The usual canned introduction: The original Napster corporation has been destroyed, its trademarks now owned by an authorized music retailer which does not use peer-to-peer technology. But the Napster paradigm, in which computers and networks give ordinary people unprecedented control over content, continues. This is another quarterly installment in a series of weblog and discussion about the deconstruction of the music industry and other copyright industries, with side forays into "intellectual property, freedom of expression, electronic media, corporate control, and evolving technology," as polygon once phrased it. Several years of back items are easily found in the music2 and music3 conferences, covering discussions all the way back to the initial popularity of the MP3 format. These items are linked between the current Agora conference and the Music conference.53 responses total.
Sony/BMG CDs can now come with a copy protection system which, when used in a Windows PC, installs a rootkit, hidden software which requires a high degree of skill to find and remove. Wheeee! http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.h tml http://www.f-secure.com/weblog/#00000691 (For the non-obsessive, Sony/BMG is the joint music operation of Sony and Bertelsmann, one of the four surviving Big Music corporations.)
How does linux react to Sony CDs? I had to use a version of readcd later than 1999 to bypass copy protection.
What are the implications of this malware to employers that allow their workers to listen to Sony CD's on the desktop?
It is probably no longer advisable to allow employees to put their own CDs in their work computers. (Arguably it hasn't been advisable ever since Microsoft added the idea of "autorun" CDs to their OS years ago..)
The first question I always ask: Does your organization give the enduser "Administrator" or "Power User" level at the desktop. We're in the process of rolling out Altiris but the learning curve is pretty strained for these guys..they're struggling just with the symantec scanning logs being retained from the local boxes. That means: We need to devise a laptop scanning policy that ensures at least a weekly scan without user interference and also ensures we have it logged somewhere(think SOX).
Many new PCs in the workplace have neither a floppy disk drive nor a CD drive.
But plenty o USB minicruzer ready ports...
Re #1: Yes, I read that article. In the comments, the issue was raised whether this practice by Sony is even legal, given laws against surreptitious installation of malware/spyware by third parties. Is a class action suit against Sony looming on the horizon?
Sherman Networks Part 2...
"surreptitious installation of malware/spyware by third parties" because when it's by first parties, nobody cares.It's legal. Microsoft Vista, where do you want to get eavesdropped today?
8: Can't be far off, I imagine. The real question is whether the courts will validate such a suit before Sony buys enough Congresscritters to make it explicitly legal for Sony to do what's illegal if anyone else does it.
The current Sony DRM scam crashes M$ Vista dead in its tracks. Oops. Thank Bill its only a Beta... Some wire stories indicate Sony is releasing a "patch" (for an M$ OS?) that fixes the problem they created. HIFNFT. Rumors of code in the wild to exploit the pre-deployed rootkit.
unlucky
It appears that Sony is being sued over the rootkit thing. http://www.theinquirer.net/?article=27508 Also, Grokster has officially shut down. An interesting take on this appears in the TechDirt blog: http://techdirt.com/articles/20051107/1154257_F.shtml
Re: #14, 1st para. Oh, Good.
You just have to wonder what went through the minds of the "leadership" at Sony that knowingly proceeded with this approach. Undoubtedly somewhere behind it were legal advisers whose throats desperately need to be cut.
I'd wager that the leaders who make these decitions have little to no clue about the technology involved -- someone at a DRM startup company pitches them a solution that they say will keep the kids from ripping all that juicy product and the suits at the top say "That's great! It's just what we're looking for to ummm, 'enhance' the customer experience." In support of my assumption, I offer this line of reasoning -- if the executives in charge of this sort of thing *did* have any sort of clue about audio and computer technology, why would they keep going for these half-assed measures time and time again?
re #17 if the executives in charge of this sort of thing *did* have any sort of clue about audio and computer technology, why would they keep going for these half-assed measures time and time again? Picture the scene in Austin Powers where Dr.Evil says "I will hold the world ransom for....1 million dollars..muhahahaha.."
I have no proof but I speculate that some lawyer time advised management that if they weasle worded their EULA a certain way they could claim that by the letter of the law they weren't doing anything wrong. Can't Sony management comprehend that this approach can't be worth it in comparison to the ill will for the company when the "scandal" finally came out (which they surely must / should have know that it would).
Sherman Networks
Is that as in "Sherman Antitrust Act", or a misspelling of "Sharman"?
Sharman mispelled
don't squeeze it
Don't try to tell me what to do, Whipple.. :-p
Huh???? =^O.o^=
lolol
(that *was* the name of the nebbishy control-freak in the "please don't squeeze the charmin" ads, wasn't it?)
The "Sony Rootkit CD" story keeps growing. If the following report holds up... *grrrrrr* >>>"According to Computer Associates, the Sony software makes itself a > default media player on a computer after it is installed. The software > then reports back the user's Internet address and identifies which CDs > are played on that computer. Intentionally or not, the software also > seems to damage a computer's ability to "rip" clean copies of MP3s > from non-copy protected CDs, the security company said. >>>"It will effectively insert pseudo-random noise into a file so that > it becomes less listenable," said Sam Curry, a Computer Associates > vice president. "What's disturbing about this is the lack of notice, > the lack of consent, and the lack of an easy removal tool." Computer Associates is one of the antivirus firms which says it is going to have their products delete the Sony DRM package. http://www.zdnet.com.au/news/security/soa/Antivirus_firms_target_Sony_rootk it_/0,2000061744,39221702,00.htm From other discussions, it is believed that Amazon.com does a good job of identifying which Sony CDs contain DRM, and presumably the rootkit. The new Kate Bush release for Sony, oddly, is not listed as a protected CD, and on the velvetrope.com discussion, two people confirm that the disc does not contain the rootkit.
Is Kate Bush related to George Walker Bush?
They each share about 97% of their DNA with chimpanzees.. ..but don't get too excited, so do the rest of us. Other than that, no relation so far as I know.
If nharmon is seriously asking that question, I'd say that 12 years *was* too long for Kate to be away from the music business. :)
I really gotta wonder why anybody would burn Sony CDs in the first place. You've already been suckered once into buying their stuff.
Why a Sony rootkitted CD might end up in your computer: 1) People might just be into using their computer as a music audio source, either at home or at work. 2) People might want a backup copy for the car, where CDs could be more vulnerable to scratching through careless handling. Big Music has pretty much conceded this falls under fair use. 3) You might want to rip the tracks from the Sony CD you purchased to load into your portable music player.
From a response on Slashdot that I found amusing: > I'm still waiting for a worm that uses the Sony rootkit to hide itself, > spreads to many computers, and then [launches a distributed-denial-of > service attack against] sony.com.
AOL once had such a mishap.
Virus Uses Sony BMG Software to Hide on PCs Los Angeles Times 11/11/05 by Reuters Copyright 2003 / The Times Mirror Company ------------------------------------------------------------------------------- A computer security firm said it had discovered the first virus that used music publisher Sony BMG's controversial CD copy-protection software to hide on PCs and wreak havoc. Under a subject line containing the words Photo approval, a hacker has mass- mailed the so-called Stinx-E Trojan virus to British e-mail addresses, said British anti-virus firm Sophos. When recipients click on an attachment, they install malware, which may tear down a computer's firewall and give hackers access to a PC. The malware hides by using Sony BMG software that is also hidden; the software is installed on a computer when consumers play Sony's copy-protected music CDs.
Sony has apparently withdrawn the rootkit. This just posted in the
Techdirt blog (http://tinyurl.com/dzp2v):
You can already see the case studies being written about how badly
Sony-BMG has handled this whole rootkit mess. First they absolutely
denied it was a problem. Then, when the attention didn't die down
immediately, they offered a "patch" and assumed that as long as they
announced they had a patch, everyone would stop paying attention.
Unfortunately, enough people kept paying attention and noticed that
the patch didn't help much, and in some cases made the situation
worse. Following that, they pulled out the desperation card of
basically saying what you don't know can't hurt you, which just made
things even worse for them and resulted in at least one, and
possibly more, lawsuits. So, now, two weeks after this was brought
to their attention, and days after virus writers started using the
rootkit to hide malware (which everyone told Sony was bound to
happen), Sony BMG has finally agreed to stop using the rootkit
technology... temporarily. Not only that, but they do so defiantly,
without an apology, saying there's really no risk and they still
have the right to use such technology, but they'll stop temporarily
as a "precautionary measure." Precautionary against what? It seems
mostly like precautionary against bad press, which they hope will
finally die down.
I read about that on Slashdot. Here is a quote from Stewart Baker, policy czar for DHS: "It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days." It was suggested that you keep that quote tucked away somewhere for when Microsoft and the guv'mint starts advocating for "Trusted Computing".
Even the comics are hip to this debacle: http://www.ucomics.com/foxtrot/2005/11/21/
More Sony rootkit news: It appears that First4Internet, the company that developed the rootkit software used by Sony, may have used open source code in the product, in violation of the open source license. http://techdirt.com/articles/20051128/1412218_F.shtml Boing Boing has uncovered messages by First4Internet programmers to mailing lists asking for help in developing the software. They're an amusing read. http://www.boingboing.net/2005/11/27/prehistory_of_the_so.html http://www.boingboing.net/2005/11/28/sony_rootkit_author_.html The New York State attorney general is investigating and may seek penalties. http://tinyurl.com/ad9to
A google search on "kazaa" turn up this interesting message at the bottom of the search page: ---- In response to a complaint we received under the US Digital Millennium Copyright Act, we have removed 1 result(s) from this page. If you wish, you may read the DMCA complaint that caused the removal(s) at ChillingEffects.org. ---- Found this on Digg: http://digg.com/security/Google_Blocking_Search_Results_Because_of_DMCA
If you don't mind, could you specify the terms of the search that generated those results? I'd like to know more about what sort of things are being blocked.
The linked page proports to be a complaint by the owner of Kazaa against a series of websites with kazaa in the URL (eg, kazaalite.com, kazaa-france.com, et) plus a few other sites, for distributing "unauthorized copies" of the kazaa software.
Re #42: The search term was simply "kazaa".
The Wall Street Journal covers the unhappy Christmas shopping season of Big Music. Additional chatter from The Velvet Rope, allegedly a music-biz discussion board. The headline and sub-heads-- "Silent Night for Music Sales: Holiday Buyers Spurn Tunes As Industry Picture Worsens; 'Cesspool of Really Bad Bands'" http://online.wsj.com/public/article/SB113469750280524159-cHiBMNTXDkDv9L46K _JDaIjOcy8_20061215.html?mod=tff_main_tff_top http://www.velvetrope.com/ubbthreads/showflat.php?Cat=&Board=UBB1&Number=722160&page=1&view=collapsed&sb=5&o=2&fpart=1 (( no tinyurl for you!!! )) Quote: >> "Music sales at Virgin Megastores' 20 North American locations are down nearly 20%... Other music retailers report similar numbers." >> "During the crucial Thanksgiving week, the top 10 albums sold 40% fewer copies than the top 10 albums during the same week in 2004."
Who are we supposed to be buying this holiday season? I can't offhand think of any new music I'm excited about and I doubt I'm the only one.. I'm mildly interested in the boxed set that was just released of little-known tracks by sixties girl-group bands but not enough to invest in it..
Well, Kevin Federline's album isn't out yet, so I guess there's not much. I think that people in our age bracket are supposed to be buying box-sets of the groups we loved in our adolescence. It's either that or The Pussycat Dolls.
(What if the groups you loved in your adolescence were things like the New York Philharmonic, the Cleveland Symphony Orchestra, and the Budapest String Quartet?)
Are there no box-sets of them? Either that or you could buy them on SACD, which would no doubt make Sony happy. The trouble is most of their music is timeless, which doesn't make it bad music but does make for poor nostalgia.
I came up with a sizable list of CDs for my letter to Santa, but just about all of them are European folk/world releases. It's a great period for me and the maybe 1000 other Americans who listen to this stuff. :)
Hard news and rumors are turning up about the Musicland operation, which runs the venerable chain store Sam Goody, and which was still one of the top ten music retailers in the USA. Hard news is that Musicland is going to shutter the Media Play retail operation, which sold CDs, books and DVDs at 61 locations, including Ann Arbor. That's widely reported in mainstream media. A report which is mostly behind a Billboard subscription wall does have a teaser peeking out. It says that Musicland is asking its suppliers (presumably of CDs?) to accept 50% of what they are owed, and to take a IOU note for the rest. And, in bloggy rumor land, the Coolfer blog quotes HitsDailyDouble as rumoring that creditor banks have taken control of Musicland, but that's not confirmed anywhere I can find.
French Parliament Votes to Allow Web File Sharing (Update1) ----------------------------------------------------------- Dec. 22 (Bloomberg) -- The French Parliament voted last night to allow free sharing of music and movies on the Internet, setting up a conflict with both the French government and with media companies. If the amendment survives, France would be the first country to legalize so called peer-to-peer downloading, said Jean-Baptiste Soufron, legal counsel to the Association of Audionautes, a French group that defends people accused of improperly sharing music files. (Full story at http://www.bloomberg.com/apps/news?pid=10000085&sid=avOoTq8aXkU8)
This is really weird, especially considering they recently voted (or were going to vote) to outlaw open-source software. I don't particularly disagree with this decision, but that doesn't mean they know what they're doing.
You have several choices: