The Continuing Stooo-ry of the Sony DRM rootkit debacle….

Let’s see there are a couple more notes to pass along on Sony DRM rootkit news. This story could go on for some time, it’s already had legs for about a week or more and just when things started to wind down a bit, there’s a bit more. First up, the EFF has a writeup on the EULA that Sony sends along with it’s DRM-ified Cds. Among other things it obliges you to wipe any copies of songs of your pc if you’re cd is lost or stolen, it cannot be played on a work computer, you can’t take it with you if you leave the country, you MUST install any and all updates to their software or the content is forfeit, SONY-BMG reserves the right to install backdoors or other means to protect their content, SONY will only be liable for a maximum of $5, if you declare bankrupcy you must forfeit all the music on your pc, no derivitave works, (photo albums for family/friends, mash-ups, or sampling), music on the pc may NOT be transfered even if the cd accompanies the transfer.

Most of us don’t really think TOO much about the above list and what our USUAL rights to a music cd are. I can put it no better than the EFF….

First, a baseline. When you buy a regular CD, you own it. You do not “license” it. You own it outright. You’re allowed to do anything with it you like, so long as you don’t violate one of the exclusive rights reserved to the copyright owner. So you can play the CD at your next dinner party (copyright owners get no rights over private performances), you can loan it to a friend (thanks to the “first sale” doctrine), or make a copy for use on your iPod (thanks to “fair use”). Every use that falls outside the limited exclusive rights of the copyright owner belongs to you, the owner of the CD.

On other fronts, some of the Artists are starting to see effects of SONY’s poor decision making. I saw one individual point out the Amazon reviews that one cd was getting, this isn’t the same one I saw noted, but it’s on “the list”. From what I can see most any on the list are getting rough reviews (and plentiful in most cases) from the Sony rootkit.

Brian Krebs is reporting Windows Defender (Microsoft Anti-Spyware) will be updated to detect and remove files hidden using the method given by the DRM from SONY. Also, in December the malicious software removal tool will be updated to get rid of the rootkit. The malicious software removal tool will be available from Windows update or through automatic updates.

Update — 11/14/05 –

Didn’t I say this could keep going…?

Sunbeltblog is reporting on a juicy bit of irony…. it seems that the DRM software in Sony’s rootkit includes the opensource LAME mp3 audio encoder. OK, well it seems as though …

This software is licensed under the so called Lesser Gnu Public License (LGPL). According to this license Sony must comply with a couple of demands. Amongst others, they have to indicate in a copyright notice that they make use of the software. The company must also deliver the source code to the open-source libraries or otherwise make these available. And finally, they must deliver or otherwise make available the in between form between source code and executable code, the so called objectfiles, with which others can make comparable software.

So either Sony-BMG (distributors of the rootkit) or First 4 (writers of it) have made a slight licensing boo-boo…. oops. More details here.

Update 11-14-05 5:30 EST…. more shoes falling in the story…

It looks like another class action suit is getting warmed up against Sony over the DRM rootkit fiasco. This from the SecurityFix. A lawyer has filed suit in the US District Court for Southern New York against Sony. This class action could wind up including people in all 50 states in the class. Sony and First4Internet are named in the suit. This is the second class action suit over the matter, the first filed in California court, for California residents.

The suit asks the court to intervene in 1)preventing the use of this DRM method in another product and 2) prevent the re-introduction of this DRM method on CD’s.

I suspect this centipede will have a few more shoes to drop before things are said and done.

Related Posts

Blog Traffic Exchange Related Posts
  • More on the MediaMax DRM software The OTHER Sony-BMG DRM (Digital Rights Management) software is in the news again today. freedom-to-tinker which did great research into the security flaws that the UNINSTALL process for both XCP and MediaMax had is back to give more disturbing news. What's interesting here is that even declining the EULA for......
  • Sunncomm/Mediamax software fix FLAWED Once more in the continuing story.... According to freedom-to-tinker, the "fix" released today for the SunnComm/Mediamax DRM software (the "other" DRM software on sony/bmg discs). Is fatally flawed. The problem the software initially poses is much worse than the company lets on in their release and their advise is.... 1)......
  • SONY DRM rootkit - the gift that keeps on giving Well... I said, more legs than a centipede for this one.... It looks as though the uninstaller from Sony is an activex control that may have some SEVERE security implications. The ActiveX invokes a command to reboot the computer (RebootMachine). (Which is likely remotely exploitable). Also it appears to use......
Blog Traffic Exchange Related Websites
  • Save Money with Free Software. When I started this blog, I developed a sort of split personality. In my real life I'm a software engineer and all around computer geek. But when I sit down to write, or read a financial book or magazine, the finance driven "me" comes out. I never really noticed......
  • How To Get A Business Loan To obtain approval for your small business loan application, you should be able to meet the lending criteria set. Some organizations are more risk reluctant than others and thus have more strict criteria. To greatly increase the chances of a successful funding application, you must submit the following information: Tips......
  • How To Remove Vista Internet Security 2011 Virus You may be the latest victim of Vista Internet Security 2011. This name-changing virus has the different version, but no matter what version you have, the issues are the equivalent. The cyberpunks who formulated this virus were quite professional to make the program dynamically change its name according to windows......
PDF24    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Comments are closed.

Switch to our mobile site