Sony Music CD's Contain Mac DRM Software Too 399
brjndr writes "A MacInTouch poster has found that certain Sony CD's also contain a smaller extra partition for 'enhanced' content. Running one of the applications found within this partition installs kernel extensions containing DRM software by SunnComm. In Sony's defense you're told what is being installed within a EULA which pops up when the program is loaded. Thankfully we all read our EULAs completely."
Think different... (Score:5, Interesting)
To summarise: it's impossible to protect against truly clueless users without severely inconveniencing everyone else, but Mac OS X at least lets you know something dodgy is going on (a request for administration rights, just to play a CD, say what ? No *other* CD's needed that!) I guess it helps to have gorms, though...
THM: It's a difference in attitude. It *does* make a difference.
Simon
Make a fortune (Score:2, Interesting)
Customers buy DRM CDs and hand them over to you. You give them back a copy of the CD with the DRM removed, for the cost of the blank CD and a small service fee. Hold onto the original CD with customer records as evidence that the customer bought the CD and has the right to copy for personal use.
Not workable?
At least this means one good thing... (Score:5, Interesting)
That's the last Sony CD I ever buy (Score:3, Interesting)
In the past I've made a point of buying stuff I liked, either on CD or from an online retailer (iTunes).
Well, Sony just lost my business. And fuck them if they think I am going to subsidize this bullshit.
Goodbye Sony. Hello allofmp3.com.
If you walk the corridors of Sony Music right now all you can hear is the sound of a toilet flushing.
Re:Make a fortune (Score:5, Interesting)
Re:Even more thankfully (Score:3, Interesting)
McCarthyism doesn't sound so bad now... (Score:5, Interesting)
Of course, criminals will always hire criminals; a thief will always have a chance at getting hired by the Mafia, so I don't expect this will completely work. Computer companies that have overgrown beyond their event horizon of personal responsibility such as Sony and Microsoft will always be a haven for crooks and guttersnipes. But every responsible company still around should outright refuse to hire anyone who's ever knowingly developed anything related to DRM; conduct background checks on every potential employee's employment history and slam the door in the face of any DRM sympathizer looking for a job.
Re:Oh thank God... (Score:5, Interesting)
Ha ha, only serious. Seriously, this isn't an "any computer" issue. This is an issue with the only "modern" OS that have been specifically engineered to run arbitrary binaries with privileges without challenging the user. It's isn't a matter of Mac OS X or Linux (or VMS or Solaris or SunOS or VM/CMS) being better, it's a matter of Windows being worse .
This isn't even a matter of Windows' original design, as Dave Cutler's original security model was solid and included a good separation of privileges away from the desktop user, drawing on the last half a century of computing experience. This is a matter of Microsoft Management specifically and intentionally deciding to screw you. They will say it was necessary to make a desktop OS usable by novices - Mac OS X does give the lie to such horseshit (and that is the only place Mac OS X specifically figures in this topic).
Yes, Sony deserves a lot of the blame. But Microsoft deserves just as much. You can start to "fight this stupidity" by not using Windows.
Sony just lost ~5000 euros (Score:5, Interesting)
And this was definitely the last time I even consider Sony. Forget the new Playstation, if I have to choose from the two bad options M$ vs. Sony my money goes to M$ in this case.
As big a fan as I am of the Van Zant brothers, I just can't think of buying the album after all this. Luckily it was available without DRM somewhere else. It's a shame for the artists though, they didn't get thei $0.50 or whatever they make per sold CD.
I know my 5000 doesn't bankrupt Sony but if more of us start voting with our wallets maybe they will realize they can't keep on shafting customers every chance they get.
At first, it seemed like a bad idea... (Score:5, Interesting)
It may sound paranoid, but once they start messing with the kernel, you really don't know what they're going to do...
Re:Throwing out the baby with the bath water (Score:3, Interesting)
OK, here are the options you have.
Sony CD: Contains very poorly written DRM that may forever screw up your machine.
P2P: Spend days sifting through partial, corrupted and poorly named files to get the CD you want, risking viruses, lawsuits and your entire Saturday afternoon.
Online music stores (iTMS, allofmp3): Cheaper than a CD, quicker and safer than P2P, DRMed but easily circumvented in under an hour, if that.
Maybe Sony's subconsciously trying to elminate CDs in favor of complete on-line distribution.
I love how they lie (Score:3, Interesting)
"November 8, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers. Please note, Service Pack 2a is a maintenance release designed to reduce the file size of Service Pack 2. It includes all previous fixes found in Service Pack 1 and Service Pack 2."
http://cp.sonybmg.com/xcp/english/updates.html [sonybmg.com]HMM it does not compromise security? It installs a root kit, then it lets people hide a trojan on your computer. Who needs sony anyway, I have my game cube and X-box.
Re:Think different... (Score:5, Interesting)
Someone was saying that you get so used to typing your admin password on OS X that you just do it as a reflex - that hasn't been my experience. This simple change represents a great improvement over Windows XP.
In the case of the Sony DRM I think it quite likely that Mac OS X users will find the request for their admin password "odd" - and hopefully a significant number would refuse to give it.
Of course some will as we all tend to trust "big names", maybe that's the real lesson here - Sony can be as evil/stupid as anyone else. And if you can't trust Sony, who can you trust?
Re:Memories... (Score:5, Interesting)
I'd really like to get my hands on one of those now. I sort of miss slapping it upside the carriage every time you were finishing a line. And a typo at the end of a page REALLY hurt.
Re:That's the last Sony CD I ever buy (Score:5, Interesting)
Re:Think different... (Score:3, Interesting)
I bet if vendors (and I include both Apple and Microsoft in that) implimented privilage dialogs that were scary and intimidating enough to users (perhaps with a default action of 'deny') 3rd party application developers wouldn't ask for them unless they really needed those permissions.
Still, that'll never solve the problem of the user getting used to it. "WARNING: Email attachments may contain viruses! Are you sure you want to download nakedjlo.exe??????" "Duuuh...well it must be OK, my friend sent it to me!"
Re:daft... (Score:3, Interesting)
I see this beginning to be the backlash of DRM for the average "Joe Desktop". Especially when the media is throwing in the scary worded "root kit" voodoo around.
Re:Think different... (Score:3, Interesting)
Re:Think different... (Score:3, Interesting)
Re:Even more thankfully (Score:3, Interesting)
As result of this Sony rootkit fiasco... (Score:5, Interesting)
1. Sony music CD's
2. Sony HD TV
3. Sony Playstation 3 and games
4. Sony Bluray DVD player
5. Sony Ericson phones
6. Sony VAIO laptop
7. Sony DVD burner
8. Sony digital camera
9. Sony video recorder
The only way Sony will regain my trust is if they were to:
1. publically admit that what they did was wrong
2. put a link on sony.com to a page explaining what exactly happened and provide software to uninstall the rootkit
3. recall all CD's on the shelf containing rootkit DRM
4. offer replacement CD's to all customers
Re:Think different... (Score:4, Interesting)
That's why most users around here don't KNOW the admin password. When we set up brand new Macs for others, we always make at least two accounts. One for administration and the others for everyday normal users. Users who must be given the admin password are admonished NEVER to give that password unless they are expecting to be asked for it when installing or upgrading software. So far, none of them has been hit with any shady programming because of this. Unlike our Windows users, the Mac users can do everything they need to without even knowing the admin password.
This should work in most homes, where the parents are the only one who know the master password. That way the kids can't so easily mess up the whole computer. ALL games even work just fine without the master password, once they are properly set up.
This is why there will never be a Mac worm/virus! (Score:1, Interesting)
On the Mac, you have to seek out and launch the DRM installer app on the CD (and why would you run it, other than curiosity?), and provide your password for the install to actually do its work.
And so it shall be with any attempts to create self-propagating malware for the Mac. Drive-by/unannounced installs of system-level shit is an utter impossibility. If a DRM purveyor funded by Sony can't figure out how to stealthily get their shit installed on the Mac, what hope do Windows script kiddies have of finding a way to do it? They'll just stick to the fertile grounds of Windows, no matter how big the Mac's marketshare gets.
Re:Oh thank God... (Score:3, Interesting)
Microsoft does it better.... (Score:4, Interesting)
A mate installs a Windows XP OEM version onto a PC. Activates it and everything is sweet. A few days later his pc is stolen. So he buys a new PC, because he still has the Windows XP CD, the manual, the license and all the little stickers, he goes to install it on the new PC. It wont activate. He rings Microsoft. They refuse to activate the software since its been activated on another pc, and that violates the OEM license. They suggest he reports it to his insurance company as stolen and they can pay for a new license.
So they encourage him to commit insurance fraud as the software has not been stolen, because he has all the software and the licenses to run it.
Simplify EULAs (Score:4, Interesting)
That is how these Spyware companies gain "permission" and certainly how Sony has gained "permission" to install anything they want. Most users aren't able to read a 5 page legal document squeezed into a tiny little box very effectively.
We need to write our Congressmen and Senators and tell them that EULAs should be simplified, even standardized. I'd even suggest that some sort of color coding be required to indicate the severity of changes to be made. Unlike Homeland Security's approach, I suggest three simple colors: GREEN, YELLOW, RED (You might recognize these colors from your local STOPLIGHT).
GREEN - This EULA just contains standard legal protections of the company for their software.
YELLOW - This application will install some components to run at the same permission level as the user.
RED - This application will install SYSTEM-LEVEL COMPONENTS.
This may not be perfect, but the 10-pages of legal mumbo-jumbo is hard for even the paranoid to go through. For example, I installed several updates to my Mac OS X system (10.4.3, Java, Quicktime, iTunes, Airport) and EACH ONE contained an EULA that was extremely long.
The current system is broken and, unfortunately, we need to change the law to fix it because I know that the large companies with their lawyers have no intention of fixing it.
Mac OS X's malware resiliency put to the test (Score:4, Interesting)
And even after that, it's not the gigantic pain in the ass to remove that the Windows stuff is. Removal is a simple matter of unloading the kernel extensions and deleting them with administrator privileges. For some reason, Windows seems to facilitate the development of software that installs silently and is utterly impossible to remove.
This is why it's not just the popularity factor that keeps OS X malware-free. It's a solid design based around the idea of minimal automation and least privileges needed. Even if OS X was twice as popular, any malware would still have the same hurdles to jump through.
Re:Memories... (Score:3, Interesting)
[Note lowercase L used for authenticity