MESSAGE
DATE | 2005-11-03 |
FROM | Ruben Safir
|
SUBJECT | Subject: [NYLXS - HANGOUT] More Sony DRM
|
Sony DRM is worse than you might think
Comment Active exploits and no help from Sony
By Charlie Demerjian: Thursday 03 November 2005, 09:40
Click to Visit
SONY SCREWED UP WITH its rights removal to protect its profit margins philosophy and there is no way the use of rootkits can be justified.
Caught with its pants down, what did it do? Make things right? Heck no, it blamed the user, and doesn't do anything more than window dressing to deflect what are valid criticisms.
If you read the Sony PR spin masquerading as a FAQ here, the tepid responses it give are laughable. Number one states that the technology is used to prevent copying, but that is true for only Windows boxes, so why the discrimination? It only affects legitimate users. If you want to copy the music, all you need to do is hold down the shift key when inserting it and you are free to copy. That or have a non-Windows computer.
To make matters worse, a cursory check of the file trading networks shows that the Van Zant album is available for download on a whim. The pirates who don't want to pay will have no trouble getting it, but those who abide by the law will get punished. Also, if you look at FAQ Number 4 under equipment compatibility, it cuts iPod users out of the mix. Hmm, Sony only sells Windows based computers, and sells a competitor to the iPod. Sense a conflict of interest there that you are paying for?
So to Number 2. "How do I know if a Sony/BMG disc is" DRM infected? It says it is clearly marked on the label, and yup, it's right, it is. I went over to Best Buy tonight and found it on the label plain and clear. There was also absolutely no listing of rootkits being forcibly installed on your PC, and not being uninstallable, however.
There was no warning that you had to play it through their player, or that it would spit out the disc if you had programs open that it did not like. If you don't like these terms and rights removals, and you try to return it, those few places that will take back open recordings tend to charge a restock fee. In the case of Best Buy tonight, it is 15%, I asked. I don't think Sony will refund you that money.
Number four tells you to consult the EULA when you want to copy the disc. Which madhouse did we step into that now means a CD needs a EULA? I stopped buying CDs so I wouldn't have to give money to rapacious weasels years ago, and none of the CDs I own have a EULA on them. It is madness. So, at Best Buy tonight, I tried to consult the EULA before I bought the Van Zant CD.
It wasn't on the CD package, not on the shelves near by, and the blue shirted aisle trolls had no idea what I was talking about. No, they could not provide me with one, I did ask though. So, if you are dumb enough to buy a Sony CD, and don't want to rootkit your machine, you can't find out beforehand, have to agree to a one sided contract that you can't read before you say yes, and can't get your money back. Wonderful, thank you Sony.
The last part of the FAQ is Number 6, which claims that its CDs are not spyware/malware infected. The prefix 'mal-' according to Merriam-Webster means 1) bad 2) abnormal 3) inadequate. -ware is short for software. This means malware is defined as bad software.
If you look at the Sony rootkit, it does several things. It strips you of your rights, it potentially causes your computer harm, it breaks your computer if you remove it, and eats your CPU time. All of these things are bad, no question there. It also does the end user no good in any way, shape or form, not even by the most demented stretch of the imagination. It only hurts those who spent money to buy it.
It does Sony no good either because the files are rippable on a whim by anything more intelligent than a half-drunk monkey. So, you have software that does you flat out harm, and no good for the producer. What isn't malware about this, and how can Sony claim this? This is the service pack from hell.
If you want to look at this another way, take a different example. Imagine that you walked up to a person that you know and said: "Hey friend, check out this new cool CD I made". He drops it in his computer, and without his permission, it installs a rootkit on his machine. Good joke, right?
Say you want to remove the Sony stuff. According to no less a source than The Washington Post, the bare minimum you have to do to remove the rootkitted DRM infection is give up your privacy. If you go to the Sony page, here, you have to give Sony your email at the very least, and according to the WP story, Sony then grills you about your reasons for not liking being rootkitted.
So, if you want to remove it, go here and click the link. Don't use Firefox though, it won't work, it's Internet Explorer only. If you are concerned enough about security, you probably know enough not to use IE. Once again, brilliant Sony, just brilliant.
The funniest part is that you don't actually remove the software with this tool, only make it visible, and you are still infected up and down with DRM. Should you be lucid enough to realise that you don't want this crap within a few miles of your system, you have to go through the grilling process above. Want to make it seem even more surreal? If you remove the malware and DRM infection, you can't play the CD anymore. Nope, the money you spent on Sony products is gone. Mal-way or the highway.
If you try to remove it yourself, you risk breaking your optical discs, or it kills them for you. Mark from Sysinternals is more than smart enough to figure out how to fix this, but are you? Off the top of your head, how do you do that again, no looking it up? To make matters worse, it installs itself so it runs in safe mode, and if it conflicts with something, you are really hosed. Sony's response? "This component is not malicious and does not compromise security.". There are already exploits out there that take advantage of this.
Sony compromised your system and will not directly allow you to remove it without compromising your privacy. It also will not replace your defective CDs with non-infected ones. If you hose your computer or network with this infection, and want to play your music, do not pass go, do not collect $200. Really, it won't help customers who simply don't want this, read #3 in the FAQ.
Sony is generously working with anti-virus companies on this. Now, this means to deal with the problem, you have to know it's there, and that's kind of hard because the malware rootkit that Sony infects you with is designed to prevent this.
Now, let's just pretend we don't realise that the the antivirus companies themselves are not complicit. If you want to mass-rootkit people, just ask Symantec beforehand. Look at what Cnet had to say about it. "The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk, and that its team worked closely with big antivirus companies such as Symantec to ensure that was the case." But there are active exploits already, as we pointed out earlier.
All this makes you wonder a lot about Microsoft's upcoming security software, doesn't it?
So, rather than come clean, Sony minimises the problem, blames the user, and refuses to help you out. If you have CDs infected with this rootkit and DRM, Sony has to replace them. They are, flat out, a danger to computing. Don't believe me? Look at that Washington Post article again. The head of F-Secure says that the Sony malware, when running on Windows Vista "breaks the operating system spectacularly". Nope, that can't be right, just ask Sony, because it said so in the FAQ. It won't fix the problem, they won't let you work around it legally and still listen to the music you paid for, and won't help you.
As of four hours ago, these things were still on the shelf at Best Buy.
To end on an up note, just think about these two things. What you are seeing is the light and happy side of rights removing DRM infections. There is a bill going through congress to remove more of your rights. Yes, they can't control the analogue hole, and can't legally force you to bow to them, so they are buying government to change the laws and accomplish both goals. No good will come to the end user because of this, but it sure will make a lot of people rich.
More happy news? These merchants are designing the next generation drives called Blu-Ray with much more DRM built into the hardware. It is bad enough to make me back the views of Bill Gates on the subject with absolute open arms. These are scary times people, and if we let Sony get away with this now, it will only get worse and harder to stop later. ยต
|
|