Neowin's Official Sony DRM/Rootkit Discussion

[bangbang023 Veteran]

This is to be the only thread about the Sony Rootkit issues.

List of Affected Albums

From here:

Sony BMG will have a big job ahead of it as it tries to replace all copies of controversial copy protection software, according to a computer security expert, who says that he has evidence there are more than 500,000 versions of the program installed worldwide.

From here:

Yet more on the Sony/BMG rookit fiasco: Princeton professor Ed Felten over at Freedom to Tinker now claims the DRM's uninstaller opens up a security hole of its own. Sony/BMG stated they'd be removing the impacted CDs from store shelves yesterday, and released a statement saying they'd exchange affected CDs for DRM free versions. "Sony BMG deeply regrets any inconvenience to our customers and remains committed to providing an enjoyable and safe music experience," states the company.

From here:

The spyware that Sony installs on the computers of music fans does not even seem to be correct in terms of copyright law.

This software is licensed under the so called Lesser Gnu Public License (LGPL). According to this license Sony must comply with a couple of demands. Amongst others, they have to indicate in a copyright notice that they make use of the software. The company must also deliver the source code to the open-source libraries or otherwise make these available. And finally, they must deliver or otherwise make available the in between form between source code and executable code, the so called objectfiles, with which others can make comparable software.

Please add more news stories as posts inside this thread only. All other Sony DRM threads have been closed.

[todd]

I guess it's nice that there's a single thread for this now. I came to Neowin today only to see 3 or 4 new articles about the Sony rootkit.

[Boz]

I swear after all this fiasco I'm not getting any of the Sony equipment, period! I am buying a crap load of hi-fi and video equipment for my new house and after this I'm not gonna give these losers a cent. This thing just cost them around $15k of revenue just from me. It might sound funny but I'm pretty certain that they will lose quite a bit of sales from people like me (techies with a good paycheck that liked Sony products once used them throughout generations). Who knows what they might be implementing in their TVs, audio/video receivers, cd players etc.

It's ridiculous. Who is running the show there. No wonder movie studios and other leeches are sticking with Sony solutions for PS3. I guarantee some kind of spyware being present on PS3.

[Pink Floyd Veteran]

dunno but I think sony will have to replace all cds since not everybody know about microsoft antispyware to remove the rootkit

wow they will have to pay a lof for this "error"

[webeagle12]

After rootkit uninstalls, it creates security hole in windows :pinch:

suprise, suprise

[Japlabot]

Why have this all in one thread? this is crazy, what if there is a new article or update about it and it gets missed because it's going to be buried in a 100+ page thread.

[bangbang023 Veteran]

Why have this all in one thread? this is crazy, what if there is a new article or update about it and it gets missed because it's going to be buried in a 100+ page thread.

586815816[/snapback]

Because staffed deemed it so.

[sdb815]

Looks like they are finally going to recall the infected CDs. It's about damn time. :crazy:

Record label Sony BMG Music Entertainment said Tuesday that it will recall millions of CDs that, if played in a consumer's PC disc drive, will expose the computer to serious security risks.

Source

[chrisgeleven]

Question is what do they do about the thousands of infected computers?

[bangbang023 Veteran]

Looks like they are finally going to recall the infected CDs. It's about damn time.  :crazy:

Source

586815936[/snapback]

Considering just last week, they didn't seem the slightest bit concerned, it's pretty funny to see such a quick change of heart.

[llbbl]

why is the list of albumns affected thread closed?

I wanted to post there that the list / link to the website idiotabroad.com or whatever wasn't the FIRST person to discover how to get a list of albumns affected. Xtracto on /. was the first person I believe.

http://slashdot.org/~xtracto/journal/121088

It is basically a google search of the amazon site.

http://www.google.co.uk/search?q=sony+site...D%5D%22&num=100

I am sure where that is where idiotabroad guy got his info from since it was like 10 days after xtracto made his post.

[viciv]

i heard that some people have started to boycott sony products..

[RudyJ]

Any company that has Celine Dion on its payroll should be boycotted by default, rootkit crap or not. :ninja:

[E t h a n]

Oh, so this is where the Sony threads have been merged! I thought at first that the mods were trying to bury criticism of Sony on this key issue when they closed left and right several threads, but now I see this is not the case.

Frankly I'm heartened by the criticism Sony has come under. I'm all for their protecting their right to control their products, but they really crossed the line by destabilising computers (there is no other word for it) and rendering them more prone to viruses and other horrorwares. That's just not on.

I am boycotting Sony CDs and their other products. This isn't easy as they have bands I like, but I'm not going to give in for at least a year (or if meantime they do something significant to apologise and make amends for the grave attack on people's privacy and security).

:cat: :cat: :cat: :jump: :fun: :santa: :santa: :fun: :cat: :cat: :cat: :cat:

[Ferret]

I don't think I have many, if any, Sony product's in my house, I have always managed to find cheaper alturnative's... And i've never bought a SonyBMG CD either, so i've never been affected by these issue's ;)

[llbbl]

i heard that some people have started to boycott sony products..

586816312[/snapback]

I think that is an excellent idea!

[seafirex]

Very good idea and i am sure that will amek them think a bit more about what they do.

I think that big compagnies think they can do what they want.

Well to bad big boy's you just got the internet community now against you and i can assure you it will be war.

sorry about that but come to think about it is true that if we all put are self together then they wont have a choice, you need to remember that we are the one's that makes them live . If we dont buy they go down. it is that simple. i will not buy or even rent anything related to that compagnie until everything they did is fixed.

[n30w1n]

Just grow up and shut up about "boycotting Sony products." Your choice in products is going to be very limited if you boycott every company who ever did something stupid. Do any of you even realize how much you owe Sony? If you have a PlayStation, you owe it to Sony. If you have an Xbox, you owe it to Sony too, because without a competition as fierce as PlayStation, Microsoft would never have put so much effort into their console. Are you getting my drift? If you own any sort or digital camera, MP3 player, cell phone, game system, television, even a pair of god damn headphones, Sony has either made them or made someone else make them better.

Sony makes tons of good products, and adds a lot to the competitiveness of many electronics markets. But I guess now that they've put out a few dozen albums with a less than perfect DRM, all the decades of technology they've contributed to your sorry arse are forgotten. So go ahead, be a dumb@$$ kid, and respond with a quote of my previous sentense followed by a "HA!".

[B3AN]

They have released a standalone removal patch over at : http://cp.sonybmg.com/xcp/english/updates.html

[chrisgeleven]

Don't touch that standalone patch remover before it is verified that it actually does what it is supposed to do.

There is several stories out about an earlier remover that opened up your system to vulnerbilities.

[E t h a n]

Now, apparently, at least one governmental agency (in charge with national security) is angry with Sony, banning ALL Sony/BMG CDs from their systems, whether or not they contain the rootkit virus. :wacko:

[Malisk]

Sounds like a reasonable decision, since regardless how well Sony patch this up, they have so far never told anyone that their intents of crippling user experiences with DRM damaged CD's will change. For all we know, they may try again next year with XCP 2.0. All they've admitted to so far with their actions is that they made a mistake with this one, not that they want to keep risking corrupting their customers systems in the future. IMO, they'd at the very least need to start using open and verified DRM standards for that, not home-brewn closed source rubbish, and preferrably not DRM at all. The general security community need to gain an insight in their developments, and no good encryption scheme were dependant on being closed source anyway -- achieving security by obscurity is generally a poor idea.

That gov't agency's decision sounds logical to me, especially, as The Register says, rookits can be BAD for organizations involved in national security. :)

[+mrbester MVC]

All they've admitted to so far with their actions is that they made a mistake with this one

Stable doors and bolted horses. It's already out there. All that's left to do is for some enterprising character to make a virus that also installs the rootkit, now that we all know how it works, so pretty much anything could get itself installed...

This isn't going to go away in a hurry. After all, how many CDs have been bought as presents for (say) (grand)parents who might well have a computer so they can be part of the Silver Surfer brigade but have no knowledge whatsoever about a) the workings of the computer, b) the fact that the rootkit exists and c) will compromise their security? Is the purchaser supposed to remember that they bought a CD from Sony BMG, subsequently gave it as a present and then also know to have to check it?

It smacks of the amazing amount of time before Code Red was properly patched. Systems were still being compromised months later.

[Galley]

SONY BMG now has a site set up for exchanges of discs with the XCP technology. Apparently, you select the disc, and it prints a pre-paid label to return the disc via UPS.

http://cp.sonybmg.com/xcp/english/home.html

[Nick Sheldon]

i heard that some people have started to boycott sony products..

586816312[/snapback]

Boycotting works for me.

I have boycotted the french for four years or more now.