OK - Please pardon my ignorance here but couldn't you go out and buy a CD player with S/PDIF output and connect it to a sound card that has S/PDIF input and just record the digital signal direclty, then rip to MP3 and do all that illegal file sharing Sony is trying to curtail with this invasive and monstrous scheme?

Birdcat: it's even simpler than that. If you haven't already been infected with the rootkit (or you come across another computer that hasn't been) then simply hold down the Shift key while inserting the CD in your drive. It will then appear as a standard audio CD and you can rip to your heart's content.

birdcat,
This is not simply a copy protection scheme. This copy protection can be defeated in many ways via software, hardware or just putting the CD in an Apple computer, or turning autoplay off. This is more about Sony losing their Walkman business to Apple's Ipod and causing a major inconvenience to consumers who both own a PC and an Ipod. This is a Sony strategy tactic by leveraging one division of Sony to help stimulate growth in another division. So the Sony BMG division is a large distributor of music. So it has an opportunity to influence the consumer as to what product to play that music on. This strategy has back-fired on them 10 fold. I'm surprised we don't hear more stories of a few Sony executives losing their jobs over this one. I'm sure that is yet to come in the near future. Hopefully this media software division of Sony is not involved, but seeing this action envolves a couple of divisions of Sony, they could somehow have an influence in it also if the direction came from Sony corporate, which by the looks of it, it probably did. Most likely not since the media software is probably hardly even a blip, on the radar of Sony corporate.

You should not only be not purchasing Sony released CD's anymore, you should not be buying any Sony consumer electronics, because in reality Sony BMG was only the messanger.

Visit this site to find out more of what this DRM is really about.
http://bigpicture.typepad.com/comments/2005/10/drm_crippled_cd.html#more

At this point, alls I can say is beware of Blue Ray. If Sony is putting this kind of obscure copy protection mechanism into an older format like the CD, which has strict Redbook standards to ensure it's compatible in CD players, or maybe it's technically NOT a CD, but a CD rom, so then what do you think they're doing with the Blue-Ray DVD's which doesn't have a finalized specification yet? No wonder Blue Ray has a higher amount of storage than the H-DVD format....Sony needs all that extra space to fit all the copy protection spyware on it.

Some one bring back the simpler days of Sonic Foundry. How I miss those days.

and it keeps getting better and better:

from Arstechnica.com

Sony: what you don't know can't hurt you

11/9/2005 10:20:57 AM, by Ken "Caesar" Fisher

Sony BMG's decision to employ rootkits to "lock down" CD-ROM drives on customer's machines has plenty of enthusiasts and consumer advocacy groups hopping angry. Sony, on the other hand, is being totally flippant, complaining about people calling their DRM tech "malware." "spyware," or "rootkit." Thomas Hesse, President of Sony BMG's global digital business division, showed up on NPR to try and sweep the entire thing under the rug.

"Most people, I think, don't even know what a rootkit is, so why should they care about it," he asked? "The software is designed to protect our CDs from unauthorized copying, ripping."

This shockingly bald and arrogant statement comes as other public faces of Sony and their partners are also trying to play down the fiasco. First 4 Internet Ltd, the British company that developed the DRM software, issued a so-called patch for the rootkit, but all it does is remove the cloaking technology that was used to hide the DRM tech from users. The rest of the system-unstabilizing, kernel-hooking garbage is left to sit there and fester.

Sony's justification for its moves are both saddening and hilarious at once. Pointing the big, hairy finger at pirates, the company has made it clear to the general media that such measures are there because of the big bad pirates, and that the software was designed to be so deeply entrenched and cloaked in a system precisely because today's pirates are ingenious, industrious sorts. They act as though they're sorry to have to hide their true intentions from the user via a licensing agreement (that should be torn to shreds in a court). But see, they just have to do it because otherwise, the pirates win (along with their friends, which presumably include communists, homebrew software makers, and people who share a single drink at restaurants where refills are free).

It plays well in Peoria, that is, until someone points out that all these elite pirate geniuses have to do is drop the CD into any Macintosh or Linux computer, and be bothered with none of it. That's right: the excuse for such insidious DRM, for DRM that potentially harms a system and behaves exactly like malware, turns out to be completely and utterly asinine on account of the fact that it only works on Windows, anyway. Yarr, be there pirates smart enough to figure this out! Yarr, there be so!

And how well is that DRM working for ya Sony? It took me all of 45 seconds to find a pirated copy of Van Zant's latest album. Looks like it's working out perfectly!

Pathetic. And you know what? Pucker up and get ready to kiss the future, because if you think this is the end of this kind of behavior, just wait until you see how BD+ gets implemented on Blu-ray.

I for one am boycotting all Sony products until further notice over this.

I'm not boycotting. I have a great video editing product and a great camera that have little to no connection to the music deployment section of the massive company called Sony.

Let this be an early lesson to us all. Watch what you package, watch what you buy, watch who you do business with, and to the best of your knowledge, know what you are doing.

I have already made my decision to boycott SONY BMG. If Sony remains flippant I will invest in something else rather than continue with other SONY products. I am outraged.

I have spent a great deal of time keeping my network clean of all the infestation trying to take it over. I had a disastrous two weeks once before trying to recover from a problem that took my recording studio down. It turned out to be a PACE problem that showed up when the OS was upgraded.

After I cleared up the problem I promised my self - - -

No intrusive copy protection on any of my systems.

There are a few good products out there employing instrusive means. I am doing fine without them. I am no pirate and all my software and data is above board. When intrusive means take me down, I lose my income for the duration of the problem. If it were to happen to me again you bet I would be searching vigorously for a class action suit.

"Most people, I think, don't even know what a rootkit is, so why should they care about it," he asked? "

LOL!!!!! Brilliant statement. Yeah, and before computer viruses became popular, most people never heard of the term "virus" used in association with a computer until a bad PC virus hit the news media. Most people never knew what malware or adware was until they unsuspectingly had adverisements popping up on their PC monitor.and got annoyed enough to go out and buy virus removers and adware removers. Now thanks to Sony most of us now know what rootkits are and we're in search of our latest software updates to find them and remove them.

It's called "trust", Sony and you violated it with your legitimate customers. The reality is, how many people have bothered to read a EULA in it's entirity and understood what you agreed too? Every piece of software has a EULA with it. You attempt to read this EULA but it's a very long read filled with legal wording that the majority of people do not fully understand. We agree to them because 1. We are forced to so that we may use the product that we originally purchased and 2. We "trust" the company we're buying that software from is doing things in our best interest and would like to keep us as customers. Sony definately violated our trust and did not do things in "our" best interest with this DRM copy protection rootkit.

Thank you Sony for educating us about rootkits and making us realize, we need yet more tools on our PC to ward us from from the bad guys as well as the good guys now.

Get your new Rootkit detectors and removers here: http://www.f-secure.com/blacklight/

If you guys think SONY is the only mega-corporation pondering/testing/using surreptitious rights management software, you're sadly naive. Unfortunately, because of the actions of a few dishonest people, we'll all end up paying the price. In America, the corporation rules, and the bigger it is, the more it makes its own rules. Sony will never learn. And I will never put one ounce of faith in any music distribution business. AFAIC, they're all in bed with the scum who make the laws.

Important reading material for all of us concerned with DRM:

http://www.publicknowledge.org/pdf/citizens_guide_to_drm.pdf

Glimpse into the future: While operating my new Sony camera on a crowd of people the camera message said "cannot take picture of kid with "T" shirt that says copyrighted logo". And then pan to another kid and camera says "cannot take picture of kid with copyrighted clothing".
And further panning the camera says "cannot take picture of Mcdonalds logo". And further panning the camera says " cannot take picture of movie star without copyright permission". And further panning the camera says" cannot take picture of copyrighted skyline". And camera operator heard utterring bad words and the camera message says" cannot record copyrighted language". And the last noises heard were the camera colliding with the bottom of a trash can.

JJK

I would venture to say that most of us have two ATAPI drives on our computers -- a CD/DVD-ROM and a Writer.

What I've done as a result of enhanced paranoia generated by the BMG scandal is to disable autoplay on the top drive and leave it enabled on the bottom drive. That way if I insert a new disc without checking for a DRM notice, I can check the folders for nasties before I bite my lip and insert it in the autoplay drive.

Trusting those in power spells death for a free society.

Okay, I said I wasn't going to post any more on this topic. This is REALLY the last time.

The issue has hit the big time--it's on the Drudge Report, which reaches everywhere in Cyberspace. The article referenced on Drudge mentions that THREE brand-new viruses that exploit the Sony rootkit have been discovered. Sony BMG has apparently apologized today for creating such an opportunity for malware and is said to be working with Symantec (creators of Norton Antivirus).

"Sony BMG has apparently apologized today for creating such an opportunity for malware and is said to be working with Symantec (creators of Norton Antivirus)."

Apologies means squat unless they stop this practice immediately. Otherwise, the apology, "sorry we got caught"

Here is a link to the virus story as reported by CNN:

http://64.236.24.12/2005/TECH/internet/11/10/sony.hack.reut/index.html

John

I was so happy to see this story get picked up by main stream media. If you have ever owned a Sony PC or laptop and used Sony Tech Support, then you know that Sony has never understood the computer business, especially around software and security best practices. Four years ago Sony advised me not to use a firewall as a solution to an online update problem with Sony imaging software!

As most of us know, Vegas is probably still safe to install because it it remains mostly built from Sonic Foundry developers. I have to say, at first I was excited about the giant Sony making Vegas bigger and more widely supported by plug-in developers. But now, I really have my doubts about Vegas' future. Sony keeps proving to us that the hunt for profits and good marketing tracking data is much more important to them than the security and privacy rights of their consumers. They should have learned their lesson by now.

This DRM over-step really is a giant mistake for Sony. I'm already afraid to install any future Sony software. Vegas software could easily be used to further extend DRM and user tracking if Sony thought it would increase profits and impede copyright violations.

It is kind of fun to imagine what's happening right now to the fool who started this root kit project in Sony. I expect he is working on his resume at this moment, but won't be including the root kit project as a highlight. :-)

All this about about Sony, Vegas, DRMs... I'd like to hear someone from Madison assure us that Vegas will never have any DRMs.

If I were an employee at Madison, I would seriously start looking at the possibility of the employees buying the company, much the way the folks at Harley-Davidson bought their company.

>> and is said to be working with Symantec (creators of Norton Antivirus).

Arrgh! The lame merging with the lame. Why does this not surprise me?

Rex..

man you got that right!! Norton is the most bloated, resource hogging app I know.

And have you ever tried to uninstall Norton? Talk about deeply embedded....

The backdoor Trojan exploitation of the Sony DRM software has been the topic of discussion on the security sites as well as by CNN.
Here is an ongoing discussion of the issues on the Security Now website complete with downloadable pdf transcripts and MP3 audio files to listen to the actual discussions.

John

Fixing the link: http://www.grc.com/SecurityNow.htm

Looks like you had the "<a href" part in there twice.