Sony and their new malware... I mean, music CDs

rogueintellectproductions · Post by **rogueintellectproductions** » Sat Nov 19, 2005 2:32 pm

I don't know if anybody's been following the controversy regarding Sony and the new copyright protection they've put on some of their new CDs (follow this link for more info - http://www.eff.org/deeplinks/archives/004145.php - there are alot of other resources on this issue across the web as well). I hereby post the list of affected CDs as a service, so that the community is aware, and can protect their own systems.

http://www.usatoday.com/money/industrie ... -cds_x.htm

The list is at the bottom of the article. I am of the opinion that Sony has the right to protect their music, but not at the cost of installing malicious software onto a user's system. Readiness is all.

Chris

Catatonik · Post by **Catatonik** » Sat Nov 19, 2005 2:39 pm

well thankfully, not one of those discs will end up anywhere near my hard drive.

But yeah, that is a breach of right, and those bastards deserve a good severe beating.

pink_hedgehog · Post by **pink_hedgehog** » Sat Nov 19, 2005 2:58 pm

Thats definitely not cool. I understand that they're trying to avoid file-sharing and people burning the CD for others but installing shit onto my computer that can make it more vulnerable to virus' and hackers and what have you, shouldnt be the way to do it. File sharing is legal, a lot of bands wouldnt be as big as they are without it. But I dont want to start the "to download or not to download" debate so I'll agree with Rogue. Simply put:

rogueintellectproductions wrote:I am of the opinion that Sony has the right to protect their music, but not at the cost of installing malicious software onto a user's system.

Also not one of those cds will end up on my computer either. Oh except for Canadian inspiration Celine Dion

RamonesFan2020204 · Post by **RamonesFan2020204** » Sat Nov 19, 2005 4:28 pm

Thankfully, I don't plan on getting the albums mentioned on that list.

Unpronounceable_Symbol · Post by **Unpronounceable_Symbol** » Sat Nov 19, 2005 4:42 pm

I actually bought the Trey Anastasio album (to review, and it was pretty bad) but luckily heard about all this stuff happening before I put it in my computer. Obviously the record companies are trying to take up as much ground as they can before anyone asks them to delineate exactly what is purchased when one buys a music CD. Copying files to your computer, even more than three times, is within the previously established rights of a CD owner to copy for his/her own personal use. And for that matter, the companies are actually trying to declare part of your PC as theirs when you use their CDs, which is sorta ludicrous. Even software developers don't ask to stake a permanent and secret claim on your hard drive like that.

I wonder if the music industry is going to come up with an outlined License Agreement for every CD we purchase in the future, saying exactly what rights are sold with the CD? Remember, these are the same people who, before file sharing came up, were going around suing used CD stores because artists weren't getting their royalties.

azulmagia · Post by **azulmagia** » Sat Nov 19, 2005 6:28 pm

Really disturbing article on the Rootkit by Bruce Schneier.

Some snippets:

Bruce Schneier wrote:On Nov. 4, Thomas Hesse, Sony BMG's president of global digital business, demonstrated the company's disdain for its customers when he said, "Most people don't even know what a rootkit is, so why should they care about it?" in an NPR interview. Even Sony's apology only admits that its rootkit "includes a feature that may make a user's computer susceptible to a virus written specifically to target the software."

The rootkit has even been found on computers run by the Department of Defense, to the Department of Homeland Security's displeasure. While Sony could be prosecuted under U.S. cybercrime law, no one thinks it will be. And lawsuits are never the whole story.

Initial estimates are that more than half a million computers worldwide are infected with this Sony rootkit. Those are amazing infection numbers, making this one of the most serious internet epidemics of all time -- on a par with worms like Blaster, Slammer, Code Red and Nimda.

Symantec's response to the rootkit has, to put it kindly, evolved. At first the company didn't consider XCP malware at all. It wasn't until Nov. 11 that Symantec posted a tool to remove the cloaking. As of Nov. 15, it is still wishy-washy about it, explaining that "this rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software."

The only thing that makes this rootkit legitimate is that a multinational corporation put it on your computer, not a criminal organization.

Who are the security companies really working for? It's unlikely that this Sony rootkit is the only example of a media company using this technology. Which security company has engineers looking for the others who might be doing it? And what will they do if they find one? What will they do the next time some multinational company decides that owning your computers is a good idea?

rogueintellectproductions · Post by **rogueintellectproductions** » Sun Nov 20, 2005 6:11 pm

Unpronounceable_Symbol wrote:And for that matter, the companies are actually trying to declare part of your PC as theirs when you use their CDs, which is sorta ludicrous. Even software developers don't ask to stake a permanent and secret claim on your hard drive like that.

Well said. My understanding of EULAs is such: If a company is offering software that cannot be uninstalled from (or make any other permanent change to) your system, it is their obligation to inform you through the user's agreement. Sony failed to do so in their EULA, which leads me to another thought. It's interesting to note that Sony has not provided affected users with a patch or instructions on how to remove the rootkit, which leads me to beleive that they intend to use a slightly modified version of the code in the next batch of copy protection. You know, just as draconian to the users, but without that pesky security vulnerability.

I'm reasonably sure that Sony's behavior is actionable, and I'm also reasonably sure that their legal department was aware of the potential consequences, but it just goes to show how serious these companies are to protect their music. IMHO, CD sales aren't plummeting due to p2p. I think they're plummeting because CD prices are absurd - I'd rather buy a beat-up used copy than pay $20 for a new CD. I specifically look for ones stamped "Promotional Copy:Not for Resale"!

Chris

DeinReich · Post by **DeinReich** » Sun Nov 20, 2005 6:36 pm

I'm supprised no one posted about this yet. It just shows another way that the music industry is treating their customers as criminals, spying on their CONSUMERS activity, who decided to BUY their product LEGALLY. It's flat out asinine and I doubt that I will ever buy a product from Sony ever again.

Unpronounceable_Symbol · Post by **Unpronounceable_Symbol** » Sun Nov 20, 2005 6:49 pm

I was going to never buy from Sony again, but Sony owns Columbia and I couldn't pass up a remastered Born to Run. :p

And from my understanding, Sony is starting to get flak from their own artists over how much the whole thing has hurt sales for the holiday season: I found this link in another forum.

rubyeye · Post by **rubyeye** » Sun Nov 20, 2005 7:03 pm

I never heard of any of this, since I don't listen to mainstream artists. But thanks all the same for informing us. It's good to know how we are being further F%#&ed by corporate America.