Sony pwns your computer part II
November 12, 2005 12:48 PM   Subscribe

Sony steps in it again. In the midst of the uproar about the Sony rootkit previously mentioned here, J. Alex Haldeman found a second sneaky piece of work in Sony CD's. It's pretty clear now that the only safe way to listen to music from Sony is to steal it. [via]
posted by pjern (71 comments total)
 
What is this "CD" thing and why would one "buy it?"
posted by chasing at 1:02 PM on November 12, 2005


I love the irony that the CD that messed Mark Russinovich up was called 'Get Right with the Man' by the Van Zant bros.
posted by alteredcarbon at 1:10 PM on November 12, 2005


F*ck Sony.
posted by clevershark at 1:21 PM on November 12, 2005


clevershark, it's OK to just say "Fuck Sony". In fact, it's quite liberating.
posted by mr_crash_davis at 1:44 PM on November 12, 2005


Generally I prefer to use an asterisk; ultimately I think it draws even more attention to the word.
posted by clevershark at 1:50 PM on November 12, 2005


It is comical how all this only affects people who legally bought the cds in the first place.
posted by 13twelve at 1:53 PM on November 12, 2005


FUCK SONY.

Oh, man, Crash. You're so right.

F*CK SONY.

Whoa, clevershark's right, too. This feels fantastic.
posted by S.C. at 2:01 PM on November 12, 2005


...all this only affects people who legally bought the cds in the first place.

Ha. I hadn't thought of that. That is rather hilarious.
posted by armoured-ant at 2:09 PM on November 12, 2005


Well, it's common knowledge that the Sony hardware folks are in constant conflict with the Sony entertainment folks, becaues less content protection means better hardware features, while more content protection (purportedly) means better content sales. Maybe Sony Hardware just has a mole in Sony Content feeding them bad advice. A little intracompany espionage.
posted by Bugbread at 2:21 PM on November 12, 2005


(Note: above is not serious conspiracy theory, just flight of fancy. I do not wear metallic headgear)
posted by Bugbread at 2:24 PM on November 12, 2005


I tend to buy on vinyl when possible and make an illegal download to put on my iPod. In fact, when I do buy a CD it often remains shrink-wrapped as I already had a high-bitrate copy a month or two before the release date. (And when I do buy something, I try to buy it directly from the artist (on tour or if they do their own mail-order) so they get a greater slice of the pie.) I'm clearly the kind of despicable criminal that Sony would love to put a stop to, but this kind of stunt doesn't inconvenience me in the slightest, because on the rare occasions I do rip my own MP3s from CDs I've bought, I use a Mac. So *FUCK* SONY.
posted by nowonmai at 2:26 PM on November 12, 2005


Fuck S*ny.
posted by Falconetti at 2:29 PM on November 12, 2005


nowonmai : "I'm clearly the kind of despicable criminal that Sony would love to put a stop to, but this kind of stunt doesn't inconvenience me in the slightest, because on the rare occasions I do rip my own MP3s from CDs I've bought, I use a Mac."

To be fair, this doesn't stop people like you who use PCs either. It doesn't prevent downloading of mp3s.
posted by Bugbread at 2:32 PM on November 12, 2005


It is comical how all this only affects people who legally bought the cds in the first place.

Isn't that the problem with all DRM? Have any of these programs ever once prevented something from being pirated? The only person ever affected by these programs are the legitimate consumers without the technical knowledge to illegally remove the restrictions.

I might understand a corporation's desire to use these programs if they actually prevented piracy. Since they only hurt consumers I can't even feel sympathy for their position. And I want to feel sympathy for the victim of theft.
posted by aburd at 2:32 PM on November 12, 2005


nowonmai:

Don't worry, suncomm -- the developer of the rootkit -- has a Mac OS X version too. There's a HFS partition on the CD with a program that installs kernel extensions, smething that requires you to Authenticate with your password.
posted by blasdelf at 2:32 PM on November 12, 2005


It makes me glad to be running on an all-FreeBSD setup now...
posted by clevershark at 2:34 PM on November 12, 2005


Well it's all a vicious circle isn't it? if there was no piracy there'd be none of this crap, if there was none of this crap... well no, there would still be piracy. Nevermind.
posted by funambulist at 2:36 PM on November 12, 2005


These are not CDs. These are Copy Control discs and do NOT conform to the Compact Disc standard.

Don't reinforce media corporations misuse of language by calling these discs CDs.
posted by Rothko at 2:36 PM on November 12, 2005


clevershark : "It makes me glad to be running on an all-FreeBSD setup now..."

It makes me glad that I always turn off Autorun when I install Windows.
posted by Bugbread at 2:36 PM on November 12, 2005


It's pretty clear now that the only safe way to listen to music from Sony is to steal it.*

*Copyright infringement is not theft. Dowling v. United States. 1985.
posted by eddydamascene at 2:37 PM on November 12, 2005


rothko "These are not CDs. These are Copy Control discs and do NOT conform to the Compact Disc standard. "

Is that the case for these? (Not a disagreement, just a question). I was under the impression that some copy control discs use corrupted data, which breaks redbook compliance, and therefore makes them no longer compact discs, but that some have extra data in addition to the fully redbook compliant data, and are therefore in conformance with the compact disc standard.
posted by Bugbread at 2:39 PM on November 12, 2005


I cleverly disabled Sony's rootkits and spyware by turning off Windows' "Autorun" feature.
posted by punishinglemur at 3:09 PM on November 12, 2005


It is true that all these things that Sony has done are Bad and Awful....

But there are a number of computer games that do things like install special system drivers in an effort to prevent piracy of their game on your system, or demand things like not having certain pieces of software, not for reasons of compatibility (although they may hide behind such reasons as an excuse for refusing to run) but in order to prevent copies from being made or to prevent cheating.

Note that the linked-to page discusses an OLD piece of Sony anti-copying "technology," dating back to 2003. Why didn't anyone complain about it then? Well, I'm pretty sure they did, and loudly, but the public either didn't know about it or they dismissed those folks as kooks. It might not be as easy to demonstrate as naming a folder something beginning with $sys$, but just because it doesn't have an easily-observable effect doesn't mean it doesn't have one.

Sony's rootit DRM is simply the most recent step taken by a corporate media culture that's paralyzed in fear over what users might do once they get their grubby mitts on their stuff.
posted by JHarris at 3:13 PM on November 12, 2005


Yes
posted by furtive at 3:29 PM on November 12, 2005


It's a good thing I never, ever pay for music and never plan to again. I get stuff months before it comes out at super high bitrates, burn it to CD and give copies to all my friends. Haha! Fuck you, Sony!
posted by Dean Keaton at 3:32 PM on November 12, 2005


Also, Norton has agreed to recognize the rootkit as a "virus" but it won't delete it(!) because they made an agreement with Sony. What will happen instead is that you will be taken to a webpage at Sony where you can download another piece of software to remove the rootkit. Thankfully free (read: AVG, etc) antivirus programs have been updated to treat it for what it is, and that is malicious software.

By the way if any of you are playing games that have copy protection and want to be able to copy them or not be forced to use weird drivers for your CD-Roms, this is a great place to go:
www.gamecopyworld.com
posted by Dean Keaton at 3:35 PM on November 12, 2005


And I want to feel sympathy for the victim of theft.

This has already been said, but:
Copyright infringement != theft.

This doesn't mean copyright infringement isn't a crime, and it is no statement about the relative seriousness of the two crimes. For example, raping a virgin is not theft even though one might say that the perpetrator "stole her virginity".


Of course, copyright infringement != rape, either.
posted by spazzm at 3:41 PM on November 12, 2005


From Supreme Court Justice Harry Blackmun (Dowling v. the United States):

"It follows that interference with copyright does not easily equate with theft, conversion or fraud. The Copyright Act even employs a separate term of art to define one who misappropriates a copyright: "Anyone who violates any of the exclusive rights of the copyright owner," that is, anyone who trespasses into his exclusive domain by using or authorizing the use of the copyrighted work in one of the five ways set forth in the statute, "is an infringer of the copyright."
posted by Jairus at 3:57 PM on November 12, 2005


Of course, copyright infringement != rape, either.

What? Its not?


You'd think with all the time and effort gone into preventing it, that its at least as important.
posted by [insert clever name here] at 4:02 PM on November 12, 2005


Next, buy a "CD" and have a Sony representitive personally come by and rape you .
posted by Balisong at 4:04 PM on November 12, 2005


Then, after you submit the information the site takes you to a page that notifies you that you’ll be receiving an email with a “Case ID”. A few minutes later you receive that email, which directs you to install the patch and then visit another page if you still really want to uninstall. That page requires you to install an ActiveX control, CodeSupport.Ocx, that’s signed by First 4 Internet, enter your case ID and fill in the reason for your request. Then you receive an email within a few minutes that informs you that a customer service representative will email you uninstall instructions within one business day.

When you eventually receive the uninstall email from Sony BMG support it comes with a cryptic link in the form http://www.xcp-aurora.com/support/sonybmg/process.aspx?opt=1&id=XYAUfasSFoSdasfDoFPPEWFFEoibnaZPQlSfFgKGSGGIAAAAAAAAAAA (I’ve modified the link so it doesn’t work) to your personalized uninstall page. Interestingly, the email address has a confidentially notice, which implies to me that Sony has something to hide, and it informs you that the uninstaller will expire in one week.
posted by Dean Keaton at 4:09 PM on November 12, 2005


It's pretty clear now that the only safe way to listen to music from Sony is to steal it.

Or not. Listen, that is. So many fish in the see.
posted by Dick Paris at 4:18 PM on November 12, 2005


Balisong writes "Next, buy a 'CD' and have a Sony representitive personally come by and rape you ."

They only do it figuratively now.
posted by clevershark at 4:23 PM on November 12, 2005


This doesn't mean copyright infringement isn't a crime, and it is no statement about the relative seriousness of the two crimes

The statement being that obtaining an illegal copy of a copyrighted material is a far less serious crime than theft.
posted by eddydamascene at 4:24 PM on November 12, 2005


The statement being that obtaining an illegal copy of a copyrighted material is a far less serious crime than theft.

Indeed.
posted by Rothko at 4:27 PM on November 12, 2005


It's pretty clear now that the only safe way to listen to music from Sony is to steal it.

Are Sony's "artists" worth stealing revenue from? Honestly?
posted by Rothko at 4:28 PM on November 12, 2005


I think you got your spacing wrong; it should be: Copyright infringement! = theft. However, here the moral compass swings way away from Sony. Go ahead and steal their so called music without guilt. I never put music CDs into my computer so I could care less personally about their root-kits and other vile nonsense. I hope, however, that the lawsuits cost them a lot of money, and worse, a lot of bad press. Right now pretty much only the geeks (you know the types who know what != means) know about Sony's bad behavior. I want the world to know, for their music sales to dry up and for their music division management to all get fired. This sort of crap should be criminal. Am I pissed, oh yeah. Imagine if I actually played music CDs in computers rather than just in dedicated CD players.
posted by caddis at 4:31 PM on November 12, 2005


**** ****!
posted by papakwanz at 4:34 PM on November 12, 2005


All my music comes from small labels that don't use copy protection, or from Emusic in the form of non-DRM VBR mp3 downloads, or in the form of free sharity exotica downloads of obscure out of print weirdness. So Sony can go ahead and keep destroying their own business model, or fucking their own eyesockets with sharpened stakes, or however you want to characterize these actions... doesn't affect me at all.
posted by fleetmouse at 4:37 PM on November 12, 2005


I hope someone takes them to court. If they want to behave like crackers, they should get thrown in jail. Class action law suit?
posted by Hildegarde at 4:44 PM on November 12, 2005


I heard that the new buzzed-about Neil Diamond CD has this software installed. No cite, but beware.
posted by smackfu at 4:54 PM on November 12, 2005


The company is called Sony BMG. Sony own 50%. The other half is owned by Bertelsmann, who appear to be successfully avoiding any bad press over this because everyone knows who Sony is.

Fuck Sony and Bertelsmann. That's who to fuck.
posted by Pretty_Generic at 5:09 PM on November 12, 2005


I haven't tested it, but it's been said AnyDVD will work a treat. I just love it's ability to skip past commercials and straight to the root menu, as well as it's removal of prohibited ops.
posted by Samizdata at 5:16 PM on November 12, 2005


A few Items I would like to pitch in here:

I believe that Symantec now identifies the vulnerablity created by the rootkit's installation, and now can stop viruses from exploiting it.

First off, There are actually two forms of DRM being used by Sony:

One is by First 4 Internet, which is the one Mark R. from Sysinternals detailed.

The other is an earlier form of DRM from SunComm that acutally, phones home (and so is considered Spyware).

Sony is being sued by the state of California for violation of that state's spyware laws.

What I find to be the most interesting is that by using this form of DRM, they are actually hurting their consumer base. What happens when this trickles down to the phrase "Is that CD from sony? you know they install Spyware on your machine." It's like the more they fight it, the worse they make it for themselves and for the entertainment industry as a whole.

After paying 1000% markup to the music industry for roughly 20 years, I'm quietly enjoying watching the music industry corps twist in the wind.

One final note: you can't copy protect vinyl. Buy vinyl, love vinyl, mmm, vinyl. Oh, wait did I just say that out loud?
posted by djdrue at 5:47 PM on November 12, 2005


Vinyl rules
posted by caddis at 5:57 PM on November 12, 2005


Just saw this at PFM.

Also, vinyl lovers, something of note: Merge Records recently announced that vinyl copies of some of their artists records will have a piece of paper inside with a one-time-use code to download high quality digital versions of the album via their web site.
posted by dobbs at 6:17 PM on November 12, 2005


Also, Norton has agreed to recognize the rootkit as a "virus" but it won't delete it(!) because they made an agreement with Sony.

The company is called Sony BMG. Sony own 50%. The other half is owned by Bertelsmann, who appear to be successfully avoiding any bad press over this because everyone knows who Sony is.


Fuck Sony, and Bertelsmann, and Symantec, too. Hey, this is fun!
posted by stavrosthewonderchicken at 6:17 PM on November 12, 2005


Why the fuck doesn't Norton disable autorun by default?
posted by mullingitover at 7:34 PM on November 12, 2005


On preview: one more vote for "F*ck Sony".
posted by mullingitover at 7:34 PM on November 12, 2005


It's a good thing I never, ever pay for music and never plan to again. I get stuff months before it comes out at super high bitrates, burn it to CD and give copies to all my friends. Haha! Fuck you, Sony!
posted by Dean Keaton


Hey, Dean, I'm a "professional" musician. Do you know what I do for a living? That's right, I print t-shirts. I'm going to figure your post was sarcastic hyperbole, which is well and good, but instead of ripping off The Man, why don't you try supporting The Little Guy?

Buy independent music, directly from the artist, or from your local, independent retailer.

Oh, and yes, fuck sony.
posted by Devils Rancher at 7:56 PM on November 12, 2005


So, what kind of profit margins are you getting off of merch? T-shirts vs. CDs, for example...if I've got 15 bucks in my pocket at your concert, would you rather I bought your CD or shirt? Or are they comparable?
posted by hototogisu at 8:18 PM on November 12, 2005


T-shirt.
posted by Rothko at 8:32 PM on November 12, 2005


mullingitover, for the same reason Microsoft implemented autorun in the first place, which is that people care more about a little bit of convenience than about security. Viruses have been propagating by autorun-like mechanisms since at least the Apple ][; there's zero chance that the people implementing this feature in more recent operating systems didn't know what they were letting themselves in for. They just don't care very much.
posted by hattifattener at 8:36 PM on November 12, 2005


mullingitover writes "Why the fuck doesn't Norton disable autorun by default?"

Beleive it or not most users think its a feature. I prepped a laptop image once with autoplay disabled and 14/17 users pissed and moaned that their music didn't just play anymore. It's the same people who think having car doors autolock is a good thing.
posted by Mitheral at 8:42 PM on November 12, 2005


And this, ladies and gents, is why when it comes to music, I make my OWN.

The whole stinking music industry stinks, stinks, stinks. A skunk is a rose by comparison.
posted by konolia at 9:02 PM on November 12, 2005


Rothko: That's what I've always thought, anyway.
posted by hototogisu at 9:03 PM on November 12, 2005


konolia:

You are, of course, assuming some of us have an option. If Koko the gorilla was blind and had seizures, her product would sound better than my last composition.

Trust me on this one.
posted by Samizdata at 11:33 PM on November 12, 2005


not sure if this list was in the other post, but i ran across this somewhere. this is the root-kit aware list, dunno whatall has this new piece of crap.

Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia)
posted by edgeways at 12:43 AM on November 13, 2005


oh, yes.

all togeather now.

Fuck Sony
(and BMG as well, I assume this is the same BMG that runs those 12 CDs for a cent + shipping)
posted by edgeways at 12:45 AM on November 13, 2005


I used to buy CDs, tonnes of them. I still have a collection of about 600 CDs that I purchased legally. But why would I keep buying them after I learn that the people making the money from my purchase is going to mess up my computer? The only time I buy CDs now is when there is a independant or local act that I feel like supporting, that's the only time it seems like I'm not funding the R&D dept. at Evil Corp.
posted by herting at 2:07 AM on November 13, 2005


And this, ladies and gents, is why when it comes to music, I make my OWN.

In the future only licensed and bonded musicians will be able to create and distribute digital music.
posted by fleetmouse at 5:11 AM on November 13, 2005


can't believe I'm saying this, but:

I agree with konolia. and Samizdata, who cares if the music you make isn't professional quality? Making my own music is much more fun than listening to music other people make, even though I A) Have 90 GB of Other People's Music in my iTunes library and B) am not a very good musician.
posted by eustacescrubb at 5:38 AM on November 13, 2005


For those not in the up-and-up, fleetmouse isn't being snarky. There has been discussion with the whole upcoming Palladium and "trusted computing" trend to require a license to distribute music, and that license would have to be purchased. So, in a worst case scenario, you would have to pay money to distribute music that you yourself made, those monies probably going to Sony/BMG/etc. And don't smirk too much if you're a Mac user: the DRM is supported by the processor, and with the shift of Macs to Intel, this may apply to Mac users as well.

Of course, there will probably be ways around it (there always are), but it won't be like nowadays, when you save your compositions as mp3s and slap them up on your website.

Again, this is worst case scenario, but not tin-foil-hat stuff; its actually been discussed as a possibility by some of the major players.
posted by Bugbread at 5:54 AM on November 13, 2005


Yeah I suppose listening to myself singing in the shower is a fantastic replacement for drums, bass, guitars, keyboards, and vocals!

And even if I made music... are you guys seriously saying musicians should listen only to their own stuff? how depressing is that?
posted by funambulist at 6:03 AM on November 13, 2005


bugbread, I'm surprised reality has caught up to my baseless canard. I've been saying that since the mid 90s when I read this short story by Neal Stephenson.

It seems utterly inevitable to me that governments and corporations will conspire together to try to jam up the free flow of information.
posted by fleetmouse at 6:09 AM on November 13, 2005


Fleetmouse: From what I've gathered, the government isn't really involved in the whole trusted computing thing (I may be wrong). It seems more just collusion between hardware manufacturers and content manufacturers. I'm sure the government will put their finger in the pie, but they're not, as far as I'm aware, one of the initiators in this case.

On reread, I can see what I wrote that could be interpreted that way: "require a license". What I meant is that a computer with a "trusted computing" OS would refuse to play unsigned mp3s, meaning that if you wanted someone to be able to listen to your music, you would have to sign it as yours, and those digital signatures would have to be purchased from signatories recognized by the OS. So you couldn't just put your own digital sig on it, because when someone else tried to play it, their OS would say "Who the hell is the signatory 'bugbread'?", and refuse to play it. If it was a digital sig from Sony, however, their OS would say "Ok, I know Sony, that's cool, I'll play the file."

So it wouldn't be illegal to publish music without a license, and it wouldn't take any more effort than now, but it would mean that only people who had cracked their own computers, or people running non-"trusted computing" OSes like Linux, could play your music. And to allow everyone to play your music, you'd have to pay for a digital signature.

Note: the above is pretty much from memory. There may be inaccuracies, but overall that's the gist of it.
posted by Bugbread at 6:21 AM on November 13, 2005


MetaFilter: F*ck Sony

hmmmm...

MetaFilter: Fuck Sony

or...

MetaFilter: Fuck Sony! Fuck it right in the ear!

Winnah!
posted by AspectRatio at 6:52 AM on November 13, 2005


bugbread, that would require the os to also not allow unsigned player applications like foobar2000 to access wav out or directx audio streaming. No more FOSS windows software, basically. can-o-worms.
posted by fleetmouse at 7:01 AM on November 13, 2005


Fleetmouse: That's why I say that it would definitely be gotten around, and that it would just be much harder than currently (and possibly illegal, depending on what courts thought of EULAs, whether it counts as a DRM circumvention technique, what country you're in, etc.)

Plus, as I say, getting audio out wouldn't be a problem. The problem would be getting audio out in such a way that other PC users could replay it. Of course, you could always burn it as a CD, and mail the CD to someone, or stuff along those lines. And regarding playing unsigned software, that's another key element of trusted computing, and yet another strike against it: as you say, no more FOSS.

On the upside: I'm a Windows user, not an open source zealot by any means, but if they get draconian enough, this could be the thing to make folks go to open source operating systems. Maybe.

Again, this is all in the very basic, theoretical stages, as far as I am aware. The idea is having DRM built in from the CPU itself, through the OS architecture, requiring digital signatures for all software and some types of content (I doubt a digital signature would be required for text files, for example). The nitty gritty (what about pure wave files? What about new audio file types? What about add-ons to existing signed software? etc.) is still far too theoretical to really get at.
posted by Bugbread at 7:09 AM on November 13, 2005


Ricky Martin, Life (Columbia)

Huh. Guess I'll just have to keep that one in the car then.
posted by graventy at 2:13 PM on November 13, 2005


It gets better.
It turns out that the rootkit contains pieces of code that are identical to LAME, an open source mp3-encoder, and thereby breach the (LGPL) license.
posted by seanyboy at 3:47 AM on November 14, 2005


« Older Call Me Irresponsible   |   ChevronToxico Newer »


This thread has been archived and is closed to new comments