I don’t pretend to understand much of this, but it seems pretty bad.
Anyone please explain in very basic terms things such as ‘rootkit’, and anything else that might be helpful to assist in working out how outraged or otherwise we should be.
cadave , I’m no expert on this stuff, but I read about this here and it seems to be a good general overview of the situation.
And I agree with you, it does seem pretty bad. What with this and things like PC game copy protection schemes, it seems like companies are making life miserable for honest customers to spite pirates who won’t be effected in the long run.
There is also Slashdot which has some good (and much bad) discussion.
I think that last line is important. Really in the general course of your daily computing tasks there shouldn’t be a reason to run with Administrator rights but increasing numbers of Windows programs now require that the user is a local admin. I heard that new versions of Winamp complain if installed as a user and now playing CDs as well.
Guess you are out of luck if you want to listen to Switchfoot (whoever they are) at work.
A rootkit is a collection of tools that are used to hide an intrusion into a computer and possibly to give administrator-level access to someone.
This particular one sounds like it’s hiding files and drivers used for DRM. Maybe it’s theoretically possible that a hacker could exploit it and gain administrator access to your machine, but it doesn’t seem to be intended for that purpose.
It also resists uninstalling, and can cause your CD driver to be missing from Explorer if you delete it. If I had this on my computer, I’d immediately take it to someone who knows what they are doing in a Windows registry and have them get rid of it.
I notice from reading the news article on Sony patching the software is that they’re not changing the way it functions, or the function it performs, but are only removing the code that attempts to hide it from the system. To listen to their CDs on your computer you’ll still need to install it.
It makes me wonder what will happen if other publishers go down this route. If publisher X’s software works in the same way will it be able to safely install if Sony’s software is already there? If so, how will Sony’s software react next time you insert a Sony CD?
This could end up with a situation where you need to have a separate PC to listen to each publisher’s CDs since they all fight so viciously for the privileged position in the system drivers. And woe betide anyone who puts the wrong CD in - that’d probably mean a system rebuild.
The stuff about having to be logged in as an administrator to listen to the music is also totally ridiculous. We’re having an uphill battle to convince people not to do that in the first place but if Sony link Admin rights to such basic functions as listening to music then the battle is lost. Malware and viruses will continue to flourish with this advantage.
Programs like Winamp assuing they’ll have write access to their program directory doesn’t help either. MS have had quite clear guidelines on this kind of thing out for years now and it’s still astounding that otherwise professional and accomplished developers keep making the same mistakes. For the interested there’s a Hall of Shame here for applications that make this mistake.
Sony executives have ordered their programmers to do the very same things that get 133t haquer d00dz sent to the pen. If the claim that there is one law for everybody actually meant anything, these executives and programmers would join the 133t haquer d00dz in Billy Bob’s cellblock harem.
I meant to open a pit thread about this but casdave beat me to it.
This is absolutely unacceptable. I emailed Sony about my displeasure including the fact that I will not buy any of their CDs anymore until I know that they are not going to pull this kind of crap. I am also emailing every artist that I on Sony that I will not buy any of their CDs with this kinda crap going on.
The funny thing is I am against file sharing. Now, with this kind of behavior, I am more than willing to think about doing illegal filesharing because I WILL NOT have this kinda crap installed on my computer.
Wait, so because I am running linux I wouldn’t be able to run one of these cd’s in my cd-rom drive?
I would care, but the music they put out these days sucks anyway.
Well, if you’re running Linux, or Mac, or anything NOT AUTORUNNING FSKING CDs, then you’re safe. >90% of the world, however, has autorunning CDs. THe autorun apparently modifies some windows APIs and replaces some drivers. Otherwise, it’s a basic music CD. I don’t know if there is any other protection on it, but I’ve heard Macs can simply do whatever they used to do.
I think the term “spyware” should be renamed. I don’t so much mind the collection of my data (although it is a concern), but I mind the using of my computer resources and generally FSKING UP MY MACHINE. I mean, I’d like to think of myself as a generally more advanced computer user, and I probably could get this thing off my PC if I really tried, and had help from the internet, but honestly. “Keeping honest users honest?”
They’re admitting that they want to annoy the people that feed them.
I wonder if Sony could be prosecuted due to the fact that their program breaks some operating systems, and trying to remove it renders your CD ROM drive disfunctional?
It depends on whether EULAs are accepted. It was stated in the EULA that by putting the CD into your CD drive you were consenting to install yadda yadda etc. I think that that’s an abuse of contract law, but YMMV.
It could be argued that since they knowingly put rootkits on computers, they damaged the security of numerous computers, and so broke the law(s) prohibiting such things couldn’t it?
Yep. The harder they make on honest users, the more likely those honest users are to turn dishonest. So they don’t even faze the pirates and only turn many otherwise honest people into criminals. “Well, I woulda bought that CD, but I can only play it on this one computer, and it doesn’t even work right then. So I got it from [whatever place they stole it from].”
Tabby_Cat, what does FSKING stand for? I keep trying to think of likely acronyms, but nothing comes to mind.
However, the problem is that it doesn’t really “compromise” your security. It makes it harder to impossible for virus-scanners to detect viruses that exploit the sys thing, but it doesn’t affect the virus transmission vectors.
In addition, you “consented” via the EULA to have them make changes to your computer. I assume that the UK does not accept the validity of EULAs, because of the quote linked to above, but I believe that EULA has been approved of in the US. It is currently unknown if you can indeed consent to such an operation by software through consent via EULA, but I don’t think the matter is likely to go to court - Sony has deep pockets, and can outlast any potential individual who would sue. And they would simply settle with any big company.
And “fsking” is just a made-up swear word.
I was thinking more along the lines of potential criminal prosecution. At the least, they ought to tighten the laws so that other companies can’t sneak such things into their products, even with EULAs.
I’d certainly like that, but that would be legislation to protect the consumer, at the expense of business. Apparently consumers are simply filthy thieves now, and it seems all new legislation lately must treat them as such.
