Trying to gauge the damage caused by Sony-BMG’s rootkit DRM will take years to comprehend. The gaping wound caused by Sony-BMG exists well beyond infected computers, security problems, and a tarnished reputation. The record label’s entire philosophy on P2P networking, Internet piracy and DRM has been effectively destroyed.

The copyright industry has attempted to persuade P2P users back into the record stores by exploiting a largely overblown claim that file-sharing networks expose risks to malicious software. On June 14, 2004, MPAA CEO Dan Glickman made the following statement.

"While these P2P services would have users believe they simply offer an easy way to download movies and music, they really do much more. It is well-documented that using these services can lead to user’s computers being infected with spy ware and viruses. Often, unwitting users have their most sensitive, private information exposed to unfriendly eyes around the world. Further, P2P systems have been used by pornographers as an easy avenue to reach children."

This argument by the copyright industry has been annihilated. Computer Associates labeled Sony-BMG’s rootkit as both spyware and a trojan horse. Minimum estimates suggest as many as 500,000 individuals have Sony-BMG’s rootkit DRM installed – far exceeding any infections caused by P2P networking.

Even without an official label by Computer Associates, the public perception of Sony-BMG’s rootkit is that of distrust. In an ironic twist of fate, computers infected with Sony-BMG’s DRM software run the serious risk of being exposed to malicious software. Considering the files Sony-BMG use are hidden from anti-virus and anti-spyware applications, any virus writer can write an identically named file and exploit an untold number of computers.

The copyright industry has also preached from a moral standpoint. Believing there is a parallel between downloading a file from the Internet and physically stealing a CD from a music store, both the music and movie industry have accused file-traders of moral corruption.

"This is not just about online versus offline," said Hilary Rosen, former president and CEO of the RIAA. "Most in the online business community recognize that what Napster is doing threatens legitimate e-commerce models - and is legally and morally wrong."

Much like the virus argument, the “moral” argument has also been vanquished. The reason why Sony-BMG found itself in so much trouble is because they hid information – otherwise known as deception – and thought they could get away with it. The specifics of Sony-BMG’s rootkit were never disclosed in the EULA, and they certainly did not disclose the consequences of its removal. Whatever moral standpoint the copyright industry had was effectively nullified when Sony-BMG and First4Internet inked their deal.

Although Sony-BMG succeeded in negating the music and movies industry anti-P2P argument in one swift stroke, that’s not the extent of the damage. The music and movie industry’s Digital Rights Management (DRM) campaign – once shrouded in secrecy – has also suffered irreparable harm.

DRM (Digital Rights Management) is a blanket term used to describe copy protection on any digital medium. The protection can be simple, such as blocking unlicensed search terms, or very complex, such as First4Interent’s XCP (extended copy protection.) The deployment of DRM can be considered secretive because very few individuals are actually aware of it.

During a recent anti-DRM protest in New York City, a wide majority of individuals were unaware that such copy protection even existed.

Sony-BMG managed to change all of that.

The last thing record labels want is a tremendous amount of attention drawn to the implementation of DRM. As if Sony-BMG’s actions weren’t bad enough, drawing negative publicity to the DRM issue on only compounded the situation.

Now people are very aware of the Sony-BMG fiasco and the implementation of DRM. What was once largely invisible to the average customer has been shot right into the spotlight. The term “DRM” is now associated with malignancies such as ‘virus’, ‘malicious software’, ‘deception’, ‘arrogance’, ‘distrust’, and ‘trojan.’

This situation has already delayed the implementation of DRM on CDs. Sony-BMG has ceased the manufacture of CDs with XCP software, and does not expect to reinstate their DRM policy until sometime next year. Other record labels are also coming under increased scrutiny for their DRM products, forcing EMI to state, “We don’t use rootkits.” With so much public scorn now directed towards DRM, record labels are facing the very real possibility that DRM in its current incarnation can no longer manage to exist.

Sony-BMG has managed to accomplish in 16 days what bloggers, the Electronic Frontier Foundation, writers, journalists, and niche sites have been working on for years. Sony-BMG has destroyed the music and movie industry’s arguments against P2P, and brought mainstream attention and public distaste to the DRM debate.
Source
--------------------------------------------------------------------------------------
Ha!

good i hate DRM, its kinda hypocritcle, either pay nothing and run the risk of a virus or pay $30AU and run the risk of a virus, out of the two i see the better option

^ It's evil stuff.

RIAA President Downplays Sony Rootkit

Someone must have built a lead shield around the RIAA headquarters in Washington, DC. It's the only way to explain how RIAA president Cary Sherman doesn't see the enormously serious consumer backlash against Sony-BMG. During a university press round table discussion, Cary Sherman spoke with university journalists on various file-sharing issues, including the Sony-BMG fiasco.

There are few individuals that would consider Sony-BMG's handling of the rootkit situation a job well done. To hide the copy-protection software, the Sony-BMG rootkit employed techniques typically used by hackers or virus writers. The purpose of a rootkit is to hide files or folders, making them invisible to standard anti-spyware or anti-virus software.

Sony-BMG used this very technology in their XCP (Extended Copy Protection) CDs, created by First4Internet. Anti-DRM arguments aside, Sony-BMG found itself in so much hot water was due to several reasons.

First, Sony-BMG never mentioned the extent or scope of the XCP technology in the EULA (the 3,000 word End User Licensing Agreement.) It was never mentioned files or folders would be hidden on one's machine. In addition, according to Sysinternals, when playing a CD on Sony-BMG's proprietary media player, it "...establishes a connection with Sony’s site and sends the site an ID associated with the CD."

Sony-BMG also never mentioned the potential damage caused when removing the rootkit. When Mark Russinovich, the individual who discovered Sony-BMG's rootkit, removed the clandestine software, the CD drive no longer functioned.

On top of all this, Russinovich also pointed out Sony-BMG’s rootkit presented a gapping security hole. Any virus writer could easily create a virus identically named to Sony-BMG's rootkit and take over an untold number of infected machines.

But all of this didn't appear to phase Sony-BMG much. Initially Sony-BMG and First4Internet denied there was security problem (until the first viruses started popping up.) Even when Sony-BMG released their web-based uninstaller, which posed even a greater security risk, security vulnerabilities were still denied. You may recall the following from Sony-BMG's November 2nd statement:

"This component is not malicious and does not compromise security."

Compounding the situation a Sony-BMG president chimed in on the issue. Thomas Hesse, president of Sony-BMG's Global Digital Business, told NPR News "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"

Perhaps at that moment, few people knew or cared about rootkits. But that changed in a matter of days. It was obvious within a two weeks that an enormous public backlash had erupted against Sony-BMG, one that may threaten the very existence of DRM. Seemingly downplaying the issue, Cary Sherman responded to a reports question on whether the RIAA condoned the actions of Sony-BMG.

"The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware. They have apologized for their mistake, ceased manufacture of CDs with that technology, and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?”

Although Sony-BMG “shared the concerns” and “deeply regret any inconvenience” its customers may have encountered, it never specifically came out with an apology. Sony-BMG never said “We are sorry for our mistake” and never said “We apologize...”

Seems very irresponsible.
Source
-----------------------------------------------------------------------------
SonyBMG

i've lost my respect for the RIAA string of suing people including children or an old person who never even downloaded music (i forgot how it happend, but somehow RIAA stuffed up and sued the wrong person)

RIAA can't follow their own rules, and can't always follow the laws but want others to do that.

Texas sues Sony BMG for spyware violations

HOUSTON (Reuters) - Texas Attorney General Greg Abbott filed a civil lawsuit on Monday against Sony BMG Music Entertainment (6758.T) for including "spyware" software on its media player designed to thwart music copying.

According to the lawsuit filed in Travis County, several of the company's music compact discs require customers to download Sony's media players if they want to listen to the CDs on a computer.

Software included with that media player "remains hidden and active" after installation, the Attorney General's office said in a statement, and makes users vulnerable to security risks and possible identity theft.

Sony said on its Web site that it had recalled all CDs that were installed with its XCP technology designed to prevent illegal music copying, Abbott said, but Texas investigators were able to purchase several of the CDs at Austin retailers on Sunday.

Texas is seeking civil penalties of $100,000 per violation of the state's Consumer Protection Against Computer Spyware Act, which was enacted earlier this year.

"Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Abbott said in a statement.

Sony was not immediately available to comment on the lawsuit.

The CDs, from 52 popular artists, including Ray Charles, Frank Sinatra, Louis Armstrong and Celine Dion, prompt a user agreement to appear on consumers' computer screens.

Users are required to accept the agreement in order to play the CDs on their computer, and Sony's media player is automatically downloaded to their computers with the hidden files.
Source
------------------------------------------------------------------------------------------
All the states should start sueing these unlawful people. They have NO RIGHT to put that stuff on your computer!

Uuuuggggggggghhhh

My spyware caught the virus right now in my computer, can I sue them for this?

Yes. They illegal put malware on your personal computer.

Big business thinks they can do whatever the hell they want.

I told my cousin about it, I was not really going to sue them but he said If I was for real I would have to proove they put it on my computer.

well not really, all you have to do is proove you brought a sony cd and ran it on your computer which wouldn't be that hard to do

well thats the point I don't have any sony products except for a ps2, I stop buying their crap years ago. I don't know were it came from, fo all I know It could be some hacker who found a way to exploit it.