picture
Individual

Virus installed by music CD

Still think government should be run like a business?
celineforkeeps.jpg
This is a book. It will not infect your operating system. It will not communicate surreptitiously with its publisher. No one will know if you’re reading it unless you tell them. The FBI can’t use it to track you. You don’t need a machine to decipher it…
Deeplinks at the Electronic Frontier Foundation has several posts on the “cloaked” antipiracy software that some Sony CDs install on Windows PCs (Macs are unaffected). As if it were not bad enough that potentially troublesome software is being buried inside system files, hackers have already learned to take advantage of the “back door” to the outside world that the software opens up (in order to communicate with Sony—unbeknownst to the user). The infected CDs include not only Celine Dion’s On ne change pas—as if that were not bad enough—but also several classic jazz albums.
The Electronic Frontier Foundation has been following the story:
As if that were not bad enough, Sony’s End-User License Agreement (EULA) requires you to delete all copies if you no longer possess the original CD, so that (as EFF notes) if the CD is stolen you must delete the music from your computer; it also requires you to delete the music if you leave the country in which you bought the CD; and finally, all your rights are revoked if you file for bankruptcy or have your wages garnished—and you’ll have to delete the music from your computer (Art. 9, nos. 2 & 3). Talk about Matthew Effects
Other links: Sysinternals Blog (technical info; search on ‘Sony’); xtracto at SlashDot; Molly Wood, “DRM this, Sony!”, C|NET, 3 Nov 2005; Tom Zeller Jr. “Sony BMG learns hard lesson in war against ‘casual piracy’ of CDs”, Internal Herald Tribune, 13 Nov 2005.
Sysinternals (Mark Russinovich) has the latest (“Victory!”, 16 Nov). Sony has finally agreed to release a stand-alone uninstaller in place of an uninstaller that created new problems even as it attempted to solve the problems created by the copy protection “rootkit” (which was functionally identical to a virus). They haven’t admitted any wrongdoing and probably never will. Moral clarity and all that. —See also “Sony recalls copy-protected CDs”, BBC News World Edition 16 Nov 2005, and Gregg Keizer, “Sony Sued For Rootkit Copy Protection”.
The Betrayer Betray’d—or something like that. It turns out that original rootkit software, written by a company called First4Internet to whom Sony outsourced their digital rights managment, may well itself infringe on GPL (or LGPL) licenses for software routines incorporated into the code. See “Muzzy's research about Sony's XCP DRM system”; Ed Felten, “Sony’s Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs”, Freedom to Tinker 15 Nov 2005; and “Is Sony in violation of the LGPL? - Part II”, Programming Stuff 16 Nov 2005 (go to the home page for yet more revelations).
Freedom to Tinker has a clear explanation of the violations in question: “Open source programs are distributed with license agreements. If you copy and redistribute such a program, you’re a copyright infringer, unless you’re complying with the terms of the program’s license. The licenses in question are the Free Software Foundation’s GPL for mpg123 and DRMS, and the LGPL for the other programs. The terms of the GPL would require the companies to distribute the source code of XCP, which they’re certainly not doing. The LGPL requires less, but it still requires the companies to distribute things such as the object code of the relevant module without the LGPL-protected code, which the companies are not doing. So if they’re shipping code from these libraries, they’re infringing copyrights” (Ed Felten, “Does Sony’s Copy Protection Infringe Copyrights?”, 21 Nov 2005).
The ph’los’ph’r says: Learn an instrument and make your own music. Stop being a parasite.

LinkNovember 13, 2005 in Current Affairs · Web/Tech