Thread: Connect software questions (rootkit?)
View Single Post
Old 08-31-2007, 01:26 PM   #8
kacir
Wizard
kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.
 
kacir's Avatar
 
Posts: 3,463
Karma: 10684861
Join Date: May 2006
Device: PocketBook 360, before it was Sony Reader, cassiopeia A-20
Quote:
Originally Posted by HarryT View Post
Thanks Alex - that's interesting. I don't think those CDs were ever sold in the UK; at least I must have missed reading about it if they were. I fully support Sony (and anyone else's) desire to protect their content from unauthorised copying, but it sounds as though they made a slight error in doing it this way!
They DID *NOT* make a "slight error".
They screwed royally in at least a dozen separate and unique ways.

I can understand that someone wants to protect their ... aehm ... Intelectual property ... aehm ..., but beware! The song might be in certain ways their "property" but it is *MY* computer they screwed up in multiple ways ...

Let me sum up their "slight error"

1. Sony installed a software they misrepresented. They claimed they were installing a simple player while they installed something that did much more. See following points. So they were lying. Their software bears all the marks of a very, very nasty spyware.

2. Sony installed their CD driver secretly (after a restart) even if the user clicked that he does not want to install anything.

3. the CD driver Sony installed was marked in such a way that it loaded itself even if the windows was booted in an emergency mode - a mode that is supposed to enable user to remove drivers and software that loads itself automatically during normal startup and causes computer to lock up. So if your windows had problem with the driver, you had no chance to repair the problem. And there are a few versions of Windows that lock up completely and irreparably after the installation of the Sony CD driver

4. the driver Sony installed was inserting random noise into ANY music CD when the disc was not played by the special Sony player software. So If you wanted to transfer a song from your legally purchased CD to your legally purchsed Sony mp3 player on yoyr legally purchased computer using Sony software (provided with the mp3 player) the driver would insert a random noise int the songs. And the driver would do that for any player software.

5. The software was secretly sending information about user over the internet to Sony site. (namely the CD being played and the user's IP address)

6. The software installed so-called rootkit. Rootkit is a modification of the most fundamental system libraries and core pieces system software that makes the operating system lie to the user about files and processes. This poses *huge* security hole. If an author of virus named its executable file $sys$virus.exe no antivirus program would be able to detect its presence, or remove the file. To the user, or the rest of the system, the file, directory, process or a registry key named $sys$[anything] is invisible.

7. The software was draining the resources from the computer accessing files constantly. It was burning up processor cycles, hogging the memory and wearing out the harddisk. So Sony was efectively STEALING your legally purchased computer resources from you even when you were not listening to any music CDs.

8. Sony knew about the problems and conspired with some leading anti-virus companies to cover up (and deny) the problem

9. When the stuff hit the fan, Sony denied any problems. Sony BMG's Global Digital Business President Thomas Hesse downplayed the recent DRM fiasco saying he objected to terms such as malware, spyware and rootkit. "Most people, I think, don't even know what a rootkit is, so why should they care about it?" he said.

10. When Sony finally released the "rootkit remover" they required an undue amount of user information in order to install rootkit remover.

11. The "rootkit remover" - that did not remove faulty driver or any installed files, by the way - opened a security hole that was even nastier than the $sys$ security hole. It inicialized an activeX component that would enable Sony to remove and alter system files on the disk, and after it finished it left that activeX component active, enabling any hacker to do anything with the poor "cured" computer.

12. When the angry community took the rootkit apart under the microscope, they found out that Sony STOLE parts of the code from a GPLed software. That GPLed software was, most ironically, the LAME MP3 library authored by "DVD Jon". Yes. THAT DVD Jon - Jon Lech Johansen, the author of the DeCSS, the most fundamental of all DVD ripping software.


and this in not the complete story. I just picked out some of the juicier bits. I did not get, for example, to the point of refunding costs of repairing damaged installations of windows. They offered some free SonyBMG (Phew!) music files and/or CDs worth a few bucks.


Please note:
I know that Sony did not make the software themselves. They are too lame to do that. They comisioned a company Fortium Technologies. At the time of the scandal they were calling themselves First 4 Internet
kacir is offline   Reply With Quote