In skimming around the net I’ve repeatedly come across this story (and here), which seems important enough to pass on.
In a nutshell, Sony chose to protect its music products from copyright infringement by installing an undetectable piece of malware that secretly contacts Sony HQ when the user plays a Sony product, without providing an uninstall option. Sony quietly issued a buggy “patch” that opens up the user’s computer to even more security risks, and the obtaining of which appears to log the recipient onto yet another spam list. Read the links to get the full details.
Being an avid user of Sony products myself, this hits close to home. This story is making me seriously reconsider my decision to pick up one of those Sony android servants with the optional spinning blade and lasers.
***Update***
Mark Russinovitch’s blog broke this story open. Go here if you want the technical skiny on how this stupid mess came to be.
Steve
Sony’s lawyers must have been asleep at the switch. This is a trivially obvious class action, even if the trojan problem hadn’t developed. You can’t have your software secretly sending information back to the company.
neil
I used to believe that the main practical reason to buy your music instead of downloading it was that you never knew what kind of weird spyware or exploits that P2P software would install on your computer.
Words fail me. It’s almost as if they’re trying to convince people to stop buying CDs. (They had me convinced when they started suing their customers.)
Forge
Just make sure you turn off auto-play on your PC and it won’t install in the first place.
Paul L.
What about the Sony Pleasurbot™?
Mr Furious
Lucky for me I stopped buying new music over the last few years. I suppose I was employing a sort of virus-protection (of sorts) against “shit”.
The bit in the link about lockouts on their games is complete bullshit too. But, again, until they figure out how to break into my basement and install that stuff on my dust-covered original PlayStation, I’ll remain unaffected.
Mac Buckets
I saw a partial list of the known rootkitted CDs, and anyone buying them deserves the malware:
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia)
Do I need any more reasons to download music from friends, rather than buy it from corrupt, dishonest, price-gouging purveyors of garbage? They’re telling me they don’t want my business anymore, and the feeling is mutual.
caleb
It’s adding up to a hell of a problem….
wired.com/news/privacy/0,1848,69573,00.html?tw=rss.PRV
“More than half a million networks, including military and government sites, were likely infected by copy-restriction software distributed by Sony on a handful of its CDs, according to a statistical analysis of domain servers conducted by a well-respected security researcher and confirmed by independent experts Tuesday.
Sony BMG has been on the run for almost two weeks with the public relations debacle of its XCP copy-restriction software, which has installed an exploit-vulnerable rootkit with at least 20 popular music titles on PCs all over the world. ”
Not only does it install malware, but said malware allows third parties to create virus’ that use the $sys$ file name used by the Sony root kit. By using this file name, it allows virus’ makers to install and hide virus’ on your computer without your knowledge, and keep any anti-virus software from being able to find said virus.
Thank god there is no new music worth purchasing these days or I might actually be put in harms way.
caleb
Oh…and you can go here…..
sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
and read Mark Russinovich’s blog.
He is the person who discovered Sony was doing this.
This is the blog entry that started this whole thing. This is “ground zero”. It goes in detail discussing how he figured this out. It is a bit over my head, tech speak wise, but still very interesting.
Steve S
Forge is right to turn off auto-play.
I think this is incredibly sad on Sony’s part, and I hope they rightly get a nice hefty fine from the FTC, or a class action lawsuit. You cause harm, you need to suffer the consequences. WHAT FUCKING IDIOT THOUGHT THIS WAS A GOOD IDEA!?
In the immortal words of Donald Trump “He’s FIRED!”
Sony used to be a great company. Not any more. I refuse to buy their crap after they introduced HDMI and made my HDTV television set immediately obsolete. Not because it wasn’t technically capable of playing content, but because they wanted to keep me from copying it to tape. Which I had no interest in doing in the first place, but they just lost several grand of business from me as a result of their decisions.
Steve S
Sysinternals is the bomb!
Been using the ntregmon and ntfilmon for years.
demimondian
Actually, there’s a better solution than turning off auto-play, and it’s one you should be doing anyway.
Don’t log in to a Windows system as an administrator.
Contrary to widely disseminated FUD, only a very few things don’t work. Most of those are root kits, in one form or another.
A Dozen Stooges
an even better solution is to only buy local, or non-riaa affiliated music.