Sony BMG sues CD vendor over rootkits

Sony BMG Music Entertainment is suing an antipiracy CD software company claiming that the technology provided was flawed. In November 2005, researcher Mark Russinovich discovered hidden files left behind on computers when certain Sony copy-protected CDs were played. The subsequent consumer complaints and government investigations, says Sony, cost the entertainment company millions of dollars in losses.

Now Sony BMG has filed a complaint against The Amergence Group, formerly SunnComm International, a company that produced the piracy-protection system known as MediaMax CD. According to the Associated Press, Sony BMG is seeking $12 million in damages for unfair business practices and for breaching the terms of its license agreement.

The Amergence Group told the Associated Press it would fight the allegations and suggested that lawsuits against Sony BMG's use of copy-protected software involved Sony's use of other technologies.

[lampietheclown]

Freudian Slap? ... er ... Slip?

This must be meant as humor.
"Sony BMG Music Entertainment is suing an antiprivacy CD
software company"

Antiprivacy is more correct than anti-piracy, and more
humorous.

To the other extreme, Mr Vamosi wrote;
"SunnComm International, a company that produced the
privacy-protection system known as MediaMax CD."

Privacy-protection?

I'd guess that the only way Sony will win is if they can prove that
they didn't know the software was flawed before putting it onto
millions of CDs.
They knew what it was, They knew what it did. They just didn't
know it was a flaw, until it was pointed out to them by the
California and Texas AGs.


Lampie The Clown

[mike.gw]

Sony is suing because they got caught!

Some nerve. I can hear the execs on the conference call now: "You said this software was UNDETECTABLE, so how come we got caught?"

The CD vendor must have promised BALCO like stealth software! LOL!

[Arcond]

False accusations

I'm actually very good friends with the lead developer that developed the software for SunnComm. The thing is, the rootkit they're suing over was developed and distributed by another company known as First4Internet. But because of the outrage from people hearing the news they never bothered to see if it was one company or all. So any company that Sony used for DRM is now getting sued. My good friend who developed SunnComm's software already had his code reveiwed in court and was exonerated over a year ago.

[lampietheclown]

Not so false

The DRM software you are talking about is Mediamax, which was a
problem because it would install even if you clicked NO when the
EULA came up. Not exactly friendly.

Is it any wonder they both got painted with the same brush?

Lampie

[Arcond]

True but still no basis for a suit

Yes it is true that the software would install even if you clicked no to the EULA, however it begs the question, why? The answer is because if the end-user clicks no it was still possible to rip the songs off the CD at that point since the DRM software would not be installed. If SunnComm hadn't done what they did then there would be no true DRM and Sony would have every right to sue them for not delivering a viable DRM solution. As it stands, yes the software is installed no matter what, but the MediaMax software was a solid platform which could not be exploited by hackers. Again the actual code in question was reviewed by the Texas Attourney General's office and the code was cleared of charges and the developer exonerated over a year ago when all this first hit the news.

[royc]

What are you saying?

That Sony or any other company can install anything on any they want, even if I have refused the EULA?

I really hope you are wrong here, because that says all the spyware, keyloggers and all the other @!#$@ out there is 100% legal and we can't remove it once it's installed. Because there is no way to find it!

[lampietheclown]

Once and for all

Installing software without first obtaining the user?s consent
appears to be illegal in the U.S. under the Computer Fraud and
Abuse Act (CFAA) as well as various state anti-spyware laws.

QUOTE
"As it stands, yes the software is installed no matter what, but
the MediaMax software was a solid platform which could not be
exploited by hackers."

Yes, it could. It wasn't even hard. The watermarking system
was flawed.
Even if it worked, they don't have the right to install software on
my computer to satisfy a contract with Sony BMG.

The XCP and MediaMax version 5 players both exhibit similar
spyware-like behavior: phoning home to the vendor or record
label with information about users? listening habits despite
statements to the contrary from the vendors. Whenever a
protected disc is inserted, the players contact web servers to
retrieve images or banner ads to display. Part of the request is a
code that identifies the album. XCP discs contact a Sony web
site, connected.sonymusic.com [28]; MediaMax albums contact
license.sunncomm2.com, a site operated by MediaMax?s creator,
SunnComm. These connections allow the servers to log the
user?s IP address, the date and time, and the identity of the
album. This undisclosed data collection, in combination with
other practices?installation without informed consent and the
lack of an uninstaller?make XCP and MediaMax fit the
consensus definition of spyware.

Lampie