Sony shipping malware on their music CD's

[YoshiSato]

Originally posted by: mercanucaribe

Originally posted by: DragonMasterAlex
How can anyone *possibly* be surprised by this? Sony are bastards and they always have been. They lie and distort the truth worse than any company I've *ever* seen just to sell products. They make Microsoft look like a pinnacle of virtue, for Chrissakes.

There's a simple solution here, folks: Don't buy Sony products. Don't buy their music, their movies, their players, their games--don't give them your dollars. Make Sony pay for their crimes by taking away your monetary support. It will do more good than any government action will, and more importantly, it is within your power to *ensure* that Sony doesn't get your dollars. All you have to do is make a choice and then follow through on it.

Jason

Umm, no it won't do more good than government action. What makes you think Sony gives a damn about losing a few hundred sales a year?

I'm sure a major anal probe investigation by the National Security Agency and the Department of Defence would really wake up companys and their ideas to protect their content from Priates that do not exist(McCarthy anyone?). The DoD still uses Windows even on their classified systems(like the Admirals work station.). This little thing Sony has invented would by pass that security and can be a major threat to national security.

Just wait until some virus writer reverse engineres this API and uses it to infect alot of computers without anyone knowing about it. You though I Love you or Blaster was bad.

Just wait. Skynet is comming and we have Sony to thank.

 

[tinkakat]

thanks, great infor.:disgust:

 

[dmcowen674]

Sony backed off today realizing they could be charged for hacking.

Sony got so scared that they released a patch today to make the code unhidden and you can delete it.

Or was it because folks mentioned my name??? :shocked:

11-2-2005 Sony to offer patch to reveal hidden copy-protection software

SAN JOSE, Calif. ? After a chorus of criticism, Sony Corp.'s music division said Wednesday it is distributing a free software patch to reveal hidden files that automatically installed to hard drives when some of its music CDs were played on personal computers.
The offending technology was designed to thwart music piracy.

The controversy highlights the need for rules as to what content providers can and can't install on PCs to protect their property, said Russinovich, who is co-founder and chief software architect at Winternals Software, which specializes in advanced systems software for Microsoft Windows.

"We need to get some formality about what's legal, what's ethical and what's fair ? and what level of disclosure there needs to be," he said. "It's fine for Sony to say we're not going to do that now. What kind of guarantee do we have they're not going to do it at a future date or that other companies are not going to do this?"

 

[YoshiSato]

I think they can still be charged with computer security viloations.
The fact they released a fix does not undo the original crime.

 

[0roo0roo]

Originally posted by: dmcowen674
Sony backed off today realizing they could be charged for hacking.

Sony got so scared that they released a patch today to make the code unhidden and you can delete it.

Or was it because folks mentioned my name??? :shocked:

11-2-2005 Sony to offer patch to reveal hidden copy-protection software

SAN JOSE, Calif. ? After a chorus of criticism, Sony Corp.'s music division said Wednesday it is distributing a free software patch to reveal hidden files that automatically installed to hard drives when some of its music CDs were played on personal computers.
The offending technology was designed to thwart music piracy.

The controversy highlights the need for rules as to what content providers can and can't install on PCs to protect their property, said Russinovich, who is co-founder and chief software architect at Winternals Software, which specializes in advanced systems software for Microsoft Windows.

"We need to get some formality about what's legal, what's ethical and what's fair ? and what level of disclosure there needs to be," he said. "It's fine for Sony to say we're not going to do that now. What kind of guarantee do we have they're not going to do it at a future date or that other companies are not going to do this?"

thats not enough at all. everyone with a current cd and doesn't know will still be a victim. they need a recall.

another reason sony is scum. yay...

 

[n7]

I despise Sony, so here's yet another reason to add to a huge list of reasons to avoid their products.

 

[BDawg]

From the F-Secure link:

we still recommend that you contact Sony BMG using their web form and ask for permission to uninstall it.

Why the hell should you have to ask for permission to uninstall?

 

[mugs]

Originally posted by: YoshiSato
I think they can still be charged with computer security viloations.
The fact they released a fix does not undo the original crime.

It only installs itself permanently if you agree to the terms and conditions when you put the CD in, so presumably you're agreeing to allow it to be installed. I don't think they can get in any trouble.

 

[chcarnage]

Looks like even with Sony's patch, it's still a PITA to remove the rootkit:

http://www.theregister.co.uk/2005/11/03/sony_rootkit_drm/

Interesting that Sony begun this 8 months ago and sells 20 rootkit albums in the meantime...

 

[DragonMasterAlex]

Originally posted by: mugs

Originally posted by: DragonMasterAlex
How can anyone *possibly* be surprised by this? Sony are bastards and they always have been. They lie and distort the truth worse than any company I've *ever* seen just to sell products. They make Microsoft look like a pinnacle of virtue, for Chrissakes.

There's a simple solution here, folks: Don't buy Sony products. Don't buy their music, their movies, their players, their games--don't give them your dollars. Make Sony pay for their crimes by taking away your monetary support. It will do more good than any government action will, and more importantly, it is within your power to *ensure* that Sony doesn't get your dollars. All you have to do is make a choice and then follow through on it.

Jason

People aren't willing to do that. They all say the same about EA, but when there's a hot new game they still come back for that EA lovin'.

I'm not a fan of Sony myself - I sure as heck won't be buying any of their electronics due to the problems I've had. But who distributes the movies I want to see has no bearing on whether I see them.

Well, that's largely because people en masse are *STUPID*. Honestly, if they don't have the sense to boycott with their dollars, then F*CK 'em. The idiotic masses DESERVE to be anally raped if they're going to bend over for it like this.

I don't see many Sony movies at all, because they usually release *garbage* like "Stealth". What a joke.

Jason

 

[0roo0roo]

Originally posted by: mugs

Originally posted by: YoshiSato
I think they can still be charged with computer security viloations.
The fact they released a fix does not undo the original crime.

It only installs itself permanently if you agree to the terms and conditions when you put the CD in, so presumably you're agreeing to allow it to be installed. I don't think they can get in any trouble.

if its like i remember they instantly eject the cd if you refuse. making it impossible to play.

 

[Stark]

MS and the EFF should sue Sony's [butt] off.

first off, it's not ok to mess with the kernel. it makes MS look bad when people are already citicizing XP as a big buggy security black hole and they shouldn't stand for it.

Hacking a person's computer to force DRM isn't cool, and consumers should demand a full refund of the CD plus damages to have a tech from a computer shop reinstall their os for them... which can be upwards of $200-300 depending on the amount of stuff that needs to be reinstalled on the system.

Boy do I hate the MPAA, RIAA, Sony, and everything they stand for.

 

[Howard]

Originally posted by: mugs

Originally posted by: YoshiSato
I think they can still be charged with computer security viloations.
The fact they released a fix does not undo the original crime.

It only installs itself permanently if you agree to the terms and conditions when you put the CD in, so presumably you're agreeing to allow it to be installed. I don't think they can get in any trouble.

There's no mention of this software in the EULA.

EDIT: Never mind, the EULA was modified.

 

[TechnoPro]

Just curious, how many tech savvy people here could confidently remove that Sony DRM nonsense from a production machine? In looking at Mark Russinovich's procedure, what he did makes sense, but I would have had no clue how to go about removing it and then restoring the missing CD drive.

 

[chcarnage]

Originally posted by: Stark
MS and the EFF should sue Sony's [butt] off.

This idea spawned funny pictures in my head

 

[frankgomez75]

Originally posted by: mugs

Originally posted by: YoshiSato
I think they can still be charged with computer security viloations.
The fact they released a fix does not undo the original crime.

It only installs itself permanently if you agree to the terms and conditions when you put the CD in, so presumably you're agreeing to allow it to be installed. I don't think they can get in any trouble.

Sorry, but the EULA does NOT mention that the program will render your PC useless or destroy your OS if you try to remove said program. Furthermore, the EULA does not say that this so-called copy protection software will use up your CPU cycles even when you are not listening to a copy protected CD. The EULA is misleading, and implies that the program is disguised as a copy-protection program.

Just because you agree to installing a permanent copy protection software program onto your computer doesn't mean its legal. What if it used up 99% of your CPU cycles even when you're not listening to a CD? Than you decide to uninstall it only to find out that you can't because of the stupid EULA. Then you try to circumvent it and remove it because it is eating up precious CPU cycles and when you attempt to do so, yout OS gets hosed. Than what?

I doubt anyone would install this software if the EULA mentioned that your OS could be rendered useless or made your PC vunerable to hackers who figure out an exploit for this root-kit. This is obviously illegal and can be considered malware.

 

[Sunner]

Thanks Sony.
Sure it's not malware, it only hoses your system if you try to uninstall it on your own, and now it's being used for some other purposes as well.

 

[Siddhartha]

Originally posted by: Sunner
Did a search, so I hope it's not a repost.
Since there's a lot of Sony love in this forum, and with all the recent debates about DRM, I figured people might find this interesting.
Mark's blog on Sysinternals.

Not that Sony publishes any music that I actually care about, but if they did I sure wouldn't buy a single CD from them again, ever, legal or not.

Sony does not want me to buy their products. Their loss.

 

[Pabster]

It is even worse.

After further digging, Mark has found the Rootkit phones home with an ID for the CD being listened to. And who knows what else.

Story Here

:thumbsdown: to Sony, DIAF

 

[Schadenfroh]

This utility may remove it:

http://forums.anandtech.com/messageview...atid=33&threadid=1729871&enterthread=y

 

[Riceball]

Originally posted by: Pabster
It is even worse.

After further digging, Mark has found the Rootkit phones home with an ID for the CD being listened to. And who knows what else.

Story Here

:thumbsdown: to Sony, DIAF

Awfully deep hole sony is digging for itself.

 

[GeneValgene]

sony claims the rootkit was harmless....down with sony!

sony pwned

 

[PokerGuy]

And there you have it, predictably it did not take long before exploits appeared in the wild that take advantage of the malware installed by Sony BMG on the PC's of many unsuspecting users.

It will be interesting to see whether people will be able to sue Sony BMG in court (perhaps small claims court) to recover the cost of restoring their system to full functionality after damage caused by Sony's malware itself, or the exploits that will now be able to take advantage of the malware.

 

[MazerRackham]

Is there a list of the albums that had the rootkit installer on it?

 

[Mickey Eye]

According to the list it looks like I don't have it. Thats some relief. Is it bad that I feel some satisfaction that Celine Dion was one of the CDs?

The list!