OT: A Scary Trend - Sony Spyware Goes Too Far

Chienworks wrote on 11/5/2005, 3:19 PM

Isn't that what OSses are supposed to do?

MH_Stevens wrote on 11/5/2005, 7:12 PM

Apple or the Russians have probably got their own secret system that will fly while BluRay and HDDVD commit suicide together. There is enough good independent stuff around now that we all have the opportunity to use things like Vegas and Acid that the kids just might realise they don't need the man's commercialised and infiltrated worm laden stuff.

kdm wrote on 11/5/2005, 8:00 PM

What companies aren't taking into account is that the buying public will only put up with so much exclusivity and restrictive technology that adds nothing to the reason for buying the CD or DVD, esp. when it is a new, darker twist to an already matured format (CDs).

Currently the DVD market is impacting theatre attendance - add copy projection that makes playing DVDs either a risk, or a royal pain (even if only a misperception), that will reverse and the DVD market will suffer (esp. with developing options for downloading movies, etc). The same goes for CDs. Once word circulates even more of how copy protection could affect the end user, buyers will be very wary of purchasing a CD that (even if not completely accurate) they think could render their PC CD drive useless, or worse, infect their PC. Why would the average buyer risk paying several hundred $$ to fix their PC when they can buy an iPod and online music subscription for about the same price?

People are used to the convenience, durability, and repeat entertainment CDs and DVDs offer - jeopardize that, and the market will take a painful hit - assuming companies offering alternative solutions jump on the opportunity. I am sure most have seen the writing on the wall. The worst mistake any company can make is trying to aggressively hang onto table scraps when dinner is over. The CD could easily be around for a while, unless the industry buries it with paranoia.

New techonologies with invasive or highly restrictive protection formats risk not even getting off the ground with that perception and experience firmly planted in the buyers mind.

farss wrote on 11/6/2005, 2:38 AM

Not that I want to keep this thread meandering anymore but here's another silly thing I noticed a few days ago. I've been looking around for the best deal on a PSP and I saw there's quite a few videos available on UMD. Now as much as I like very much the idea of the PSP to put some of my own content on to show clients the idea of watching a hollywood blockbuster on such a small screen just seems wrong to me but anyway maybe the idea could grow on me.
Except the same title on UMD is more expensive than on a regular DVD! What a piece of marketing genius, how to cripple the uptake of the device. Given that one cannot legaly copy a DVD into the memory stick one's forced to buy the title again, and pay more for the privelege of watching it on a tiny screen. Now a smart marketing move surely would be to include a UMD version of new releases on UMDs along with the regular DVD or even put a pre encoded file that one could copy into the memory stick on the DVD as a bonus.
But this gets even sillier. Bring along 10 unwanted PS2 or XBox games and they'll knock 30% of the price of the PSP! There was some other discount too for games, so Sony realise they need a carrot to draw in the punters but that doesn't seem to extend to movies.
Of course I could just buy a cheap portable DVD player which will do all I want, and play the DVDs I already own or I could do as I'm certain most people will, put a patch on my eye and a parrot on my shoulder and let her rip. Is this the whole silly VHS thing all over again, "Please don't pirate our movies but we have a really nice gizmo to make it simple to do"
Bob.

Erk wrote on 11/6/2005, 2:57 AM

kdm,

>Once word circulates even more of how copy protection could affect the end user, buyers will be very wary of purchasing a CD that (even if not completely accurate) they think could render their PC CD drive useless, or worse, infect their PC. <

I'm not so sure about that. I think people with moderate- to geek-level PC knowledge would hear about the dangers, understand them, and probably change their buying habits. But the vast majority of users of PCs and other technology aren't geeky at all. For example, after years of warnings and serious damage caused by internet infections, think how many average PC users still open unknown attachments, don't run anti-virus/firewall/ant-spyware, etc.

I agree with your larger point -- that if media companies jeopardize the "convenience, durability, and repeat entertainment CDs and DVDs," they risk killing their market -- but I think that it would take quite a bit of abuse before the average user (ie, not geeky at all) would come to change his buying habits.

Here's what I mean: every time I sit in front of a PC owned by a non-geek (ie, the vast majority of PC owners), it is full of crap installed against their wishes and/or without their knowledge, and they don't even know it. Their system trays have about 3 feet of auto-start icons running. Their machines are slow, unstable, full of spyware, etc. They don't know, they don't really care, until the thing completely breaks down. You tell them what's going on, and their eyes glaze over. They just want to send some email, maybe write a letter, or download some Mp3s.

I'm not criticizing them, they just have priorities other than becoming geeky. I'm the same way with cars. I don't want to take the time to learn much about my car. Beyond the basics, if it breaks, I take it somewhere to get it fixed. I spend my time learning about my PC :)

But back to your point, it will be interesting to see how far the corporations push, and at what point push comes to shove and they start to hurt their market.

Perhaps there is an example where buyers turned cautious to counter my examples above.

Greg

Xander wrote on 11/6/2005, 6:33 AM

Interestingly, it is the geeky ones who tend to be the early adopters. They pay the R & D costs so the prices can drop for the rest of the consumers out there. One thing is for sure, I am not going to run out and and buy Blu-ray or HD-DVD when it first comes out. I'm going to wait and see how the market plays out before investing the kind of money that is being talked about.

MH_Stevens wrote on 11/6/2005, 9:49 AM

Maybe Sony and the rest don't care about the concerns we have voiced because they know that media disks and media players of any kind will soon be gone. It's likely that all entertainment at home or local via hot spots will be streamed on a pay-per-view basis (just like cable movies on demand now) with saving to HD the only option to keep a version.

To me this seems to be to be both the most efficient technical way and the best way to protect artists rights. In fact, I wrote a proposal for this type of delivery system for Westinghouse in 1983 when the technology was not there and they laughed at me - but I still believe when HD can be streamed down a phone line it will be the way things will be.

Mike Stevens

RexA wrote on 11/6/2005, 10:25 AM

>>
Maybe Sony and the rest don't care about the concerns we have voiced because they know that media disks and media players of any kind will soon be gone. It's likely that all entertainment at home or local via hot spots will be streamed on a pay-per-view basis (just like cable movies on demand now) with saving to HD the only option to keep a version.

To me this seems to be to be both the most efficient technical way and the best way to protect artists rights. In fact, I wrote a proposal for this type of delivery system for Westinghouse in 1983 when the technology was not there and they laughed at me - but I still believe when HD can be streamed down a phone line it will be the way things will be.
<<

Sounds a lot like the story for Java a few years ago. Don't buy and install software packages on your machine, just run what you need off the internet.

A company I worked for once built a PC with no hard drive for use in corporate networked environments.

Neither really caught on. You could be right about the eventual future, but for now I don't see many customers ready to buy into it.

Coursedesign wrote on 11/6/2005, 12:11 PM

A company I worked for once built a PC with no hard drive for use in corporate networked environments. [Never] really caught on. You could be right about the eventual future, but for now I don't see many customers ready to buy into it.

Windows terminals (or, in some less critical cases, diskless PCs with disabled USB ports, no floppy drives, etc.) are a must for secure environments. They are used quite a bit in healthcare to comply with HIPAA.

Even the Windows terminals have decent performance now. It just means that the PC the user is running is a full speed blade in a server room. This makes them easy to administrate and keep secure and up to date with the usual daily/hourly security patches.

See InfoWorld article on corporate use of Thin Clients.

musicvid10 wrote on 11/6/2005, 8:57 PM

1) The biggest consumers of audio CD's are kids.
2) The majority of computers audio CD's are played on are purchased by parents.
3) Any company that installs undisclosed, potentially crippling software on computers as a result of the two dynamics listed above is going to experience a significant sales impact.

Xander wrote on 11/6/2005, 9:04 PM

Good point. What happens if a young kid sticks the CD in a PC and just clicks the EULA cause he can't read or doesn't know what it means? Parents wouldn't think CDs were harmful to their PC so probably wouldn't know. Wonder if you have to be a certain age to accept a EULA for it to be legally binding?

musicvid10 wrote on 11/6/2005, 10:29 PM

Kids aren't the only ones who click through EULAs without reading them.
And apparently, the current language is nonspecific about the software and lack of uninstallation options:
http://www.freedom-to-tinker.com/?p=920

riredale wrote on 11/7/2005, 10:53 AM

I found an article that has the names of the music disks, released by Sony, which contain this rootkit malware. Note that I'm not calling them CDs, since they don't meet the CD spec.

Another fascinating bit of trivia in the article: as mentioned earlier on this thread, installation of this Sony rootkit has the effect of making ANY file beginning with "$SYS$" invisible to the system. One person notes that you can thus rip a copy-protected track by simply renaming your ripping program "$SYS$name.exe." Then when you run the ripper the DRM monitors can't see what's happening!

Haven't tried it myself so I don't know (or care) if this is really true, but this would be a fascinating development in the DRM debate--Sony inadvertently shoots the golden DRM goose.

EDIT: It just gets more bizarre. The guy who stumbled across this rootkit has an update and an extensive list of responses.

One of the respondents states:

"As an IT Manager, I have just set a new policy banning Sony/BMG music CD's from being played on company computers. I see this as a corporate security issue. Here is the content of the email:

I know some of you listen to music CD's on your computer, however, due to Sony/BMG's attempt to protect their copyrights they have instead created a major security risk on your computer. If you install the copyright protection software found on some of the newer copy protected CD's made by Sony/BMG the software is actually a "root kit" which is very much like the technique being used by virus writers to hide and cloak their viruses from the computer system and virus software.

The net result is that Sony has created a pretty major problem and I am sure you will start hearing about it in the news - the class action group should be looking into this. Some news channels are not breaking the news as they have financial ties to Sony/BMG ( ie CNN ). I think over the coming days you will start to hear about it as it seems pretty serious to me. The software has many flaws and in fact from what I have read on the net so far it has been determined that the method it uses to protect the files can in fact be used against itself to allow you to actually copy the music in full 100% digital quality.

Effective immediately - no one is to insert a Sony/BMG branded CD into their computers at work especially if it is known to indicate anywhere on the CD that it has copy protection technology.

I suggest you be careful on any home machines as well until Sony comes up with an uninstall routine ( they have a patch available but apparently it has issues too )

1. If you insert a Sony/BMG recording and it pop's up a license agreement - DO NOT ACCEPT the agreement and DO NOT INSTALL the software. Stick to listening to it on your normal CD player and not on your computer.

2. If you recall seeing a license agreement when inserting a music CD on your work computer please contact me. I want to test to see if it is the Sony rootkit. If so there is no way to remove it and your computer will have to be re-installed. ( until someone or Sony comes up with a way to remove it properly )"

-------------------------

In another response, a link is provided to a NPR interview with a honcho at Sony BMG:

"In this Audio, you will hear a comment from Thomas Hessa (not sure of spelling), PRESIDENT of Sony BMG's Global Digital Business. In this Audio and he says "Most people, I think, do not even know what a Rootkit is, so why should they care about it?"

FREAKING UNBELIEVEABLE!

Click on the LISTEN button on this link here to HEAR it yourself!
http://www.npr.org/templates/story/story.php?storyId=4989260"

--------------------

Finally, the Internet is awash of news of lawsuits starting in the US, Italy, the UK, and elsewhere. Leave it to the lawyers to be able to smell blood in the water...