[JPL] "New Protection Software from Sony"

philipbooth at tampabay.rr.com philipbooth at tampabay.rr.com
Thu Nov 10 16:46:32 EST 2005


"Shine," from ex-Phish guitarist Trey Anastasio, is one of them.

 

----- Original Message -----
From: "Jackson, Bobby" <bjackson at WCPN.org>
Date: Thursday, November 10, 2005 4:29 pm
Subject: RE: [JPL] "New Protection Software from Sony"

> -------------------------------------------
> 
> This week's sponsor is: JazzWeek Magazine, with new complimentary 
> subscriptions available
> 
> -------------------------------------------
> 
> The Jazz Programmers Mailing List is a free service provided by 
> JazzWeek.For more information visit us at  http://www.jazzweek.com/jpl
> To become a sponsor contact Ed Trefzger 
> at ed.trefzger at jazzweek.com or 866-453-6401.
> 
> -------------------------------------------
> Jeff Turton wrote...
> 
> If you bought one of the 20 affected CD's, you can uncloak the 
> software,and Sony won't be using this scheme anymore. 
> 
> Question:  Is there a list of the 20 affected CD's that contain this
> cloaking software available?  I would like to avoid them.
> 
> Bobby Jackson
> 
> -----Original Message-----
> From: jazzproglist-bounces at jazzweek.com
> [mailto:jazzproglist-bounces at jazzweek.com] On Behalf Of Jeff Turton
> Sent: Thursday, November 10, 2005 3:12 PM
> To: Jazz Programmers Mailing List
> Subject: Re: [JPL] "New Protection Software from Sony"
> 
> -------------------------------------------
> 
> This week's sponsor is: JazzWeek Magazine, with new complimentary
> subscriptions available
> 
> -------------------------------------------
> 
> The Jazz Programmers Mailing List is a free service provided by
> JazzWeek.
> For more information visit us at  http://www.jazzweek.com/jpl To 
> becomea sponsor contact Ed Trefzger at ed.trefzger at jazzweek.com or
> 866-453-6401.
> 
> -------------------------------------------
> This is also the focus of David Pogue's Tech column in the Times 
> today.
> If you are a Mac user it appears as though this is a non-issue
> 
> 
> 
> 1. From the Desk of David Pogue: Sony BMG's Copy-Protecting Watchdog
> =============================================================
> 
> My In box usually bursts to the seams with reader reaction to 
> stuff I've
> written. What was unusual this week, though, was the amount of 
> mail that
> came in on a topic that I've never even mentioned: the Sony BMG 
> rootkittactic.
> 
> The story goes like this. Starting in June 2004, Sony BMG records 
> begancopy-protecting its pop-music CD's. Over the months, the 
> company has
> used several software schemes for preventing you, the customer, from
> making illegal copies of its discs. But 20 albums are protected by a
> scheme devised by a company called First 4 Internet-and it's 
> caused an
> incredible online furor.
> 
> These CD's, all bearing "Content Protected" labels on the packaging
> (meaning "copy protected"), do something very sneaky if you try to 
> playthem on a Windows PC: they install a proprietary watchdog 
> program that
> prevents you from copying the CD more than twice. (On a Macintosh or
> Linux machine, these CD's play just fine, without any copy 
> protection.)
> Last week, a programmer and blogger named Mark Russinovich dug a 
> littledeeper, and found out something disturbing: the Sony 
> watchdog program
> not only installs itself deep in the core of Windows-it's what's 
> calleda rootkit-but it also makes itself invisible.
> 
> The record company doesn't dispute Russinovich's findings.
> "The cloaking is an additional level of protection to hide the
> protection files themselves," Mathew Gilliat-Smith, CEO of First 4
> Internet, told me. "It's an extra speedbump to make it that much more
> difficult [for prospective music pirates] to circumvent the 
> protection."But Sony BMG didn't seem to be prepared for the outcry 
> from privacy
> advocates and ordinary citizens who felt violated.
> 
> To them, Sony BMG's tactic was dangerous, sneaky, intrusive and maybe
> even illegal. Some of the problems:
> 
> * The hidden-rootkit trick has been used by virus writers to conceal
> their tracks. It doesn't give you such a rosy feeling to know that 
> SonyBMG is treating you the same way.
> 
> * Once hidden, the copy-protection software is invisible to antivirus
> programs, too. So the baddies of the Internet could, in theory, use
> Sony's software as a backdoor to infect your machine, and your virus
> checker would miss it.
> 
> * If you try to remove the software manually, you risk disabling 
> your CD
> player completely. (Instead you should use the Uninstall link on Sony
> BMG's customer-service Web site, whose link appears on the Help 
> screensof Windows Media Player. Of course, then you can't play the 
> CD on your
> computer.)
> 
> * When you insert one of these music discs into your PC, one of those
> software license agreements appears. It says explicitly what's 
> about to
> occur: "This CD will automatically install a small proprietary 
> softwareonto your computer. The software is intended to protect 
> the audio files
> on this CD.
> It will reside on your computer until it is removed or deleted."
> 
> But this note does not say that the software hides itself.
> And, even more damning, you don't see this note until you've scrolled
> down to the third page of legalese in the license agreement. Let's not
> kid ourselves: NOBODY ever reads those license agreements. They're too
> long, too opaquely written and generally of little use to anyone 
> exceptthe lawyers.
> 
> * Sony's copy-protection software prevents you from playing the music
> you've bought on your iPod, which happens to be the world's most 
> popularmusic player.
> Once the true nature of the Sony BMG software tactic became 
> public, the
> company wasted no time in attempting to defuse the issue. Within 48
> hours, it released a patch that makes its software visible again; you
> can download it from http://cp.sonybmg.com/xcp. (Click the Software
> Updates
> button.) Sony also provided the rootkit-cloaking information to
> antivirus-software companies, so that the software will no longer 
> be a
> potential virus magnet.
> 
> At that same Web site, you'll find, incredibly, a link to a
> Sony-sanctioned workaround that lets you copy the protected songs 
> to the
> iPod. (Sony says it will send you the workaround by e-mail once you
> supply the name of the CD and other
> information.)
> 
> Finally, Sony has abandoned the rootkit protection method.
> (It says, in fact, that it had planned to do so even before the trick
> became public.) It still intends to install copy- protection 
> software on
> every audio CD-but it will use other methods.
> 
> For now, then, it seems that the cloaked-rootkit issue is dead. If you
> bought one of the 20 affected CD's, you can uncloak the software, and
> Sony won't be using this scheme anymore.
> 
> My take? Audio CD's that install software onto your PC are just 
> creepy.I believe that distributing copies of a CD to the Internet 
> at large is
> wrong, so I understand the record companies' concern. But installing
> secret, self-masking code onto customers' computers seems just as 
> wrong.
> It's an "any means necessary" approach to the problem, like dealing
> drugs to raise money for charity.
> 
> Personally, I can't understand why any music fan would buy one of 
> thesediscs. If you really want a song from Sony BMG, why not just 
> buy it from
> one of the online music stores and avoid the whole issue? Sony BMG 
> wouldsoon get the message that customers don't like being treated like
> criminals.
> 
> I was also surprised at how dismissive Sony BMG and First 4 Internet
> seem to be. "It's a tempest in a teapot," Mr.
> Gilliat-Smith says. "It's benign content protection. It's not malware,
> it's not spyware-it's innocent.
> 
> Consumers, for eight months, have been using these discs with positive
> feedback. When the issue arose, we addressed it very quickly."
> 
> I wondered if he could even understand why consumers might feel a bit
> violated. I pointed out that the usual damage- control plan for
> public-relations disasters (see also Tylenol; Perrier; Pentium 
> bug) is
> not to haughtily dismiss customer fears, but to apologize profusely.
> 
> But the closest thing Mr. Gilliat-Smith would say is, "We understand
> what the concern was, but there was no intent. We reacted as 
> quickly as
> we could, took responsive issues. And now, hopefully, we move on."
> -----
> 
> 
> 
> On Nov 10, 2005, at 2:22 PM, Ed Trefzger wrote:
> 
> >
> > On Nov 10, 2005, at 2:11 PM, Jackson, Bobby wrote:
> >
> >> My engineer is up in arms over new protection software on Sony 
> CD's.>> The story goes if they are played in your PC they install 
> software 
> >> which harms the computer and we also got a release today that 
> said 
> >> the software opens your computer up for some new viruses.  
> Anyone 
> >> have more information on this?
> >
> > Here's an article on the subject from Computerworld:
> >
> > http://www.computerworld.com/securitytopics/security/story/
> > 0,10801,106072,00.html
> >
> > And one on the security risks that have been found:
> >
> > http://searchsecurity.techtarget.com/originalContent/
> > 0,289142,sid14_gci1144441,00.html
> >
> 
> -------------------------------------------
> 
> This week's sponsor is: JazzWeek Magazine, with new complimentary
> subscriptions available
> 
> -------------------------------------------
> 
> Complimentary subscriptions to JazzWeek are now available to qualified
> applicants in fields related to jazz, including musicians, educators,
> broadcasters, promoters, retailers, and more. Sign up now at
> <http://www.jazzweek.com/&gt;. Subscribe before November 21 and
> receive a free copy of our post-Katrina special issue.
> 
> -------------------------------------------
> -------------------------------------------
> 
> This week's sponsor is: JazzWeek Magazine, with new complimentary 
> subscriptions available
> 
> -------------------------------------------
> 
> Complimentary subscriptions to JazzWeek are now available to 
> qualified applicants in fields related to jazz, including 
> musicians, educators, broadcasters, promoters, retailers, and 
> more. Sign up now at <http://www.jazzweek.com/&gt;. Subscribe 
> before November 21 and receive a free copy of our post-Katrina 
> special issue.
> 
> -------------------------------------------
> 


More information about the jazzproglist mailing list