I <a href="http://www.pocketpcthoughts.com/index.php?topic_id=44279">said yesterday</a> that would be my last post on Sony's rootkit/DRM fiasco, but I just had to update you on a few things.<br /><br />• First, <a href="http://www.sophos.com/pressoffice/news/articles/2005/11/stinxe.html">Sophos has identified an exploit</a> that will use the rootkit Sony installs. <br />• More important that that, Sophos has released their own tool that will <a href="http://www.sophos.com/support/disinfection/rkprf.html">remove the rootkit</a> and prohibit further installation. :rock on dude!: Get it while it lasts because I am sure the Sony legal team has warmed up their motion filing machine to ban the tool's use as there is no doubt they will claim it violates Sony's rights. Sony claims they want to help you remove the app, but after <a href="http://www.sysinternals.com/blog/2005/11/sony-you-dont-reeeeaaaally-want-to_09.html">reading the steps involved</a>, I'd be more inclined to reformat my hard drive than allow Sony ActiveX controls on my machine that send data back to Sony. :idontthinkso: <br />• Trend Micro <a href="http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/">calls the rootkit what it is, an infestation</a>. :rotfl:<br />• Did you know the <a href="http://www.gripe2ed.com/scoop/story/2005/11/10/03956/517">EULA that comes with the music</a> requires you to delete the music from your PC if you lose the CD, prohibits you from listening to it in certain countries and requires you to delete it should you file bankruptcy? <br /><br />You just can't make stuff this stupid up. :roll:

Sony is on drugs.

Sony is on drugs.
Yeah, pretty much.

--janak

First Trojan using Sony DRM spotted:
http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/

:idontthinkso: This is for real. :idontthinkso:

Wow. Sony have lost it big time. :lol:

The only way to get their attention of course is to not buy ANYTHING made by Sony. I am terribly upset I bought my last laptop from them. Good or not they do not deserve my business.

After doing a quick mental search of my technical equipment, I find I only own a Sony Handycam bought in 1998 - before all this rubbish started. That will be my first and last Sony purchase.

Another thing. Post on this everyday if needed. Keep shinning the light on them.

Another thing. Post on this everyday if needed. Keep shinning the light on them.

Really? :devilboy:

I bought a Sony BT headset five month ago. (Should have gone with the Jabba). Now I have *two* reasons to hide it from Ed. :wink:

The last Sony product I bought was a Clie NR70v back in 2001/2002. I sold it to a buddy of mine who's wife confiscated it for her own use. :D

I will never buy any Sony music again. I haven't in over a year when they started mentioning this crap. I don't like their licensing terms, and I won't subject myself to their abuse.

Sony wants to be all over my PC so that it can prevent me from copying or even listening to their music. They are violating MY rights by installing software on my computer that opens it up to attack/ exploit by hackers. Where's the class action lawyers when you need them?!?

Dang...I'm torn because I really like my PSP which, by the way, caused me to break my oath that I would never buy anything with a memory stick slot (stinkin' unwanted proprietary good for nothin' memory format) . And now we have this DRM thing. Sony was sitting at the top of my new TV list...maybe not so much now. :roll:

and requires you to delete it should you file bankruptcy?


WTF? I would LOVE to see that one hold up in court... :frusty:

Where's the class action lawyers when you need them?!?
http://www.theinquirer.net/?article=27508

I know this sounds like out of the frying pan and into the fire but I've just given my only Sony product, a Network Walkman, to my son and ordrered an iPod Nano! (Dont tell me I know..........)
My latest PCPRO magazine arrived today and is full of Vaio laptops to drool over but I just couldnt buy Sony anymore.
I think the suits at Sony have been taken over by little green men and gone totally loopy 0X

Ed, thanks for the link to the Sophos tool. This is really getting out of control. I am glad to read the State of California is actually bringing a lawsuit against Sony in this whole fiasco...

Slashdot has a list of the CDs (http://slashdot.org/~xtracto/journal/121088) Sony uses to distribute their trojan, as Sophos calls it.

The way I see it, Sony's PR department is going to be really busy in the next few weeks.... hopefully one of them will break the chain teathering them to their desk and hunt down an executive...

I feel a paper letter coming on telling Sony this issue has moved me to never again buy a Sony product of any type.

I hope that the US Sony BMG lot don't export their malware to the UK lot - I've got a CD that will be issued by them at the beginning of December on order from Amazon UK - Joseph McManners.

I wonder if this isn't a problem with missing class-action lawyers as much as it is laws that simply give corporations too much power at the expense of the consumers. We, as consumers, simply don't have as much clout (read: $$$) as the media weasels have, so our governments will just be too quick to give in to them rather than protecting us.

While I'm certainly in favor of content (and software) producers getting paid for their efforts, I can't say that I oppose the efforts of those who figure out ways around these bullsh*t schemes. :?

(BTW, the bankruptcy/garnishment/attachment clause is, I think, for the following scenario: You file for bankruptcy, surrender your PC with Sony's music stored on it, and someone else ends up with your PC and your music without ever having paid for the music or having agreed to the EULA. A very, very rare circumstance, I'm sure, but one that Sony's lawyers get paid much $$$ to think up then try to guard against.)

Too bad Sony's design engineers are matched up with the suits. They make some cool products but I stopped buying from them years ago because of the memory stick, EULA, etc garbage. It would be nice to see all the engineer's move over to some other company and begin designing products for a bigger market.

requires you to delete it should you file bankruptcy?

:deal:
What about divorce? That one should put them into system overload.

Btw, Ed, when was the last time you slept? :D

Btw, Ed, when was the last time you slept? :DI have found that with sufficient quantities of caffeine, sleep is no more a requirement than is brushing teeth. Both are just cultural things it seems. :morning:

and requires you to delete it should you file bankruptcy?


WTF? I would LOVE to see that one hold up in court... :frusty:

WHY? Why on Earth would they even come up with something like that? That's like saying if you lose your comb, dye your hair purple. It makes no sense, no connection between one and the other whatsoever.

I saw BugDude10's idea, but still, Sony's "reasoning" is to the point of ridiculousness.

and requires you to delete it should you file bankruptcy?


WTF? I would LOVE to see that one hold up in court... :frusty:

WHY? Why on Earth would they even come up with something like that? That's like saying if you lose your comb, dye your hair purple. It makes no sense, no connection between one and the other whatsoever.

I saw BugDude10's idea, but still, Sony's "reasoning" is to the point of ridiculousness.

All I can figure is that they believe you're going to buy their product on credit, then declare bankruptcy which will cause your creditors to not be paid, thus fail to pay Sony for the CD they sold you and while Sony loses tens of dollars, you rip the CD and sell it to unsuspecting individuals for a profit or worse yet - give it away. Now Sony may have lost literally hundreds (probably not thousands) of dollars on you and your cleaver scheme to make them go broke. At least that's how some lawyer who put that statement in probably saw it.

Or you could go with what seems to be the easier pill to swallow: Sony's execs have simply been replaced by aliens who wish to take over the world: one financially-able user's computer at a time. 0X

BTW, this finally seems to be getting some press at the mainstream news sites like foxnews.com and cnn.com. Since stories at sites like these are partially placed by the number of people clicking on them, I'd like to encourage everyone reading this to visit these news sites and read the stories. Hopefully that will help bring these stories to the forefront and get more public attention.

I don't know if this has already been pointed out in one of these Sony posts, but it seems that they've given this a lot of thought. Sony CEO Howard Stringer made the following comment back in 2001:

“Right now it would be possible for us, and I’ve often thought it would cheer me up to do it, you could dispatch a virus to anybody whose files contain us or Columbia records, and make them listen to four hours of Yanni ... but in the end we’re going to have to get serious about encryption and digital-rights management and watermarking.”

(Original article (http://news.zdnet.com/2100-9595_22-528796.html?legacy=zdnn))

If you suddenly hear Yanni blasting out of your speakers, now you'll know why.

http://apple.slashdot.org/apple/05/11/11/064215.shtml?tid=233&amp;tid=3

Another possible explanation for the bankruptcy clause is that, when one files bankruptcy, one is absolved of all contractual obligations; ergo, one would no longer be obligated to comply with the terms of the EULA. (Not that that would in any circumstance allow one to circumvent copyright requirements; $ony may think that enforcing the contractual obligations of the EULA would be easier than enforcing copyright law.)

It is highly unlikely that Jon's explanation is the correct one, simply because debtors would almost certainly not still be owing $ony for the CD purchase, but rather would be owing their credit card issuer, which would already have paid the merchant who sold the CD, which would already have paid $ony; as a result, the bankruptcy clause would almost certainly not be protecting $ony from the situation in which it doesn't get paid for music it already delivered.

Just call me "Matlock". :)

Another possible explanation for the bankruptcy clause is that, when one files bankruptcy, one is absolved of all contractual obligations; ergo, one would no longer be obligated to comply with the terms of the EULA.

So let me get this straight - if I file bankruptcy, I can ignore the EULA, which means that it telling me to do something in the event of bankruptcy, it really does no good now does it?


It is highly unlikely that Jon's explanation is the correct one

I realized this when I posted it, but adding that little explanation really mucked up my humor, so I took comedic-license and omitted it :wink:

I just sent a paper letter to Howard Stringer at SONY, effectively telling him that I have fired SONY as a supplier. Here is what I wrote:

Dear Mr. Stringer:
I am writing you to inform you that I have made a personal and business decision to no longer purchase anything from SONY. The reason I have chosen to do this is due to your organization’s recent decision to install intrusive and cloaked DRM software using the XCP technology with certain content protected compact discs. Since the software has created quite a stir among the technology community I am sure you are familiar with what I am talking about.

I understand SONY has decided to cease manufacturing such discs, no doubt due to the controversy, and I think this is a wise decision. Nonetheless, I must view your organization’s decision to use such extreme measures to protect your assets as an act of aggression towards your consumers, and I no longer feel your organization is above such deplorable actions. I have purchased many SONY products over the years, both for personal and business use, and I had recently standardized on SONY for the two organizations I manage, as well as several I consult for. I have now decided to completely eliminate SONY products from all hardware specifications, and I will no longer purchase any SONY tape and CD/DVD media as well.

As a CIO, this decision is not one I make lightly, since I must now take the time and energy to find alternative sources for the SONY products I use, but I feel that continuing to use SONY products now carries the very real possibility that I may jeopardize the security of my operations, due to the insidious manner in which SONY chooses to implement DRM measures. I can no longer be certain that SONY hardware, such as laptops, for example, do not contain hardware or software technologies that perform hidden DRM or other functions without my knowledge.

As I do with employees that I have put in a position of trust, once I no longer feel the employee can be trusted, I can no longer allow the employee to remain within my organization. SONY has now proven to me that it can no longer be trusted, so I must now fire your organization, terminating our relationship. It is my hope that you learn from your mistakes.

I wonder if this isn't a problem with missing class-action lawyers as much as it is laws that simply give corporations too much power at the expense of the consumers. We, as consumers, simply don't have as much clout (read: $$$) as the media weasels have, so our governments will just be too quick to give in to them rather than protecting us.
I hope I misunderstood your message. You are not implying that we don't have enough class action lawyers are you?

Personally, I think we have far too many. The class action suits against Sony have already started. If they succeed, the results will be that the lawyers will get hundreds of millions of dollars and the actual class members may get a few cents each!

Instead, I suggest that we consumers have much more power than you think. Law suits, no matter how much they cost are "non-recurring expenses" on corporate balance sheets, but consumers that stop buying a company's products are "negative sales growth". Believe me, far more corporate executives have been fired for the latter happening on their watch than for the former.

Once again, Sony's Sr. Management proves to be completely clueless while spreading misinformation. The lastest post indicates Sony fells it has the right to prevent consumers from illegally copying music to their computers. Never mind that, at least in the USA there is nothing at all illegal about consumers copying a CD to their computer for personal use.

With all of the crap the RIAA and MPAA make us go through to actually enjoy the stuff they want us to buy I am very close to boycotting all of it. No more DVD rentals or purchases, no more CD purchases, no more paid for DRM restricted music downloads, no more $8.00 ticket for 1/2 hour of ads at the movie theater. When they finally succeed in forcing the broadcast flag on my Tivo, I'll give up HBO and the rest as well. It will be fun to see them get what they want which is 2 guys in Gnome, Alaska who are actually willing to pay for the pleasure of being called a criminal by the companies they support. It really is time for consumers to put their foot down and this could be it. [/code]

(stupid question of the week:)

Sony believes it has the right to protect its property (ie. it's artistic content) from potential illegal missuse (ie. unauthorized copying) in advance of any such illegal activities, and without any prior probably cause to believe that a specific person (ie. a customer) is planning any such illegal misuse of their products, by introducing undisclosed components into it's customers' computers with the specific intent to modify it's customers' computers to make the computers incapable of performing such illegal activities.

This argument could also be used to protect other properties from other illegal missuse such as parents' right to protect their property (ie. underage daughters) from potential illegal missuse (ie. statutory rape) in advance of any such illegal activities, and without any prior probably cause to believe that a specific person (ie. a boyfriend) is planning any such illegal misuse of their products, by introducing undisclosed components into said boyfriend with the specific intent to modify the boyfriend's systems to make the boyfriend incapable of performing such illegal activities.

Saltpeter and/or Depo Provera soft-drink before you date my daughter?

:wink:

From here http://cp.sonybmg.com/xcp/english/uninstall.html :

"You will, though, be unable to use the disc on your computer once you uninstall the components."

Does this mean Sony will refund the cost of purchase, any delivery costs and charges for time wasted :devilboy:

Lots of possibilities for down the road problems. Consider the poor sap who buys a few CDs at a yard sale or flea market, then on running the things finds his computer security has been compromised. A few years down the road there are bound to be a host of malicious attacks exploiting this and perhaps other DRM measures, so it's all too likely we'll be seeing damaged/lost data and worse thanks to re-sold Sony BMG discs. Do you imagine Sony would accept any responsibility for that, in spite of the fact that the original warning (if any was ever there) is long gone, unknown to the new owner of the media? The EULA's significance will be lost on most people not versed in corporate screwup history.

There should be an anti-rootkit program made. Something distributable regardless of what anti-virus program one uses, a watchdog which specifically sniffs for any attempt to override user preferences and administrative control. Perhaps there is already? Of course, it'd probably end up needing constant updates to keep up with Sony et al and there ongoing efforts to thwart piracy in all the wrong places.

The real money is in two significant places, and Sony or whoever flapping their wings over end user copying is irrelevant to that. Online sales of tunes via illegal Russian and other sites will not stop any time soon, so long as people perceive in them a semi-legit option. And Asian pirated CDs and DVDs, complete with identical packaging right down to the do not copy warning, are a multi-billion dollar industry. No amount of DRM will stop that.
If the labels restrict copy protection too harshly two things will happen; bribes for master copies will grow to higher values tempting in-house theft all the more, and consumers will get even angrier as they find more and more fair use roadblocks. None of this is good for business.

So Sony, how about thinking a little differently? Why not try to be a market leader in openness? Offer your CDs for a fair price, based on surveys or focus groups or whatever you like. Include zero copy protection. Put a warning on every package, but not one which threatens and thereby alienates the consumers. Instead, how about something along the lines of 'Please don't copy this music for resale - feel free to copy it for your own use, and to share the odd track with a few friends. We will only be able to supply more music if we continue to make some profit, so help us out by treating us fairly, as we now treat you, our valued customer.'

There is a kit to help you detect rootkits installed on your machines by searching for the ways rootkits hide themselves from the OS:

http://www.sysinternals.com/utilities/rootkitrevealer.html

and Sophos released a tool to detect, disable, and remove the Sony code (which uses many of the techniques of viruses and trojans) as well as others of its type, and prevent its being re-installed:

http://www.sophos.com/support/disinfection/rkprf.html

(Ed noted both of these on the first page of this thread..)

Sorry, I missed the first one. Thanks for that.

Jon: I'm sure $ony thinks of the bankruptcy clause as an immediately-triggered event upon the filing of bankruptcy -- that is, as soon as you file, then the requirement to remove the music from the PC kicks in. However, you are correct that it is entirely ineffectual, as, once you file bankruptcy, $ony is almost certainly precluded from taking any action against you if, by some miracle, it discovered that you hadn't erased the music from your PC. ($ony probably included it for the few consumers who might actually believe they have some legal obligation to follow it. That doesn't mean it'll work.)

DaS: As an aside, I do think we have too few class-action lawyers, as they're often the consumer's only real weapon against the greedy and abusive corporations. Granted, if the new $ony DRM lawsuits succeed, the consumers involved may get very little (perhaps a free no-name anti-virus scanner three-month subscription for their PCs, or a coupon for $1.00 off a not-as-badly-DRM'ed CD in the future); however, $ony will have lost, and that will cost it (1) its own attorneys fees, (2) court costs (possibly significant, for a class-action lawsuit), (3) the class-action lawyers' attorneys fees, (4) whatever pittance it must give the consumers in the case (which may not be much per consumer, but will be multiplied by the number of consumers involved -- $1.00 off isn't much for one consumer, but multiply that by 500,000 members of the class, and it adds up), and, finally, (5) $ony will be forced to give up on this crappy DRM technique (that it probably paid good $$$ to license in the first place). Works for me!

And I disagree that the lawsuits won't be as effective as consumers speaking with their wallets. After all, if you're a fan of one of the artists in question, where else can you get their work? Or if you've invested a lot of $$$ in your PS/PS2/PSP/PS3, where else are you going to get games? The bad press is embarassing, which probably gets $ony's attention. The loss of sales is probably small, and $ony will probably anticipate making it up either in other areas or when other DRM methods are used instead of this one. But a good multi-million dollar class-action settlement or judgment, I think that's gotta sting. (Remember the Ford Pinto?) Of course, that's just my opinion; I could be wrong.

dma1965: I hope you're the CIO of Microsoft or GM or Citibank! That would certainly get $ony's attention!

DaS: As an aside, I do think we have too few class-action lawyers, as they're often the consumer's only real weapon against the greedy and abusive corporations.
Unfortunately, we don't have anyone to protect us from the greedy and abusive class action lawyers!

Sadly, the corporations never really pay the ultimate price, the consumers you claim these lawyers help are the ones that pay in the end. The consumers get little or nothing from these cases (most members of the classes don't bother to collect their tiny share) but the lawyers rake in tens or hundreds of millions of dollars. The cost of these cases are ultimately passed on to the very consumers the lawyers claim to be protecting.

So in the end, the consumers lose twice: once for the original loss, and a second time to pay for the cost of supporting all the lawyers that are charging $500/hour while claiming to be helping the "little guy".

Let's not forget that in order to extract the most money from the cases, the lawyers on both sides will drag the case out for many many years. Instead, consumers being vocal have managed in this case to get the corporation to change its policy (for now, and of course they will have to be continually watched like a hawk) and this happened within weeks of the discovery of the root kit rather than years!

Or just wait until December 6. Microsoft Update will remove it for you.

http://blogs.technet.com/antimalware/archive/2005/11/12/414299.aspx

Or just wait until December 6. Microsoft Update will remove it for you.


but its so much more fun to tell Sony to shove it! :wink:

http://informationweek.com/story/showArticle.jhtml?articleID=174300104

http://informationweek.com/story/showArticle.jhtml?articleID=174300104

I hope Sony continues to learn the hard way. Let's see where their PS3 takes them. ;)

I hope Sony continues to learn the hard way. Let's see where their PS3 takes them. ;)

Ouw, ooooouw. That's a Bad place! :wink: