and some of the industry commentators have spotted that it will increase piracy for just the reason that Burnout stated. People won't buy music when (a) they can steal it, and; (b) playing legally-bought music on their computer places them at risk.

You should never put an audio CD in your computer without holding the Shift key as it first reads the disc. This disables autorun for that particular insertion. Most music CDs these days seem to be "enhanced": usually with all kinds of stuff that I don't want and which is going to lunch my computer.

The industry really is in a tizzy about this, it's laughable. I mean, really! They're chasing their tails over piracy, and in doing so have allowed a bloody computer vendor to completely take control of the legal download market! And Apple only did what the industry should have done in the first place. I was saying back in 2000 - when Napster was first around that if the music industry set up a legal download service and charged $0.99 per track, it would largely stem piracy. Took Apple four years to get bored and decide to prove me right...
 
They're in deeper doo doo now:

Hackers use Sony BMG to hide on PCs

AMSTERDAM (Reuters) - A computer security firm said on Thursday it had discovered the first virus that uses music publisher Sony BMG's (6758.T) controversial CD copy-protection software to hide on PCs and wreak havoc.

Under a subject line containing the words "Photo approval," a hacker has mass-mailed the so-called Stinx-E trojan virus to British email addresses, said British anti-virus firm Sophos.

When recipients click on an attachment, they install malware, which may tear down a computer's firewall and give hackers access to a PC. The malware hides by using Sony BMG software that is also hidden -- the software would have been installed on a computer when consumers played Sony's copy-protected music CDs.

"This leaves Sony in a real tangle. It was already getting bad press about its copy-protection software, and this new hack exploit will make it even worse," said Sophos's Graham Cluley.

Later on Thursday, security software firm Symantec Corp. (Nasdaq:SYMC - news) also discovered the first trojans to abuse the security flaw in Sony BMG's copy-protection software. A trojan is a program that appears desirable but actually contains something harmful.

Sony BMG's spokesman John McKay in New York was not immediately available to comment.

The music publishing venture of Japanese electronics conglomerate Sony Corp. (6758.T) and Germany's Bertelsmann AG (BERT.UL) is distributing the copy-protection software on a range of recent music compact disks (CDs) from artists such as Celine Dion and Sarah McLachlan.

When the CD is played on a Windows personal computer, the software first installs itself and then limits the usage rights of a consumer. It only allows playback with Sony software.

The software sparked a class action lawsuit against Sony in California last week, claiming that Sony has not informed consumers that it installs software directly into the "roots" of their computer systems with rootkit software, which cloaks all associated files and is dangerous to remove.

Sophos said it would have a tool to disable the copy protection software available later on Thursday.

Sony BMG made a patch available on its Web site on Tuesday that rids a PC from the "cloaking" element that is part of the copy-protection software, while claiming that "the component is not malicious and does not compromise security."

The patch does not disable the copy protection itself.

The Sony copy-protection software does not install itself on
Macintosh computers or ordinary CD and DVD players.
Click to expand...
 
Unless you are an expert at using the RootkitRevealer frm Sysinternals.com & able to traceback on stealthed processes the only way to find out if the SonySpyware is on there is to use Sony's uncloaker @ http://cp.sonybmg.com/xcp/english/updates.html , which they term a 'service pack' , BUT if you read Mark Russinoviches blog @ sysinternals there are a couple of problems with associated w/ A) Removing the informing software B) Even using the decloaking patch in the first place . Quite a dodgy setup & nothing a major corporation would want to boast about.
 
The icing on the cake:

First it was revealed that Sony was putting (malicious rootkit) software on its CDs that infected personal computers of its customers in order to keep them from copying music.

Next, the company released a malware uninstaller that left certain components on your system that would allow virus writers to infect your system.

Now comes the real icing on the cake — The malicious software Sony was trying to use to protect its copyrights is built on code that infringes on copyright!
Click to expand...

http://japundit.com/archives/2005/11/15/1527/

Hope they learned their lesson!
 
Isn't this just great! I'm quite hard on people who steal music, but I'm really enjoying the way that Sony are being made to squim over this. Whilst I think that it's acceptable for Sony to try to protect their copyright, I think that they've gone about this in an underhand manner, and seem to be trying to do it with as little investment as possible. In so doing, they've deployed a product which they don't properly own, and which doesn't work properly. Further, it doesn't really work properly and hides itself in a mask of cowardice.

I'm not even sure how honest they've been about the CDs that have the technology on it. They have released a list of 20 discs, but some bloggers put the figure at over 40. Mind you, one of them lists a CD that I have and which I have successfully ripped to iTunes - which is the behaviour that the rootkit was designed to stop.

Sony should hand out gift vouchers to people who are registered at the legal music download stores.
 
I'm sort of taking a sick enjoyment out of it as well.

DRM software in generla is okay, as long as it does what it's meant to do in a resonable way. Sony took far too much liberty--and seemed not to respect the buyer's rights. One Sony exec said on NPR news something to the effect of "most of our customer's don't even know what a rootkit is, so this isn't a big issue." Not only is that extremely callous, it seems that that would make it an even bigger issue!

Also, I have heard that the "patch"/uninstall released by Sony for the DRM leaves a security hole in IE that allows a web page to execute arbitrary code on the affected machine. http://www.betanews.com/article/Sony_Rootkit_Fix_Brings_More_Trouble/1132088663

I have a feeling that Sony will not be held accountable for the copyright infiringement even if they distribute the software because they did not develop it.
 
skip0110
I have a feeling that Sony will not be held accountable for the copyright infiringement even if they distribute the software because they did not develop it.
Click to expand...
They are in breach of the LGPL though and the irony is that such 'stealth' software cannot use any parts of the LAME decoder etc without revealing it's presensce through the EULA which SONY poignantly omitted .
Thank God for American Hero Richard Stallman though , who forsaw that Corporate interference in the electronic medium would lead to just such breaches of underlying human rights thus his brainchild the GPL . SONY being a corporation ahave a sheeplike view of customers and therefore the need to offer respect and intellegence benefit to their product recipients is simply not present but Peer-driven respect systems of which the FSF & openSource movements are at the forefront have a watertight mechanism for customer approval ; they are the customer + any dodgy or malicious code would mean an inferno-on-contact & your name is mud . Corporations are dinosaurs with such thick skins that they can easily lose staff , lawsuits etc & still remain Numero Uno .
These Licences are real though and they cover increasingly the highest quality and best-serving code in E-space.
It's the 21st century Sony should cop on to itself that respect is nine tenths of far longevity and that music copyright is a far more complex and contentious issue than can be assigned to a departmental viral quickfix .
A few more moves like this & granturismo.de & ime looking elsewhere for entertainments...



























Updates Available
 

Latest Posts

Back