OT: A Scary Trend - Sony Spyware Goes Too Far

Former user wrote on 11/1/2005, 11:59 AM
Hmmm....I might just get banned for posting this in here - but what the hell - let's see if we can get a vibe from paying Sony customers on this....and maybe even the Sony crew in Madison.

http://www.theinquirer.net/?article=27349

Make sure to check out the extra links within the article about how far Mark went to find out just where this crap came from...

PS: If I do get tossed....it's been great to be a member of these forums while it lasted!

Cheers,

VP

Comments

ken c wrote on 11/1/2005, 12:24 PM
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

this guy sounds like he knows his techical stuff .. anyone able to confirm this? I know I don't want a 1-2% CPU drain on my system due to DRM ...

ken
fldave wrote on 11/1/2005, 12:31 PM
here is a more high-level view of probably the same thing. From a leading economist who I frequently read, page down the link to the heading

"DRM Crippled CD: A bizarre tale in 4 parts"

http://bigpicture.typepad.com/
p@mast3rs wrote on 11/1/2005, 12:33 PM
From the article: "If there was ever a good argument for piracy, to me, this is it. No, better yet people, just say no and don't buy this crap, it is the higher ground."

Never a good argument for stealing. However, not buying it is the ONLY way these companies will quit wasting their cash on these silly costs which inevitably get passed on to the consumer.

Furthermore, if the average Joe was to install crap like this, wouldnt they arressted for hacking/cracking but because its big business trying to protect their property and profit lines, its ok for them to skirt the DMCA?
farss wrote on 11/1/2005, 12:37 PM
The CD(s) in question require that you install code to play them. I guess that means you cannot play them in a conventional CD player either. I cannot understand why any right thinking person would buy such a CD anyway.
To top it all off this would have to be the easiest DRM system to circumvent anyway, Vegas and a decent sound card would be ideal.
Bob.
ken c wrote on 11/1/2005, 12:46 PM
not to mention, there's programs like www.tunebite.com which deprotect DRM delivered audio files anyways..


ken
Coursedesign wrote on 11/1/2005, 12:49 PM
The economist blog had the best research into this.

The best part was the response from Suncomm that it was not about copy protection, only an attempt to put pressure on Apple to open up to allow users to import protected CDs into iTunes and iPods.

Their letter said that Mac users could just copy their protected CD into iTunes without any extra steps, but PC users had to carefully follow the instructions provided by Suncomm in the letter...

I wonder if all of this can be avoided by simply putting a black marker line over the outermost tracks on these CDs? This was the widely published (worldwide in mainstream media) solution for an earlier CD copy protection scheme used in Europe last year (I think it was withdrawn after many Mac and PC users actually got hardware damage from this (!). Computers check to see if there is software on a CD by checking these tracks, if so it's autostarted if enabled. Regular CD players just skip this part.

Chienworks wrote on 11/1/2005, 12:50 PM
Marquat, firewalls only inform you about traffic through your network connection. The software is being installed from a local CD so no network activity is involved.

Firewalls are only a very tiny piece of computer protection. The can't protect you from anything you initiate at your PC.
MH_Stevens wrote on 11/1/2005, 12:51 PM
Only YOU can stop forest fires.

The strong and informed will not buy these Sony CD's. That is until next week, when a freely available uninstaller will be available.

Mike S


Chienworks wrote on 11/1/2005, 12:56 PM
Bob, the protection software only prevents a computer's CD drive from being used to access the content outside of the software itself. If you don't have that software installed then the disc appears as a normal unprotected audio CD. An audio CD player will likewise read the disc with no trouble.

Lesson to everyone, autorun is a bad thing! Well, that's not true, Autorun has the potential to be very helpful, which is why Microsoft included it in Windows. However, it's also very helpful toward bad things. At this point the dangers far outweigh the advantages. Turn it off. You can always autorun manually from explorer if you need to.
Chienworks wrote on 11/1/2005, 12:57 PM
It may in the future, but apparently it doesn't do that now. All it does is lie to your computer and tell it the protected disc is inaccessible to any other software.
Yoyodyne wrote on 11/1/2005, 1:08 PM
Why do I fear HD-DVD and Blue Ray are going to be filthy with this stuff - I have no issue with people wanting to protect content but it seems that it should be done in a very above board way.

The irony is in trying to protect the content on CD's they are actually sending potential customers to places like itunes for fear of the CD copy protection.

It seems amazing to me that a device as important to people as the computer has no real regulation or controls for malware/spyware/etc. I know everything has a EULA but everyone knows nobody reads the thing - it seems there should be some kind of protocol for installing anything that messes with the OS - & some kind of functional removal utility. I know that computer users should be vigilant but sometimes it just feels like being pecked to death by ducks.
riredale wrote on 11/1/2005, 1:14 PM
Here's another version of the same story.

This is just nuts. Sony is committing suicide right in front of our eyes. I feel sorry for the Madison gang.
farss wrote on 11/1/2005, 1:14 PM
I always have autorun turned off. So this is a totally lame DRM! Without it installing the code then as others have discovered the CD can be ripped as per normal or...
Reading other notes about this particular CD it appears that the audio is wma which measn most CD players will not play it?

Not that I care, the only music I listen to these days is on 1/4" tape :)

Bob.
Yoyodyne wrote on 11/1/2005, 1:32 PM
Although you have to admit the album title "Get Right with the Man" is pretty funny considering...
plasmavideo wrote on 11/1/2005, 1:34 PM
Just think how the MiniDisc format was crippled from being useful . . . . and they wonder why the MD never caught on. A real shame, as it could have been a wonderful tool.
plasmavideo wrote on 11/1/2005, 1:34 PM
Just think how the MiniDisc format was crippled from being useful . . . . and they wonder why the MD never caught on. A real shame, as it could have been a wonderful tool.
Coursedesign wrote on 11/1/2005, 1:35 PM
The sysinternals blog mentioned had several legal references that this could cost Sony Music $1,000 per computer in California, and potentially more serious consequences in the U.K. and Australia.

It is also disturbing that after you have played one of these CDs on your computer, anybody who is able to transfer spyware packages, viruses, worms etc. to your computer can make them cloaked (invisible) by just having their files, directories, registry keys and/or processes use names beginning with “$sys$”.

Now there's a potential really immense lawsuit if say a hospital or government network gets shut down because an employee played a Sony Music CD that secretly installed rootkit software.

The only safe thing to do for Sony Music is to immediately recall all these CDs.
Of course this would put a spotlight on the situation, but it could be a lot less expensive for them.

Now I remember why I started turning off AutoRun on all PCs I administrate years ago...

riredale wrote on 11/1/2005, 1:46 PM
Reading through the account of how the fellow discovered the "root" (ha!) of the problem is like reading a decent mystery novel. For nerds.

Very interesting. Again, I think this is going to be a huge black eye for Sony.

Oh, one of the reply comments at the bottom mentions that this "stealth installation" is a crime in Australia, with penalties of 10 years in prison.

farss wrote on 11/1/2005, 1:51 PM
I was just about to buy a PSP and the Media Manager but now I'm having second thoughts. Can we be assured that the PSP Media Manager isn't also infected with some virus like code as well?
Bob.
p@mast3rs wrote on 11/1/2005, 1:52 PM
"Now there's a potential really immense lawsuit if say a hospital or government network gets shut down because an employee played a Sony Music CD that secretly installed rootkit software."

Imagine if the Department of Defense or the CIA had this happen to them. Maybe a tretch, but whats the chance of terrorists exploiting this type of crap to bring down defense and protection? Before anyone laughs at this "absurd" idea, the same was said before when terrorists were using jpgs to hide attack instructions in them.
ken c wrote on 11/1/2005, 2:19 PM
Remember that lame protection software, forgot the name...but installed itself w/spyware as a 'wrapper' with a handful of well-known commercial software programs? cydoor ... that's it..

this is squarely in that same category -- companies should not be permitted to secretly install stuff that runs in the background on your pc without your express permission and consent...

(don't get me started about how winXP is like this... imho win2k is much better for an o/s)...

boo if anyone installs a rootkit on your pc, that could be exploited into a server etc I think by hackers..

Ken
Coursedesign wrote on 11/1/2005, 2:43 PM
Can we be assured that the PSP Media Manager isn't also infected with some virus like code as well?

This would be beyond extremely unlikely. The computer industry (Sony and others) understand the liabilities well.

It's the totally non-technical music industry suits who are beginning to feel that they can't run the world like they had gotten used to, so now they accept help from established OS hackers who just say "we will solve your problem."

maylee wrote on 11/1/2005, 3:00 PM
This maybe somewhat O.T., but I have two PCs that have a problem of being unable to change the homepage. I have run various spyware detection programs,including Spywaredoctor, Spybot, Zonealarm, Adaware, Microsoft antispyware to no avail. The interesting thing is that I am forced to return to this forum as my home page. Does anyone else have this problem?
By the way a third PC that I have is OK

Warren
craftech wrote on 11/1/2005, 5:26 PM
This maybe somewhat O.T., but I have two PCs that have a problem of being unable to change the homepage. I have run various spyware detection programs,including Spywaredoctor, Spybot, Zonealarm, Adaware, Microsoft antispyware to no avail. The interesting thing is that I am forced to return to this forum as my home page. Does anyone else have this problem?
By the way a third PC that I have is OK
=======
You have a BHO that is redirecting it. Download Hijack This and remove the BHO's it detects when you click on "Do a System Scan Only". Even Google and Yahoo both install BHO's now such as the Google toolbar so I remove them. You may have to stop running processes using the task manager in order to remove them if they refuse to be removed. Check off all the the BHOs and click on "Fix Checked". If you see the false start page listed check that off too and click on "Fix Checked". Home pages will probably have an R0 value.
Reboot and see if it worked. Then reset your home page.

John