Slashdot Log In
Sony Music CD's Contain Mac DRM Software Too
Posted by
CowboyNeal
on Fri Nov 11, 2005 01:43 AM
from the no-one-is-safe dept.
from the no-one-is-safe dept.
brjndr writes "A MacInTouch poster has found that certain Sony CD's also contain a smaller extra partition for 'enhanced' content. Running one of the applications found within this partition installs kernel extensions containing DRM software by SunnComm. In Sony's defense you're told what is being installed within a EULA which pops up when the program is loaded. Thankfully we all read our EULAs completely."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Think different... (Score:5, Interesting)
To summarise: it's impossible to protect against truly clueless users without severely inconveniencing everyone else, but Mac OS X at least lets you know something dodgy is going on (a request for administration rights, just to play a CD, say what ? No *other* CD's needed that!) I guess it helps to have gorms, though...
THM: It's a difference in attitude. It *does* make a difference.
Simon
Re:Think different... (Score:5, Insightful)
I'm not *so* sure about the after-a-while thing though - I'm struggling to remember any time I had to type in the sysadmin password when I wasn't installing software. If I equate that action with installing stuff, and all I've done is put a CD in to play the damn thing, I'd be pretty curious as to why... Maybe that's just cynical old me, though...
Simon
Parent
Re:Think different... (Score:5, Insightful)
You'd have to make it more of a quiz. After all, there's a lot of people that think they know everything but who really don't have a clue (Go to your local computer shop if you don't believe me). It could be pretty funny:
(1) what does RAM stand for?
(2) what is 0xF?
Parent
Re:Think different... (Score:5, Funny)
Parent
Re:Think different... (Score:4, Funny)
Parent
Memories... (Score:4, Funny)
My original
Snort...
Parent
Re:Memories... (Score:5, Interesting)
I'd really like to get my hands on one of those now. I sort of miss slapping it upside the carriage every time you were finishing a line. And a typo at the end of a page REALLY hurt.
Parent
Re:Think different... (Score:5, Insightful)
That's the problem. Clueless mac user is probably expecting to be installing software about then. The CD told them they need a player to see the dancing pigs, for example.
Parent
Re:Think different... (Score:5, Insightful)
You don't need to authenticate to install applications on Mac OS X. Installing applications - like Microsoft Office - involves just dragging the application (or the folder it's in) from the CD into the Applications folder on your hard disk. Even things like Real One Player and Windows Media Player work this way.
When you do actually get a dialog, Mac OS X also tells you what permissions are being requested on the password dialog (e.g. full admin access, or just permission to modify a specific system setting, etc) as well as which application is requesting the permission. In reality, most of the time people see a dialog in Mac OS X which requires authentication, it's because of an interaction with the OS itself (such as changing a system setting) that the user has just performed.
If a users sees an Application (including plugins) requesting this sort of permission that should really ring alarm bells. Only things like new drivers (e.g. for that new camera you just bought) should be asking for things like that.
It's fair to say here is room for some improvement in the dialog in that it should better reflect this (perhaps rasing a more severe looking alert when it's anything other than the OS or bundled Application requesting any sort of privileged access, which explains something along the lines of the previous sentence).
On the subject, it could do with some means of forgery protection (things like an embedded image in the window have been suggested) so that you can better trust it's an authentic authentication dialog. If your paranoid.
Technically Windows allows for roughly this sort of behaviour too (that is, you should never need admin permissions to install a regular application) but the large number of badly written installers - combined with the lack of a K.I.S.S. approach in the OS - seem to have conspired to make admin level access madatory for even the most mundane tasks.
I bet if vendors (and I include both Apple and Microsoft in that) implimented privilage dialogs that were scary and intimidating enough to users (perhaps with a default action of 'deny') 3rd party application developers wouldn't ask for them unless they really needed those permissions.
Parent
Re:Think different... (Score:4, Informative)
I would also like to point out that even when you are dragging and droping apps into the Apps folder it will prompt you once to say "You are about to run (application name) for the first time. Are you sure you want to do this?" which is a pretty good fail safe for programs that are trying to run silently.
Parent
Re:Think different... (Score:4, Informative)
Yeah, Mail and Safari patches do the same, I assume it keeps track of the Applications filename / it's location / MD5 of the binary / etc. which is why it requires confirmation the first time you run the new version of the application (so that someone - or some software - can't switch the legitimate application with a trojan copy).
Good Thing(TM), even if the iTunes patches are a little too frequent.
Parent
Re:Think different... (Score:5, Insightful)
Think what a hell would become the customer support: everytime something happens the system may respond to the user in 10 different ways.
And if a user logs into another mac (at Internet café, library, university etc..), she well have to know if it's configured for dummies or super-geeks or whatever. I may even add that as she gets used to her mac she will want to try to step to the next level, but the user has to learn again how the system behaves.
And so on.
It has been proposed more than once, but I doubt it will be ever implemented, as it is a usability nightmare.
Parent
Re:Think different... (Score:5, Informative)
Parent
Re:Think different... (Score:5, Interesting)
Someone was saying that you get so used to typing your admin password on OS X that you just do it as a reflex - that hasn't been my experience. This simple change represents a great improvement over Windows XP.
In the case of the Sony DRM I think it quite likely that Mac OS X users will find the request for their admin password "odd" - and hopefully a significant number would refuse to give it.
Of course some will as we all tend to trust "big names", maybe that's the real lesson here - Sony can be as evil/stupid as anyone else. And if you can't trust Sony, who can you trust?
Parent
Re:Think different... (Score:5, Informative)
You are not often challenged for your password in Mac OS X. The default installation location is
If something's asking you for your password and isn't (a) your security manager wanting to fetch your keychain for a website, or (b) something that should be installing drivers, be very worried and don't type your password until you understand exactly what it's doing. My mother has to type her password so infrequently on Mac OS X that she can never remember what it is.
Even Microsoft Office is a drag-and-drop-to-install application (as well as being a drag), ferchrisakes.
(and mods, please mod parent down for using Andrew Tanenbaum's [wikipedia.org] name).
Parent
Re:Think different... (Score:5, Insightful)
Are you feeling OK today? Would you like someone else to help you to moderate?
(Not me, of course, as by posting I prevent myself from moderating...)
Parent
Re:Think different... (Score:4, Interesting)
That's why most users around here don't KNOW the admin password. When we set up brand new Macs for others, we always make at least two accounts. One for administration and the others for everyday normal users. Users who must be given the admin password are admonished NEVER to give that password unless they are expecting to be asked for it when installing or upgrading software. So far, none of them has been hit with any shady programming because of this. Unlike our Windows users, the Mac users can do everything they need to without even knowing the admin password.
This should work in most homes, where the parents are the only one who know the master password. That way the kids can't so easily mess up the whole computer. ALL games even work just fine without the master password, once they are properly set up.
Parent
Why yes, I give my admin password out on request! (Score:3, Insightful)
Re:Why yes, I give my admin password out on reques (Score:5, Insightful)
You would be amazed at what most users will do for music, porn, wallpapers, or screensavers.
Mac OS isn't immune to this kind of crapola - at least not for the average user.
Parent
Re:Why yes, I give my admin password out on reques (Score:5, Funny)
A client of mine once got an email instructing telling her that a virus had been installed on her system. She was to immediately locate a file (I think it was COMMAND.COM) and delete it, which would remove the hazard.
She forwarded it on to me (just in case I needed it, you see) and then sent me a second email because the person who sent her the message had trashed their system, and she thought I was about to do same.
When it comes to stupidity among users, I will believe anything
Parent
Well one clear warning sign... (Score:5, Insightful)
daft... (Score:4, Insightful)
Surely, they realise that its only going to create a backlash against DRM if they continue this nonsense?
Re:daft... (Score:5, Insightful)
Parent
With luck (Score:4, Insightful)
Parent
bondage (Score:4, Funny)
Re:bondage (Score:5, Funny)
Parent
Jesus (Score:4, Insightful)
Well, I for one pledge to no longer purchase any sony products. Nor will I buy online music from sony, purchase any games, or watch any sony movies until they stop being overbearing assholes with their stuff.
Illustrates why... (Score:5, Insightful)
Who knows how evil the DRM is, once the install is made, but jeebus... talk about an issue of trust (just for the installer)!
Even more thankfully (Score:5, Informative)
Re:Even more thankfully (Score:5, Informative)
Parent
what if the moviefile is flawed? (Score:4, Insightful)
What if that movie file is flawed?
The Windows OS only opens a autorun file too; which is linked to a executable; but the principles are just the same, only the practical side is much more exploitable in Windows with its flawed autorun system...
Parent
At least this means one good thing... (Score:5, Interesting)
Throwing out the baby with the bath water (Score:4, Insightful)
autorun (Score:4, Informative)
McCarthyism doesn't sound so bad now... (Score:5, Interesting)
Of course, criminals will always hire criminals; a thief will always have a chance at getting hired by the Mafia, so I don't expect this will completely work. Computer companies that have overgrown beyond their event horizon of personal responsibility such as Sony and Microsoft will always be a haven for crooks and guttersnipes. But every responsible company still around should outright refuse to hire anyone who's ever knowingly developed anything related to DRM; conduct background checks on every potential employee's employment history and slam the door in the face of any DRM sympathizer looking for a job.
Linux port? (Score:5, Funny)
Sony just lost ~5000 euros (Score:5, Interesting)
And this was definitely the last time I even consider Sony. Forget the new Playstation, if I have to choose from the two bad options M$ vs. Sony my money goes to M$ in this case.
As big a fan as I am of the Van Zant brothers, I just can't think of buying the album after all this. Luckily it was available without DRM somewhere else. It's a shame for the artists though, they didn't get thei $0.50 or whatever they make per sold CD.
I know my 5000 doesn't bankrupt Sony but if more of us start voting with our wallets maybe they will realize they can't keep on shafting customers every chance they get.
At first, it seemed like a bad idea... (Score:5, Interesting)
It may sound paranoid, but once they start messing with the kernel, you really don't know what they're going to do...
As result of this Sony rootkit fiasco... (Score:5, Interesting)
1. Sony music CD's
2. Sony HD TV
3. Sony Playstation 3 and games
4. Sony Bluray DVD player
5. Sony Ericson phones
6. Sony VAIO laptop
7. Sony DVD burner
8. Sony digital camera
9. Sony video recorder
The only way Sony will regain my trust is if they were to:
1. publically admit that what they did was wrong
2. put a link on sony.com to a page explaining what exactly happened and provide software to uninstall the rootkit
3. recall all CD's on the shelf containing rootkit DRM
4. offer replacement CD's to all customers
Affected Titles (Score:4, Funny)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia)
from the eff [eff.org]
Perhaps this DRM is your punishment for listening to Ricky Martin and Celine Dion?
Simplify EULAs (Score:4, Interesting)
That is how these Spyware companies gain "permission" and certainly how Sony has gained "permission" to install anything they want. Most users aren't able to read a 5 page legal document squeezed into a tiny little box very effectively.
We need to write our Congressmen and Senators and tell them that EULAs should be simplified, even standardized. I'd even suggest that some sort of color coding be required to indicate the severity of changes to be made. Unlike Homeland Security's approach, I suggest three simple colors: GREEN, YELLOW, RED (You might recognize these colors from your local STOPLIGHT).
GREEN - This EULA just contains standard legal protections of the company for their software.
YELLOW - This application will install some components to run at the same permission level as the user.
RED - This application will install SYSTEM-LEVEL COMPONENTS.
This may not be perfect, but the 10-pages of legal mumbo-jumbo is hard for even the paranoid to go through. For example, I installed several updates to my Mac OS X system (10.4.3, Java, Quicktime, iTunes, Airport) and EACH ONE contained an EULA that was extremely long.
The current system is broken and, unfortunately, we need to change the law to fix it because I know that the large companies with their lawyers have no intention of fixing it.
Mac OS X's malware resiliency put to the test (Score:4, Interesting)
And even after that, it's not the gigantic pain in the ass to remove that the Windows stuff is. Removal is a simple matter of unloading the kernel extensions and deleting them with administrator privileges. For some reason, Windows seems to facilitate the development of software that installs silently and is utterly impossible to remove.
This is why it's not just the popularity factor that keeps OS X malware-free. It's a solid design based around the idea of minimal automation and least privileges needed. Even if OS X was twice as popular, any malware would still have the same hurdles to jump through.
Re:Make a fortune (Score:5, Interesting)
Parent
Microsoft does it better.... (Score:4, Interesting)
A mate installs a Windows XP OEM version onto a PC. Activates it and everything is sweet. A few days later his pc is stolen. So he buys a new PC, because he still has the Windows XP CD, the manual, the license and all the little stickers, he goes to install it on the new PC. It wont activate. He rings Microsoft. They refuse to activate the software since its been activated on another pc, and that violates the OEM license. They suggest he reports it to his insurance company as stolen and they can pay for a new license.
So they encourage him to commit insurance fraud as the software has not been stolen, because he has all the software and the licenses to run it.
Parent
Re:Admin Privileges (Score:5, Insightful)
Joe user: What's this I see? I have to enter my password to play a music CD? Oh no biggy, its just a music CD. What harm could it do?
That is my concern. The average user sees it comes from Sony, a "trustable" company, and doesn't give it a second thought. A very lethal comboParent
Re:Oh thank God... (Score:5, Interesting)
Ha ha, only serious. Seriously, this isn't an "any computer" issue. This is an issue with the only "modern" OS that have been specifically engineered to run arbitrary binaries with privileges without challenging the user. It's isn't a matter of Mac OS X or Linux (or VMS or Solaris or SunOS or VM/CMS) being better, it's a matter of Windows being worse .
This isn't even a matter of Windows' original design, as Dave Cutler's original security model was solid and included a good separation of privileges away from the desktop user, drawing on the last half a century of computing experience. This is a matter of Microsoft Management specifically and intentionally deciding to screw you. They will say it was necessary to make a desktop OS usable by novices - Mac OS X does give the lie to such horseshit (and that is the only place Mac OS X specifically figures in this topic).
Yes, Sony deserves a lot of the blame. But Microsoft deserves just as much. You can start to "fight this stupidity" by not using Windows.
Parent
Re:Oh thank God... (Score:4, Informative)
I spend most of my time on a Mac (at work) but have a PC at home. If I had the money for a new computer I'd buy a Mac, but everytime I think of ditching my PC altogether I have to stop and think...
well, I won't be able to play most of the games I bought anymore...and there's an application or two that's Windows only that I need occasionally...
It pisses me off because I don't want to use Windows. I guess I could live without the old games, but there have been many times where I think, well, at least I can just open that in windows and re-save it.
The best situation I can see is that OS X and/or Linux gets enough market share so that it's common for certain businesses/people to have a PC for occasional compatibility purposes only, which will lead to Mac/Linux converters that will eliminate the need for a PC, so that 100% Mac/Linux shops will have to be a consideration at least.
If I may go on a tangent here...
I used to work at a pre-press company (my title was "Mac Operator" which I always thought would be a cool 80's rap name. I'd change it to "Mac O" in the 90's [a la P. Diddy], then to "MOpe" around 2003). Anyway, we had one WinNT machine we kept around for the clients who were too low-scale to realize that all print work was done on Macs.
Any Windows job was a guaranteed pain-in-the-ass, mostly for compatibility reasons, but also because WinNT was stupid about networking and printing issues. It always seemed stupid to me that, while we printed to million dollar imagesetters and had clients like the Dell computer catalog, we had to keep this red-deaded stepchiled to run a Windows version of Quark (or for the real low-rent clients who submitted Windows Pagemaker files).
I'm a video editor now, and I still get annoyed when someone wants a non-Quicktime movie file. Some of the blame surely lies with Apple who won't even let you import an MP3 into Final Cut Pro unless you convert it into a Quicktime file first, but for the most part Apple tries to be universal, whereas Microsoft's attitude is "Fuck everyone else. If you're not using .avis and Word .docs you can go screw yourself."
Thank god that blu-ray won out so we don't have do deal with even more forced-incompatibility issues. I just want shit to work. I'm not totally computer-illiterate (I know enough to install a new OS, or random expansion card, or hard drive. I've used Linux a bit on my personal computer), but when there's work to be done I don't want to have to use Google to search for the best way to convert a file or get a random piece of PC hardware to work on a Mac.
Parent
Re:Oh thank God... (Score:5, Informative)
In Windows, you just insert the CD. Maybe into someone else's system when their back is turned. Windows OS trusts external content much more than the user sitting at the desk. "Do me", it says.
Unfortunately, people are still stupid enough to follow these ludicrous steps. Remember the teddy bear "virus" in Windows? Consisted only of an email, the instructions to delete a standard Windows exe file, and a directive to resend the email to all of your friends.
PS. Join us... you know you want to.
Parent
Re:Oh thank God... (Score:4, Insightful)
See, it's that sort of naivete that I'm talking about. If Sony put all their information through their Supercalculamotron 4000(TM) and somehow came to the conclusion that it would be in their own interests to invest millions upon millions on fundamentally flawed DRM methods using dubious moral standards, what makes you think that they won't suddenly wake up one morning and think, "Holy shit! Linux users are getting a free lunch! Let's fuck them over somehow! Get First4Internet on the phone, I'm sure they'll be able to come up with something!" If that happened, then the very best you could expect would be a putrid aborted foetus of a DRM clusterfuck. Heaven forbid that a company like First4Internet actually do the job right. Knowing their competency, they'd just manage to send your mp3s to
Obviously *nix is a much more difficult problem for them to deal with... but you're just asking for it by sitting around lazily thinking it could never happen to you.
Parent
Re:That's the last Sony CD I ever buy (Score:5, Interesting)
Parent