Sony BMG - Beware

bovinehost · Nov 10, 2005

Thomas Hesse, president of Sony's Global Digital Business was interviewed on National Public Radio's Morning Edition, and said of complaints that Sony's anti-piracy software behaved exactly like a rootkit:

"Most people, I think, don’t even know what a rootkit is, so why should they care about it?"

Well, we - as musicans and as consumers and as computer users - should care about it. This is about as vile and ignorant and evil as it gets.

No more Sony for Bovine.

"Sony BMG is facing three lawsuits over its controversial anti-piracy software.
Revealed in late October by Windows expert Mark Russinovich, the software copy protection system hides using virus-like techniques.

One class-action lawsuit has already been filed in California and another is expected in New York.

Digital rights group, the Electronic Frontier Foundation (EFF), is also gathering information from users to see if a case can be brought.

Court claim

The row erupted following Mark Russinovich's discovery that Sony BMG in America was using a so-called "root kit" to conceal the program used to stop some of its CDs being copied.

"Root kits" are being increasingly used by virus makers to hide their malicious wares deep inside the Windows operating system.

Sony BMG used a program called XCP created by UK firm First 4 Internet that employed similar cloaking systems to hide the proprietary media player used to play tracks on 20 CDs made by the music giant and sold in the US.

But since Mr Russinovich wrote about his discovery the row has snowballed and now has led to lawsuits being filed against Sony BMG.

One filed in Los Angeles by Californian attorney Alan Himmelfarb wants to stop Sony BMG selling more CDs protected by anti-copying software and seeks damages for Californians that have bought any albums protected this way.
According to a report in the Washington Post the lawsuit alleges that Sony BMG has broken three Californian laws. At the same time New York lawyer Scott Kamber is planning a class-action lawsuit for all Americans affected.

The EFF is also gathering stories from buyers of Sony BMG CDs protected with XCP. In a statement the organisation said: "We're considering whether the effect on the public, or on EFF members, is sufficiently serious to merit a lawsuit".

At the same time the Italian digital rights group, Electronic Frontiers Italy, has asked the nation's government to investigate Sony over its use of anti-piracy software.

A weblog documenting the unfolding controversy and calling for a boycott of Sony products has also been created.

When contacted a representative for Sony BMG in the UK referred all calls to its corporate headquarters in New York. A call to a spokesman in that office has yet to be returned.

Artist list

The EFF also released a partial list of all the CDs protected with XCP. The list includes popular artists such as Natasha Bedingfield, Celine Dion and Amerie. It also gave advice for ways to spot if a CD is XCP protected.

So far Sony BMG has not released a list of how many CDs are protected or how many have been sold. It has only said that "about 20" titles are protected with the controversial program.

However, the row does not appear to be denting interest in one of the CDs protected by XCP because at the time of writing Neil Diamond's 12 Songs album was the top seller on the Amazon.com website.

Anti-virus companies are starting to release software that can spot the XCP files. Symantec said it had made tools that can find the files but will not remove them.

Computer Associates said that it would be releasing a tool to completely uninstall the XCP program.

At the same time anti-virus firm Kaspersky Labs branded the XCP program spyware because it hides itself, could compromise security and can slow machines down.

Mr Russinovich has continued his investigation of the XCP software and has confirmed that when installed it can make a Windows computer more unreliable.

He also criticised Sony BMG for making it difficult to get hold of software that can uninstall XCP."

Absolutely unforgivable behavior.

roballanson · Nov 10, 2005

So hang on - for us computer illiterate ish people - basically they are using a virus hidden on a CD so when I copy it to my computer it infects my hard drive with something more nasty than the clap?

We have a word for it in this part of the world and it is unrepeatable. The bunch of see you next tuesdays.......

bovinehost · Nov 10, 2005

- From MSNBC -

What's on that music CD, anyway?
Sony CD controversy signals music industry's stuttering anti-piracy efforts

By Bob Sullivan
Technology correspondent
MSNBC
Updated: 5:27 p.m. ET Nov. 9, 2005

WASHINGTON - There might be more on your music CDs than you think.

Lurking on some music disks is the recording industry's latest attempt to stem the tide of music piracy -- software that limits the amount of times music CDs can be copied.

The special software has been in use for some time on select CDs. But last week, a security researcher unmasked one such program clumsily hidden on some music fans’ computers by Sony BMG discs.

The disclosure opened anew some basic questions: Whose PC is it? Whose music is it? And it reminded music lovers and computer experts that the recording industry isn't stopping the piracy fight with successful shutdowns of file-swapping sites like Grokster. The battle is hitting close to home.

The dust-up

Nine months ago, Sony began deploying copy-limiting software on about 20 albums. Anyone who dropped one of these CDs into a PC was forced to install a special music player to hear the tunes. But with that software came another program designed to silently watch the user for illicit CD copying. The program, produced by UK firm First 4 Internet Ltd., went unnoticed for months -- in part because it employed a special cloaking technology that made it invisible to most users.

But Internet security specialist Mark Russinovich outed the software while inspecting a recent CD purchase, Get Right with the Man by Van Zant. Russinovich says Sony’s software was sneaky, and it was being installed without consumers' knowledge. The program secretly consumes processor time, and thanks to its constant anti-piracy vigilance, it even prevents a computer from entering power-saving “sleep” mode.

“It was totally hidden,” Russinovich said. “You are paying a price, but you don't know it.”

What's worse, Russinovich found that the method First 4 Internet used to hide the program could also be used by hackers to hide other programs on PCs. The computer security world erupted with complaints; Sony backtracked a bit, announcing it would release a fix for the program that un-cloaked it. But what about users who just don't want the software on their PCs? They have to fill out an "application" to uninstall it, according to First 4 CEO Mathew Gilliat-Smith.

And removing the software has consequences, including preventing a user from playing the CD on their PC.

“This is totally unacceptable. It’s crossing the line of what companies should do,” said Richard Smith, a computer security expert. “Most people who buy an audio CD would never dream they’re getting software like this.”

Internet bloggers and computer security firms quickly piled on, attacking Sony’s program and response. But digital rights expert Eric Goldman, who says he has mixed feelings about copy protection software, says Sony may have been treated unfairly.

“Some of the public beating of Sony can be attributed to pent-up frustration with digital rights management,” he said. People who don’t like CD copy-limiting software are using this incident as their big opportunity, he said.

Is all copy protection bad?

And, after all, First 4 software is hardly the first copy-limiting program in use. In fact, it's a bit player among Sony BMG albums. Similar copy-limiting software authored by Arizona-based SunnComm Technologies Inc. called MediaMax came loaded on a No. 1 hit album last year by Velvet Revolver, ironically titled Contraband.

That software is now on about 20 million Sony BMG music discs, said SunnComm CEO Peter Jacobs. Most can be copied 3 or 4 times before the software stops the consumer, he said.

Jacobs says people just have to get used to music CDs behaving like software CDs. Consumers now expect to enter some kind of key or serial number when installing software. These prevent a consumer from stealing by passing the CD around to friends. Music CD copy protection programs have a similar effect.

As with software, Jacobs argued, music fans don’t own the music they buy, they merely have purchased a license to use it.

“You agree to a set of conditions (when you buy it),” he said. “There’s a sticker on the outside of the CD that says it's copy protected, and comes with some limitations on how many times it can be copied."

While the tools might not be perfect, they are a step in the attempt to at least slow down would-be music pirates, said Sony’s John McKay.

"There are incredibly high levels of music piracy," McKay said. "Sony has created a series of speedbumps to piracy."

Even Sony's detractors say the company has a right to try to reign in piracy. Princeton University doctoral candidate J. Alex Halderman published a paper two years ago with trivial instructions – essentially, holding down the shift key while inserting the CD -- for defeating an earlier SunnComm anti-copying program. SunnComm threatened to sue him but eventually backed off.

Even Halderman thinks companies like Sony are in a tough spot.

“I am very sympathetic to the desire not to have copyrights infringed,” he said. “But in this case, the solution they are trying to apply is creating new problems.”

Door opened for hackers

The new problems, according to computer security experts, were severe. First 4's flawed program opened the door to hackers by re-writing part of the Windows operating system, hiding from view every file that began with the characters $sys$. The strategy troubled anti-virus firms, which said it could prevent their programs from finding some computer viruses. First 4’s Gilliat-Smith said he doubted the severity of the vulnerability, but still agreed to publish a fix that removed the rudimentary cloaking technology. Concerned consumers can download the patch from Sony or get it from their antivirus providers, he said.

“This is a tempest in a teacup,” Gilliat-Smith said. “It’s not designed to be sneaky. It’s meant to be a bar that makes it a little more difficult to circumvent.”

Ero Carrera, a virus researcher at F-secure Corp., disagreed. Consumers around the world now have the First 4 Internet program on their PCs. Many still might not realize it; and even those that do are unlikely to download and install the patch – consumers often don’t install patches from software makers.

Give me my hard drive back

Sam Curry, vice president of eTrust security management at Computer Associates Inc., says people are tired of seeing their PCs loaded up with unwanted and unexpected software – adware, spyware, Trojan horses.

“It’s time to say enough is enough. You invest $2,000 in a computer, you have the right to decide what’s on it,” he said. The music industry has piracy problems, but shouldn't “try to resolve those issues with ill-conceived attempt to control the users’ computers.”

Or, as Goldman puts it: “The outrage reflects frustration with software vendors deciding what's on your computer. People are beginning to say, ‘Stop it. Give me my hard drive back.’ ”

Bill Rosenblatt, editor of the newsletter DRM Watch and author of Digital Rights Management, says music CDs were never designed to stop 21st Century pirates, and now is not the time to start. "My opinion is that the record label people who use this technology are being told that it works and that it will solve their piracy problems whereas in fact neither is the case. It doesn't work well and it doesn't solve piracy problems.”

Jacobs insists SunnComm technology does work, and says the firm rarely gets complaints. The complaints that do arrive are almost all focused on the fact that MediaMax software doesn’t allow songs to be transferred to Apple iPods. That, he says, is more than a quirky problem, but the firm is close to settling compatibility issues with Apple.

Testing it on the public

But there are other problems; to play a music copy-protected CD on a PC, the user must have administrative rights on that computer, so the necessary software can be installed. That means some employees can’t listen to their CDs while at work, Halderman said. That’s a restriction few consumers imagine when they purchase music.

On the other hand, a simple Google search will tell a would-be pirate how to defeat the copy-protection technology, Halderman said, creating the scenario copy protection critics fear: honest consumers are hassled while criminals continue unobstructed.

“There’s no really good way of testing this stuff,” Rosenblatt said. “In effect, they are testing it on the public.”

But while the kinks are being worked out, Sony and First 4 might not be quite finished with last week’s controversy. Discussion and criticism continued this week on Russinovich’s blog and from antivirus firms. Russinovich said the software patch designed to fix First 4’s program tends to crash computers. And Computer Associate's Curry took exception to Sony BMG's requirements for uninstall. Users can’t do it alone -- they must go to Sony’s Web site and fill out a form. There, they have to supply a name, e-mail address, and the place they purchased the CD.

“Why is it that they are asking for (this information). This policy wasn't stipulated up front,” he said. It's not about digital rights management, he said, but rather “This is really about their paying customers and rights they have.”

One things seems certain after last week's dust-up: More arguing over both music and rights is sure to follow.

© 2005 MSNBC Interactive

smallequestrian · Nov 10, 2005

"Most people, I think, don’t even know what a rootkit is, so why should they care about it?"

Wow, that may be oneof the most assinine things I have heard from somebody in that type of position.

Rob, its not a virus per se, however root kits are a common tool of virus and trojan makers for gaining access to your PC. Basically Sony automatically installs the rootkit once you insert the cd into your computer. The rootkit is actually there to keep you from pirating, copying, burning, etc. the CD. However, the inherent nature of the rootkit means that techincally Sony has access to your PC. NOT COOL!

Of course this isn't cool for several reasons. One of them being, you own the music and due to legislated Fair Use, you have every right to make a backup for your own personal use, which this rootkit makes impossible. Of course this is poinntless because all you have to do is put the CD in a Mac or a Linux machine and you can happily rip all the copies you want. Plus there is always the analog hole, i.e. if you can hear it, you can record it.

Sacha · Nov 10, 2005

See, we get that old 'copyright holders' argument again. My take on it is that Sony have messed up with this one. There's protecting your product and there's taking it too far. Appears they've taken it too far this time round.

However what we do have to try and remember is that the record companies are still within their rights to be able to try and protect their copyright. After all, they don't owe us (the music buying public) anything. We keep them in business....but they're the people that day in, day out take risks on signing bands. Some are big deal, many are small deals....overall it adds up to massive figures. Even if Sony sign a band on a 'small' deal with a £100k advance, over the course of the year all those dozens/hundreds of bands' £100k's add up. They're the ones taking the risk and legally owning the copyright kinda entitles them to try new things out. Don't get me wrong, I do believe with HOW they went about this whole thing was WRONG but we still have to try and understand that they are still a company trying to protect their rights.

Also don't forget that they have to shift thousands of albums just to break even on these bands so you can kinda sympathise with them trying out, wrongly, new things.

Wow, I bet I've opened up a can of worms here....

roballanson · Nov 10, 2005

whoa....now I knew certain agencies could gain access to your PC but that is just not right. None of it.

I stick with my see you next tuesday comment....this big corporations are too much sometimes when it comes to civil liberties.

Very true Sacha - at the end of the day the corporation is there to serve its shareholders, and normaly it does this by standing on the rest of us. (see The Corporation by Joel Bakan)

Sacha · Nov 10, 2005

When companies start taking the piss with civil liberties, you know they've gone too far. I really don't know why record companies don't just get their arse in gear and tell companies like Real, Microsoft and Apple to just take out the ripping aspect of their programmes instead of going about taking the piss.

bovinehost · Nov 10, 2005

The real problems generated by piracy have nothing to do with regular consumers like us. Go to any 'flea market' type thing in Asia or Latin America (probably elsewhere, too) and you can find any title you like, pirated by guys who are not at all like us. Big factories.

Do you think rootkit chokeholds slow them down?

Of course not.

Sacha · Nov 10, 2005

For some reason so many governments across the world just ignore copyright law in regards to music. It's actually embarrassing to see some of the figures associated with mass CD copying.

Big Poppa · Nov 10, 2005

Jack

I couldnt agree more with you regarding Sonys invasive tactics. Lets look at this from a business perspective and start at the beginning of the advent of downloading and pirating.

First off stealing music is as bad as what Sony is doing. Talk to artists and see how much they make with a million selling cd vs the record company and then subtract the stolen songs and it becomes less likely that people will make music in a traditional way.
The only ones making out are the record companies and the thieves. What is it in our society that we cannot grasp the concept of supporting artists?

I now the drill 20 buck cd 2 good songs. blah blah blah

Now lets look at how the recording industry viewed the effects of technology on the distribution of music. THEY FOUGHT IT,THE LITIGATED, THEY WENT TO CONGRESS.
You cannot stay in business if you chose to fight to block technology in a protectionist way. You embrace and understand new technologies and be first to market and take the lead. THey created the opportunity for everyone, especially Steve Jobs.

Lets go back in time pre-Ipod/Itunes and look at Sony and Apples respective strengths
and try to figure out how badly Sony messed the bed.

Apple:
Cute nitchy computer company down to 2.5% total market share. Bet on hardware and let BIll Gates bet on software. ZERO background of musical distribution experienced. Zero captive catalog of material in which to distribute electronically. Zero consumer electronics experience.

SONY
Largest Catalog of recorded music in the world. One of the largest consumer electronic
companies, one the the top three television production companies. KING OF THE PERSONAL MUSIC SYSTEM>>>THE WALKMAN! THE WALKMANhundreds of millions sold.

Apple picked their pockets clean. If it was a fight they would stop it. While the pant load execs are kissing thier bonus' off, and making lawyers rich trying to fight social changes and evolving consumer trends we are left with:

Jobs is music king. People will pay 40% more for the ipod brand, walkmans are dinosaurs. People are loving the apple experience that they are selling boatloads of computers and everything else.

Sony is being killed by Samsung in the consumer electronics arena. In the old days if you knew little about tvs and stuff you bought sony, now you buy samsung. HOW COULD YOU SCREW UP THE WALKMAN!!!!!!!!! Business schools will be studying this for decades.

Now the Itunes is kickin serious booty and the 99 cent per song threshold Jobs banked on being the key and the record companies are now threatening to boycott Itunes unless they charge more for major artists hits...99 cents isnt enough...Mariah Carrey should be $1.49. Credit to Steve Jobs that he is refusing breaking the price point.

Who knew that you would get your music from apple electronically and fabulous cds from your coffee shop, Starbucks....

Sorry for the rant but this is just crazy!

Beth · Nov 10, 2005

Let's make Cowpilot "GIVE ME MY HARD DRIVE BACK" t-shirts in protest

Beth · Nov 10, 2005

or a t-shirt that says "what part of 'C:/My Computer' don't you understand?!?!"

bassmonkeee · Nov 10, 2005

Damn. I was actually interested in the new Neil Diamond album--it was produced by Rick Rubin, who did wonders for the latter day Johnny Cash stuff.

Oh, well. Won't be buying that now....

Psycho Ward · Nov 10, 2005

This is why I play music for spite!

Big Poppa · Nov 10, 2005

buy it on itunes, dont torture the artist, just dont buy prerecorded cds from companies that think your hard drive is their time share!

nspark · Nov 10, 2005

Sacha said:
I really don't know why record companies don't just get their arse in gear and tell companies like Real, Microsoft and Apple to just take out the ripping aspect of their programmes instead of going about taking the piss.

That will never happen. Or, at least, if the record companies / RIAA tell Apple, Microsoft, or Real that, they will just be laughed at. The computer-based audio/music business is too profitable.

The bigger issue lies with these new "copy protection schemes." At present, a true DRM scheme that doesn't employ shady techniques requires an entirely new standard to replace the Compact Disc Digital Audio standard. If they stray too far from CDDA, it won't play in standard CD players. If they stick to CDDA, they can't stop the tracks from being ripped. I believe that the ability to rip a CD is fair use. I bought the CD, I should be able to put it on my iPod for my personal listening. The problem is that the vast majority of people then go ahead and share this music. Back to my point, I don't expect a standard to replace CDDA any time soon. CD's have been around in mainstream usage for nearly two decades and frankly, who wants to pay for entirely new equipment just to listen to a new album? The record companies know that forcing a new, DRM-based "CD" standard would hurt their business. Also, even these "higher-fidelity" CDs really make me wonder, do we really want to hear all that "new sound"? Higher fidelity isn't necessarily better. I remember reading that either Chris or Tom Lord-Alge (both two of the most in-demand mixers in the country) won't touch a pure-digital set of tracks for mixing. He'll always copy it to analog then reimport it as digital just to get the sound he wants. So frankly, the fidelity of the CD is all I could ever want. Also, it's just my opinion, but the new 5.1 mixes of non-live performance audio (e.g., the new Dual-Disc CD/DVD things) are really pointless.

So, what does this leave the companies to do to prevent piracy? They implement these shady schemes that, in many cases, install software or, in cases like this, a virus/malware-inspired scheme that the average user has no idea or expectations of the results or effects. Claiming that the end-user is generally ignorant is asinine. If you had to pop a pill every morning to drive your car, but were never told what it did or how it affected you, would you? This guy seems to think so. I understand that the record companies feel that they need to protect their products, but I also think that they've gone too far.

Also, in regards to Apple, the common rhetoric is that the record companies say that Apple won't license their Fair-Play DRM scheme so that CD's can be DRM-protected on Apple machines and that it's hurting the business. Frankly, I think the idea of DRM-ing a CD is hurting the business. I recently bought two albums from Sony BMG, Switchfoot's "Nothing Is Sound" and the Foo Fighters's "In Your Honor." Both are copy protected CDs and I had to go through some trouble, though not too much, to get them ripped onto my computer for listening with my iPod. Regardless, I had to go through trouble to do it and that's what bothers me. If I didn't know how to get around it, I wouldn't have bought the CD and consequently, wouldn't have listened to any new material from those bands. And if I'm basically forced to stop listening to them, I don't think I'll start back up.

I wish the recording companies and the RIAA would realize that, in the end, these cloak-and-dagger tactics to protect their music through hidden protection schemes that are borderline malware/viruses will only end up hurting their business. They slowly make these protection schemes more invasive and further alienate their consumers. In fact, a good friend of mine had difficultly playing his own purchased copy of "Nothing Is Sound" in his very own Sony CD player. At first, it wouldn't even recognize the CD. Talk about irony. If I wasn't such a fan of certain bands in particular, I'd have to side with Jack and say "no more Sony for me" (though Sony is certainly not the only one doing this). For now, though, I'm just going to enjoy the music I already own and hope that these companies pull their heads out of the sand and realize they're hurting themselves.

-Nick

Sacha · Nov 10, 2005

To be honest, theoretically, you're not meant to be having MP3s and digital music on your computer except those bought from a legitimate online source or with the direct consent of the copyright holder.

But that's just me being a knob and telling you all that because...er....because....well, I have nothing better to say. Weep...

nspark · Nov 10, 2005

Sacha said:
To be honest, theoretically, you're not meant to be having MP3s and digital music on your computer except those bought from a legitimate online source or with the direct consent of the copyright holder.

Generally speaking, it's considered fair-use to make a copy of a copyrighted work (like a CD) for your own personal consumption. It cannot be shared or distributed, as that's when you violate copyright laws. That, at least, is my understanding of it all.

Sacha · Nov 10, 2005

Might be different in the States but over here you're not allowed. Any Fair Use (which I believe is an aspect of American stuff so you can kinda ignore my coming rant) equivalent over here will allow you, in some cases, to make a copy....however not for USE, for use as an unused backup. This backup must also be made in the same format that you get it. You get a CD, you can copy it to a CDR. You get a DRM equipped file, you copy it as a DRM file.

Plus, there's no money (well, not much) in it for software programmers as big as Apple and Microsoft to bother having ripping software. Microsoft are just trying to make sure they stay top and Apple will actually end up making more money because the customers will have to buy the tracks online....which is the whole intention of 'MP3' players. Why should you be allowed to copy a CD and run it on a different system? Could you play vinyls on CD players? Nope. The record companies release something in a particular format and that's how they want it to stay. I'm not saying that it's morally correct but you can't do it with any other format. Can you buy a green jumper...and copy it for free in blue? No, you'd have to go and buy it again if you want it any different. So why should music be any different?

Beth · Nov 10, 2005

I think this is more of a privacy issue than a piracy issue...

Like Bovine stated before, the percentage of $ made/lost by record companies off of individual users copying CD's to their computer and sharing it with friends is nil when compared to pirating companies in Asia selling pirated copies of CD's and DVD's. Saw a lot of it myself in cities like Hong Kong and other shopping hubs around Asia. No thanks, I'd rather buy the real thing.

I, myself, have spent a lot of time and $$$ in the itunes shop lately... I love it! $.99/track or sometimes $9.99 for the whole album. Great deal, and it's super-duper easy to import them onto my (NEW) ipod, rather than importing the CD + some player I won't use + some hidden software used to look at my computer without me knowing it. OK, OK, OK, I know I'm belatedly really excited about this whole ipod thing, but I'm a little behind the times when it comes to new technology. I didn't get a cell phone until Dec 2003.... I'm pretty fired up over this privacy thing, tho. Maybe because I've always been one of those "conspiracy theory" people -- big brother IS always watching. Wouldn't you agree, Bovine? Hmm? Hmm?

So what do y'all think of my t-shirt idea? Too nerdy? "Hey Sony! What part of 'C:/MY Computer' don't you understand?!?!" :B :B :B

Sony BMG - Beware

bovinehost

roballanson

Well-known member

bovinehost

smallequestrian

Well-known member

Sacha

Active member

roballanson

Well-known member

Sacha

Active member

bovinehost

Sacha

Active member

Big Poppa

Well-known member

Beth

Well-known member

Beth

Well-known member

bassmonkeee

Well-known member

Psycho Ward

Well-known member

Big Poppa

Well-known member

nspark

Well-known member

Sacha

Active member

nspark

Well-known member

Sacha

Active member

Beth

Well-known member