Very detailed and technical play-by-play of somebody discovering a
rootkit installed on their system by Sony Corp.! You gotta wonder what
somebody could do if they weren't familiar with the low-level details
of a Windows system, like this guy was?

Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management
Gone Too Far
http://www.sysinternals.com/blog/200...al-rights.html

Yousuf Khan

YKhan wrote:
> Very detailed and technical play-by-play of somebody discovering a
> rootkit installed on their system by Sony Corp.! You gotta wonder what
> somebody could do if they weren't familiar with the low-level details
> of a Windows system, like this guy was?
>
> Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management
> Gone Too Far
> http://www.sysinternals.com/blog/200...al-rights.html
>
> Yousuf Khan
>

Sony capitulates after public outcry.

http://seattlepi.nwsource.com/busine...rotection.html

Yousuf Khan

On Wed, 02 Nov 2005 23:53:54 -0500, Yousuf Khan <(E-Mail Removed)>
wrote:

>YKhan wrote:
>> Very detailed and technical play-by-play of somebody discovering a
>> rootkit installed on their system by Sony Corp.! You gotta wonder what
>> somebody could do if they weren't familiar with the low-level details
>> of a Windows system, like this guy was?
>>
>> Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management
>> Gone Too Far
>> http://www.sysinternals.com/blog/200...al-rights.html
>>
>> Yousuf Khan
>>
>
>Sony capitulates after public outcry.
>
>http://seattlepi.nwsource.com/busine...rotection.html
>

I know I'm still in the minority, but I most definitely look closely
at EVERY CD I purchase to make sure that they do not have any
copy-protection schemes built in for just this sort of reason. If a
CD lists copy-protection on the package I will not buy it. If it has
copy protection but does not list it on the package I will return the
damn thing.

As I said, I'm sure I'm in the minority, but record labels are likely
to find more and more people doing the same thing if they keep up this
non-sense. They can only depend on the ignorance of their customers
for so long, eventually people are going to wise up and move on.


Note that Sony hasn't really "capitulated" in any meaningful way, they
are STILL planning on distributing CDs that install rootkits on your
PC, they just aren't going to hide them as much.

I would be rather interested to see if anyone tries to mount a legal
challenge against Sony for this. What they are doing is walking a
VERY fine line between merely deceiving customer and fully breaking
laws regarding distributing malicious software. Their copy protection
software is, in essence, a trojan horse program.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

Bitstring <(E-Mail Removed)>, from the
wonderful person Tony Hill <(E-Mail Removed)> said
<snip>
>I know I'm still in the minority, but I most definitely look closely
>at EVERY CD I purchase to make sure that they do not have any
>copy-protection schemes built in for just this sort of reason. If a
>CD lists copy-protection on the package I will not buy it. If it has
>copy protection but does not list it on the package I will return the
>damn thing.

I'm in the minority with you. I also email the record company, and the
artist (if I can find an email address for the latter) explaining why I
didn't buy their product.

I can't think of anything MORE likely to make people go buy pirated
copies (with no protection). Or just play it on the HiFi and re-rip it
to .wav.
Or just go with a more intelligent artist/publisher combination.

--
GSV Three Minds in a Can
Contact recommends the use of Firefox; SC recommends it at gunpoint.

>>>>> "Yousuf" == Yousuf Khan <(E-Mail Removed)> writes:

Yousuf> YKhan wrote:
>> Very detailed and technical play-by-play of somebody discovering a
>> rootkit installed on their system by Sony Corp.! You gotta wonder
>> what somebody could do if they weren't familiar with the low-level
>> details of a Windows system, like this guy was? Mark's
>> Sysinternals Blog: Sony, Rootkits and Digital Rights Management
>> Gone Too Far
>> http://www.sysinternals.com/blog/200...al-rights.html
>> Yousuf Khan
>>

Yousuf> Sony capitulates after public outcry.

Yousuf> http://seattlepi.nwsource.com/busine...rotection.html

Yousuf> Yousuf Khan

Buried in comments to the first article above is a note that the root
kit will send information back to sony containing an album ID, and an ip
address. That is really nice! Whatever. The way things are going I
guess I will have one computer connected to the internet and one that
is not. ;-)).

Whatever when will this nonsense stop?

Alan

On Thu, 03 Nov 2005 07:38:16 -0600, Alan Walpool wrote:

>>>>>> "Yousuf" == Yousuf Khan <(E-Mail Removed)> writes:
>
> Yousuf> YKhan wrote:
> >> Very detailed and technical play-by-play of somebody discovering a
> >> rootkit installed on their system by Sony Corp.! You gotta wonder
> >> what somebody could do if they weren't familiar with the low-level
> >> details of a Windows system, like this guy was? Mark's
> >> Sysinternals Blog: Sony, Rootkits and Digital Rights Management
> >> Gone Too Far
> >> http://www.sysinternals.com/blog/200...al-rights.html
> >> Yousuf Khan
> >>
>
> Yousuf> Sony capitulates after public outcry.
>
> Yousuf> http://seattlepi.nwsource.com/busine...rotection.html
>
> Yousuf> Yousuf Khan
>
> Buried in comments to the first article above is a note that the root
> kit will send information back to sony containing an album ID, and an ip
> address. That is really nice! Whatever. The way things are going I
> guess I will have one computer connected to the internet and one that
> is not. ;-)).
>
> Whatever when will this nonsense stop?
>
> Alan

That's the problem right now how do you know you have a unique IP address?
With nat, and 802.11x its getting to the point of people wanting ipv6 just
to have unique IP's. Just look at how many grandma's, and grandpa's are
getting pulled into court, because johnny was trying to share a few files
he was not supposed to.

I really don't know how much public outcry is happening, I only see the
geekie side of the net getting all in a fuss. For the average joe it
probably will not make a big difference, after all they are still trying
to pass a bill in the US congress about the analog loophole/aka media
flag.

Also I get amused at how Holly Wood is getting excited about the video
ipod. It seems that actors, distributors want more of the pie some even
want special royalties just for redistribution. Its getting to the point
now that if you do not watch the show the time it is aired, you might be
in copyright violation. Forget about taking out the commercials and
sharing it with a friend, because that would be a copy right violation.

Another thing that is unsure is dvd audio, if you make a backup copy of a
dvd-audio dvd is that copyright violation? Then you have fair use, just
what exactly rights do we have left?

Gnu_Raiz

On Thu, 03 Nov 2005 07:38:16 -0600, Alan Walpool
<(E-Mail Removed)> wrote:
>Buried in comments to the first article above is a note that the root
>kit will send information back to sony containing an album ID, and an ip
>address. That is really nice! Whatever. The way things are going I
>guess I will have one computer connected to the internet and one that
>is not. ;-)).

Fortunately one nice and simple solution to this particular bit of
nonsense, other then simply not buying the CD, is to run Linux or any
other non-Microsoft operating system. Their "copy protection"
software only works under Windows.

Just another of the many reasons why my media center PC runs Linux.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

On Thu, 03 Nov 2005 01:15:35 -0500, Tony Hill
<(E-Mail Removed)> wrote:

>On Wed, 02 Nov 2005 23:53:54 -0500, Yousuf Khan <(E-Mail Removed)>
>wrote:
>
>>YKhan wrote:
>>> Very detailed and technical play-by-play of somebody discovering a
>>> rootkit installed on their system by Sony Corp.! You gotta wonder what
>>> somebody could do if they weren't familiar with the low-level details
>>> of a Windows system, like this guy was?
>>>
>>> Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management
>>> Gone Too Far
>>> http://www.sysinternals.com/blog/200...al-rights.html
>>>
>>> Yousuf Khan
>>>
>>
>>Sony capitulates after public outcry.
>>
>>http://seattlepi.nwsource.com/busine...rotection.html
>>
>
>I know I'm still in the minority, but I most definitely look closely
>at EVERY CD I purchase to make sure that they do not have any
>copy-protection schemes built in for just this sort of reason. If a
>CD lists copy-protection on the package I will not buy it. If it has
>copy protection but does not list it on the package I will return the
>damn thing.
>
>As I said, I'm sure I'm in the minority, but record labels are likely
>to find more and more people doing the same thing if they keep up this
>non-sense. They can only depend on the ignorance of their customers
>for so long, eventually people are going to wise up and move on.
>
>
>Note that Sony hasn't really "capitulated" in any meaningful way, they
>are STILL planning on distributing CDs that install rootkits on your
>PC, they just aren't going to hide them as much.
>
>I would be rather interested to see if anyone tries to mount a legal
>challenge against Sony for this. What they are doing is walking a
>VERY fine line between merely deceiving customer and fully breaking
>laws regarding distributing malicious software. Their copy protection
>software is, in essence, a trojan horse program.
>
>-------------
>Tony Hill
>hilla <underscore> 20 <at> yahoo <dot> ca

It is nothing new that Sony and other RIAA members would screw the
customers any way they can think of in order to keep their profits
from evaporating, technologically, or legally, or whatever. Hopefully
some lawyers will find the way to sue Sony for trashing systems of
unwitting customers. Unfortunately there is no way to sue Bill G. for
leaving in the OS security holes so huge that one can fly a 747
through. How come it is possible to use things like rootkits at all?

NNN

Bitstring <(E-Mail Removed)>, from the
wonderful person "(E-Mail Removed)" <(E-Mail Removed)> said
<snip>
>It is nothing new that Sony and other RIAA members would screw the
>customers any way they can think of in order to keep their profits
>from evaporating, technologically, or legally, or whatever. Hopefully
>some lawyers will find the way to sue Sony for trashing systems of
>unwitting customers. Unfortunately there is no way to sue Bill G. for
>leaving in the OS security holes so huge that one can fly a 747
>through. How come it is possible to use things like rootkits at all?

In case you haven't seen it, one of the most rational discussions of the
problem (and non solution) I have seen can be found at:-

http://www.bookofhook.com/Article/Ga...otectionDilemm
a.html

If only Sony Et Al could actually read ....

--
GSV Three Minds in a Can
Contact recommends the use of Firefox; SC recommends it at gunpoint.

On Sat, 05 Nov 2005 02:25:30 GMT, "(E-Mail Removed)"
<(E-Mail Removed)> wrote:

>On Thu, 03 Nov 2005 01:15:35 -0500, Tony Hill
><(E-Mail Removed)> wrote:
>>I would be rather interested to see if anyone tries to mount a legal
>>challenge against Sony for this. What they are doing is walking a
>>VERY fine line between merely deceiving customer and fully breaking
>>laws regarding distributing malicious software. Their copy protection
>>software is, in essence, a trojan horse program.
>>
>
>It is nothing new that Sony and other RIAA members would screw the
>customers any way they can think of in order to keep their profits
>from evaporating, technologically, or legally, or whatever. Hopefully
>some lawyers will find the way to sue Sony for trashing systems of
>unwitting customers. Unfortunately there is no way to sue Bill G. for
>leaving in the OS security holes so huge that one can fly a 747
>through. How come it is possible to use things like rootkits at all?

All OSes in existence allow the use of Rootkits if you run things as
the superuser. The trick is that in most cases you do NOT run
everything as superuser if you can avoid it. In corporate use this
shouldn't be much of an issue because WinXP Pro is well setup to have
all users log in as non-privileged users and only to use an
administrator account when absolutely necessary. Even for home use
this is quite easy to setup if you run WinXP Pro (that is exactly how
I'm running XP Pro at this moment), though while the OS works great
for this, some applications are VERY poorly written in this regard.

Still, the problem is not so much a security hole in the traditional
sense of things as it is a matter of a design decision. Microsoft
choose to make their OS extremely vulnerable to trojan horses and the
like in an effort to make things "easier" for customers. Sadly
enough, this was probably the right choice. Just watch you're average
MacOS user who will blindly type in their Root password any time
they're asked for it and be annoyed that they always need to do so.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca