NursingFawns

NursingFawns blog goes along with the NursingFawns.com web site. The web site has information and links on hunting, fishing, camping, hiking, biking, and cooking. The blog will have entries on all of these as well as a more personal touch with entries of my experiences with my dog, cats, family, vacations, work, etc. Enjoy!

Friday, November 04, 2005

Boycott Sony


I read today that Sony has been including software (rootkits) on some of its music CDs which installs itself to Windows operating systems when the cd is inserted into a PCs cd-rom drive. The files and installation are undetectable and there was no method to remove these files and no documentation explaing the existence of these files or this process in their End User License Agreements (EULA). They have now included a method for removing this software on their web site, but this only came about after the rootkits were discovered and negative media attention ensued. Basically Sony is resorting to hacking in their quest to track songs and reduce piracy. It seems to me that Sony is no better, in fact even worse, than the people who share music "illegally". Here is the article as posted at NewsFactor.com:

---
Sony has admitted that it included a stealth rootkit on some music CDs shipped in 2005 and has issued an update to remove the hidden software one day after it was discovered. The company had drawn criticism from security experts who warned that the technology could serve as a tool for hackers.
The nearly undetectable monitoring utility, part of the company's digital-rights management (DRM) technology, was aimed at preventing consumers from producing illegal copies of CDs. The software installed itself automatically in Windows systems whenever a CD was inserted. Any files contained in the rootkit are invisible and almost impossible to remove.

Security expert Mark Russinovich of Sysinternals discovered the hidden rootkit and posted his findings on the company blog on November 1st. Russinovich wrote that although he checked in his system's Add or Remove Programs list, as well as on the vendor's site and on the CD itself, he could not find uninstall instructions. Nor, he says, could he find any mention of it in the End User License Agreement (EULA).

Stealth Tactics

A rootkit is a set of tools commonly used by hackers to circumvent antivirus software and control a computer system. Most rootkits are engineered so that common PC monitoring mechanisms cannot detect them. The rootkits are designed to tuck themselves in to the most basic level of the operating system and remain hidden from users.

A Finnish antivirus company, F-Secure , reported that it had spent several weeks recently trying to find the cause of some unknown files reported by a user who suspected an audio CD as the cause.

Mikko Hyppönen, chief research officer at F-Secure, said hackers could use the rootkit to insert their own files by inserting a simple command at the beginning of the file name that would render them undetectable by most antivirus software. On the F-Secure blog, Hyppönen wrote that he heard rumors that Universal is using the same DRM system on its audio CDs.

Privacy? What Privacy?

Although industry analysts said they cannot fault Sony's motives, some saw the company's initial failure to disclose the hidden technology as a violation of U.S. copyright laws. According to Jared Carleton, an analyst at Frost & Sullivan, Sony is overstepping the fair-use clause that gives consumers the right to make backup copies.

"[Sony] is saying, 'No, we are not going to pay attention to U.S. copyright law that's been generally accepted for the past 30 years,' " he said.

Carleton likened the hidden DRM to malware, and said it was no different than adware and spyware. He said that if Sony was shipping DRM-protected CDs, the company needed to put a notice on its packaging. Consumers understand that artists should be paid for their music, he said, but he added that consumers don't like this type of secrecy.

Andrew Jaquith, senior security analyst at Yankee Group, said the company behaved badly and that there could be a backlash. He said that the desire to protect intellectual property is understandable, but that Sony should have been upfront about its DRM technology, and would have been better off using industry-standard software.

"I haven't seen a single positive comment about this and it makes them look at little slimy," Jaquith said. "They should have been above-board and should have used software that they hadn't cobbled together themselves."

On the Web page containing the update, which enables users to detect and remove the rootkit, Sony said its technology did not pose a security risk. "This component is not malicious and does not compromise security," the company's post said. "However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."

The fix can be downloaded at http://cp.sonybmg.com/xcp/english/updates.html.

---

I say Ban Sony and all of their products. With the increase in the number of lawsuits from the RIAA against parents and grandparents for a couple of songs that their kids or grandkids have downloaded (in many cases downloaded songs where the cd is already owned by the downloader), the whole music business is showing its big-bully and mob-like mentality of scare tactics to produce its intended results. Sony is one conglomerate that I will avoid everytime I have a choice from now on.

0 Comments:

Post a Comment

<< Home