| reply to ZOverLord
Re: DRM implementors == black hats said by ZOverLord: If you want rough percentages 80+ percent of home computer users, according to current stats. Only 80+ percent of home users - I would have guessed closer to 99% of home users.
Can you provide a link to the stats, I would be interested in what other tidbits it has on current users. |
|
|
|
| reply to antiserious
said by antiserious:... here's my little 'love note' to Sony - thanks for posting the 'reply to' link ... Your use of the DRM software from 'First 4 Internet' uses rootkit techniques to hide various kernel objects from view. This is a despicable 'solution' to an ongoing problem that you and the RIAA have made worse at every turn, and marks a new low, even for bottom-feeders such as you. I can only hope the major Security Software vendors will quickly become aware of this abuse on your part, and devise safe and thorough means of removal without further damage to 'infected' systems. Perhaps a nice, juicy class-action lawsuit will get your attention, since I'm sure you don't give a rat's ass about the public outcry this will engender. Shame, since you were once a respected company - now you're just another gaggle of corporate scumbags, whose behavior is quite a bit worse than the fair-rights users you've targeted with this malware. Here's wishing you all the worst - you've earned it. Bit tame. |
|
| reply to dave
After reading the articles, I got the impression that Sony's attempt at DRM via its "rootkit" could leave a system vulnerable to future legitimate changes.
Re-stated: Sony is tampering with both system related files and OS related areas that could be changed by future upgrades or security patches from MS. Thus, leading to system instability (or a dead system) should there be a collision between their "rootkit" changes and legitimate changes made by MS.
Maybe I mis-read or mis-understood what the "rootkit" was doing, but if that is the case, Sony should be liable for all damages and repair costs. |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH | reply to boober321
Re: How do we prevent installation of this crapwar said by boober321:How about some nice virus writers, writing something that will attack RIAA companies' systems. Since they want to attack our computers, I say we repay the favor... I think the RIAA already hired the virus writers, judging from this latest "effort"...
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages. |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 Reviews:
 ·Verizon FiOS
 ·Verizon Online DSL
| reply to sharpy merc
Re: DRM implementors == black hats Not only that, but, I respecfully suggest, ineffective.
The letter writer obviously loathes Sony to start with; so (from their point of view) he's not likely to be a customer, so therefore there's no point in listening since it won't make any difference to sales.
My advice, if you want to be heard, is to recognize their right to protect their IP, but to point out that (a) underhand techniques work against them, and (b) fair use for the purchaser should be sacrosanct.
In other words, the unstated implication is that if they behave nicely, you might buy more stuff from them, but if they continue with what they're doing, you won't.
I emphasize I'm not taking a moral position on what was said, merely giving unsolicited advice on effective letter-writing. And I'm giving this advice because I want people to write effective complaints that companies will listen to. |
|
 scrummie02BentleyPremium
join:2004-04-16
Arlington, VA
 ·Comcast
| I am assuming this wouldn't have worked on a Linux workstation. This isn't a "windows suxors" post, just saying. However I wonder if you had a Mac/Linux/BSD workstation is you would even be able to play the music on the CD. Can linux play DRM content?
p.s. sorry if this has been asked before, just curious. |
|
1 edit | said by scrummie02:I am assuming this wouldn't have worked on a Linux workstation. This isn't a "windows suxors" post, just saying. However I wonder if you had a Mac/Linux/BSD workstation is you would even be able to play the music on the CD. Can linux play DRM content? p.s. sorry if this has been asked before, just curious. A blog post describing an experience with this same Digital Restrictions Mechanism - I will try to find the link and edit it in here - said that the disc plays OK on Mac. This suggests that it's just red book audio plus some wma files and the installer and appl, and they're just relying on autorun to prevent access to the cd audio.
If this is true, the so-called "protection" is trivial to break (and "dumb" is neck-and-neck with "malicious").
OTOH, many of these schemes also rely on munging the TOC or introducing errors in the audio tracks to interfere with ripping.
I don't have a sample, but would bet that the usual Linux and Mac rippers would have no problem with it.
----------
On edit: The blog post is: »bigpicture.typepad.com/comments/···_cd.html
Blogger says that according to the record company, the songs can be transferred to iTunes on a Mac in the normal way. |
|
 ZOverLordPremium
join:2003-10-20
Minneapolis, MN
2 edits | reply to gg5
said by gg5:said by ZOverLord:If you are running an ADMIN ID already, you receive NO prompt of any kind, and the installation is done SILENTLY. Russinovich deliberately installed the software. If I understood him correctly, he clicked "Agree" on the EULA. The EULA did not disclose the malware. So we know what happens in this alternative. I'd like to know what happens in each of the other two alternatives: (b) run the installer (maybe inadvertently, by autorun) - does this install anything even before user interaction? and (c) User chooses not to agree to the EULA. Does it install the covert part of the software in this case? ZOverLord, I was not clear on whether you have personal experience with this DRM, and if so, whether you are addressing (b) or (c), or only the case of agreeing to the EULA. Anyone? (To be clear, I do not mean to imply that the EULA justifies the malware. However, there is likely criminal conduct on the part of the vendor if it installs in case (b) or (c), but not so clearly if the user clicks "Agree".) No I have no experience with that DRM, however recently I had purchased a DVD movie, and my experience was what I stated, there was no EULA in my case, only a statement the the "Extra Features" required a ADMIN account.
It had an option to use the current non-admin account I was on, I selected that option. The Movie would not play, so then I switched to an admin account, no prompt NOTHING the movie played.
I then ran a check and found spyware, which I removed.
Will try and find the movie ("I have many") and get specific info on what spyware it was, at the time, I was upset it happened, but thought "Ok, I guess this is the future" until I saw this thread.
It was NOT a root-kit, but it was spyware.
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
ZOverLordPremium
join:2003-10-20
Minneapolis, MN | reply to astirusty
said by astirusty:said by ZOverLord: If you want rough percentages 80+ percent of home computer users, according to current stats. Only 80+ percent of home users - I would have guessed closer to 99% of home users. Can you provide a link to the stats, I would be interested in what other tidbits it has on current users. I will try and find a link, it was about 2 months ago I read the story and survey, it was 87 percent if I recall the numbers correctly.
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
 spy1Welcome to AmerikaPremium
join:2002-06-24
Charlotte, NC | reply to antiserious
said by Rmus:Your use of the DRM software from 'First 4 Internet' uses rootkit techniques to hide various kernel objects from view. This is a despicable 'solution' to an ongoing problem that you and the RIAA have made worse at every turn, and marks a new low, even for bottom-feeders such as you. I can only hope the major Security Software vendors will quickly become aware of this abuse on your part, and devise safe and thorough means of removal without further damage to 'infected' systems. Perhaps a nice, juicy class-action lawsuit will get your attention, since I'm sure you don't give a rat's ass about the public outcry this will engender. Shame, since you were once a respected company - now you're just another gaggle of corporate scumbags, whose behavior is quite a bit worse than the fair-rights users you've targeted with this malware. Here's wishing you all the worst - you've earned it. http://www.sysinternals.com/blog/2005/10/s...tal-rights.html
Yes - and I seriously suggest everyone do three things:
(1) Use this link: http://www.sonymusic.com/about/feedback.cgi to voice your displeasure to Sony directly (the message quoted above is more-than-worthy of a quick c&p - bravo! ).
(2) Spread the word of this to any websites you frequent that have not yet posted this article (or point them to here)
and
(3) Immediately and irrevocably boycott - ALL - Sony products until this situation is resolved.
It's the only possible chance we have of getting this corrected. Pete |
|
| reply to dave
Anyone up for selling a SONY DRM'd CD on Ebay with a MASSIVE full & true discription of what it'll do to your PC.
The truth can BITE BACK!! |
|
| reply to spy1
said by spy1:said by Rmus:(the message quoted above is more-than-worthy of a quick c&p - bravo! ). Just to clarify, The message quoted is by antiserious.
The quote from my post should be
---------------------------------------
Tell 'em what you think!
»www.sonymusic.com/about/feedback.cgi
----------------------------------------
|
|
LibraPremium
join:2003-08-06
USA
kudos:1 | reply to dave
This whole thing is despicable. I wrote to Sony with the link provided and, among other things, told them I hope a class-action suit is instituted against them and I will no longer buy any Sony products until they stop this.
I have a question about stopping the auto-run. I changed that setting for Music CDs. But if you inserted a CD and then clicked on the drive, would that start the installation of this malware? And would a limited user account prevent this from occurring, or would it just not play at all?
And, if I stop the auto-run for everything would that affect reinstalling Windows or would the XP disk boot regardless of this setting?
We usually don't play CDs in the computer and I think we never will in view of all of this.
Thank you.
Sincerely, Libra |
|
| On Windows XP, there are separate settings for audio, data and other types of discs. Right-click on the drive icon in Explorer and you can see the choices in one of the tabs.
These settings won't affect installation. When installing, you're in DOS or using BIOS code to read the disk, not Windows. Set the BIOS to boot from CD rather than hard drive and that's all it takes.
It's safe to play audio CDs once you verify that each one has only audio and no programs. |
|
LibraPremium
join:2003-08-06
USA
kudos:1 | said by gg5:It's safe to play audio CDs once you verify that each one has only audio and no programs. gg5, I appreciate your information very much. How would I determine that the CD only has audio - would I right-click on the CD icon and look at properties?
Thanks again.
Sincerely, Libra |
|
| Once you've turned off autorun, you can just put a CD in and look at it in Windows Explorer and see what's on it. Like looking at the contents of any folder.
Autorun is the hazard because it will execute a program before you can see that it's there and decide whether you want to run it or not. The same principle applies with audio, etc., but the stakes are lower, it's only an annoyance if it starts playing when you don't want it to.
Make sure you have filename extensions showing - first thing everyone should do with Windows. Then with a standard audio CD you'll see only a list of filenames with .cda extensions, or nothing. If it's a data CD with programs you'll see, typically, a setup.exe , an autorun.inf, some folders, etc.. |
|
2 edits | 
AutoRun Protection |
said by gg5:Autorun is the hazard because it will execute a program before you can see that it's there and decide whether you want to run it or not. If you have anti execution protection, no executable can run w/o your permission.
regards,
-rich
_______________
~~Be ALERT!!!~~ |
|
 funchordsHelloPremium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5 | reply to dave
My post on my website on this fiasco! article: http://news.yahoo.com/s/pcworld/20051101/tc_pcworld/123362 ... this is an excellent article on this subject ...
Sony has admitted using a DRM technology that secretly installs a virus-like rootkit on users' computers. The technology is so dangerous, it seems that all virus-writers have to do is code their filenames, registry names, and processes to begin with '$sys$' ... and the OS and any program using the OS would not be able to do anything about it.
I first told you about this here: http://funchords.livejournal.com/157069.html
Well, Sony and it's software vendor, "First 4" have said that they eventually will stop printing CDs with this technology, but they haven't said when. When asked, First 4 had the galactic-sized balls to say, "This is a legitimate technology that we've been charged to produce. People who aren't comfortable with the technology can apply to have the software removed."
As for me, and all the friends I can influence, here is a list of Sony-BMG labels that we will never purchase:
- Arista Records
- BMG Classics
- BMG Heritage
- BMG International Companies
- Columbia Records
- Epic Records
- J Records
- Jive Records
- LaFace Records
- Legacy Recordings
- Provident Music Group
- RCA Records
- RCA Victor Group
- RLG - Nashville
- Sony Classical
- Sony Music International
- Sony Music Nashville
- Sony Wonder
- Sony Urban Music
- So So Def Records
- Verity Records
Once again, Sony has given people cause to download music to computers rather than insert their CDs into it.
--
Robb Topolski  http://www.funchords.com/  Hillsboro, Oregon USA
... How much spam would a spam clan spam if the CAN-SPAM could can spam? ... |
|
funchordsHelloPremium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5 | reply to astirusty
Re: DRM implementors == black hats said by astirusty:After reading the articles, I got the impression that Sony's attempt at DRM via its "rootkit" could leave a system vulnerable to future legitimate changes. Re-stated: Sony is tampering with both system related files and OS related areas that could be changed by future upgrades or security patches from MS. Thus, leading to system instability (or a dead system) should there be a collision between their "rootkit" changes and legitimate changes made by MS. Maybe I mis-read or mis-understood what the "rootkit" was doing, but if that is the case, Sony should be liable for all damages and repair costs. Well, there is that -- you're right about it.
But there's also the fact that many, many, many people buy Sony-BMG. So how many systems can others infect by naming files, processes, and keys with the prefix $sys$???
--
Robb Topolski http://www.funchords.com/ Hillsboro, Oregon USA
... How much spam would a spam clan spam if the CAN-SPAM could can spam? ... |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:2
·Frontier Communi..
| reply to dave
I submit that NO SOFTWARE COMPANY has a legal right to install any form of immediately "uninstallable" code on a private computer unless that has been explicitly agreed upon in advance in a clearly worded agreement, including clearly-stated package cautions describing that non-removable code will be installed with use of the product. I think a case can also be made that any such non-installing-consent EULA should be separate from any other EULA for the software, given the serious implications and consequences of such software behavior.
Sony has heard from me on this, and they are now on the top of my short "don't-buy" list.
For a company to do this in a way that even smells of covertness is contemptible, and they should be held firmly to account in the marketplace, if not in a courtroom. The computers involved are not Sony's property! Auto-installing extremely difficult-to-remove, potentially damaging code without explicitly advertising that fact prominently on the package or installing this junk without knowledgeable consent having been obtained in advance runs very close to causing willful damage to a computer system and files. And on many computers, the files contain "intellectual property" of considerable value to the users. I wonder how Sony would like to be hauled into court for willfully contributing to the damage of intellectual property?
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
