exhibit #1 Sony infects your computer :
Play a legally purchased Sony BMG Music CD on your computer, and it installs hidden rootkit-based DRM backdoor software.
What’s a RootKit? A rootkit is a set of virus-like tools frequently used by hackers to conceal running processes and files from diagnostic and security software. This helps an intruder maintain access to a computer for malicious purposes. Rootkits are often very difficult to detect and trying to remove them can damage a computer’s operating system.
Here’s the story of how they got caught, did not apologize -Thomas Hesse, President of Sony’s Global Digital Business, literally said: “Most people, I think, don’t even know what a rootkit is, so why should they care about it?“, – but then “updated†their software, to questionable effect: (SonyBMG and First4Internet Release Mysterious Software Update).
The Electronic Frontier Foundation (EFF) shows you how to tell if you are Infected by Sony-BMG’s Rootkit. Here’s the list of XCP infected CD’s not to buy : Trey Anastasio – Shine; Celine Dion – On ne Change Pas; Neil Diamond – 12 Songs; Our Lady Peace – Healthy in Paranoid Times; Chris Botti – To Love Again; Van Zant – Get Right with the Man; Switchfoot – Nothing is Sound; The Coral – The Invisible Invasion; Acceptance – Phantoms; Susie Suh – Susie Suh; Amerie – Touch; Life of Agony – Broken Valley; Horace Silver Quintet – Silver’s Blue; Gerry Mulligan – Jeru; Dexter Gordon – Manhattan Symphonie; The Bad Plus – Suspicious Activity; The Dead 60s – The Dead 60s; Dion – The Essential Dion; Natasha Bedingfield – Unwritten; Ricky Martin – Life.
update: Sony has fessed up to infecting twice the number of albums with the XCP rootkit
If your are a fan of these bands, tell them how upset you are. If you really want to get their attention, tell them you will NOT buy they albums until they are safe”.
exhibit #2 Movie Theatres as Police States come to Toronto :
a first-hand report of someone with a purchased ticket asked to submitted to the search, and have their cellphones taken from them, and theatre placed under surveillance during the movie. (Via Accordion Guy, and Boing Boing)
Add to that:
sloppy Lawsuits against people who’ve never heard of file-sharing, P2P or MP3s (So sorry disabled single mom on Social Security disability, hand over your life savings now), and DRM software that deletes previously recorded TV shows in one case just before the DVD’s were released (So sorry, It’s just a bug).
wrt the oppressive, and frankly obnoxious, tactics , All Peer comments :
And here I was postulating that cinemas would be okay in the digital media future because their offer a unique “event†experience. If the event in question involves body cavity searches, however, folks may prefer to stay home and crowd around the 80-inch plasma with a DVD, or even a BitTorrent download if the powers-that-be won’t let us get new releases legally.
What is going on here?
Have they gone mad, or are to so desperate (fearful?) to protect their product (earnings) that they are resorting to mistreating their best customers? Can you say “cutting off your nose to spite your face†Is this even legal? See Michael Geist on Sony, DRM and Canadian Law. Sony is now being sued over this in Italy, and California.
The irony is that the Canadian Recording Industry Association has tried (badly) to link free downloading as a gateway crime leading to bigger illegal things. How is Sony’s P2P Malware different and what will this lead to? Why are doing their very best to wreak the experience, and give people a reason it find other entertainment? Will this lead to a golden age of book reading and live music? Was this the intention.
Have they forgotten that their “product†is entertainment, and is that why they are acting like the have an “entitlement�
Time to talk to your local and federal elected representatives? Until then, entertainment industry : Get your hands off my computer, my person, and my law.
Updates:
- Sony-BMG’s EULA is a Legalese Rootkit to rob you of your ownership of the CD you payed for.
- If you thought that Mac’s were safe from Sony Music CDs, Think again.
- Mike Evangelist (great name!) writes about the war between music companies and their paying customers in DRM – Digital Rights Minimization! and takes an oath too From this day forward I will never spend a another dime on content that I can’t use the way I please.
- Check out the Declaration of Consumers Digital Rights!
- Bruce Schneier covered Sony Secretly Installs Rootkit on Computers on November 1st and has followed up with More on Sony’s DRM Rootkit
- Canada’s Globe and Mail cover the story today (Nov 11th) : Sony BMG shoots itself in the foot while firing against music pirates, Company’s new CDs said to make PCs vulnerable to hackers, crippling virus, with a RootKit 101 inculded (take that Thomas Hesse!). part of which I’ve reproduced above 9sse “what’s a rootkit?”).
- G&M columist Jack Kapica points out “ the Digital Millennium Copyright Act, the American legislation protecting copyright, makes it illegal to tamper with technological protection measures (TPMs). Canada’s Bill C60 seeks to do the same thing. It’s not likely that Sony is going to sue anyone for removing its own TPM, but in theory, Sony could.” Another thing wrong with TPM’s!
- Nov 11: A small victory in the “War on Gangster Media”! Sony Pulls Controversial Anti-Piracy Software. The priceless quote of the day : Stewart Baker, the Department of Homeland Security’s policy czar warned would-be DRM makers: ‘It’s very important to remember that it’s your intellectual property — it’s not your computer. And in the pursuit of protection of intellectual property, it’s important not to defeat or undermine the security measures that people need to adopt in these days.’ From the Washington Post warned Stewart Baker, the Department of Homeland Security’s policy czar.
- Don’t forget Sony’s *other* malicious audio CD trojan, plus if you do manage to unistall thier crapware Sony’s malware uninstaller leaves your computer vulnerable, and word that Sony’s rootkit infringes on software copyrights – clearly they only value ‘thier’ rights not yours or others. They will even tell you how to break their own DRM.
- Cory’s put together a Sony anti-customer technology roundup and time-line summing up Sony’s jaw-dropping contempt for their customers, for copyright law, for fair trading and for the public interest.
- The Electronic Frontier Foundation (EFF) sends An Open Letter to Sony-BMG: Dear John : you broke it, you oughta fix it
- Link back to Claire Wolfe for Unintended consequences of Sony’s screwed up rootkits
- It gets worse : Sony’s Web-Based Uninstaller Opens a Big Security Hole and the Sony / xcp-aurora rootkit have infected at least one machine on more than 500,000 networks , including military and gov networks! Way to go Sony! Script kiddies have nothing on you. Perhaps Sony should be charged with compromising National Security (pick a country, any country)?
- via Boing Boing we have Sony’s non-apology for compromising your PC
- Check out the “Sory Electronics” site
Every dollar spent on a Sony product sends a message that you are OK with a corporation who spies on your personal computer habits and opens up your PC to malicious hackers. Remember that every time you use a Sony product they kill a kitten! (kidding) - Will this spark a DRM-related backlash? All Peer thinks so DRM is Dead and relates stories about companies used to “protect†their software by hacking floppy disk drivers and the like on a very low level., plus Open Source Lessons for Digital Media
- Wired Mag : Where were the computer-security and Anti-Virus companies? The Real Story of the Rogue Rootkit . A tale of extreme hubris, beyond the disdain that Sony demonstrated for its customers. And where was MicroSoft?
Now we have an Anti-Virus Firm admiting that current methods can’t catch things like Sony’s rootkit, which is why I use (on a win box) a personal firewall, registry protection, and anti virus. (and even then no guarantees)
- Nov 21 update : Via Boing Boing we have Insider word of DRM being increaing discredited at Sony :
Some of the top Sony BMG artists who had XCP placed on their CDs are complaining directly to the label heads, furious that it will hurt their relationship to their fans and their sales as they go into the massively important Christmas season. Add that to rising number of anti-DRM voices within in the company who have been against DRM as only hurting “the people that are doing the right thing and buying our music.” This all means that some of the label heads are finally starting to believe that DRM is just bad for business.
Now they are starting to stand up to the corporate leaders who are pushing DRM as the solution to their sliding revenue, particularly Thomas Hesse who notoriously said “Most people don’t even know what a rootkit is, so why should they care about it?”
At least of the label heads has threatened never to allow another CD to go out with DRM again.
Which can’t be (completely) dismissed as spin.
- In the “I don’t have a clue” department, RIAA (Recording Industry Association of America) President Cary Sherman thinks “Lots of companies secretly install rootkits! It’s no biggie!“.
- Chris Linfoot has pointed me to Gaffer tape defeats Sony DRM rootkit (which is not without own it’s problems), but really better solutions are a) don’t buy their product, and b) disable Windows autorun.
- Having trouble keeping track of Sony anti-customer attack software? No more ! Via Boing boing we have the a ‘checklist feature comparison’ of Sony BMG – malware
- and the Sony Rootkit DRM Roundup Part III for November 21
- November 29th: On Oct 4 Sony BMG was alerted by F-Secure , a Finland-based antivirus company, to the secret, virus-vulnerable software on its CDs, but didn’t act immediately to alert consumers. (Sorry, we thought “rootkit” was Finnish for “congratulations on your DRM scheme”)
- New York’s Attorney General has turned his attention to Sony BMG’s copyright-protection fiasco. Texas Attorney General Abbott has already filed a suit against Sony BMG, and The Electronic Frontier Foundation (EFF) is bringing a class-action against Sony!
- Boing Boing highlights the Pre-history of the Sony rootkit: asking how to cripple CD drives and asking for free code to lock up music.
- the Boing Boing No Xmas for Sony protest badge , added to Side Bar… lining to Mark Russinovich’s Sysinternals blog so you know why.
- Dec 5th: Thoughtful op-ed peice on NY Times :Buy, Play, Trade, Repeat By Damian Kulash Jr. ( lead singer of “OK GO” who’s second album came out this summer : Oh No) talks about “Conscientious fans, who buy music legally because it’s the right thing to do, just get insulted…As for musicians, we are left to wonder how many more people could be listening to our music if it weren’t such a hassle…Luckily, my band’s recently released album, “Oh No,” escaped copy control, but only narrowly.…it’s good to hear from a working musician on this….also via Boing you can read his angrier and longer thoughts on The DRM Hullabaloo, ie, “DRM just flat out sucks. which looks like it was the NYT piece before it was edited for lenght and “tone”.
Note that the rootkit is now being exploited by at least one virus:
http://australianit.news.com.au/articles/0,7204,17210836%5e16123%5e%5enbv%5e,00.html
Even when DRM isn’t dastardly and harmful, it’s awfully clumsy. Itunes is a lot more awkward than it should be.
Pingback: tdaxp