Comments on: Sony CD protection sparks security concerns

Anticopying tools used by SonyBMG could be adapted by virus writers, researchers say.

[My-Self]

Rewarding those who buy CDs with a rootkit...

Rewarding people who buy the CD by installing a rootkit in their machine ? That's by far the best argument for people to stop buying CDs and download (illegal but safe) mp3 instead ...
Looks like their greed finally made them shoot themselves in the foot.

[BS_Reader]

Let's call it w32.RootBySony.1 as the malware

I think the author of this article has been too kind to this kind of criminals. He failed to highlight the EULA that has not sought consent to install the rootkit and to mention no uninstallation is provided.

May of the blog messages even highlight such practice as being illegal. In fact FTC has recently successfully prosecuted Spyware. It may be time for FTC to sink the teeth into this kind of criminal activities.

I used to respect DRM and buy CD, now I think it is safer to use the protection-less stuff from the Net. I have already recommended anyone not to buy Sony CD - with or without protection. With this kind of ethic and anti-customers attitude practiced and endorsed by Sony, who can trust them anymore.

Sony you have just starting digging a grave and has placed yourself in the same class as Sasser, slapper, BackOrifice, SubSeven, good companies to be associated with.

Your former glory has been tarnished and Internet's archival and search engine allow your shameful business practice to be remembered for a long time.

The only sad story is the artist's income has now been robbed by Sony's shameful business. You have distroyed their trust in you. Shame! Shame!

[betolima64]

What should I say???

Sony "was" a company we could trust in.
It's a crime what it has been doing. I just wonder how many times we were victims from this company without knowing.
Thanks to Mark Russinovich to open our eyes. Why should I buy Sony's products? I can live even better without them.

[mateo60]

I guess I'll start stealing music again?

This only hurts honest people. I've started purchasing the music that I'd downloaded and I've started using iTunes because I think it's the right thing to do.

Maybe I'm wrong. Maybe I'll just start stealing music again? It sounds like it's easier. If I'm going to be treated like a criminal, I'd like to get free music out of the deal at least.

[redcone]

class action

While the idea of a class action lawsuit sounds good, I predict the outcome would be millions in fees for the lawyers, with the affected users getting a couple of discount coupons that are only good when purchasing new Sony CD's. Sadly, that seems to be the pattern in all too many class action suits.

[Darryl Snortberry]

Symantec is in on this?

So does this mean that if a company or the government wanted a backdoor into my computer I can't trust Symantec's detection to pick it up. What other companies are sellouts like Symantec so I can avoid their products.

[Squidboy]

Article modified without revision notice

This article has been revised, without a revision notice. In particular, the line that currently reads "First 4 Internet, said the cloaking mechanism was not a risk. The company's team has worked regularly with big antivirus companies to ensure the safety of its software, and to make sure it is not picked up as a virus, he said." used to read ?The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk, and that its team worked closely with big antivirus companies such as Symantec to ensure that was the case.? (Discovery courtesy of Google's cache, also documented on http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html ) The reference to Symantec has been edited out. Readers should be cautious.

[klaxonator]

Re: Article modified

This line was indeed modified, and a correction has been posted. The original line was poorly worded (I can say that, I wrote it myself), and was originally rewritten for clarification. We subsequently were told by Symantec that it had previously worked with First 4 Internet on imaging software, but *not* the rootkit software. Thus the correction. Thanks for your close reading. -john borland

[jimbo 1959]

Sony's crimnal intent

Sony's malware is criminal, intentional and in violation of US laws from top to bottom. This article starts with some real misconceptions such as this beauty of a definition, "a "rootkit"--something not dangerous in itself." That's like saying disabling every lock and protection on your home, auto, bank account, privacy, etc is "not dangerous in itself." While technically correct it fails to mention the gravity and seriousness of the offense. Sony intended to go through the previously "locked" doors and get whatever it deemed needed to protect what it considers its rights. O yeah, by the way Sony felt uncompelled to let its customers know what it was doing. Let's see a locksmith who disables my lock so he can come in later to check things out while I'm not looking, he's okay to do that under law? He hasn't done something dangerous by disabling my door lock so anyone can enter my home, rape my wife or daughter, steal my belongings and furthur purport acts of violence against all of us at will through an unlockable (not unlocked) door. This is "not dangerous in itself," but for obvious reasons it is a serious criminal offense. In the case of Sony it has been committed against millions of people.

As mentioned by reader Had_to Be_said, "There are numerous State, and Federal, 'Computer Abuse' statutes on the books, which are clearly being directly-violated by this intentional-action on Sonys part." While I agree on that I would also offer that the gravity is more serious than statutory. What about this old tidbit:

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Start at the top, this is a civl rights violation on a scale as large as that of the slavery and Jim Crow eras in US history. This is an easy bandwagon to jump on, but lets get it right, Sony has violated Civil Rights through unwaranted search not to mention unauthorized prosecution. They should be hung out to dry along with any antivirus providers aware of and who through "Act or Ommission" failed to inform their consumer base about this.

jim