08-31-2007, 12:27 AM
|
#1 |
|
Enthusiast
 
Posts: 43
Karma: 28
Join Date: Aug 2007
Device: Sony Reader PRS-500
|
Connect software questions (rootkit?)
I just wanted to find out if anyone has checked the Connect software to make sure it doesn't install a rootkit. Sony has been responsible for installing rootkit viruses through music CDs in the past, and the license (while it follows usual wordings) doesn't inspire me to risk my PC with it unless I know it does a clean install. I'd hate to open up my PC to additional virus risks, etc., by opening a back door to hackers and to Sony. Note that I haven't seen any evidence that it DOES install a rootkit, but I thought others might have verified this fact.
Thanks! Phrodod |
|
|
|
08-31-2007, 01:50 AM
|
#2 |
|
Wizard
 Posts: 3,442
Karma: 300001
Join Date: Sep 2006
Location: Belgium
Device: PRS-500/505/700, Kindle, Cybook Gen3, Words Gear
|
No, there aren't any rootkits in Connect software. It installs a USB driver for the Reader and that's it. The main program runs completely in user mode.
|
|
|
|
| Advert | |
|
|
|
08-31-2007, 09:46 AM
|
#3 |
|
eBook Enthusiast
Posts: 85,544
Karma: 93383099
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
What is a "rootkit"?
|
|
|
|
|
08-31-2007, 09:53 AM
|
#4 | |
|
Fully Converged
Posts: 18,175
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
|
Quote:
http://blogs.technet.com/markrussino...e-too-far.aspx And the summary and outcome of it all: http://en.wikipedia.org/wiki/2005_So...ection_scandal |
|
|
|
|
|
08-31-2007, 10:04 AM
|
#5 |
|
eBook Enthusiast
Posts: 85,544
Karma: 93383099
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
Thanks Alex - that's interesting. I don't think those CDs were ever sold in the UK; at least I must have missed reading about it if they were. I fully support Sony (and anyone else's) desire to protect their content from unauthorised copying, but it sounds as though they made a slight error in doing it this way!
|
|
|
|
| Advert | |
|
|
|
08-31-2007, 12:53 PM
|
#6 | |
|
Enthusiast
Posts: 43
Karma: 28
Join Date: Aug 2007
Device: Sony Reader PRS-500
|
Quote:
|
|
|
|
|
|
08-31-2007, 01:06 PM
|
#7 |
|
Gizmologist
Posts: 11,615
Karma: 929550
Join Date: Jan 2006
Location: Republic of Texas Embassy at Jackson, TN
Device: Pocketbook Touch HD3
|
Rumor has it that some poor, under-informed exec in the music division got talked into doing that rootkit thing by the company that made the software (who didn't explain very thoroughly what all it would do), and the poor dumb exec got left holding the bag on the deal. Rumor also has it that he used that bag to clean out his office when the whole thing came to the attention of Upper Management.
|
|
|
|
|
08-31-2007, 01:26 PM
|
#8 | |
|
Wizard
Posts: 3,463
Karma: 10684861
Join Date: May 2006
Device: PocketBook 360, before it was Sony Reader, cassiopeia A-20
|
Quote:
They screwed royally in at least a dozen separate and unique ways. I can understand that someone wants to protect their ... aehm ... Intelectual property ... aehm ..., but beware! The song might be in certain ways their "property" but it is *MY* computer they screwed up in multiple ways ... Let me sum up their "slight error" 1. Sony installed a software they misrepresented. They claimed they were installing a simple player while they installed something that did much more. See following points. So they were lying. Their software bears all the marks of a very, very nasty spyware. 2. Sony installed their CD driver secretly (after a restart) even if the user clicked that he does not want to install anything. 3. the CD driver Sony installed was marked in such a way that it loaded itself even if the windows was booted in an emergency mode - a mode that is supposed to enable user to remove drivers and software that loads itself automatically during normal startup and causes computer to lock up. So if your windows had problem with the driver, you had no chance to repair the problem. And there are a few versions of Windows that lock up completely and irreparably after the installation of the Sony CD driver 4. the driver Sony installed was inserting random noise into ANY music CD when the disc was not played by the special Sony player software. So If you wanted to transfer a song from your legally purchased CD to your legally purchsed Sony mp3 player on yoyr legally purchased computer using Sony software (provided with the mp3 player) the driver would insert a random noise int the songs. And the driver would do that for any player software. 5. The software was secretly sending information about user over the internet to Sony site. (namely the CD being played and the user's IP address) 6. The software installed so-called rootkit. Rootkit is a modification of the most fundamental system libraries and core pieces system software that makes the operating system lie to the user about files and processes. This poses *huge* security hole. If an author of virus named its executable file $sys$virus.exe no antivirus program would be able to detect its presence, or remove the file. To the user, or the rest of the system, the file, directory, process or a registry key named $sys$[anything] is invisible. 7. The software was draining the resources from the computer accessing files constantly. It was burning up processor cycles, hogging the memory and wearing out the harddisk. So Sony was efectively STEALING your legally purchased computer resources from you even when you were not listening to any music CDs. 8. Sony knew about the problems and conspired with some leading anti-virus companies to cover up (and deny) the problem 9. When the stuff hit the fan, Sony denied any problems. Sony BMG's Global Digital Business President Thomas Hesse downplayed the recent DRM fiasco saying he objected to terms such as malware, spyware and rootkit. "Most people, I think, don't even know what a rootkit is, so why should they care about it?" he said. 10. When Sony finally released the "rootkit remover" they required an undue amount of user information in order to install rootkit remover. 11. The "rootkit remover" - that did not remove faulty driver or any installed files, by the way - opened a security hole that was even nastier than the $sys$ security hole. It inicialized an activeX component that would enable Sony to remove and alter system files on the disk, and after it finished it left that activeX component active, enabling any hacker to do anything with the poor "cured" computer. 12. When the angry community took the rootkit apart under the microscope, they found out that Sony STOLE parts of the code from a GPLed software. That GPLed software was, most ironically, the LAME MP3 library authored by "DVD Jon". Yes. THAT DVD Jon - Jon Lech Johansen, the author of the DeCSS, the most fundamental of all DVD ripping software. and this in not the complete story. I just picked out some of the juicier bits. I did not get, for example, to the point of refunding costs of repairing damaged installations of windows. They offered some free SonyBMG (Phew!) music files and/or CDs worth a few bucks. Please note: I know that Sony did not make the software themselves. They are too lame to do that. They comisioned a company Fortium Technologies. At the time of the scandal they were calling themselves First 4 Internet |
|
|
|
|
|
08-31-2007, 01:29 PM
|
#9 | |||
|
eBook Enthusiast
Posts: 85,544
Karma: 93383099
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
Quote:
 . It is a characteristic of the British, I'm afraid. Yes, I did indeed read about the consequences of their actions in the link that Alex kindly posted - it's all most regretable. I am sure that, as a reputable company, Sony did not knowingly intend those consequences.Can you clarify something, please? You say: Quote:
Quote:
|
|||
|
|
|
|
08-31-2007, 02:56 PM
|
#10 |
|
Technogeezer
Posts: 7,233
Karma: 1601464
Join Date: Nov 2006
Location: Virginia, USA
Device: Sony PRS-500
|
Let us just say that whoever wrote the code for the rootkit copied freely from the LAME encoder.
One area that has been underplayed is that the rootkit installed itself even if all you ever did was to play the Sony CD on your computer. As for stealing CPU and hard disk cycles, a friend's computer never went below 30% loading and all game playing she did became a very bad joke. If you are concerned (as there have been several more rootkits floating around since the first Sony one) AVS has a free rootkit detection and removal tool that does work and leaves you protected afterward. |
|
|
|
|
08-31-2007, 03:58 PM
|
#11 | |||
|
Wizard
Posts: 3,463
Karma: 10684861
Join Date: May 2006
Device: PocketBook 360, before it was Sony Reader, cassiopeia A-20
|
Quote:
The sad thing is that the vast majority of consumers out there do not realize they are being screwed. Quote:
They live of their goodwill that is slowly diminishing. I am pretty sure they did not plan all those consequences. Especially not the disastrous Public Relations outcome. What I find very disturbing is that they absolutely do not care about consequences. They do not care that they mess up your computer grandiosely, they do not care if they do several hundred dolars worth of damage to your computer, or prevent you from exercising your "fair use" rights as long as they think they can squeeze yet another [potential] cent from you or from somebody else. Quote:
Sony commissioned "First 4 Internet" to do the dirty work for them. Does it really matter if the entity that stole the code was a person (programmer) hired and paid for by Sony or a legal version of "a person" - a company? At the very least they should have been paying "Due Diligence" and look at the software they were so flamboyantly distributing (or pushing down our collective throats regardless). They WERE distributing pieces of software they did not have rights to distribute. Period. Do you know whose fingers typed the actual code of the "Sony Connect Software"? Do you care if it was an employee, or a hired external contractor or if a code was purchased from a questionable source? For all practical purposes it IS Sony software. Who would you blame if the "Sony Connect Software" does something nasty to your computer? |
|||
|
|
|
|
08-31-2007, 04:40 PM
|
#12 | ||
|
Gizmologist
Posts: 11,615
Karma: 929550
Join Date: Jan 2006
Location: Republic of Texas Embassy at Jackson, TN
Device: Pocketbook Touch HD3
|
Quote:
Quote:
I think that we took a responsible action, as I would expect of anyone, or any entity, but I don't see that we're to blame for it. You'll probably point out, so let me pre-agree with you, that the recent situation here at MobileRead and the the less recent one there at Sony are not very similar. We didn't commission and distribute a piece of software, it was voluntarily created and uploaded. We're not a corporation with employees that are notionally supposed to check such things out, they are. But if the whole corporation of Sony is to directly to blame for the lapse in attentiveness and judgment of a mid-level executive in one of its multiple divisions, then by that logic, everyone who ever posted here at MR is directly to blame for what happened here. The rest of it, I'm not even trying to speak to, I'm just hoping to highlight the difference in a group or corporation being responsible for something, and being to blame for it. In that Sony is corporately responsible for what its employees do in its name, yes, they're responsible for the rootkit debacle. However, I'm very reluctant to consider them to blame for it as there is no evidence that they, as a whole, actively participated in or sanctioned the decision. Just my interpretation, salt to taste as always.
|
||
|
|
|
|
08-31-2007, 06:46 PM
|
#13 | |
|
Connoisseur
Posts: 71
Karma: 42
Join Date: Jul 2007
Location: San Antonio, TX
Device: Samsung Galaxy Tab S 8.4, Kindle Keyboard
|
Quote:
I think Sony is being given a lot of credit in this argument. I would venture to say that the decision to include the root kit software had to do with a lot more people than just one mid-level executive. I also think Sony knew exactly what was going on with this software. You have to imagine that they were paying a lot of money for it and they had to of done more research than just listening to the salesman that the vendor sent out. Sony is full of engineers that are more than capable of reviewing this stuff. I was not personally affected by the Sony root kit but it made me feel like I never wanted to give Sony another dime. I don't agree with DRM for the most part to begin with and thought that the root kit went far beyond what I ever expected as a DRM scheme. When the Sony reader first came out I loved the idea of it and I wanted one but I didn't buy one because of the root kit debacle. I had mentioned the reader to my wife and low and behold one showed up under the Christmas tree. I must admit that I was very excited when I opened it but I also had a sinking feeling in my gut. As I don't use Windows but wanted to take advantage of the Connect store I had to use my wifes laptop to install it. Because of my lack of trust of Sony I ran a full backup and installed the software. I then ran two different root kit checkers before I was satisfied that it was OK. I don't know about you but people shouldn't feel they need to do this when they install a piece of software from a "reputable" company. Long story short, I love the reader and am pleased that I have it. Unfortunately I still do not feel that this is a company that I can trust. It pains me that companies prey on the people that "won't ever" know. I am glad that they got caught and I hope that other companies take note. I will continue to use the reader and will evaluate new Sony products as they come along but I will not hand over my money to Sony if I feel there is a similar alternative that offers the same or comparable features at close to the same price point. Last edited by monkeywrench; 08-31-2007 at 07:09 PM. Reason: made a few changes for clarity. |
|
|
|
|
|
09-01-2007, 03:28 AM
|
#14 | |
|
Wizard
Posts: 3,463
Karma: 10684861
Join Date: May 2006
Device: PocketBook 360, before it was Sony Reader, cassiopeia A-20
|
Quote:
I got a little bit carried away. ;-) I always do when I talk about that ... aehmmmm ... unfortumate event. Most people do not realize the extent of that ... aehmmmm ... incident. |
|
|
|
|
|
09-01-2007, 03:34 AM
|
#15 | |
|
Wizard
Posts: 3,463
Karma: 10684861
Join Date: May 2006
Device: PocketBook 360, before it was Sony Reader, cassiopeia A-20
|
Quote:
You perfectly describe my feelings about the whole situation. I haven't even updated my firmware yet from the original version. |
|
|
|
|
 |
«
Previous Thread
|
Next Thread
»
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Sony Connect software | jerryleejr | Sony Reader | 2 | 02-05-2008 07:45 PM |
| Connect software | rquesty | Sony Reader | 3 | 01-08-2008 07:56 AM |
| connect software help please! | coopervanning | Sony Reader | 4 | 10-14-2007 08:38 PM |
| Fun with CONNECT Software | Slava | Sony Reader | 2 | 10-12-2006 03:28 PM |
| Connect Software - Is there a better way? | bingle | Sony Reader | 1 | 10-03-2006 10:54 AM |
All times are GMT -4. The time now is 06:24 PM.