Via Boing boing - "Close examination of the rootkit that Sony's audio CDs attack their customers' PCs with has revealed that their malicious software is built on code that infringes on copyright. Indications are that Sony has included the LAME music encoder, which is licensed under the Lesser General Public License (LGPL), which requires that those who use it attribute the original software and publish some of the code they write to use the library. Sony has done none of this.
The evidence against Sony is compelling, and this further reveals the hypocrisy of Sony's actions. Sony claims that it needs to install dangerous, malicious, underhanded software on its customers' computers to protect its copyrights, but in order to write this malware, it has no compunction about infringing on the copyrights of public-spirited software authors who make their works available under free software licenses like the GPL.
I suppose it's natural to believe that everyone is at least as sleazy as you are: for Sony's rip-off artists, assuming that paying customers are planning to rip them off must come easy. Link"and more from Boing boing...
On the Freedom to Tinker blog, DRM researcher par excellence J. Alex Halderman dissects a second variety of malicious software that purchasers of Sony music CDs can be infected with. Sony not only uses the now-infamous First4Internet rootkit, but also uses a second piece of malicious software from Suncomm, the less-well-known but still-dangerous MediaMax. Halderman's masterful research is both lucid and alarming. If you want to have a safe experience with Sony music, you'd better acquire it by some means other than purchasing it:
To summarize, MediaMax software:Link* Is installed onto the computer without meaningful notification or consent, and remains installed even if the license agreement is declined;
* Includes either no uninstall mechanism or an uninstaller that fails to completely remove the program like it claims;
* Sends information to SunnComm about the user's activities contrary to SunnComm and Sony statements and without any option to disable the transmissions.Does MediaMax also create security problems as serious as the Sony rootkit's? Finding out for sure may be difficult, since the license agreement specifically prohibits disassembling the software. However, it certainly causes unnecessary risk. Playing a regular audio CD doesn't require you to install any new software, so it involves minimal danger. Playing First4Internet or SunnComm discs means not only installing new software but trusting that software with full control of your computer. After last week's revelations about the Sony rootkit, such trust does not seem well deserved.
and still more...
"Dozens of BB readers wrote in to say that Sony is no longer putting malicious rootkit software on its CDs. Of course, the stores are still filled with infectious CDs, and untold millions of computer users have had their PCs compromised by the rootkit. And Sony's statement on the action is the lamest non-apology I've ever read:
Sony defended its right to prevent customers from illegally copying music but said it will halt manufacturing CDs with the "XCP" technology as a precautionary measure. "We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said in a statement.Link
ADDED: Genius DNS hacker Dan Kaminsky designed a research project that has produced a count of the number of networks that have been infected with the malicious rootkit Sony distributed with its audio CDs: over 500,000 networks contain at least one infected machine. Many of these are governmental and military networks.
AND THEN...
Sony has applied for a patent that will lock a PS game to one console and one console only:
"They take the media that today lets you do everything copyright permits -- timeshifting and quotation, format-shifting and backup -- and they take away all those things. Then they painfully dribble each of those rights back as a "feature" that you pay extra for. Drip, drip, drip -- each drop of functionality painfully and expensively squeezed into your living room, every time you want to do something you used to do for free. That's not a business-model. That's a urinary tract infection."
No comments:
Post a Comment