Sony is at it Again - This times it's SunnComm

[Noahtuck]

They haven't won yet.

You will be sued for lost income because they think you should have bought those albums.

By not buying them you are no better than the pirate who is stealing them. You are depriving them of their profit.

Oh shit!!!!!! i'm screwed!!!!!!!!!

[thecoalman]

Left to it's own devices, the current Sony Rootkit does nothing more than copy protect the content.

Incorrect, one of the files it cloaks consumes systems resources constantly.

I closed the player and expected $sys$DRMServer’s CPU usage to drop to zero, but was dismayed to see that it was still consuming between one and two percent. It appears I was paying an unknown CPU penalty for just having the process active on my system. I launched Filemon and Regmon to see what it might be doing and the Filemon trace showed that it scans the executables corresponding to the running processes on the system every two seconds, querying basic information about the files, including their size, eight times each scan. I was quickly losing respect for the developers of the software:

So if you payed $200 for your processor $2 to $4 just went out the window. You have no way of knowing that though because again........ YOU HAVE NO IDEA IT'S THERE....... Which brings us to this scenario....

First 4 Internet’s failure to imagine this control flow is consistent with their general failure to understand Windows device driver programming.

As further evidence of this, I’ve performed further testing of the Aries.sys driver using a program I wrote, NTCrash2, and found that Aries.sys fails to perform basic checks on the data passed to it by applications. NTCrash2 passes randomly-generated invalid data to Windows APIs and on a stock Windows system simply receives error codes from the APIs. However, when NTCrash2 runs on a system that has the Sony rootkit installed Windows crashes. Here’s an example Windows blue screen that identifies Aries.sys as the cause of a crash that occurred while NTCrash2 ran:

Besides demonstrating the ineptitude of the First 4 Internet programmers, this flaw highlights my message that rootkits create reliability risks in addition to security risks. Because the software package that installed the rootkit is hidden when Windows is running (in this case Sony’s DRM software), and even if exposed not clearly identified, if an application triggers one of Aries.sys’s bugs a user would have no way of associating the driver responsible for the resulting crash with any software package they have installed on their system. The user would therefore be unable to conclusively diagnose the cause of the crash, check to see if they have the most recent version of the driver or of uninstalling the driver.

Why you fail to realize this is more than just protecting a CD is beyond me. This is MY computer not Sony's.

I still say they leave the current protections schemes in place and put a warning label on the disc that it's not designed for CD-ROM computer usage with a disclaimer that such usage as at the end users own risk.

In that way, they achieve the copy protection they desire while at the same time remove themselves from prosecution resulting from misuse of the media.

Great idea, we could all sit here and discuss in a year or two how fast Sony Music went down in flames. Nothing like a nice warning lable stating using this will consume system resources, can open it up to viruses, possible cause a BSOD that you can't trace......

That should do wonders for your Sony stock Eh?

[ROF]

I have now installed this rootkit from the Sarah McLachlan Bloom CD on one of my older machines.

It's been running since last night without any issues to report. I tried ripping the tracks as well at install without any problems. No firewall issues to report, no spyware or adware warnings, nothing. There is also no abnormal system resources or response times to report at this time.

If this changes or whatever I'll let everyone know, but as far as I can tell(at this time) beyond the possible security breach without an active firewall this thing runs without any system issues.

[Headbanger's Ball]

If you have so much faith in Sony's virus-kit technology, why did you install it on an "older" machine??? probably without internet connection?

By the way, your firewall will not stop it from going out.

If you really want to test it for problems, hook it up to high-speed internet & post your IP number.

[ROF]

I installed on an older machine because frankly who trusts anything especially when it's reported to cause problems?

The machine is connected to the internet via high speed cable and so far has not transmitted anything as my firewall reports such incidents and requires my permission for access. According to all reports the thing doesn't transmit anything anyways and so far it hasn't.

I also won't be posting IP numbers for obvious reasons.

[robertazimmerman]

I have to admit that I agree with the poster who said that companies should have the right to include any "protection" schemes that they want as long as they advise potential buyers. Intelligent buyers (and others) can then decide whether or not they want to take the risk of buying those companies' products.

Then again, Microsoft hasn't included warnings with their Windows products, yet none of them work as promised despite being on the market since 1985. Windows crashes, burns and wipeouts made me switch our company's OS to Linux a few years ago. So I made a conscious effort to boycott a company's defective products. The best way to hurt Sony is to stop buying their products.

I did. You can too.



roberta

[MackemX]

they only had crap titles as you can only imagine the fuss if they'd done this to top sellings CD's. Testing the waters I think to see if they could sneak it in and then if someone did find it further down the line they could claim to say it's been like that for ages

one solution is install a virtual PC with no internet access at all, make a restore point in the Virtual PC program (not system restore). Rip the CD in the virtual PC and then transfer it across and restore the Virtual PC to it's orginal state

Is there a free Virtual PC program available?

[mbellot]

Then again, Microsoft hasn't included warnings with their Windows products, yet none of them work as promised despite being on the market since 1985.

The difference is that Sony is/was marketing them as Audio CDs, which are required to conform to some fairly specific standards.

Last I checked M$ has no standards, so there is nothing to comply with.

The best way to hurt Sony is to stop buying their products.
roberta

Completely correct.

In fact I think the entire music and video industry should be boycotted until they pull their collective heads out of their arses.

[ROF]

Let's see ...

The label that was suggested be put on these "protected" cds - -might that label be covering the center hole?


Oh. And I'll bet those cameras are pointing in, instead of outward.

As someone else should recognise, Sony is just maintaining their direction they want to head towards, just like ROF. Sony doesn't care.

Should they? Something must be done to stem the flow of IP Theft. What better way then to put something which could be detrimental if used improperly in device clearly labeled that aren't designed for the product. while at the same time preventing their usage in devices that ar the main culprit for IP theft(The PC). I think a nice clear label which explains this should suffice and the end user would be responsible if they don't read the warning and/or use the media improperly.

[Rich86]

For once - I actually agree with ROF.

Let Sony corrupt their products any way they want, just so long as they clearly and consistently inform potential customers what they are possibly buying. If the customer decides to buy anyway, all should be well

A decent sized sticker or text box on the outside packaging including something like:
"This cd does not conform to accepted digital audio cd standards. It should be playable on most standalone cd players. If you use this cd in a computer, this cd includes software which will attempt to install itself on that computer. The installed software will disable your ability to access or play the full fidelity 44.1khz standard digital audio tracks on the cd and will force the use of compressed digital audio files instead. It will also limit your ability to transfer the music on this cd to your computer or other media. Sony also makes no guarantees that this included "copy protection" software will not cause other problems or security breaches in your computer".

That seems fairly accurate - but we all know Sony would never include this. So - the best solution is - stop buying any Sony/BMG products that you cannot verify definitively are clean of malicious software from the likes of suncomm, first4internet, macrovision, etc. One would hope the same beancounters who advocated giving Sony's money to first4internet and suncomm also watch the sales figures for the titles suffering from the included malicious software. If the sales figures climb dramatically as a result of the malicious software inclusion, then they should continue. If they stay the same or drop - a few companies deserving of extinction might have a problem . . .

[ROF]

I'd imagine the labels for CDs will be used but I do remember in the early 80's when Sony and others fought to prevent putting parental warnings on CDs so you maybe correct about them not wanting to do this. A warning label especially a good size one might be a deterrent for potential buyers. Surprisingly the deterrent is not what the label says but just that it is there. There is a segment of consumers that do not like to be told how to use a product. There are still people who buy products with labels that say some assembly required and they never read that or the instructions. These same people never wonder why they have "extra" parts when assembly is complete. How many people actually spend time to read warning labels? That must be considered as well. When was the last time you read the EULA for software? Are they all the same? Do you know your rights? Do you understand what you can and can't do with the product you purchased? I don't know what the solution will be but I'll bet this isn't the last time software installs are used to prevent computer optical drives from being used to steal IP or prevent users from media shifting.

[whitejremiah]

they are doing an AWESOME job copy protecting their music, there hasnt been much in the past five years i would consider buying as far as music...perfect copy protection...put out junk music that way people dont buy it, and hence dont copy it. I will admit though, i do the napster thing (yes, i know, blah blah blah i pay for the same songs month after month, ect, ect) but i can just have like a 20gb folder chalked with music and IF something good WOULD ever come out, i can listen to the cd in full (most of the time anyhow) and decide if its worth purchasing.....and at the same time, i can run my pc as basically a nice little jukebox filled with older tunes.

[Rich86]

There is a segment of consumers that do not like to be told how to use a product.

Yes there is. And it is not small. I reserve my right to make a backup of my legitimately purchased and owned music cd for my personal use, including burning cd's with my favorite music selections for use in the car, portable, etc. I have no intentions of ever purchasing a product that tries to limit that via malicious software installations on my computer. As long as Sony/BMG makes it clear what is on the cd - then we can leave it on the shelf for someone else who doesn't care about the issue to be infected with it.

[mike1061]

I'm really sorry. I do not agree with either of you, or the other people that think this is a good idea.
If any of you think my daughter who is 12, or my wife could figure that out, your crazy. My daughter has had CD's since she was about 5.
I am not trying to insult you, I don't even know you.
If (see the "if") something goes wrong, I know who is going to have to fix it, and who is going to pay for it.
I have anti virus, a fire walled router, and 2 spyware programs, on there computers. I do not need anybody planting anything on our computers, that help me or not.
I am furious that I have to go look through there CD collections again, for CD's that could hurt there computers.
Thanks Mike

For once - I actually agree with ROF.

Let Sony corrupt their products any way they want, just so long as they clearly and consistently inform potential customers what they are possibly buying. If the customer decides to buy anyway, all should be well

A decent sized sticker or text box on the outside packaging including something like:
"This cd does not conform to accepted digital audio cd standards. It should be playable on most standalone cd players. If you use this cd in a computer, this cd includes software which will attempt to install itself on that computer. The installed software will disable your ability to access or play the full fidelity 44.1khz standard digital audio tracks on the cd and will force the use of compressed digital audio files instead. It will also limit your ability to transfer the music on this cd to your computer or other media. Sony also makes no guarantees that this included "copy protection" software will not cause other problems or security breaches in your computer".

[dphirschler]

two points:

1. Trust your customers and they will be loyal to you. For the most part anyway. But they (the recording insdustry) have made enemies of their customers.

2. A CD not designed to play in my CDROM is not enought value for my money. They are already expensive enough. Taking away that ability is too much without a drastic price reduction.


Darryl

[ROF]

two points:

1. Trust your customers and they will be loyal to you. For the most part anyway. But they (the recording insdustry) have made enemies of their customers.

Trust your customers and you are a foolish businessman. There is no more loyalty amongst customers as there is amongst loyal employees. They are far far and few between. The customer is out to get the best bargain they can for the least amount of money. I trust customers about as far as I can connect an Apple Lisa to broadband internet.

2. A CD not designed to play in my CDROM is not enought value for my money. They are already expensive enough. Taking away that ability is too much without a drastic price reduction.

CDs are rather cheap when compared to other forms of entertainment. They are practically giving them away at $15 and those sold at $20 are just barely approaching reasonable value. When was the last time you went to the movie theater? have you rented a movie lately? Have you visited a theme park? How about a sports game? A concert? How about participation sports? have you paid green fees to golf? How about bowling? When you compared the price you paid for those and the amount of time being entertained and you compare that to the price of a CD, I'd say the CD is undervalued tremendously.

My only problem with that whole line of thinking is that the same looking disc can contain 2 hours+ of audio and video (DVD) and it's usually priced less than CDs. In any case, CDs have more value then their purchase cost if you enjoy the contents of the CD purchased. But then who would purchase a CD they didn't enjoy? That would be like buying a set of golf clubs when you don't like to golf. You always have the choice whether to purchase or not to but I guarantee if you like something you except the restrictions placed upon the product. I still purchase DVDs even though they are copy protected, have warning labels on the case and a splash screen when loaded informing me of those restrictions. This hasn't stopped me from being a consumer of DVDs. I'd imagine this warning label and restriction won't stop the majority of others either.

[mbellot]

two points:

1. Trust your customers and they will be loyal to you. For the most part anyway. But they (the recording insdustry) have made enemies of their customers.

Trust your customers and you are a foolish businessman. There is no more loyalty amongst customers as there is amongst loyal employees. They are far far and few between. The customer is out to get the best bargain they can for the least amount of money. I trust customers about as far as I can connect an Apple Lisa to broadband internet.

Pitiful and wrong. I (and many people I know) will pay extra for various brands we have found to be consistently superior. By the same token we avoid those brands that are known to be sub-par regardless of cost. If customer loyalty were dead, Apple computer would be too.

Not everyone makes their purchases with a Walmart frame of mind.

CDs are rather cheap when compared to other forms of entertainment. They are practically giving them away at $15 and those sold at $20 are just barely approaching reasonable value. When was the last time you went to the movie theater? have you rented a movie lately? Have you visited a theme park? How about a sports game? A concert? How about participation sports? have you paid green fees to golf? How about bowling? When you compared the price you paid for those and the amount of time being entertained and you compare that to the price of a CD, I'd say the CD is undervalued tremendously.

Hardly. A movie ticket costs $7 - $10 and you get over an hour of "entertainment", assuming you enjoy the movie.

CDs are regularly published with one or two good tracks with junk filler absorbing the remaining space. Thats 3 - 6 minutes for $15, or $150 - $300 for an "hour of entertainment".

Doesn't seem like much of a bargain to me.

Take away the ability to move it to an MP3 player (for jogging, etc) and its even less attractive.

[ROF]

CDs are regularly published with one or two good tracks with junk filler absorbing the remaining space. Thats 3 - 6 minutes for $15, or $150 - $300 for an "hour of entertainment".

Doesn't seem like much of a bargain to me.

Take away the ability to move it to an MP3 player (for jogging, etc) and its even less attractive.

What may be junk to you might be instant hit to others. If you are purchasing CDs when only 2 songs are what you want then you are supporting your musicians, not achieving maximum purchase value for your dollars, or have been spoiled by media that allows you to easily skip to the beginning of the next track.

If MP3 ability is important and CDs only contained 3 or less songs worth value to you perhaps one of the other recording industry purchase options via direct MP3 may be more of value to you.

[ROF]

Thats 3 - 6 minutes for $15, or $150 - $300 for an "hour of entertainment".

Doesn't seem like much of a bargain to me.

Well, invite 4-6 friends over and listen to the CD. Now purchase premium tickets to a football game for those 6 friends. Both will last about the same amount of time, but I'll bet the CD is much cheaper even if three of your friends only like half the tracks.

[Rich86]

to mike1061:
I absolutely empathize with you. It is terribly unfortunate that companies such as Sony/BMG can no longer be trusted by their customers due to going into collusion with firms like first4internet, suncomm and macrovision to install malicious virus software on their customers' computers. I just don't know any way to convince them of their error other than financially by no longer purchasing their products containing this nonsense. This requires knowing about it - or boycotting their products entirely. It's a pity the artists have to pay the price for Sony's attitudes towards their customers.

ROF:
Sony/BMG has demonstrated their total disregard for their customers and is therefore getting all the trust and support they deserve in return.
Although I expect that Sony's attempts at copy protecting dvd's (Arcoss) is ineffectual, at least it doesn't compromise anyone's computers. When the day comes that Sony/BMG starts putting out dvd's that try to install this same sort of malicious virus software onto customer computers - the same outcry will extend to their video product line. And I will stop buying those products as well.

When Sony stops trying to install malicious software on my computers via their music cd products - I'll consider buying again. Until then, there are lots of alternative entertainment options. And plenty of already paid for cd's and free music alternatives available to us.

[mbellot]

Thats 3 - 6 minutes for $15, or $150 - $300 for an "hour of entertainment".

Doesn't seem like much of a bargain to me.

Well, invite 4-6 friends over and listen to the CD.

I'm surprised you would suggest such a thing. Certainly such a public performance would be a copyright infringement. :P

I've got a better one for you.

Invite 4 - 6 friends over and have a conversation for an hour.

Total cost $0.

Value compared to some homogenous POS CD produced by Big Music?
Immeasurable.

[Dv8ted2]

The newest patch from Sony on the MediaMax flaw carries a security risk as well.

http://www.cdfreaks.com/news/12784

[thecoalman]

The newest patch from Sony on the MediaMax flaw carries a security risk as well.

http://www.cdfreaks.com/news/12784

At least they are batting a thousand....

Just one day after jointly announcing a patch to correct a security flaw in the SunnComm MediaMax copy protection included on 27 CDs, Sony BMG and the Electronic Frontier Foundation are urging users not to install it

"Every disc sitting on somebody’s shelf, or in a record-store bin, is just waiting to install the vulnerable software on the next PC it is inserted into. The only sure way to address this risk is take the discs out of circulation," warns Felten. "The time has come for SonyBMG to recall all MediaMax CDs."

<-----------Sony CEO

[hudsonf]

Trust your customers and you are a foolish businessman.

Trust your businessman and you are a foolish customer. I agree some of the things you say but I can't believe a businessman would make a statement like that. If you want trust you have to give trust.

[mike1061]

Who would buy a CD they didn't enjoy?
I do it all the time.
I buy many CD's just to check out the band. I also buy CD's for my daughter. If you think I get ones she likes everytime, think back to when your parents bought a record for you.
Like Rich said, "trust" is at an all time low IMO.
Thanks Mike

[thecoalman]

Trust your customers and you are a foolish businessman. There is no more loyalty amongst customers as there is amongst loyal employees. .

Odd you'd say that..... I had a customer when I took my coal business over that my Grandfather delivered coal too. He only quit buying coal off me because he expired . About 90% of the business I do is repeat business, this year it's not quite that high because of all the new business. Average customer is probably about 10 years long. Many I'm on a first name basis with, go in their house when they are not there, even know where the keys are for some houses.

I do lose a few customers each year to the "better deal". They always come back next year though.

[painkiller]

Ahem.

Having friends over to enjoy entertainment is NOT copyright infringement.

But if you charge for it ... then you have a problem.

[mbellot]

Ahem.

Having friends over to enjoy entertainment is NOT copyright infringement.

Really? Damn, here I've been buying dozens of copies of each CD just to be sure I've got enough licenses to cover any gathering.



Apparently you're not familiar with ROF's rabid defense of the RIAA and MPAA.

Sometimes I wonder if he would consider accidentally overhearing someone else's stereo infringement and turn himself in...

[ROF]

Well, invite 4-6 friends over and listen to the CD.

I've got a better one for you.

Invite 4 - 6 friends over and have a conversation for an hour.

Total cost $0.

Value compared to some homogenous POS CD produced by Big Music?
Immeasurable.

There is more truth in that then anything else said in this entire thread.

[whitejremiah]

Trust your customers and you are a foolish businessman. There is no more loyalty amongst customers as there is amongst loyal employees. .

Odd you'd say that..... I had a customer when I took my coal business over that my Grandfather delivered coal too. He only quit buying coal off me because he expired . About 90% of the business I do is repeat business, this year it's not quite that high because of all the new business. Average customer is probably about 10 years long. Many I'm on a first name basis with, go in their house when they are not there, even know where the keys are for some houses.

I do lose a few customers each year to the "better deal". They always come back next year though.

I do have to solidly agree with this, im not in the coal buisness, but at my work, there are a bunch of people im on a first name basis.......yes, sometimes they will leave for the "better deal" but a large number of them will come back to you, if nothing else, for customer service....at least provided your company is providing decent customer service......ive had a guy that moved to a closer store, but he returns to the store that i work at because of that, and that alone. This being said, i think the record labels outta stop trying to assume EVERYONE is a music pirate, has a few TB of space on their harddrives to store music, and will be uploading it to the first website that pops up on google when you search "mp3" (probably isn't even a music downloading site, btw, im just trying to show you THEIR general mindset) what they don't realize, is the people they SHOULD be worrying about protecting their music from are the people that get ahold of the music cd's, dvd's (in the case of their dvd copy protections) and such before they even hit the stores most of the time......and from what i understand, a lot of the time whatever protection is on the discs is broken before it even HITS the shelves, so honestly, its a futile attempt, and they would be best not to even bother in the first place. As far as im concerned, if they start putting out good music/dvd's/whatever else, yes, there will still be some people that will bootleg it reguardless, but if its good enough, there will also be a much larger chunk of people that will buy it outright..........i'm not sure how many people realize this, but a lot of music cd's that are being put out right now, are actually not within the standard specs of being audio cd's!!! an audio cd, by definition will contain ZERO data tracks at all on it (yes, that would mean that the "cool" players that are built into the cd's that pull up a nice fullscreen backdrop for you, that you cant minimze out of would have to go, too) what they should do, is start putting out music cd's and let the consumers decide for themselves what's good and what isnt.........my two cents.