Sony Music CD's Contain Mac DRM Software Too 399
brjndr writes "A MacInTouch poster has found that certain Sony CD's also contain a smaller extra partition for 'enhanced' content. Running one of the applications found within this partition installs kernel extensions containing DRM software by SunnComm. In Sony's defense you're told what is being installed within a EULA which pops up when the program is loaded. Thankfully we all read our EULAs completely."
Why yes, I give my admin password out on request! (Score:3, Insightful)
Re:Think different... (Score:3, Insightful)
Well one clear warning sign... (Score:5, Insightful)
daft... (Score:4, Insightful)
Surely, they realise that its only going to create a backlash against DRM if they continue this nonsense?
Re:Why yes, I give my admin password out on reques (Score:5, Insightful)
You would be amazed at what most users will do for music, porn, wallpapers, or screensavers.
Mac OS isn't immune to this kind of crapola - at least not for the average user.
Jesus (Score:4, Insightful)
Well, I for one pledge to no longer purchase any sony products. Nor will I buy online music from sony, purchase any games, or watch any sony movies until they stop being overbearing assholes with their stuff.
Re:Think different... (Score:5, Insightful)
I'm not *so* sure about the after-a-while thing though - I'm struggling to remember any time I had to type in the sysadmin password when I wasn't installing software. If I equate that action with installing stuff, and all I've done is put a CD in to play the damn thing, I'd be pretty curious as to why... Maybe that's just cynical old me, though...
Simon
Illustrates why... (Score:5, Insightful)
Who knows how evil the DRM is, once the install is made, but jeebus... talk about an issue of trust (just for the installer)!
Throwing out the baby with the bath water (Score:4, Insightful)
Re:Admin Privileges (Score:5, Insightful)
Joe user: What's this I see? I have to enter my password to play a music CD? Oh no biggy, its just a music CD. What harm could it do?
That is my concern. The average user sees it comes from Sony, a "trustable" company, and doesn't give it a second thought. A very lethal comboRe:daft... (Score:5, Insightful)
With luck (Score:4, Insightful)
Re:Think different... (Score:5, Insightful)
You'd have to make it more of a quiz. After all, there's a lot of people that think they know everything but who really don't have a clue (Go to your local computer shop if you don't believe me). It could be pretty funny:
(1) what does RAM stand for?
(2) what is 0xF?
Re:Think different... (Score:5, Insightful)
That's the problem. Clueless mac user is probably expecting to be installing software about then. The CD told them they need a player to see the dancing pigs, for example.
Re:Think different... (Score:2, Insightful)
The full details would have to always be readily available, if behind a "Scary Computer Words" button. If novices have a problem, they should be able to give all the information to a sysadmin or tech support, even if they don't understand it.
Re:That's the last Sony CD I ever buy (Score:3, Insightful)
Ah, yes... Giving credit card numbers to (essentially) unknown foreign agencies that claim to be completely legal. I'm curious if there's a middle ground in there. Perhaps VISA gift cards? Set spending limit, so if they steal your number, they only get your $25 music money? Would that work?
Now that this sort of thing is coming to the Mac, I'll start to think about it more seriously... Given the lax attitude some of us Mac fanatics take to antivirus, one rootkit and one trojan could destroy Apple forever.
Re:With luck (Score:3, Insightful)
Re:Well one clear warning sign... (Score:3, Insightful)
Re:Oh thank God... (Score:4, Insightful)
See, it's that sort of naivete that I'm talking about. If Sony put all their information through their Supercalculamotron 4000(TM) and somehow came to the conclusion that it would be in their own interests to invest millions upon millions on fundamentally flawed DRM methods using dubious moral standards, what makes you think that they won't suddenly wake up one morning and think, "Holy shit! Linux users are getting a free lunch! Let's fuck them over somehow! Get First4Internet on the phone, I'm sure they'll be able to come up with something!" If that happened, then the very best you could expect would be a putrid aborted foetus of a DRM clusterfuck. Heaven forbid that a company like First4Internet actually do the job right. Knowing their competency, they'd just manage to send your mp3s to
Obviously *nix is a much more difficult problem for them to deal with... but you're just asking for it by sitting around lazily thinking it could never happen to you.
Re:Think different... (Score:5, Insightful)
Think what a hell would become the customer support: everytime something happens the system may respond to the user in 10 different ways.
And if a user logs into another mac (at Internet café, library, university etc..), she well have to know if it's configured for dummies or super-geeks or whatever. I may even add that as she gets used to her mac she will want to try to step to the next level, but the user has to learn again how the system behaves.
And so on.
It has been proposed more than once, but I doubt it will be ever implemented, as it is a usability nightmare.
Re:Oh thank God... (Score:3, Insightful)
See, that's the thing. It's easy to say those three words, "Don't use Windows." But it's just not that simple. Hell, it's not even practical. Perhaps it's a bad analogy but it would be like saying to people who are complaining about gas prices, "Don't drive cars that run on gas." It's not as simple as just flicking a fucking switch and bam, you're home free. A lot of people know a thing or two about internal combustion engines and like to tinker around under the hood, but who would know the first fucking thing about a hybrid engine or a hydrogen-powered engine? If you have a problem with your car, you take it to your local friendly mechanic; how far do you have to go to find a mechanic who knows how a hydrogen fuel cell works? Perhaps you need your car to drive to work; what if your workplace doesn't allow you to drive a hybrid car onto the grounds? I used to be a manager at a shipping port and the only vehicles that were allowed on the premises ran on diesel. If your car wasn't a diesel, you weren't allowed within a hundred yards of the port due to safety concerns (tanker refuelling and the transportation of dangerous chemicals were common).
Perhaps I may have gone overboard, but the purpose of the analogy was to demonstrate that there are a plethora of reasons why "not using Windows" just isn't a very likely option. A lot of people find it hard enough trying to understand that there are different browser options out there other than "the blue 'e'", yet alone that they could replace their entire operating system. I've played around with a dozen flavors of Linux, UNIX, IRIX and all those others and I'd like to think I'm fairly competent in the field, but that doesn't mean I *like* having to dick around with the stuff. Most people don't look at computers the same way we do and I don't blame them for not wanting to be 'adventurous' when it comes to their PC. Unless you actually enjoying the tinkering, it can seem like a colossal waste of time.
And even if they did, trying to find a good quality source of support for insert-name-of-nix-platform-here is nowhere near as likely as Windows support. Sure, that nephew of the neighbor next door or your friend Bob's brother who's the assistant manager at Costco might not be the greatest person to turn to for Windows advice, but at least it's something tangible to lean on; not just a link to a FAQ from some obscure no-name blog.
Sometimes the environment dictates what OS to use. I've liaised with countless businesses that maintain a Windows-only environment for numerous justifiable reasons. Employees have to use company computers because connecting non-company PCs can cause a security issue, a compliancy issue, even a legal issue. Sometimes such a rule is enforced because management got stuck with the bill of having to hire contractors to provide support for additional platforms. Why pay someone else a premium rate just because you have a couple of cowboys who want to use their G4 Powerbooks at work? Fact is, a LOT of people spend a LOT of their time in front of computers which they DON'T own and therefore do not have the final say in how it is configured. They might be allowed to install iTunes or Winamp or maybe even their own choice of email client... but it's wishful thinking if you think that the operating system could be considered a variable.
Don't get me wrong, I agree with pretty much everything you say... but you had me until the final sentence. Sometimes it's just not that simple.
Re:With luck (Score:2, Insightful)
Why?
The garage door remote control reverse engineering case [theregister.co.uk] already set precedent against the DMCA where it concerns fair use. The judge ruled on the basis that a garage door owner has the right to replace the transmitter with another brand, or to duplicate the original remote in some fashion. This implies that DMCA is unenforcable excepting where DRM or copy protection is circumvented in order to enable the violation of copyright (selling unlicensed copies). The only real argument there is whether copying for your own personal use is considered fair use. As far as the judge in the garage door remote control reverse engineering case says, circumventing is OK if it's for fair use. By extension, it is fair use for me to buy a Sony DRM-CD and circumvent DRM (uninstall DRM crapware). Then make as many copies as I feel like; as long I don't sell them or do anything with them that a judge would consider to be violating copyright.
Re:Think different... (Score:5, Insightful)
You don't need to authenticate to install applications on Mac OS X. Installing applications - like Microsoft Office - involves just dragging the application (or the folder it's in) from the CD into the Applications folder on your hard disk. Even things like Real One Player and Windows Media Player work this way.
When you do actually get a dialog, Mac OS X also tells you what permissions are being requested on the password dialog (e.g. full admin access, or just permission to modify a specific system setting, etc) as well as which application is requesting the permission. In reality, most of the time people see a dialog in Mac OS X which requires authentication, it's because of an interaction with the OS itself (such as changing a system setting) that the user has just performed.
If a users sees an Application (including plugins) requesting this sort of permission that should really ring alarm bells. Only things like new drivers (e.g. for that new camera you just bought) should be asking for things like that.
It's fair to say here is room for some improvement in the dialog in that it should better reflect this (perhaps rasing a more severe looking alert when it's anything other than the OS or bundled Application requesting any sort of privileged access, which explains something along the lines of the previous sentence).
On the subject, it could do with some means of forgery protection (things like an embedded image in the window have been suggested) so that you can better trust it's an authentic authentication dialog. If your paranoid.
Technically Windows allows for roughly this sort of behaviour too (that is, you should never need admin permissions to install a regular application) but the large number of badly written installers - combined with the lack of a K.I.S.S. approach in the OS - seem to have conspired to make admin level access madatory for even the most mundane tasks.
I bet if vendors (and I include both Apple and Microsoft in that) implimented privilage dialogs that were scary and intimidating enough to users (perhaps with a default action of 'deny') 3rd party application developers wouldn't ask for them unless they really needed those permissions.
Re:Think different... (Score:2, Insightful)
If every fifth app required you to type in your admin password when you started it, the security measure would quickly lose its effectiveness.
what if the moviefile is flawed? (Score:4, Insightful)
What if that movie file is flawed?
The Windows OS only opens a autorun file too; which is linked to a executable; but the principles are just the same, only the practical side is much more exploitable in Windows with its flawed autorun system...
Re:Think different... (Score:5, Insightful)
Are you feeling OK today? Would you like someone else to help you to moderate?
(Not me, of course, as by posting I prevent myself from moderating...)
Re:That's the last Sony CD I ever buy (Score:2, Insightful)
Re:daft... (Score:3, Insightful)
Well, they are still using Memory Stick in cameras, laptops, etc. even though it's clear that SD Card has won that battle. Sony is weird like that. The seem to have an attitude that since they are such a big electronics manufacturer that they can single-handedly define industry standards.
(But if that were true, we'd be talking about copy-protection on Minidisc, not CD...)
Re:Think different... (Score:3, Insightful)
Jezza, this is not intended to be a personal slam on you. It's more of a general comment.
This is very true - very little Windows software can cope like this, now Windows Vista (aka Longhorn) will work like this by default, so I expect LOTS of software to fail for this reason alone. Hopefully once everything get updated for Vista we can run our XP boxes in this mode too (which will be much better.
Hope seems to spring eternal in the MS windows world. I've been hearing people say essentially the same thing since NT3.5. It hasn't happened yet, and unfortunately I don't believe it's going to happen with "vista" either. I just want to know how long people are going to fall for this "the next version will fix everything" line we constantly hear from microsoft apologists.
I have nothing but Linux running in my household (1 desktop and 3 laptops). Sometimes my wife is annoyed that she can't do something right out of the box that windows lets you do, but Linux does not. This especially true of permissions issues. What she doesn't realize is that many times, what she'd wanted to do wouldn't have been possible for a user under windows either, but since she's never not been administrator on windows, she doesn't realize it.
My point is, it is going to be really hard for windows users to change their ways from having administrative rights (and all the horrible pitfalls that entails), to just being a user even if more of the software actually supports user mode correctly.
Re:Think different... (Score:3, Insightful)
And the reason why it's not going to happen is games. Any game that is available today will simply not run in user mode, be it XP or Vista, simply because their copy-protection schemes require access to some files and registers that a regular user should never have access to. When people get Vista and realize their games don't work, and they either go to forums or call tech support, they will be told that they need to run the game in admin mode. To avoid switching all the time, users will then always use the admin mode, and there goes all the security through the window...
KIDS can't mess it up? (Score:3, Insightful)
I realize that since you are in IT, you probably do some kind of drugs, but this statement seems over the top. Maybe you accidentally reversed it, because on the last informal survey I've done, it's often kids who need to keep their parents away from trying to "improve" anything.
I wouldn't call that McCarthyism.. (Score:3, Insightful)
I've never been so hungry that I would write code like that. If the ethical situation of a job makes you uncomfortable, leave it. That actually plays pretty well while interviewing for your next job. At least for any job you actually want.
Speaking as someone who has actually done quite a bit of engineering hiring, I can say that I do filter people by where they have chosen to work before. I learned that lesson by bitter experience. People joke about "resume stains", but let me tell you as a hiring manager that they are very real.
Re:Think different... (Score:3, Insightful)
All of the applications in /Applications are writable by group admin. That's a huge security problem.
/Library and a lot of stuff underneath it is writable by group admin. That's Internet plug-ins, printers, trusted certificates, help files, scripts, some frameworks, stuff in Application Support - a lot of stuff points things at executables, or has scripting capabilities, or is otherwise assumed to be trusted.
Much of the stuff in /Developer is writable by admin. That means something could do a sneak attack, so anything you build and distribute is a virus vector.
There is absolutely no reason to run as an administrator, except to do installations (you can do installations as a non-administrator, but ownership of installed files seems to be cleaner if you always do it from one login, and then the same principle applies - if you do it using your normal login, then some things will be owned by you which means they are vulnerable).
With user switching enabled, there's even less reason to run as an administrator, since you can easily switch back and forth. Even for sudo, all you need to do in a terminal window is su to your admin login first, then you can sudo to your heart's content.