Sony sailing past rootkit controversy

Though Sony BMG Music Entertainment faces a torrent of criticism and lawsuits stemming from copy-protection software on some of its CDs, the so-called rootkit controversy has not yet had much of an impact on sales, according to market trackers.

Certainly, the pressure on Sony is mounting. On Monday, Texas Attorney General Greg Abbott charged that the entertainment giant violated Texas' new anti-spyware law by releasing albums that secretly installed rootkit software that hid itself on computer hard drives. Rootkits can open a PC to viruses and other malicious code.

"Sony has engaged in a technological version of cloak-and-dagger deceit against consumers by hiding secret files on their computers," Abbott said in a statement. "Consumers who purchased a Sony CD thought they were buying music. Instead, they received spyware that can damage a computer, subject it to viruses and expose the consumer to possible identity crime."

Abbott's response is the latest in a string of protests, online and off, that have led Sony to an unprecedented recall of more than 4.7 million CDs and an offer to replace the 2.1 million that were sold.

But despite three weeks of stinging criticism and calls for boycotts, consumers appear to be buying and using Sony CDs just as they always have.

According to data from market tracker Nielsen SoundScan, the discs carrying Sony's copy protection software suffered little, if any, decline in sales compared with other medium-selling titles at similar points in their release cycles--at least up to the point of Sony's recall last week.

Sales of the title first and most widely associated with the problem, southern rockers Van Zant's "Get Right with the Man," actually climbed in the two weeks following exposure of the CD's security risks, according to Nielsen SoundScan data. Celine Dion's album "On Ne Change Pas" held steady at 300 copies per week throughout the controversy.

Several titles that were closer to their release dates, such as albums by Trey Anastasio and Puerto Rican singer Chayanne, showed more substantial drops over the same period of time. However, industry insiders said even these week-to-week drops were not unusual, close to an album's release.

Another measure of albums' popularity is provided by Gracenote, whose CDDB--Compact Disc Database--service counts how many times people put CDs in their computers using a media player such as iTunes, Windows Media Player or RealPlayer. These programs automatically look up the album name and song titles.

A representative for Gracenote said the company's data shows no appreciable difference in trends--and specifically no obvious drop-off in listening--between Van Zant and similar-selling albums that don't carry the rootkit. The same goes for several other recalled Sony titles, it noted.

Online outrage
News of which CDs were carrying the rootkits took a varying amount of time to circulate. Van Zant's album was named as a rootkit carrier by Nov. 1. Albums by Anastasio and Celine Dion were on a list circulated by the Electronic Frontier Foundation a week later, while Chayanne's album and dozens of others were identified by Sony itself last week.

Reader response
What should Sony do?

Debate how the debacle will
affect the label's policies.

Online, the response has been deafening. A sampling of the 255 reviews of Van Zant's album on Amazon.com reveals the angry response provoked by the Sony news.

"Do not purchase--Installs dangerous software on your PC," says the first prominently displayed consumer review on Amazon.com's Van Zant page. The posting has been judged "helpful" by 741 of 745 people who rated the advice.

"Forget boycotts. Prosecute Sony," reads another long, articulate Amazon review posted by an IT professional.

Brick-and-mortar record stores have seen a less obvious reaction, however. A manager at Berkeley, Calif.'s Amoeba Records, one of the biggest and most successful independent record stores in the country, said he had seen no backlash whatsoever.

"No one's come in and complained that their computer got a virus from buying one of these discs," Allen Lewites, the manager at the Amoeba store, said. "I don't think anyone cares what record companies do."

Regardless of whether mainstream consumer market response is slow to develop or is simply muted, Sony looks like to see a backlash for some time.

The Texas attorney general's civil lawsuit seeks $100,000 per violation of the law. Class-action suits have already been filed in New York and California, and others are expected. At least one federal legislator said the issue should be impetus to pass a national anti-spyware law.

The Electronic Frontier Foundation also announced Monday that it and two law firms would file an additional class-action suit against the record label.

Sony itself has launched an exchange program that offers consumers a new CD, as well as MP3 downloads, for anyone who sends in a CD that has the copy protection loaded. The company has also begun working with one of its chief critics in the security research community, Princeton University Computer Science Professor Ed Felten, to ensure that it releases uninstall software that is safe to use.

[markdoiron]

I Care.

"Allen Lewites, the manager at the Amoeba store, said. 'I don't think anyone cares what record companies do.'"

just to set the record straight, i care. i think others do, too. just because folks who buy cd's from "record stores" may be technologically challenged shouldn't be construed to mean that they won't mind when a virus author manages to clobber their 'puter. they will, though they might not figure out what happened, or how it happened, and likely will never make the connection with a virus-riddled cd and their 'puter problems. Lewites' comment reeks of the same arrogance as sony's recent remark to most folks don't know what a root kit is.

mark d.

[rcrusoe]

Sony's clueless victims

I'm not surprised that people continue to buy infected Sony CDs. According to statistics, 90% of the Windows computers in the world are infected with viruses and/or spyware. These poor sheeple probably won't even notice one more problem.

On the bright side, each malware cd purchased by a Windows user means more money for those in tech support.

[Gerald Quaglia]

I've been saying this for years

Most computers user are quite simple stupid when it comes to their PC. They will click on anything, give away personal info, even help out the poor Nigerian who needs help getting his fortune out of the country. I doubt most users are even aware of the root kit thing. I guess Sony's president said it best when he said that most people don't even know what a rootkit is so why should they worry about it. Business as usual, DRM will continue, the consumer will continue to be screwed and well greased congressman will continue to pass industry friendly legislation like the DMCA.

[heystoopid]

Not me!

Actually, the high order of probability, is the reason why these infected cd's are so hot is that a variety of trojan/virus/phishers writers, are scrambling, to buy these malware audio disc's so that they can dissassemble the code, for incorporation with the next gen virii etc! Oh well, since most of Sony Corps offerings appear overpriced and not cutting edge anymore, who will buy them anyway(and include a fair number of rebrands as well)! After spending hours disinfecting a windows machine, the answer is not me. A quick scan of financial papers show that SONY HQ in '04 to create an illusion of corporate profit sold off the staff pension fund and predictions in '05 show continuing negative profit trends! Further SONY BMG, joint venture company actually posted a trading loss in '04! One can say desperate times, means desperate illegal actions to reverse the downward negative trend! Let the class action law suits kill SONY!

[Heebee Jeebies]

Of course they are still buy...

They are stupid idiots.

Robert

[royc]

What % of records

are sold to non-computer savy people?

I would guess 99%, so no one will notice a 1% drop in sales.

I guess it's same old same old all over again.

[bob donut]

That doesn't mean anything

Generally, it's harder for a consumer to identify an item like a CD with Sony than it is for them to identify a TV or other expensive electronic item. You can expect sales of Sony hardware to go way down, since it's more visible.

[Muddleme]

It's mainstream news media's failure.

It's everywhere online if you go looking for it, however you can watch the news on CNN, FOX, CBS, ABC, MSNBC etc. 24/7 and never hear any mention of this Sony rootkit.
I'll bet you $20.00 I can take a clipboard around the block polling every household and not find one single person aware of the rookit or it's implications. If a script kiddie had rooted nearly every governmental agency, except those who's computers don't have any drives for security reasons, the news media would be all over it.
This isn't Sony's first attempt at this either, Sony's computer support program loaded on every VIO computer is spyware that sends info to Sony regarding what applications you use and how you use them. If your using CDEX to rip Mp3's, DVD Decrypter to rip DVD's, or Gnutella to download anything, Sony knows.

[aabcdefghij987654321]

Wait until the Christmas buying season is over

It's too early to be declaring Sony as unaffected, give it a couple months for the word to spread and for sales not already in the pipe to occur (or fail to occur).