Advertisement
How to add spoiler tags, edit posts, add images etc. How to - a user's guide to the new version of Boards
Mods please check the Moderators Group for an important update on Mod tools. If you do not have access to the group, please PM Niamh. Thanks!

Sony, Rootkits and Digital Rights Management Gone Too Far

Comments



  • This should really be in AH so more people are aware of what Sony are doing. I just nearly posted it there myself, having forgotten that it was here I picked it up.

    I've seen people say they won't buy $blah's products over such-and-such in the past and often thought they were overreacting. In this case though, I won't be buying anything made by Sony for a while. This is just plain offensive.

    I tried writing to Sony's CEO earlier, but I couldn't guess his email address.

    adam




  • ARGH!!! That stuff makes me blood boil. And my girlfriend wonders why i don't let her play any of her music cds on my computer.




  • No more sony CD's in my house owned by me or my girlfriend!

    Let everyone know if you manage to get a e-mail or postal address for Sony CEO or the head of operations in Ireland, would be nice to let them know they're going to loose alot of tech savy consumers.




  • The software is created by a UK company, First 4 Internet Ltd.
    Another analysis if the software is is listed here.

    F-Secure Virus Descriptions : XCP DRM Software
    http://www.europe.f-secure.com/v-descs/xcp_drm.shtml

    I would recommend that NO-ONE under any circumstances buys any cd's produced by SonyBMG until this issue is thoroughly investigated and resolved, or you could render functions on your computer inoperative.




  • You'll mis out on the next Kris Kros if you stop buying their muck.
    Sony Music are in Embassy House IIRC - direct a strongly worded letter and CRO will probably get back to you?


  • Advertisement


  • In a way it seems like the record companies don't want our business anymore. At least that's what they're risking here.




  • Nice find... tbh I hope they get reemed for it.




  • Brian Krebs has some more information neatly summed up.
    http://blogs.washingtonpost.com/securityfix/2005/11/sony_raids_hack.html




  • Yeah -

    Badly written software using Malware tricks like pretending to be part of windows. It is very difficult to remove, and you may disable the by CD removing it. Also runs in safe mode so if it dies you may not be able to boot into windows again. Slows the computer by 1-2% too.


    It also has no uninstall option - this is really interesting because under the terms of the EULA you have to remove it all when EULA terminates - will they insist on drives being formatted ??

    http://www.sysinternals.com/blog/sony-eula.htm
    Article 1 2. The DIGITAL CONTENT and the SOFTWARE contained on this CD are sometimes referred to herein, collectively, as the “LICENSED MATERIALS”.

    Article 9
    3. Upon the expiration or termination of this EULA, you shall immediately remove all of the LICENSED MATERIALS from your personal computer system and delete or destroy them, along with any related documentation (and any copies thereof) that you may have received or otherwise may possess.
    Wonderful - thread on Computers http://www.boards.ie/vbulletin/showthread.php?t=319161


  • Advertisement


  • It is sad to see what was once a great company decending to the level of thieves and crooks. Surely they would do better if they dumped the whole music thing and concentrated on making the decent high quality equipment that they used to be so famous for.

    Has any of the mainstream media reported on this apart from the omnipotent BBC? I find their most recent article interesting, where they mention Sony could have left themselves open for prosecution due to making unauthorised changes to users machines. Maybe in Ireland we could use the Criminal Damage Act 1991:
    2.—(1) A person who without lawful excuse damages any property belonging to another intending to damage any such property or being reckless as to whether any such property would be damaged shall be guilty of an offence.
    and
    "property" means—

    ( a ) property of a tangible nature, whether real or personal, including money and animals that are capable of being stolen, and

    ( b ) data.




  • http://arstechnica.com/news.ars/post/20051101-5514.html
    Heaven help you if you're running a beta of Vista. Sony's application will utterly hose your Vista install.
    Why should microsoft have to fix this problem ?
    And if they do will it defeat the copy protection mechanism - renderning the whole excerise pointless.

    But the issue is that old software could trash a newer OS, or do Sony & co. feel they can second guess the future development of software ?

    Also the increased use of embeded OS's in consumer devices means that in future your home entertainment system could be trashed.

    Before anyone says you have to click on the agreement, remember most people will without reading it. They only ask out of politeness, they could put a note on the cover that says , "use of this product is subject to conditions" , and let an autorun do the install.




  • Well, for the moment anyway. Until you catch us at our next trick, a la Dick Dasterdly.

    http://www.digitmag.co.uk/news/index.cfm?NewsID=5278




  • That program only removes the CLOACKING of the files not get that crap outta your comp. :(




  • http://cp.sonybmg.com/xcp/english/updates.html
    This component is not malicious and does not compromise security. ... includes all fixes from the earlier Service Pack 1 update.
    It does compromise security by cloaking files, something that other malware writers might exploit later. http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
    I studied the driver’s initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with “$sys$”.
    Also Sony admit to "fixes" - this in a component that could potenitally prevent windows booting up in safe mode, and will it work with Longhorn ??




  • have you folks had any experience with the starforce copy protection on some of the newer games?

    it seems to install drivers which are also badly written, seem to be incompatible with alot of the older CDROM drives, and probably has similar processes masked in the operating system.

    I always pay for all my pc games, but games that have that starforce copy protection system.. It nearly puts me off buying them.




  • More news form the EFF about the EULA that you must agree to before using the CD!
    Here
    Now the Legalese Rootkit: Sony-BMG's EULA
    November 09, 2005

    If you thought XCP "rootkit" copy-protection on Sony-BMG CDs was bad, perhaps you'd better read the 3,000 word (!) end-user license agreement (aka "EULA") that comes with all these CDs.

    First, a baseline. When you buy a regular CD, you own it. You do not "license" it. You own it outright. You're allowed to do anything with it you like, so long as you don't violate one of the exclusive rights reserved to the copyright owner. So you can play the CD at your next dinner party (copyright owners get no rights over private performances), you can loan it to a friend (thanks to the "first sale" doctrine), or make a copy for use on your iPod (thanks to "fair use"). Every use that falls outside the limited exclusive rights of the copyright owner belongs to you, the owner of the CD.

    Now compare that baseline with the world according to the Sony-BMG EULA, which applies to any digital copies you make of the music on the CD:

    1. If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.

    2. You can't keep your music on any computers at work. The EULA only gives you the right to put copies on a "personal home computer system owned by you."

    3. If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside.

    4. You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.

    5. Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm.

    6. The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD.

    7. If you file for bankruptcy, you have to delete all the music on your computer. Seriously.

    8. You have no right to transfer the music on your computer, even along with the original CD.

    9. Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.


    So this is what Sony-BMG thinks we should be allowed to do with the music on the CDs that we purchase from them? No word yet about whether Sony-BMG will be offering a "patch" for this legalese rootkit. I'm not holding my breath.








  • The spyware that Sony installs on the computers of music fans does not even seem to be correct in terms of copyright law.
    It turns out that the rootkit contains pieces of code that are identical to LAME, an open source mp3-encoder, and thereby breach the license.

    http://dewinter.com/modules.php?name=News&file=article&sid=215.


  • Advertisement


  • Sony Shipping Spyware from SunnComm, Too
    http://www.freedom-to-tinker.com/?p=925




  • WizZard wrote:
    More news form the EFF about the EULA that you must agree to before using the CD!
    Here

    I have to admit that all that is an eye-opener, especially the highlighting of the ownership of the CD. Didn't realise that at all.:eek:


Advertisement