Spyware On Some Sony CD's - U2 Feedback

Go Back   U2 Feedback > Lypton Village > Lemonade Stand > Lemonade Stand Archive
Click Here to Login
 
 
Thread Tools Search this Thread Display Modes
 
Old 11-08-2005, 05:47 PM   #1
Blue Crack Addict
 
MrsSpringsteen's Avatar
 
Join Date: Nov 2002
Posts: 24,998
Local Time: 07:20 PM
Spyware On Some Sony CD's

By Hiawatha Bray, Boston Globe Staff November 8, 2005

Sony is spying on thousands of listeners who buy and play its music CDs on their computers, a leading computer security firm said yesterday.

Computer Associates International Inc. said that new anticopying software Sony is using to discourage pirating of its music also secretly collects information from any computer that plays the discs.

One of the world's largest software and information technology companies, Computer Associates is the latest to wade into the growing controversy over Sony's efforts to curb theft and illegal pirating of its music.

The software works only on computers running Microsoft Corp.'s Windows operating system. It limits listeners' ability to copy the music onto their computers, and locks copied files so they cannot be freely distributed over the Internet.

But Computer Associates said the antipirating software also secretly communicates with Sony over the Internet when listeners play the discs on computers that have an Internet connection. The software uses this connection to transmit the name of the CD being played to an office of Sony's music division in Cary, N.C. The software also transmits the IP address of the listener's computer, Computer Associates said, but not the name of the listener. But Sony can still use the data to create a profile of a listener's music collection, according to Computer Associates.

''This is in effect 'phone home' technology, whether its intent is to capture such data or not," said Sam Curry, vice president of Computer Associates' eTrust Security Management unit.

''If you choose to let people know what you're listening to, that's your business. If they do it without your permission, it's an invasion of privacy."

Sony and the British firm that wrote the antipirating code for the music company flatly denied the software snoops on listeners.

''We don't receive any spyware information, any consumer information," said Mathew Gilliat-Smith, chief executive of First 4 Internet Ltd., which makes the software for Sony BMG Music Entertainment.

So far, Sony BMG has installed the software on about 20 titles in its music catalog, including works by jazzman Dexter Gordon, singer Vivian Green, and the new issue by country rockers Van Zant, ''Get Right with the Man."

It was the Van Zant disc that led to the controversy over Sony's new software.

In late October, a well-known Windows computer engineer, Mark Russinovich, stumbled across the Sony software on one of his personal computers while running a security scan. Russinovich had used the computer to play the Van Zant CD, not realizing that it had installed the anticopying program.

When he tried to remove it, Russinovich found that the program lacked the ''uninstall" feature found in most Windows software. Indeed, key components of the software hid themselves deep in his computer by applying the same techniques used by data thieves to conceal their activities. Even a skilled user who identifies the correct files can't safely remove them, said Russinovich.

''Most users that stumble across the cloaked files . . . will cripple their computer if they attempt the obvious step of deleting the cloaked files," he wrote on his technology website, SysInternals.

Computer Associates yesterday concurred with Russinovich's assessment. Curry said Sony has made it so difficult for listeners to uninstall its software that some could lose all their data in the process.

''It can damage the operating system and the operating system's integrity, so it can't reboot at all," Curry said. ''As an expert in security, I can say this is bad behavior."

Indeed, Computer Associates has added the software to its list of spyware programs that collect personal information from computer users without their permission.

Russinovich also said that a patch Sony and First 4 released Friday to stop the software from hiding inside computers malfunctions and can cause an irreparable loss of computer data.

Gilliat-Smith of First 4 said he knows of no case in which this has happened. Sony offers a website where users can obtain a program that uninstalls its software. He said both efforts should prove that Computer Associates and Russinovich's complaints are unfounded.

''In theory there should be no concern," Gilliat-Smith said.
__________________

__________________
MrsSpringsteen is offline  
Old 11-08-2005, 05:53 PM   #2
Blue Crack Supplier
 
Popmartijn's Avatar
 
Join Date: Jun 2001
Location: Netherlands
Posts: 32,543
Local Time: 01:20 AM
In short: don't buy Sony CDs. Rip them, download them, but don't buy them.

*wants to find out first if the new Born To Run reissue also has this crap before making the exception to the rule*

__________________

__________________
Popmartijn is offline  
Old 11-08-2005, 06:02 PM   #3
Blue Crack Distributor
 
LarryMullen's POPAngel's Avatar
 
Join Date: Jun 2001
Location: I'll be up with the sun, I'm not coming down...
Posts: 53,698
Local Time: 07:20 PM
Nice.
__________________
LarryMullen's POPAngel is offline  
Old 11-08-2005, 06:44 PM   #4
Rock n' Roll Doggie
VIP PASS
 
If you shout...'s Avatar
 
Join Date: Nov 2004
Location: Chicago
Posts: 5,377
Local Time: 06:20 PM
From TMT:

Sony Virus Gets All Up in Your Shit

Just so we're clear, a few years ago someone decided it would be a clever idea to put copy-protection technology into CDs, as to prevent them from being pirated. While the idea seemed intelligent from a wallet's point of view, the technology instead prevented the CDs from working in all the existing players bearing the Compact Disc logo. Today you will notice that new discs from a major label will not feature the logo due to legal reasons, mainly because you can't put it on media that doesn't play nice with everyone.

The technology present on these new CDs usually contains some kind of media player that is installed on your system so it can understand the encoded tunes. An incredibly proficient Windows user recently took a closer look at one of these players and noticed some interesting data that is left behind on your system, even after it has been deleted.

The software installs what is called a rootkit, which allows for certain files and processes to be hidden from diagnostic tools, leaving a massive unlocked door for hackers. This sort of cloaking technology is also used by malware developers to hide their tracks on your system and report back to HQ about the all the porn you've been surfing. I know this is primarily a music site, so if you're confused by any of my nerd-words, all you need to know is that Sony is essentially installing a virus onto your computer. Using a word like virus may seem a little extreme, but when this brilliant Windows user attempted to remove the rootkit from his system, the CD-Rom drive stopped working. You read that correctly slim, by removing the software that a legally purchased cd installs on your computer, you also disable the ability to play ANY other cd.

Technology community websites such as Slashdot and Digg have been heavily discussing this issue for the past two days, and a few astute members noticed that Sony may even be overstepping their bounds outlined in the End User License Agreement. You know, those blocks of text above the "I understand and accept the above agreement" button when you install software. Most of the other members agree that taking the risk of being sued by the RIAA is less of a hassle than grappling with the crippling technology employed by these new CDs and online music stores. I would be inclined to agree with them, except I run Linux and I live in Canada, which makes me exempt from Windows viruses and the RIAA.

If you've been straddling the fence on whether or not to buy that new Van Zant brothers album, I would leave it on the Best Buy shelf, instead opting to download the content 'illegally' off a torrent site. Seems to me that music pirates are offering a cleaner and more computer friendly product for the user, which begs the question of why we're bothering to put up with the shenanigans of these millionaires anyway.

I should quietly note here at the bottom that yesterday Sony revealed plans for a tool that allows you to remove the hacker-bait from your machine. They haven't issued a report on why the software was included in the first place, but at least you can remove it without even having to know more than where that damn sliding cup-holder is.
__________________
If you shout... is offline  
Old 11-08-2005, 07:11 PM   #5
ONE
love, blood, life
 
indra's Avatar
 
Join Date: Jan 2004
Posts: 12,689
Local Time: 08:20 PM
Quote:
''In theory there should be no concern," Gilliat-Smith said.


I love that line.
__________________
indra is offline  
Old 11-09-2005, 04:55 AM   #6
Rock n' Roll Doggie
ALL ACCESS
 
hiphop's Avatar
 
Join Date: Apr 2001
Location: in the jungle
Posts: 7,410
Local Time: 02:20 AM
fuckin DRM systems. the ipod has its very own DRM but doesnt fuck with consumers like that (to my knowledge).

way BAAAAAD PR for Sony. People can sue them for damaging their computer. Don´t they have lawyers there?
__________________
hiphop is offline  
Old 11-09-2005, 08:24 AM   #7
Neon Zebra
 
beegee's Avatar
 
Join Date: Jan 2003
Location: southern nevada
Posts: 10,590
Local Time: 04:20 PM
Quote:
Originally posted by Popmartijn
In short: don't buy Sony CDs.
i don't.

i get them for free.
__________________
beegee is offline  
Old 11-09-2005, 09:12 AM   #8
Rock n' Roll Doggie
VIP PASS
 
babyman's Avatar
 
Join Date: Nov 2003
Location: On an open cluster called Pleiades
Posts: 6,246
Local Time: 02:20 AM
Why the hell do they sell cd burners if it´s not allowed to burn cd´s?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?
__________________
babyman is offline  
Old 11-09-2005, 10:33 AM   #9
Rock n' Roll Doggie
VIP PASS
 
If you shout...'s Avatar
 
Join Date: Nov 2004
Location: Chicago
Posts: 5,377
Local Time: 06:20 PM
Quote:
Originally posted by babyman
Why the hell do they sell cd burners if it´s not allowed to burn cd´s?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?!?
They call it "capitalism." I call it something far less attractive, these days.
__________________
If you shout... is offline  
Old 11-09-2005, 11:52 AM   #10
Forum Moderator
 
yolland's Avatar
 
Join Date: Aug 2004
Posts: 7,471
Local Time: 01:20 AM
Quote:
Originally posted by If you shout...
From TMT:
...
If you've been straddling the fence on whether or not to buy that new Van Zant brothers album, I would leave it on the Best Buy shelf, instead opting to download the content 'illegally' off a torrent site. Seems to me that music pirates are offering a cleaner and more computer friendly product for the user, which begs the question of why we're bothering to put up with the shenanigans of these millionaires anyway.
In other words, we refuse to lay down any of our arms until the powers that be prove that they have laid down all of theirs.

I find the prospect that Sony is engaging in this kind of illicit subterfuge appalling, but this sentiment is just as reprehensible and just as responsible for the climate of mutual distrust underlying all this. Fair trade is not just a right, it is also a responsibility, and it is hypocritical and wrong for any party involved to hold that responsibility hostage to their getting precisely what they want. If consumers refuse to negotiate in good faith, it is most unlikely that producers will do so either.
__________________
yolland is offline  
Old 11-09-2005, 12:13 PM   #11
Blue Crack Addict
 
DaveC's Avatar
 
Join Date: Aug 2002
Location: illegitimi non carborundum
Posts: 17,415
Local Time: 07:20 PM
It seems to me that the producer has more responsibility to not invade the privacy of the consumer or add on unknown extras that could be damaging to the purchaser, than the consumer has to purchase the product.

I won't be buying another Sony CD unless I have a damn good reason to from now on. About the only thing that I can think of is a Roger Waters CD that's supposed to come out. But hell, I'll just download it off Puretracks if the software's on it.
__________________
DaveC is online now  
Old 11-09-2005, 02:04 PM   #12
ONE
love, blood, life
 
indra's Avatar
 
Join Date: Jan 2004
Posts: 12,689
Local Time: 08:20 PM
Quote:
Originally posted by yolland

In other words, we refuse to lay down any of our arms until the powers that be prove that they have laid down all of theirs.

I find the prospect that Sony is engaging in this kind of illicit subterfuge appalling, but this sentiment is just as reprehensible and just as responsible for the climate of mutual distrust underlying all this. Fair trade is not just a right, it is also a responsibility, and it is hypocritical and wrong for any party involved to hold that responsibility hostage to their getting precisely what they want. If consumers refuse to negotiate in good faith, it is most unlikely that producers will do so either.
I agree. If I didn't want to buy Sony cds because of this, but wanted a Sony cd because I like a certain band or artist I would send a letter or email to both the band and the label telling them exactly why I am not buying their cd.

But I wouldn't download it from an illegal source, I'd just do without.
__________________
indra is offline  
Old 11-11-2005, 11:45 AM   #13
Blue Crack Addict
 
joyfulgirl's Avatar
 
Join Date: Apr 2001
Posts: 16,615
Local Time: 05:20 PM
http://pitchforkmedia.com/news/05-11/11.shtml#sony

Sony Music Sued Over Anti-Piracy Software

Jonah Flicker and Amy Phillips report:
In the slow and perhaps inevitable movement towards microchip implantation of the entire human race, Sony BMG Music just took the lead. According to the Washington Post, a class action lawsuit filed in Los Angeles Superior Court November 1 alleges that the label's anti-piracy software, installed in several recently released CDs, is harmful to computers.

The suit claims that when a copy-protected CD is loaded onto a hard drive, it installs a hidden program known as a "rootkit," which not only keeps track of the computer's activity, but depletes the drive's resources in the process. So Sony is basically eating up your hard drive space while keeping track of all the porn you watch, just because you actually spent money on a My Morning Jacket CD.

Thanks, guys. This is even better than getting the RIAA to sue us.

The rootkit also makes the computer more susceptible to viruses. Sony falsely states that its copy-protection software can be easily removed, when in reality, getting rid of a rootkit can be damaging.

Here's the crux of the suit, straight from the legal papers: "As a result of Sony's failure to disclose the true nature of the digital rights management (‘DRM') system it uses on its CDs, thousands of computer users have unknowingly infected their computers, and the computers of others, with this surreptitious rootkit. This rootkit has been responsible for conflicts within computer systems, crashes of systems, and other damage."

The suit, which accuses Sony of "fraud, false advertising, trespass, and violation of state and federal statues prohibiting malware, and unauthorized computer tampering," claims that the suspect software has been included on certain Sony BMG Music CDs since this spring. Albums to watch out for include Amerie's Touch, My Morning Jacket's Z Kasabian's Kasabian, Neil Diamond's 12 Songs, Cassidy's I'm a Hustla, Kings of Leon's Aha Shake Heartbreak, and, appropriately, the Bad Plus' Suspicious Activity and the Coral's Invisible Invasion, among others.

In short: if you're about to load that new My Morning Jacket disc onto your hard drive, STOP. Sell the album back to the record store and buy something on Dischord.

* Learn about rootkits: www.rootkit.com
* Sony Music: www.sonymusic.com
__________________
joyfulgirl is offline  
Old 11-12-2005, 01:31 AM   #14
ONE
love, blood, life
 
indra's Avatar
 
Join Date: Jan 2004
Posts: 12,689
Local Time: 08:20 PM
an update to the story.

Quote:

Sony to Suspend Making Antipiracy CDs

By TED BRIDIS (Associated Press Writer)
From Associated Press
November 11, 2005 7:46 PM EST

WASHINGTON - Stung by continuing criticism, the world's second-largest music label, Sony BMG Music Entertainment, promised Friday to temporarily suspend making music CDs with antipiracy technology that can leave computers vulnerable to hackers.

Sony defended its right to prevent customers from illegally copying music but said it will halt manufacturing CDs with the "XCP" technology as a precautionary measure. "We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said in a statement.

The antipiracy technology, which works only on Windows computers, prevents customers from making more than a few copies of the CD and prevents them from loading the CD's songs onto Apple Computer's popular iPod portable music players. Some other music players, which recognize Microsoft's proprietary music format, would work.

Sony's announcement came one day after leading security companies disclosed that hackers were distributing malicious programs over the Internet that exploited the antipiracy technology's ability to avoid detection. Hackers discovered they can effectively render their programs invisible by using names for computer files similar to ones cloaked by the Sony technology.

A senior Homeland Security official cautioned entertainment companies against discouraging piracy in ways that also make computers vulnerable. Stewart Baker, assistant secretary for policy at DHS, did not cite Sony by name in his remarks Thursday but described industry efforts to install hidden files on consumers' computers.

"It's very important to remember that it's your intellectual property, it's not your computer," Baker said at a trade conference on piracy. "And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."

Sony's program is included on about 20 popular music titles, including releases by Van Zant and The Bad Plus.

"This is a step they should have taken immediately," said Mark Russinovich, chief software architect at Winternals Software who discovered the hidden copy-protection technology Oct. 31 and posted his findings on his Web log. He said Sony did not admit any wrongdoing, nor did it promise not to use similar techniques in the future.

Security researchers have described Sony's technology as "spyware," saying it is difficult to remove, transmits without warning details about what music is playing, and that Sony's notice to consumers about the technology was inadequate. Sony executives have rejected the description of their technology as spyware.

Some leading antivirus companies updated their protective software this week to detect Sony's antipiracy program, disable it and prevent it from reinstalling.

After Russinovich criticized Sony, it made available a software patch that removed the technology's ability to avoid detection. It also made more broadly available its instructions on how to remove the software permanently. Customers who remove the software are unable to listen to the music CD on their computer.

__________________
indra is offline  
Old 11-12-2005, 02:28 AM   #15
Paper Gods
Forum Administrator
 
KhanadaRhodes's Avatar
 
Join Date: Jun 2001
Location: a vampire in the limousine
Posts: 60,609
Local Time: 06:20 PM
i'm glad this has a happy ending, but i wonder what would've happened if people hadn't made mention of this and how many more titles would've been released with this crap on it.
__________________

__________________
KhanadaRhodes is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -5. The time now is 07:20 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Design, images and all things inclusive copyright © Interference.com