November 18, 2005 5:17 AM PST

Did Sony 'rootkit' pluck from open source?

Related Stories

Attack targets Sony 'rootkit' fix

November 16, 2005

Sony recalls risky 'rootkit' CDs

November 15, 2005

Sony's CD scheme backfires

November 14, 2005

Microsoft will wipe Sony's 'rootkit'

November 13, 2005

Copy-protection code appears to have tapped an open-source project, raising questions about copyright, software experts say.

The story "Did Sony 'rootkit' pluck from open source?" published November 18, 2005 at 5:17 AM is no longer available on CNET News.

Content from Reuters expires after 30 days.

90 comments

Join the conversation!
Add your comment
Music companies are hipocrites!
So, the music companies cry foul when someone violates their copyrights, but have no moral qualms about themselves violating the copyrights of others!
Posted by Mad Dog - Chi (22 comments )
Reply Link Flag
no moral qualms
<a class="jive-link-external" href="http://www.analogstereo.com/chrysler_lhs_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/chrysler_lhs_owners_manual.htm</a>
Posted by George Cole (314 comments )
Link Flag
It keeps getting better and better
I love it! A multi-billion dollar corporation got caught with their hands down the pants of their customers.

People hate viruses, worms, trojans, spyware, adware, malware and security exploits and what does sony do? Make a copy protection scheme that acts like a virus, burries itself like a worm, delivers a payload like a trojan and leaves your computer open to act, not only while it's running, but after it's removed too!

Remind me again why we should buy our music and not just download it?
Posted by thedreaming (573 comments )
Reply Link Flag
that's why
I stopped buying CD's 4 years ago. I'm taking this further aswell. I'm uploading every single SONY signed artist song I have to P2P networks and will do so in the future. This really pissed me off. As if running Windows aint enough of a headache, big and trusted companies start doing this.
Posted by Gerry1981 (13 comments )
Link Flag
This is starting to sound as though...
This is starting to sound as though Sony simply didn't do any of their own testing for this product. Remember, if this was ripped off from open source, it was the company that made the thing that did it. It seems like everyone is immediately blaming Sony for everything. They are at fault for not doing their own testing and using the stupid thing, but please actually read the articles so that you know that not everything is their fault.
Posted by Hobo453567 (26 comments )
Reply Link Flag
Sony is...
either criminally negligent or entirely stupid. Either way they come out with egg on their face and the company that made the software won't ever probably be much more than a blip on the radar.

Personally, I won't buy Sony products anymore. As far as their recording artist go... if I were them I would be asking who sony is really protecting. From what I've heard record companies don't protect anybody, but themselves.

However, I will still buy music from a sony artist, but only if it's available for 99 cents or less on iTunes.
Posted by System Tyrant (1453 comments )
Link Flag
Testing? "Enhanced" CDs. Ha.
Test what? Weather or not the rootkit installs properly? Everything is Sony's fault on this. Should a company install anything on your PC? And what's with the "ENHANCED" bs that they use to hide what this software is? I'll tell you why, because it's a PR nightmare, and they don't want people to know what they're doing.
Posted by lewissalem (167 comments )
Link Flag
Still doesn't absolve guilt!;
Alas the law, inrespective, means that whilst SONY may have commissioned a third party for this DRM trojan/spyware, it does not absolve it ony guilt, as an accessory before and after the fact, and conspiracy to trespass, damage and deliberately compromise customers personal property and make it insecure. Further to supply tools for the writers of the next gen virus/trojan/phisher and other malware, is one of total criminal incompetence!
Posted by heystoopid (691 comments )
Link Flag
LAME is NOT an MP3 player!
Contrary to this (flawed) Reuters report, LAME is NOT an MP3 player. It is an MP3 encoder.
Not the same. Not even close...
Posted by aemarques (162 comments )
Reply Link Flag
hehehe
a little anal aren't we?

Out of a whole article that reveals how Sony violated other's copyrights in an attempt to protect their copyright and all you can point out is the writers lack of knowledge?

lol
Posted by The user with no name (259 comments )
Link Flag
Not Much Incentive...
...To buy music instead of downloading it from P2P networks. Sony has embarrassed itself and its music artists, and I'm sure, now more than ever, that I will never, ever buy another CD. Sony crossed the line when it packaged this invasive software with our music, and it will take a long time to earn my respect and my business back.
Posted by RoseBlood74 (8 comments )
Reply Link Flag
Irresponsible
You know, it really is irresponsible to take the standpoint of not
buying music but rather downloading it from P2P networks.
Sure, companies like Sony make terribly bad decisions, but
downloading music that you would have bought will at least in
some cases hurt the artist.

For artists on labels like Sony's the compensation might not be
that great, but don't forget that a lot of the smaller record labels
and independent artists count on those sales to keep going.
Don't stop supporting everyone because of the mistakes of the
few larger companies.
Posted by ddesy (4336 comments )
Link Flag
Hoist by Their Own Petard!
i love it! how can this possibly get any worse for sony? sure, one can make the case that if this is in fact open source lame code sony was only a distant purchaser/reseller of it. but, there's been a lot of fuss in the linux community over supposedly stolen code and in some cases indeminity statements are being made by software resellers, and lawsuits have been filed against corporate end users.

gee--i wonder if anyone will want to sue the purchasers of those cd's? they're really caught in a catch 22--purchased what may have been stolen code, and now if they take action to remove it they're in violation of the dmca!

mark d.
Posted by markdoiron (1138 comments )
Reply Link Flag
Very Well Said!
The French used p├ętard, a loud discharge of intestinal gas, for a kind of infernal engine for blasting through the gates of a city. To be hoist by one's own petard, a now proverbial phrase apparently originating with Shakespeare's Hamlet (around 1604) not long after the word entered English (around 1598), means to blow oneself up with one's own bomb, be undone by one's own devices. The French noun pet, fart, developed regularly from the Latin noun pditum, from the Indo-European root *pezd-, fart.
Posted by Mister C (423 comments )
Link Flag
Violating Copyrights to Protect Copyrights !?
So Sony only respects their own artists' copyrights? What about the work of the LAME project coders? Aren't they artists as well who deserve the protection copyright affords? Sony needs to admit that enforcing copyrights starts at home.
Posted by AronMalkine (1 comment )
Reply Link Flag
Sony only respects the CASH!
Ripping off open source to rip off paying customers. Sony is totally hipocritical and does not deserve consumer support. They do deserve lawsuits and a strong worldwide boycott of all that is Sony. Make them feel some of the pain they dished out on paying customers by hitting them in their piggy bank. Buy nothing Sony.
Posted by Stan Johnson (322 comments )
Link Flag
They got you...
You bought it, hook line and sinker. The part you miss is that Sony didn't create the software. Imagine you download some new program, pay for it and then later find out that the software was from an Open Source project all along. Did YOU violate the copyright? No, neither did Sony. The guilty party is the company that sold the software to Sony in the first place.
Posted by zaznet (1138 comments )
Link Flag
Time to cut out the middle man
Now that artists can burn their own CD's and market them on the web, and even allow 99 cent downloads, what do the need the music conglomerates for anymore? Right now, publicity is one thing they supply for the (selected) artists.

But, as people move more and more to the web and web based music reviews, this advantage will dwindle in importance.

Time to cut the music conglometates out of the picture!
Posted by Mad Dog - Chi (22 comments )
Reply Link Flag
Downloads, yes. Burned CDs, no.
Although I have to say that the download idea is nice, I can't say I
agree with the burned CDs. Discs that are not pressed tend to be
more easily damaged by extreme temperatures and scratches.
They also tend to have a shorter life span. Instead, I would
recommend using a service that presses discs for a decent price.
Posted by ddesy (4336 comments )
Link Flag
IVE Internet Phone Software Doesn't Work Either
I wasted 2 hours yesterday trying to get Sony's new IVE video software (as reported by CNET) to work, only to give up in frustration. Yes, I did disable my firewall to test. The software installed and connected to their server, and I saw a video feed from my webcam, but I was unable to make any menu selections at all. The program was non-responsive to any menu selections. What is it with Sony these days, is Howard Stringer asleep at the switch?

To CNET: Did anyone on your staff try out IVE? Did it work properly on Windows XP SP2?
<a class="jive-link-external" href="http://news.cbsi.com/Sony+launches+free+Internet+phone+service/2100-7352_3-5957132.html" target="_newWindow">http://news.cbsi.com/Sony+launches+free+Internet+phone+service/2100-7352_3-5957132.html</a>
Posted by Stating (869 comments )
Reply Link Flag
This has absolutly nothing to do with the story.
I just noticed that news.com must be having trouble with their site. The most discussed stories are ones with 1 or 2 comments.

This story doesn't even register on the most discussed section.
Posted by System Tyrant (1453 comments )
Reply Link Flag
most discussed section
<a class="jive-link-external" href="http://www.analogstereo.com/pontiac_vibe_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/pontiac_vibe_owners_manual.htm</a>
Posted by Thunder Johny (200 comments )
Link Flag
The is the action of thieves!
SONY, has become so corrupt and morally bankrupt, it has now degenerated to stealing from every one, from A to Z! I hope, the open source people instigate appropriate legal action, in regard to theft and illegal use of proprietary rights! They have the gall, to label all customers thieves, now they steal from open source for profit!, this like the pot calling the kettle black! Don't buy anything from these predators!!!!!!!
Posted by heystoopid (691 comments )
Reply Link Flag
label all customers thieves
<a class="jive-link-external" href="http://www.analogstereo.com/chrysler_imperial_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/chrysler_imperial_owners_manual.htm</a>
Posted by Thunder Johny (200 comments )
Link Flag
Lawyer wrong about OS licenses?
"If open-source software is tightly integrated into a single executable program, the whole application has to become open source software, even open source software such as LAME whose MP3 encoder is licensed under the more relaxed Lesser General Public License (LGPL), a lawyer said."

Hmmm... I think that at least one OS license type, MPL, allows to include OS code in commercial applications.
Posted by JoseCtesArg (11 comments )
Reply Link Flag
Where is the story here?
A few CD's had this copy protection scheme; There was no malice by Sony, it was only an attempt to maintain their recording copyrights. Sony has always made excellent products and I am sure they emply some highly skilled people; Compared to the Pentium bug of 1994/5 and the ensuing coverup by Intel, this corporate mistake is nothing.
Posted by RichardET (9 comments )
Reply Link Flag
Except...
The difference is that the Intel Pentium bug did not provide a large
potential for a security breach on the systems of average users. So
ultimately, I would say that the problem is bigger, the cover up is
less obvious.
Posted by ddesy (4336 comments )
Link Flag
The story is huge
The story is that while Sony was trying to protect their copyrights,
they were violating other people's copyrights. I think that's pretty
big.
Posted by seqiro (2 comments )
Link Flag
What goes around comes around!
Now the open source movement knows what it's like to have their code lifted or copyright infringement. SCO has been crying out against the open source crowd for over two years for lifting its UNIX System V code which is allegedly forming the core of Linux. My heart really goes out to the open source fanatic crowd. LOL.
Posted by (50 comments )
Reply Link Flag
Flawed logic
Proprietary software is closed and the code
cannot be viewed, whereas open-source software
can readily be viewed. Which software do
you think is more likely (and often has been)
stolen or its copyright violated? It is a common
myth that proprietary code is being violated.
The more common scenario is the reverse. Consider
Windows using the BSD TCP/IP stack or Linksys and
Cisco using and violating the Linux Netfilter code. Your are very naive if you think the
industry or the internet in general would exist
without open-source software.
Posted by Johnny Mnemonic (374 comments )
Link Flag
pertainng to linux lifting from unix
Researching a little before jumping the gun and stating things as though they were certain is good practice, I think. Just as a first level of research I googled "linux lifted..." and interestingly enough discovered a small group of Americans, so anti-linux, and its free-source policy. And not even a court case, but small groups producing tons of code to non-experts trying to show links. Yes, I started reading. When experts started analyzing the code, it showed no evidence of linux lifting anything off unix, but some evidence was there to the contrary. Google it yourself.
Posted by kor89 (1 comment )
Link Flag
Your screen name is apropos
---science fiction. Just like your reasoning. And the plot seemingly discribes your mental state--data overload. LOL. Man you are the one with twisted logic!

Plot of Johnny Mneumonic--

"A data courier, carrying a data package literally inside his head too large to hold for long, must deliver it before he dies from it."
Internet Movie Database (2005)

Moreover, you pick out tiny little pieces that represents one tenth of one percent of proprietary code to try to rationalize massive code theft of code from SCO. Nice try.
Posted by (50 comments )
Reply Link Flag
Massive code theft????
Last I heard, the judge (and IBM) were still waiting for SCO to identify ANY copied code!

Last I heard, hundeds of Linux coders were standing by, ready to re-write any stolen modules or code-fragments.
Posted by DougDbug (62 comments )
Link Flag
No code theft from SCO, at all, so far...
This bogus legal dog-and-pony show, has been going on for years now. And, so far SCO has failed-completely to show that any of their "code" has actually been mis-appropriated. In fact, of the very tiny scraps of evidence produced by SCO, in all this time, every one of their [SCOs] examples has been disproven, or shown to be completely false.

Furthermore, the companies which actually sold the alleged "intellectual-property", which SCO is now claiming as theirs, have basically stepped-up and flatly-stated that SCO never did actually own any of the properties they are attempting to claim.

Even the Judge in the case has stated that SCO simply has not presented any credible evidence to support any of their grandiose claims.

Not to mention the facts that, SCOs claims against "end-users" is apparently completely without legal-merit. And also that, surprise, surprise, SCO just happened to receive several tens of millions of dollars directly from Microsoft, ...right before this entire "...shadow was cast over Linux and Open-Source". Hmmm.

Its no small wonder that SCO is nearing bankruptcy, and that there is even talk of legal-proceedings against those at SCO who are responsible for orchestrating this charade, in the first place.
Posted by Gayle Edwards (262 comments )
Link Flag
I think that you are the one person left...
... in the world who believes that SCO is anything more that a loose
collections of liars and cheats, with one last desperate hope to
extort money from the rest of the world.
Posted by Earl Benser (4310 comments )
Link Flag
SCO?
Clearly you missed the point again. I simply made
the point that if nothing is hidden you are less
inclined to steal as the evidence is immediately
apparent. As to your SCO comment, you have been
mis-led. I am sorry to burst your bubble, but
there is no SCO (UNIX) code in Linux. Unfortunately,
the naive are easily misled, especially if a myth
is repeated enough. For instance,
Microsoft/innovation, subliminal advertising,
the boogey man. One only need to repeat something
enough times and there are always a few who will
believe.
Posted by Johnny Mnemonic (374 comments )
Link Flag
RICO?
I wonder if a RICO prosecution could be pressed against Sony? I just did a quick search on the net and found these items. There are probably more, but these are what I found:

Sony: Found guilty of marketing a method for reproducing copyrighted movies: The Betamax (1976)
Sony: Found guilty by the Japanese Federal Trade Commission of unfairly influencing pricing of PlayStation games (3/2001)
Sony: Found guilty of infringing on patents with PS2 DualShock controllers (9/2004)
Sony: Music division guilty of Payola (paying radio stations to play songs) (7/2005)
Sony: Found guilty of intentional and systematic deception of consumers by using reviews from imaginary film critics to increase sales (8/2005)

As you can see, they've had a VERY bad year this year. And my shaky understanding of the RICO when its used against a corporation is an important racketeering element, which is nicely covered by the Payola conviction.

It's also interesting to note that the Betamax suit (they were sued by the film companies, ironically) ultimately started all this "fair use" and copying that they were trying to stamp out with the rootkit. What morons.
Posted by LordValance (3 comments )
Reply Link Flag
Doubtful
It is highly unlikely that any criminal charges will be filed against any of these corporate criminals. I contacted my U.S. Senator (Levin) back when I read about the RIAA little GOON squad roughing up a guy and telling him they were the police (which they were not) and that he would be arrested then and there if he did not cooperate (which he could not have been). Sen. Levin stated he fully supported the RIAA and copyright laws. I do too but not to the extent where they blatantly break the law. Despite my linking to the story and pointing him to other acts of questionable legality by these corporate pirates all I got was a "I support copyrights". Basically a form letter. The government was bought and it is very clearly obvious.
Posted by msuguy71 (2 comments )
Link Flag
see reply below...
subject "Not all laws are the same..."

Must have clicked the wrong link :)
Posted by zaznet (1138 comments )
Link Flag
Payola conviction
<a class="jive-link-external" href="http://www.analogstereo.com/vacuum_sealer/industrial_vacuum_sealer.htm" target="_newWindow">http://www.analogstereo.com/vacuum_sealer/industrial_vacuum_sealer.htm</a>
Posted by Thunder Johny (200 comments )
Link Flag
Over-reaction against Sony
Sony didn't steal the code, they purchased a product from another company. This underscores the need for open source products, or at least when you purchase a product to have access to the source code so you can ensure it wasn't just re-packaged code from some existing product.

Sony didn't break the GPL, the company they contracted for the DRM software did.
Posted by zaznet (1138 comments )
Reply Link Flag
Hehe
So you're saying they could be charged with Receiving Stolen Goods? :)
Posted by LordValance (3 comments )
Link Flag
Not all laws are the same...
You have to remember that it is a matter of where they do business that they run into laws that they will be "guilty" of.

As for patents, the patent over the vibration effect in controllers is one that should likely have never been awarded as it was in use many years before they had the Playstation 1 or even the Super Nintendo. Prior art makes it invalid.

Just being found guilty by one court or judge does not make the company guilty, there is always the chance for an appeal. :)
Posted by zaznet (1138 comments )
Reply Link Flag
Of course, but...
As I stated, this was a "quick 'n dirty" search on the web. The Payola judgement, though, is very real and it's not the sort of thing they can weasel out of. Also, I realize that one was a judgement in Japan and not likely to mean anything here in the States.

All this taken into consideration, when you add 1+1+1 and get 3, it sometimes make you wonder if there are any OTHER 1's lurking around in the corners waiting to be added up. If I were a prosecutor thats what I'd be thinking, at least.
Posted by LordValance (3 comments )
Link Flag
Sony XCP More Sinister & Not Just Anti_Piracy
Sony XCP More Sinister &#38; Not Just Anti-Piracy
Reader post by: Power Dot
1st Posted on: November 18, 2005, 11:49 AM PST
Story: Week in review: Sony's sour note
First, Full Support To BOYCOTT BOYCOTT BOYCOTT ALL ALL ALL Things Sony.
Look deeper and put the jigsaw together and you'll realise that Sony is definitely an EVIL AND SINISTER EMPIRE. Rotten to the core.
They installed the XCP not just for anti-piracy purposes BUT to bring down the great American Company of Steve Jobs, maker of the magnificent Apple iPod machine.
First, Sony tried to double their download $ for each song to kill iPod. As Steve Jobs said something like, doubling the iTunes download price from $0.99 to about $2 will encourage piracy and thus by this, Sony hoped to gradually kill iPod's popularity because less and less people will then be using iPods as the downloads get more expensive. iPod's leadership and top popularity now was ONCE Sony Walkman's.
Since Steve Jobs resisted Sony, Sony tried (not sure if effected) to cut iPod off from its songs.
Another evil step to trample on iPod to get itself (Sony) up to the top.
And now this 2nd step by Sony to be a virus distributor itself by hiding it's XCP deep inside people's computers with 2 main objectives (maybe more).
As I read somewhere, those Sony XCPed songs cannot play on iPods but play fine on Walkmans.
Sony is greedy, evil, arrogant, and a pathetic liar (wait till you email them for customer service when they reply that they'll get back to you in a few days and the days turn into months with deafening silence and you'll know that I don't exaggerate!! Further nice, polite emails met with the same fate. That is the real Sony).
NOW, I DON'T BUY ANYTHING SONY.
Sony of many, many, many years ago was different.
NOW, their products are riddled with so many quality problems like their software.
Design problems, malfunction problems, unable to write when intended to do so (DVD writers) etc.
I should know because I have used Sony digital cameras (2MP and 5MP), camcorders, TVs, DVD drive,CD Drive, 3.5 floppy drive, and others.
BUT NOW, I TOTALLY BOYCOTT ALL THINGS SONY.
Posted by powerdot (4 comments )
Reply Link Flag
Another evil step
<a class="jive-link-external" href="http://www.analogstereo.com/citroen_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/citroen_owners_manual.htm</a>
Posted by Thunder Johny (200 comments )
Link Flag
Pt.2: SONY XCP More Sinister Or Just Anti-Piracy?
Recent news that &lt;&lt;&lt; the industry has seen an estimated $2 billion overall decline in CD sales...&gt;&gt;&gt;
How is that calculated? Real figures or imaginary numbers?
More likely, is it just an excuse to plead "poverty" to pay the artistes LESS and keep more for their greedy selves???
Paying big bucks to keep people like the HEAD???!! of Sony's GLOBAL???!! business to say things like "Most people, I think, don't even know what a rootkit is, so why should they care about it?"
SO AFTER WE, THE CUSTOMERS HAVE PAID FOR SONY'S VERY EXPENSIVE SONGS AND VERY EXPENSIVE PRODUCTS TO KEEP HIM UP THERE, IS HE IMPLYING THAT WE KEEP PAYING GOOD MONEY TO SONY FOR HIM TO LOOK DOWN UPON US AS PEOPLE WHO ARE WAY BENEATH HIM BECAUSE WE ARE IGNORANT, ILLITERATE, STUPID &#38; COMPLACENT??
So he can exploit that, trample on our rights and privacy, and put their dirty greasy hands into our pockets again and again by spying on our likes and dislikes?
LIKE, SONY, THROUGH HIM, ARE THEY IMPLYING THAT CUSTOMERS DESERVE NO RESPECT BECAUSE CUSTOMERS DON'T KNOW ANYTHING ABOUT ROOTKIT, PRIVACY, INSULTS, AND WILL STILL KEEP PAYING FOR SONY'S PRODUCTS T GET INSULTED AGAIN &#38; AGAIN?? AND THAT WE'LL FORGET AFTER A FEW WEEKS AND THEN START BUYING SONY AGAIN???
And when Sony's XCP disables our CD/DVD drive,
we might be misled, cheated, conned, and scammed into thinking that our CD/DVD drive is burnt out or that our computer is in poor shape and so is Sony hoping that we will then buy a brand new sony computer or at the very least spend good money on a new sony problem-plagued CD/DVD drive and throw out the perfectly good CD/DVD drive that was in our computer???
IS THIS THE START OF A NEW GREEDY BUSINESS TREND OF GETTING MORE MONEY FROM US BY MISLEADING US INTO THINKING THAT OUT PRODUCT IS NOT WORKING AND THAT WE NEED TO GET A NEW ONE OR PAY THEM FOR OUR PRODUCT TO BE SERVICED??
OR HAS THIS NEW GREEDY BUSINESS TREND ALREADY STARTED?
Did Sony dream that their XCP would be good for their business without thinking that the "illiterate, dumb masses" of customers are way much more intelligent, more sharp and much more hi-tech than Sony and their HEAD???!! of GLOBAL???!!! Business???
Posted by powerdot (4 comments )
Reply Link Flag
Dream on pal...
Is that why a judge has allowed SCO to depose over 100 programmers at IBM? Time will tell. Just because SCO is smart enough not to show all its cards to the major defendant in the case, doesn't mean it doesn't have a smoking gun. I suggest you take a course in philosophy or logic. Your reasoning is asinine.
Posted by (50 comments )
Reply Link Flag
MCSE?
Let me ask you a serious question. Are you an MCSE
graduate? If so, that would explain a great deal.
I have had to correct so many errors made by people
like you.
Why are Windows programmers less literate than
Unix/Linux programmers? Has all the pointing
and clicking made you lazy or just stupid.

Please tell me you aren't as simple as you seem.

The code is available on kernel.org as well as
other sites. Please show the infriging code!!!

By the way, the Unix api is owned by the open
group unix.org. Novel or SCO own the oldest
implemetation of the Posix/Unix standard.

You can do a code comparison like many have already
if you like since the old System V UNIX was
open-sourced. Do a comparison if you are
capable of such a simple task. Make your own
judgment. But, don't publish your results as SCO
is likely to sue you.
Posted by Johnny Mnemonic (374 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.