Are real trouble! Lets hope this latest flap hits them really hard where it counts in the bottom line.
WaPo overview
WaPo overview
Those pesky Sony/BMG CDs
The part of this thats priceless is that not only does the software one has to install in order to listen to the cd leave ones's Windows system open for potential viruses, hackers, etc. It actually slows the system down in order to keep track of when you pop a Sony/BMG CD into listen to it.
Once the gig was up, Sony released an update to reveal the hidden files. Note that is doesn't add an uninstall feature though. Amazing.
http://www.washingtonpost.com/wp-dyn/content/article/2005/11/02/AR2005110202362.html
http://www.washingtonpost.com/wp-dyn/content/article/2005/11/02/AR2005110202362.html
Originally posted by vansmack:and requires the use of Internet Explorer to run… and doesn't fix the potential security holes.
Once the gig was up, Sony released an update to reveal the hidden files. Note that is doesn't add an uninstall feature though. Amazing.
http://www.washingtonpost.com/wp-dyn/content/article/2005/11/02/AR2005110202362.html
Another priceless quote about this software.
But according to Mikko Hypponen, director of research for Finnish antivirus company F-Secure Corp., users who want to remove the program may not do so directly, but must fill out a form on Sony's Web site, download additional software, wait for a phone call from a technical support specialist, and then download and install yet another program that removes the files.
Hypponen agreed that Sony's software could help hackers circumvent most antivirus products on the market today. He added that installing the Sony program on a machine running Windows Vista – the beta version of the next iteration of Microsoft Windows – "breaks the operating system spectacularly."
More info from WaPo
Considering what it's going to cost Sony to handle all these support requests they'll wont break even on the sale of these CDs.
I laughed at that too, but mostly because he said "spectacularly."
The truth is, I haven't found too many programs that are stable on Windows Vista.
The truth is, I haven't found too many programs that are stable on Windows Vista.
and it gets better :D
World of Warcraft hackers using Sony BMG rootkit
Published: 2005-11-03
Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD.
World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software–deemed a "rootkit" by many security experts–is shipped with tens of thousands of the record company's music titles.
Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.
Despite making a patch available on Wednesday to consumers to amend its copy protection software's behavior, Sony BMG and First 4 Internet, the maker of the content protection technology, have both disputed claims that their system could harm the security of a Windows system. Yet, other software makers that rely on the integrity of the operating system are finding that hidden code makes security impossible.
http://www.securityfocus.com/brief/34
World of Warcraft hackers using Sony BMG rootkit
Published: 2005-11-03
Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD.
World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software–deemed a "rootkit" by many security experts–is shipped with tens of thousands of the record company's music titles.
Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.
Despite making a patch available on Wednesday to consumers to amend its copy protection software's behavior, Sony BMG and First 4 Internet, the maker of the content protection technology, have both disputed claims that their system could harm the security of a Windows system. Yet, other software makers that rely on the integrity of the operating system are finding that hidden code makes security impossible.
http://www.securityfocus.com/brief/34
Glad I never played my Foo Fighters in my cd-rom.
EFF took the time to read the 3,000 word end-user license agreement (aka "EULA") that comes with these disc…
http://www.eff.org/deeplinks/archives/004145.php
Now the Legalese Rootkit: Sony-BMG's EULA
November 09, 2005
If you thought XCP "rootkit" copy-protection on Sony-BMG CDs was bad, perhaps you'd better read the 3,000 word (!) end-user license agreement (aka "EULA") that comes with all these CDs.
First, a baseline. When you buy a regular CD, you own it. You do not "license" it. You own it outright. You're allowed to do anything with it you like, so long as you don't violate one of the exclusive rights reserved to the copyright owner. So you can play the CD at your next dinner party (copyright owners get no rights over private performances), you can loan it to a friend (thanks to the "first sale" doctrine), or make a copy for use on your iPod (thanks to "fair use"). Every use that falls outside the limited exclusive rights of the copyright owner belongs to you, the owner of the CD.
Now compare that baseline with the world according to the Sony-BMG EULA, which applies to any digital copies you make of the music on the CD:
1. If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.
2. You can't keep your music on any computers at work. The EULA only gives you the right to put copies on a "personal home computer system owned by you."
3. If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside.
4. You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.
5. Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm.
6. The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD.
7. If you file for bankruptcy, you have to delete all the music on your computer. Seriously.
8. You have no right to transfer the music on your computer, even along with the original CD.
9. Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.
So this is what Sony-BMG thinks we should be allowed to do with the music on the CDs that we purchase from them? No word yet about whether Sony-BMG will be offering a "patch" for this legalese rootkit. I'm not holding my breath.
http://www.eff.org/deeplinks/archives/004145.php
Now the Legalese Rootkit: Sony-BMG's EULA
November 09, 2005
If you thought XCP "rootkit" copy-protection on Sony-BMG CDs was bad, perhaps you'd better read the 3,000 word (!) end-user license agreement (aka "EULA") that comes with all these CDs.
First, a baseline. When you buy a regular CD, you own it. You do not "license" it. You own it outright. You're allowed to do anything with it you like, so long as you don't violate one of the exclusive rights reserved to the copyright owner. So you can play the CD at your next dinner party (copyright owners get no rights over private performances), you can loan it to a friend (thanks to the "first sale" doctrine), or make a copy for use on your iPod (thanks to "fair use"). Every use that falls outside the limited exclusive rights of the copyright owner belongs to you, the owner of the CD.
Now compare that baseline with the world according to the Sony-BMG EULA, which applies to any digital copies you make of the music on the CD:
1. If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.
2. You can't keep your music on any computers at work. The EULA only gives you the right to put copies on a "personal home computer system owned by you."
3. If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside.
4. You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.
5. Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm.
6. The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD.
7. If you file for bankruptcy, you have to delete all the music on your computer. Seriously.
8. You have no right to transfer the music on your computer, even along with the original CD.
9. Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.
So this is what Sony-BMG thinks we should be allowed to do with the music on the CDs that we purchase from them? No word yet about whether Sony-BMG will be offering a "patch" for this legalese rootkit. I'm not holding my breath.
did the new my morning jacket CD have this issue? it's an ATO / RCA / BMG / Sony release, and i ripped it on my PC but didn't notice anything like this
Originally posted by HoyaParanoia:The MMJ disc uses a different type of copy protection.
did the new my morning jacket CD have this issue? it's an ATO / RCA / BMG / Sony release, and i ripped it on my PC but didn't notice anything like this
But that new Celine Dion disc you just bought is totally infected.
http://www.eff.org/deeplinks/archives/004144.php
I tried the MMJ cd at work and the Sony/BMG EULA complete with "the software" came up immediately.
When I tried it on my laptop to see what I got, nothing came up at all. I have itunes working on that machine; not sure what difference it makes if any, but no message all the same.
When I tried it on my laptop to see what I got, nothing came up at all. I have itunes working on that machine; not sure what difference it makes if any, but no message all the same.
Originally posted by HoyaParanoia:ripped on home and work pcs just fine
did the new my morning jacket CD have this issue? it's an ATO / RCA / BMG / Sony release, and i ripped it on my PC but didn't notice anything like this
A suit was filed in Europe yesterday.
soon . . . eight tracks and cassettes, re-rule the world.
Originally posted by walkonby:and those can't be copied or ripped?
soon . . . eight tracks and cassettes, re-rule the world.
no soon record companies will realize that not all record buyers are criminals…
Originally posted by vansmack:and one was filed in california earlier this week, and one is supposedly gonna be filed in new york state soon.
A suit was filed in Europe yesterday.
Always good to see in a Saturday paper….
Sony halts anti-piracy software
Hackers can exploit secret copy-protect program in CDs
- Carrie Kirby, Chronicle Staff Writer
Saturday, November 12, 2005
Sony BMG said it has temporarily stopped manufacturing music CDs containing a controversial copy-protection program after several Internet viruses took advantage of the software to attack computers.
"We are aware that a computer virus is circulating that may affect computers with XCP content protection software," the company said in a statement Friday, referring to the secret program Sony included in some of its music CDs that would download itself onto hard drives unbeknownst to many customers.
Aside from stopping the production of CDs with the problematic program, the company said it will "re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use."
Sony has been criticized and sued by customers over the program, which was designed to slow music piracy by limiting the number of times a CD can be copied.
Many customers were angry that the program hides itself on computers where the CD is played and is difficult to remove without damaging the computer. Computer security experts warned that the technology the program uses to hide deep in the Windows operating system could open the door to dangerous Internet viruses.
As predicted, several viruses have begun piggybacking on the Sony program to attack computers, antivirus firms said Friday. Like most viruses infecting computers in the past year, the malicious programs are designed to take over computers and make them part of zombie networks, or botnets, that can be used to send spam or attack Web sites.
However, because the viruses will infect only computers whose owners happen to have bought and installed a Sony CD with this form of copy protection, they do not present a major security threat, anti-virus experts said.
"There's no reason to belive that this is going to be a huge problem," said David Cole, senior director of antivirus firm Symantec's Security Response team. He estimated that about 100 computers worldwide may have been infected with these viruses.
Without mentioning Sony by name, Homeland Security official Stewart Baker warned entertainment companies not to let their efforts to fight piracy endanger their customers.
"It's very important to remember that it's your intellectual property, it's not your computer," the Associated Press quoted Baker as saying at a piracy conference. "And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."
Sony has not said how many CDs with the program have already been sold or remain on store shelves. A phone call to a Sony spokesman Friday went unanswered. San Francisco's Electronic Frontier Foundation has identified 19 affected CDs, from a variety of artists including Neil Diamond, Celine Dion, Switchfoot and others.
The company has made a patch available on its Web site that removes the virus risk associated with the program. Anti-virus companies said their software can detect and remove the risky part of the program.
"We're glad Sony has stopped manufacturing the CDs, but they aren't out of the woods yet," said Jason Schultz, staff attorney for the foundation, which helped call attention to the problem recently. He called on Sony to recall the CDs it has already shipped, help people fix problems the program has caused and to disclose how many CDs and what titles carry the program.
"Simply halting production is like Exxon saying they will no longer ship oil along the Alaskan coast, but refusing to clean up the spills (that) have occurred," Schultz wrote in an e-mail to The Chronicle.
The first virus seen Thursday was ineffective and may have been designed to call attention to the weakness of Sony's program, antivirus experts said. But subsequent viruses that appeared Thursday and Friday looked like run-of-the-mill attempts to take over computers in search of illicit profit.
Virus writers sometimes embed messages in the code of a malicious program. When viruses or other attacks are carried out to send a political message, it's known as hacktivism.
"Certainly, there's nothing in the code … thanking or cursing Sony," Cole said. "This didn't smack of hacktivism in any way."
Anti-copying systems have become more common on compact discs as music companies try to stem flagging sales, blamed in part on piracy. But the effort has been a struggle, because some anti-copying technologies have been easy to thwart and others, like this one, have angered customers.
——————————————————————————–
Controversial music software
What it's for: To prevent widespread CD copying from cutting into music sales.
The problems: The software can open up computers to virus risks or other problems, and attempting to remove it may damage the PC.
Which CDs? Sony BMG releases with the software include Trey Anastasio's "Shine," Celine Dion's "On ne change pas," Neil Diamond's "12 Songs" and Van Zant's "Get Right With the Man."
Web resources:
Sony answers questions about the software and offers a security patch: cp.sonybmg.com.
Mark's Systinternals Blog explains the problems with the software: www.sysinternals.com/blog.
Sony halts anti-piracy software
Hackers can exploit secret copy-protect program in CDs
- Carrie Kirby, Chronicle Staff Writer
Saturday, November 12, 2005
Sony BMG said it has temporarily stopped manufacturing music CDs containing a controversial copy-protection program after several Internet viruses took advantage of the software to attack computers.
"We are aware that a computer virus is circulating that may affect computers with XCP content protection software," the company said in a statement Friday, referring to the secret program Sony included in some of its music CDs that would download itself onto hard drives unbeknownst to many customers.
Aside from stopping the production of CDs with the problematic program, the company said it will "re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use."
Sony has been criticized and sued by customers over the program, which was designed to slow music piracy by limiting the number of times a CD can be copied.
Many customers were angry that the program hides itself on computers where the CD is played and is difficult to remove without damaging the computer. Computer security experts warned that the technology the program uses to hide deep in the Windows operating system could open the door to dangerous Internet viruses.
As predicted, several viruses have begun piggybacking on the Sony program to attack computers, antivirus firms said Friday. Like most viruses infecting computers in the past year, the malicious programs are designed to take over computers and make them part of zombie networks, or botnets, that can be used to send spam or attack Web sites.
However, because the viruses will infect only computers whose owners happen to have bought and installed a Sony CD with this form of copy protection, they do not present a major security threat, anti-virus experts said.
"There's no reason to belive that this is going to be a huge problem," said David Cole, senior director of antivirus firm Symantec's Security Response team. He estimated that about 100 computers worldwide may have been infected with these viruses.
Without mentioning Sony by name, Homeland Security official Stewart Baker warned entertainment companies not to let their efforts to fight piracy endanger their customers.
"It's very important to remember that it's your intellectual property, it's not your computer," the Associated Press quoted Baker as saying at a piracy conference. "And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."
Sony has not said how many CDs with the program have already been sold or remain on store shelves. A phone call to a Sony spokesman Friday went unanswered. San Francisco's Electronic Frontier Foundation has identified 19 affected CDs, from a variety of artists including Neil Diamond, Celine Dion, Switchfoot and others.
The company has made a patch available on its Web site that removes the virus risk associated with the program. Anti-virus companies said their software can detect and remove the risky part of the program.
"We're glad Sony has stopped manufacturing the CDs, but they aren't out of the woods yet," said Jason Schultz, staff attorney for the foundation, which helped call attention to the problem recently. He called on Sony to recall the CDs it has already shipped, help people fix problems the program has caused and to disclose how many CDs and what titles carry the program.
"Simply halting production is like Exxon saying they will no longer ship oil along the Alaskan coast, but refusing to clean up the spills (that) have occurred," Schultz wrote in an e-mail to The Chronicle.
The first virus seen Thursday was ineffective and may have been designed to call attention to the weakness of Sony's program, antivirus experts said. But subsequent viruses that appeared Thursday and Friday looked like run-of-the-mill attempts to take over computers in search of illicit profit.
Virus writers sometimes embed messages in the code of a malicious program. When viruses or other attacks are carried out to send a political message, it's known as hacktivism.
"Certainly, there's nothing in the code … thanking or cursing Sony," Cole said. "This didn't smack of hacktivism in any way."
Anti-copying systems have become more common on compact discs as music companies try to stem flagging sales, blamed in part on piracy. But the effort has been a struggle, because some anti-copying technologies have been easy to thwart and others, like this one, have angered customers.
——————————————————————————–
Controversial music software
What it's for: To prevent widespread CD copying from cutting into music sales.
The problems: The software can open up computers to virus risks or other problems, and attempting to remove it may damage the PC.
Which CDs? Sony BMG releases with the software include Trey Anastasio's "Shine," Celine Dion's "On ne change pas," Neil Diamond's "12 Songs" and Van Zant's "Get Right With the Man."
Web resources:
Sony answers questions about the software and offers a security patch: cp.sonybmg.com.
Mark's Systinternals Blog explains the problems with the software: www.sysinternals.com/blog.
You know, it really ought to be a crime to modify someone else's computer without their knowledge or consent, just like any other form of willfully damaging someone else's property is.
http://www.alex.to/doomlink
http://www.alex.to/doomlink
It looks like SunnComm the other company that Sony uses for copy protecting CDs is working on MAC software. It can be found if one pokes around on the CD. because MACs don't have the autorun feature it hard to say how these extensions are going to get installed, but they are out there. need to look at the mac hd at home and see whats on there…
http://us.gizmodo.com/gadgets/home-entertainment/sony-mac-rootkit-136702.php
http://us.gizmodo.com/gadgets/home-entertainment/sony-mac-rootkit-136702.php
The XPC copy protection which is getting all the attention these days has a sibling produced as mentioned above by Sunncomm. It's the protection used on My Morning Jacket, BRMC, etc..
Well it too is Spyware and of concern.
http://www.freedom-to-tinker.com/?p=925
Well it too is Spyware and of concern.
http://www.freedom-to-tinker.com/?p=925