Mac OS forum

General discussion

What effect has Sony's rootkit attack had on us?

by lampietheclown / November 22, 2005 2:38 AM PST

As I understand it, for the "rootkit" to be installed on an OSX computer you must 2-click the installer on the CD, and type your admin password.
OK, Sony can't hide the install on a Mac. On the other hand, because they do lie about what the install is and does, I'll bet there are Mac users out there that have installed it. Anyone heard of an instance?
Just curious.
What I'd really like to do is get a discussion going on a few other points of this situation, if anyone's got an opinion.

Will the Mac masses just consider Sony's actions one more reason for not using Windows, and then move on, business as usual?

How has Sony's dirty little secret effected everyone's purchase of music, now and in the future? It seems that it's not just Sony, but other record companys as well. Will it change how you buy music?

Should spyware be legal? Following right behind that question is the obvious (and central to any solution), What is your definition of Spyware?

I'll be posting my my opinions on this over the next day or so. I'd rather not do it right at the top of the thread, because I would like to hear what others have to say, as in "discussion". Not "what do you think of my opinions", as in "argument".
I'm sure there will be some of that too, or at least I hope so. It's worrying me that the Mac forum hasn't seemed to have noticed the barbarians at the gate.

Lampie "Chicken Little?" Clown

Discussion is locked
You are posting a reply to: What effect has Sony's rootkit attack had on us?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: What effect has Sony's rootkit attack had on us?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Opposite.
by R. Proffitt Forum moderator / November 22, 2005 2:43 AM PST

I will buy the Mactel and triple boot.

Here's why. I can't dismiss my income from Windows and Palm applications.

Maybe others can, but why would I want to stop making money?

Bob

Collapse -
Planet Sony.
by R. Proffitt Forum moderator / November 22, 2005 2:46 AM PST

AYBABTU. http://www.doxpara.com/?q=sony has some great graphics of how widespread the infection is.

Too many users are ... 'users' and will accept the dialogues and give up control. Only after they are burned a few times they seem to get smarter about answering "No" and learn the other lesson.

Cheers,

Bob

Collapse -
RootKit
by mrmacfixit Forum moderator / November 22, 2005 6:01 AM PST

While the installatin of the Mac version of the "rootkit" may seem to be possible, consider the lengths that one has to go to to install it.
The average user, on a Mac, would insert the CD, watch iTunes launch and rip the audio tracks into iTunes. End of use for CD, back into it's case it goes. I have never gone rummaging around the insides of an Audio CD, there is never anything there for a Mac anyway.
The PC user on the other hand, especially the one that has autoplay turned on, gets the kit installed for him from exe files on the CD.
I doubt that this piece of spyware has made even minor inroads into the Mac community because of the way it has to be installed. If it had been as prevelant as you think, surely the Mac sites would have been up in arms about it, and they're not.

Just a thought.

P
The proud owner of NO sony CD's

Collapse -
Sony CD's
by RaeAtkinson / December 8, 2005 9:16 PM PST
In reply to: RootKit

As a general rule of thumb, I stay away from Sony.

Collapse -
Depends...
by b8375629 / December 8, 2005 10:10 PM PST
In reply to: Sony CD's

Depends on what it is. I've never really had that much of a problem with Sony until this rootkit mess.

Collapse -
First time I saw this was today
by grimgraphix / November 22, 2005 6:33 AM PST
Collapse -
(NT) (NT) Interesting Article.
by mrmacfixit Forum moderator / November 22, 2005 9:37 AM PST
Collapse -
Grim, just what is a Sony-rootkit?
by taboma / November 22, 2005 2:14 PM PST

You have left me in the dust. Keep it as KISS.
Keep It Simple Stupid for me please.

-Kevin

Collapse -
Here's a link to a non-technical sumation
by lampietheclown / November 22, 2005 8:37 PM PST
http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html

And here's a link to CNET's FAQ on the subject.
http://news.com.com/FAQ+Sonys+rootkit+CDs/2100-1029_3-5946760.html?tag=nl

Here's a link to a time-line sumation
http://www.boingboing.net/2005/11/14/sony_anticustomer_te.html

Pete, you've always had a more upbeat opinion of OSX security than I have. I read things like http://www.emergentchaos.com/archives/001928.html . I understand it in principle, and I don't see any obvious flaws in his reasoning, but I don't have the core tech knowledge to say how accurate it is.
Is it possible for malware to sit and wait until you use root access for something, and then move in to do it's damage when it see's access granted?
Also, I see your point about Mac users never going directly into the CD, but if I understand correctly, these are labled as "content enhanced" CD's. To me that means lyrics, interviews, music videos etc. I know where I'd look for the "enhancement". It also wouldn't surprise me to have to click an app on the cd to access the stuff. I guess "ennhancement" is Orwellian doublespeak.

I've been surfing, reading, and learning about this stuff for much of the day. I found out about it from a post of Bob's in another forum, where he suggested Googling sony rootkit.

A speculation on why grim, taboma and I are getting the news so late...
CNN - AOL/Time/Warner
Foxnews - 20th Century Fox
ABC - Disney
NBC - Universal
CBS - oh, wasn't this Columbia? cant' remember

Now lets look at the members of the RIAA/MPAA...

MPAA:
Disney
Sony
MGM Studios Inc.
Paramount
20th Century Fox
Universal
Warner Bros

RIAA: - too many to list.
http://www.riaa.com/about/members/default.asp

Needless to say, all the major news outlets are well represented. Their not going to rat on their bretherin.
# posted by Ian : 3:29 PM, November 07, 2005

I should have been on the road to Ohio hours ago, but every page I read shows me new directions to look.

One thing I'm sure of. Sony has taken and is still holding the position that it's profits and property rights are more important than our our privacy, our security, and our trust, all rolled into one. It has kept that position.
Thomas Hesse, President of Sony?s Global Digital Business, literally said: ?Most people, I think, don?t even know what a rootkit is, so why should they care about it??

Lampie
Collapse -
Another point
by mrmacfixit Forum moderator / November 22, 2005 11:09 PM PST

Where were those wonderful people/organisations that should have bowled this one out the instant it appeared? The ones that take your money on a yearly basis, insist that you update twice a week and are forever preaching that the sky is falling?
I'm speaking of the Anti-Virus companies, all of them, and the Software Firewall companies. With all these "Security" companies telling us of the "possible" flaw in Windows, IE, iTunes, you name it, how did they ALL miss this obvious invasion? This was no theoretical flaw, this was a deliberate attack by big business!
How did a rootkit get installed without the AV program flagging suspicious behavior unless Sony had arranged for their root kit to be included in a list of "non-dangerous" occurrences?
Why didn't the firewalls shout that something, other than it's already configured allowable programs, was trying to access the internet, every time you played the CD?
I don't claim that OS X is bullet proof, however, it is a lot more difficult to drop one of these things onto a Mac and, right now, seems to require the cooperation of the user to get it there. It does appear that there may well have been a "playing down" of the news from the National media but this thing has been all over the internet since day one. As I mentioned in my first post, I have seen little reference to this affecting the Mac. Other than the link supplied by Bob, back about a week, that is the only report I have seen about there being a possibility of something being installed on an OS X machine. Remember the "security by obscurity" myth which states that with such a small market share, it is not worth writing a nasty for the Mac. Did Sony actually bother?
An interesting note about the rootkit was in the link supplied by Grim. The author, who has a very low opinion of the rootkit writer, mentions that the kit does not work on Windows driven by 64bit processors so the writer didn't bother to write (didn't know how?) for a low market share on the Windows side. Did he bother for the Mac?

Just a thought

Have a great Thanksgiving, all of you

P

Collapse -
Good Point
by lampietheclown / December 1, 2005 11:12 PM PST
In reply to: Another point

Just got back home, 1,100 miles in 14.5 hours. a new personal record!

I have read posts that speculate on why anti-virus software didn't speak up, but most posts see it reversed. They figure that the AV companies don't consider programs from a large corp. to fit the profile of malware. It stands to reason that you have it the right way around. The software doesn't know where the malware came from unless it's told in an update to ignore THAT piece of software. I have not read anything from the ''protection racket'' companies explaining this.

From a post I read but can't rmember where;

''Sent an email earlier today to New Media Manager, Stein Vegusdal @ SonyBMG Norway.'' ...
...''Further he states that First4Internet is a Symantec-partner and that Symantec has posted it as not harmful.''

I wonder what he meant by ''partner''?

I have read reports that the DRM Rootkit will install on an OSX machine, but not without you typing your admin/PW.
Auto-Run for Windows, and the fact that many Windows users operate their machines as an administrator (equal to always booting as root in OSX), seems to be the security hole Sony is taking advantage of.

Sony's other DRM spyware, made by Sunncomm, is still being used on CDs made by Sony, and reportedly, is an issue for OSX. I went to their site http://www.sunncomm.com , and found some comical spin in the FAQ.

Q-Is there a way to remove your software from my computer?
A-Please note that MediaMax was designed to manage and safeguard the copyrights of specified artists' CDs while giving you an enhanced visual and listening experience. It does not interfere with or impact any of the normal operations and/or functions of your computer.

Hmmm. I guess that means no?

Q-Is there a way to remove the DRM files?
A-Please note that because the keys are very essential in controlling access to protected music, Windows Media doesn't allow anyone to have access to them directly. They are located in a license store file that is handled exclusively by Windows Media Player, in accordance with the way your Windows system is configured. Since those keys are very small and literally do nothing other than help the user play content that would otherwise be inaccessible, Microsoft never envisioned that anyone would have a desire to remove them. As a result, we do not have a way to tell the Windows Media Player to remove a particular key.

Still means no, I think.

I e-mailed them, explaining that I used OSX, and asked for either
A) removal instructions
or
B) the contact information of the attorneys who handle class action law suits on their behalf.

Here's the reply;

Hi Lampie, and thank you for contacting us. We appreciate your purchase of the copy protected CD and apologize for any inconvenience.
We appreciate your frustration in this matter. To address the questions surrounding the actual DRM files, the files are only loaded to your machine if you instruct them to do do. In order for that to have occurred, you must run the M4 application, accept the EULA, and then copy the songs to your hard drive via the MediaMax application. If you did not do this, then the DRM files were not loaded to your machine. However, if you did do this, then here is the procedure for removing them.
If you browse to Library -> Preferences -> DRM you will find any DRM files loaded, and they can be deleted from there.
Please let us know if we can assist you further.
Thank you,
Rob
SunnComm Tech Support

It appears that OSX is still pretty secure from SunnComm, if Rob's answer can be believed. I don't have a DRM CD to try it out, and you can bet I won't buy one in the future, so I'll just leave it as FWIW.

For Windows users, the problem is more complicated.
"Sony said in a statement Friday that SunnComm had removed the uninstall program from the Web, and was in the process of contacting 223 consumers who had downloaded it while it was available.
The security hole in the uninstall program was similar to one discovered with First 4 Internet's uninstall program several days ago.
In each case, Princeton University computer science professor Edward Felten and researcher Alex Halderman found that the uninstall programs responded to commands from their creators' Web sites, but would also respond to malicious instructions from other Web sites."

Some other things I found;

The CEO of First 4 Internet, Mathew Gilliat Smith, boasted to a European IT website -- ''IT Enquirer'' in July 2005, that their XCP-1 copy protection software is now in use by ''most of the large record labels around the world'' http://www.it-enquirer.com/main/ite/more/digital_rights_management/ .
Note that this Wired article http://www.wired.com/news/digiwood/0,1412,67696,00.html from May reported that First 4 Internet's clients include Universal Music Group, Warner Music Group and EMI, in addition to Sony/BMG.

In my opinion, the issue isn't ''Are Macs safe''? It's ''Who owns our computers''? We shouldn't ignore the issue or play it down just because our particular brand of computer isn't infected this time.
The issue is privacy. The issue is property rights. It's not a Mac vs. PC issue.
Am I the only one who sees it this way?

Lampie

Collapse -
Property Rights and the Music Companies
by onosson / December 2, 2005 12:33 AM PST
In reply to: Good Point

You're absolutely right, this is about property rights, and if they do figure out a way to do this on windows in a legal way (or the courts side with them), then mac can't be far behind. It's not about the OS.

That being said, I would not trust apple and the online itunes store either. Here's the reason. Companies who sell digital music are very very interested in keeping tabs on those who purchase music from them, and controlling their use of that data. Apple has become a huge player in the online music business - they have been ranked as the 7th largest music retailer in the U.S. (not sure about here in Canada) recently, and growing. Apple has just as much reason to play the same game as sony - they are both in the music business. Plain and simple.

Collapse -
Not quite true about Apple
by lampietheclown / December 6, 2005 7:12 AM PST

Apple does not own the rights to any music, and so has no digital rights issues except one.

Apple must satisfy the owners (record companies) that the music they sell won't be used to pirate the music. If Apple can't do that, they won't be liscensed by the owners to sell the music.
This is why you can't move song files from the iPod to a computer. It's also why they don't sell mp3's.

Lampie

Collapse -
Apple's (i)Tune Might Change
by onosson / December 8, 2005 11:01 PM PST

Steve Jobs is a pretty smart guy, and keeps his cards well-hidden. It's hard to anticipate what direction he's going to go with things. Recent developments have me wondering what apple's true plans are for the future. The video-enabled ipod has opened a whole can of worms.

I recently had the tv on (a very rare occurence), and ellen degeneres' talk show was on. She was giving things away to her audience, and of course they were excited. One of the things they gave away was an ipod. It wasn't probably the most expensive item, nor in my opinion necessarily the best, but the audience reaction was unreal. They went hysterical. And the audience is mostly women. Apple is tuning into a huge market, women, largely ignored by other tech companies, and it's brand recognition there is beyond big.

I think they could do anything they choose at this point, and launching their own label would not be something I would be surprised to see them do. Once they do, don't be surprised if they try to 'protect' their rights.

Collapse -
They can't start a label
by lampietheclown / December 9, 2005 5:41 AM PST

Many years ago Apple found itself in a lawsuit against Apple Records, the label the Beatles used and I think, owned.
The problem was of course Apple Computer's name. Apple Records wanted them to change it.
If I remember correctly, The agreement was that they could keep the name, as long as they stayed out of the music business. I figured the music store wouold bring a lawsuit, but Apple Records didn't move on it. If Steve tries to start a label, You can bet Apple Records will be looking to own it, and because Steve already agreed in writing to stay out, I'll bet it would be a slam dunk.

Lampie

Collapse -
The implications disturb me
by grimgraphix / December 2, 2005 1:31 AM PST
In reply to: Good Point

To my way of thinking this goes way beyond protection of copyright/fair use issues. I have seen computer pundits talk about this but have yet to see an explanation from Sony as to what all this was exactly supposed to do.

1 - we know it was supposed to limit copies.
2 - we know it somehow opened a backdoor on a PC.

Why the back door ?

Was this supposed to report to sony every time you played their CD ? Do we know if each individual CD track had an identifying code imbedded in it ? If so, then they could conceivably track any song released on a p2p network through sales records back to the individual who bought it. Only those who use cash and refuse to put their personal info into the computerized cash register could not be tracked.

As I said Sony needs to make a full disclosure of the intended use of the software. It strikes me as a big brother bug. Every time we click on a EULA we concede that the equipment is ours but the OS and other software that makes it run is someone else's. The reality is we have already LEGALLY accepted that these software companies can dictate how we use the software we thought we were buying but in reality are renting - one time renters fee to be sure but the EULA implies the software company can take the product away if we do not use it as they intended it to be used. Music, Movie and Book publishers are simply extending what the software manufacturers started.

Books, over the past 1/2 century, have had reproduction warnings on the inside cover. Xerox machines in libraries scared publishers to death. The reality was that a dime a page made it prohibitive to copy a book rather than buy one. Still, book resellers in many places are required to rip the front cover off of certain books to diminish the books value and mark it as pre-sold. The record stores used to do this with the notch in the album cover in the bargain bin section.

The problem of the old scenario in the new world is that we aren't making copies on a Xerox. We can take digital originals and make perfect copies of the original... and not at a dime a page either ! The question raised from our view as consumers is what is fair value for the product ? The content providers ask what is fair use ? Legislators listen to lobbyists and unfortunately forget they are there to really serve the interests of their constitutes (after all they tell us we own our land but charge us rent or "property tax" every year and reserve the right to take our land away if we don't pay - but thats for a different post).

The bottom line before any other issue is - to my way of thinking - disclosure. Sony failed to disclose the full features built into their product. In fact they are still not telling us all the facts about what it was designed to do. Proof of intent to deceive (wouldn't this be fraud? ) lays in the fact that the root kit installs whether you accept the EULA or not. The result is a modification of the way your PC works without your consent or notification. Vandalizing, graffiti, hacking all fall under this definition don't they ? The fact that these CDs have been out for close to 2 years compounds the fraud.

If Sony had disclosed the content on these discs and sold them for a lesser price would it have been fair ? If music and movie companies sold "full use" discs for twice as much would you buy them ?

BTW I saw on one article about sony that they have recently copyrighted software that would allow them to lock a disc to a player. The implication was if combined with a gaming platform (play station 3? ) that they could control what machine the game is played on and possibly charge a fee if you wanted to play the game at a friends house... all monitored on the internet I assume. Your machine breaks and they charge a fee to allow you to port over to a new machine ? Used game resellers pay a fee to void a registered serial number on each disc ? It's ironic that sony was part of the law suits involving VCRs back in the 1970's but now that they are content providers they fight to limit consumer use to maximize profits. Heck, in my house we buy a new PS2 controller every 6 or 7 months... the grey PS1 controller is still working after 8 years ! Video games... the electronic crack pipe. Devil

grim

Collapse -
Hmmmmm... Do this mean what I think it do?
by Rumdunnitt / December 8, 2005 9:19 PM PST
In reply to: Good Point

<<If you browse to Library -> Preferences -> DRM you will find any DRM files loaded, and they can be deleted from there.>>

Hmmmm... after reading through most of the postings in this link--especially this quote, I went to my Prefs (OS X 10.3.9) and found a file named DRM with and item named DRM.key in it--DOES THIS NEED TO FOLLOW MARGARET MITCHELL'S ADVICE AND MAKE IT GONE WITH THE WIND???

Lately, (sometime after my update to X 10.3.9) I started burning nothing but coasters on my iTunes LEGALLY purchased music--not until I just happened to used a BACKED-UP version of my pre-updated OS (OS X 10.3.8) on a FW drive have I been able to burn to CD. (After having a truck and several hundred dollars worth of "store-bought" music stolen from me--I prefer to keep a burned back-up copy in my truck now.)

I wonder if this file has had anything to do with all the coasters? Don't see it in the back-up copy that let's me burn my iTunes PURCHASED music... Hmmmmmmmm.....

BTW, it is dated 4/1/05--VERY FOOKIN' FUNNY APRIL FOOL'S DAY JOKE ON ME, HUH?

Rum

UH, as I write this, the news on TV is talking about extending the Patriot Act--though they claim new safeguards are being installed... BUT, THEN AGAIN, I'M FROM N'AWLINS--AND RIGHT NOW, THE PHRASE, "HI, I'M FROM THE GOVERNMENT (LOCAL, STATE, OR FEDERAL), AND I'M HERE TO HELP YOU", DON'T MEAN CRAP TO ME--NOT EVEN A COUPLE OF CASES OF MRE's WHEN WE HAD NO GROCERIES... roflmao
Rum
Still here and still surviving....

Collapse -
I'd trash it ...
by lampietheclown / December 9, 2005 6:15 AM PST

...but then, I like burning CD's AND using the most updated software.

I search all over the internet for someone with an infected mac, and here you are. What can you tell us about it?

On second thought, don't just throw it away. Make a copy of it, and any related files. I've sent you an e-mail with my email address on it. If you could send the files you found to me, I'd like to take a look at them.

Of course the next question is can we link your coasters to the DRM files. After you remove them, does your burner work?

Pete? Bob? Am I missing something? should he do something else first so no information is lost?

Rum, I'm glad to hear you are still there and kicking! NOLA hold's a special place in my heart, because the year I turned 21, I was living on St. Peter. Need I say more?
Make em rebuild, even if it turns into an island!


Hey come on, IT'S A STREET!


Lampie

Collapse -
Leave it alone!
by mrmacfixit Forum moderator / December 10, 2005 6:15 AM PST
In reply to: I'd trash it ...

That file, DRM.key is exactly what it says it is. I have one too and all because I purchased music from the music store and because my version of iTunes is capable of reading DRM encoded files from the Music Store.
If you have Keynote, the file has a keynote icon and when double clicked it launched Keynote, which claims is is corrupt, but puts up the media pane for Keynote showing purchased music in the iTunes Library.

Methinks the coaster issue is something else and not related to this. Note, there was never a mention of using a SONY CD, that I saw, in this post

P

Collapse -
Sounded like a good idea ...at the time
by lampietheclown / December 10, 2005 10:14 AM PST
In reply to: Another point

Your question really bugged me, and the websites of all the major players seemed to be handling Sony with kid gloves, even today, so I did a little surfing.

The ''security'' companies it seems, had a gun to their head in the form of the DCMA.
There is a section of the Digital Millennium Copyright Act (DMCA) that deals with anticircumvention of devices put in place to protect content.

From Chilling Effects Clearinghouse
http://chillingeffects.org
The Digital Millennium Copyright Act (DMCA) is the latest amendment to copyright law, which introduced a new category of copyright violations that prohibit the ''circumvention'' of technical locks and controls on the use of digital content and products. These anti-circumvention provisions put the force of law behind any technological systems used by copyright owners to control access to and copying of their digital works.

The DMCA contains four main provisions:

a prohibition on circumventing access controls [1201(a)(1)(A)];
an access control circumvention device ban (sometimes called the ''trafficking'' ban) [1201(a)(2)];
a copyright protection circumvention device ban [1201(b)]; and,
a prohibition on the removal of copyright management information (CMI) [1202(b)].

I'd imagine that the security of our computers took a backseat to the DMCA, and still does. Since uncloaking of the DRM might be considered as against the DMCA, it would be risky to help us do it. Certainly, creating software that searches it out and removes it is a violation.
Gee, the DMCA sounded like a good idea at the time.

So Rumdunnitt? I never said to remove that file. I was never here. It was a guy who typed like me, honest. I sure hope the police catch that evil clown impersonator.

Lampie (Hi, I've never been here before) Clown

Collapse -
Rootkit
by taboma / December 8, 2005 3:15 PM PST

Lampie, Who thought that Sony wood stoop to this level!?
What happens to the Windows users when their system is effected and damaged?
Sounds like a class-action suit in the offing to me.
By the way, you guys are way over my head with this stuff. Yet, your link was really simple to understand. Thanks,

-Kevin

Collapse -
Kevin, root kit is...
by grimgraphix / December 2, 2005 2:06 AM PST

and don't quote me on this, but a root kit is a modification of the operating system kernel. As I understand it, this root kit creates a back door that allows access to your computer for anyone aware of the vulnerability. Virus software would not warn you of any access because virus ware needs to have a definition of any malicious code to look out for in order to warn you. It took almost 2 years for anyone to be aware of this root kit so little is known about it yet. Does it communicate with sony ? I don't know.

2 different programs are involved here. One is software that limits the amount of copies that could be made. this is pretty self explanatory. What the purpose of the root kit is I'm not so sure and have yet to see an explanation of it's purpose.

I am not sure but wouldn't a modification of the system kernel by a root kit from sony be a violation of MS copyright and Windows XP EULA ? Does a software company need to inform MS of any commercial program that modifies the MS OS ? Does this imply that MS was aware of the root kit if no legal action has been taken by MS ?

grim

Collapse -
Root Kit Explanation
by taboma / December 8, 2005 3:20 PM PST
In reply to: Kevin, root kit is...

Grim, Thanks for keeping it KISS: Keep It Simple Stupid.
Works for me.
Thanks,

-Kevin

Collapse -
My Definition of Spyware
by RogerB299 / December 2, 2005 6:44 AM PST

You asked for definitions of spyware.

To me, spyware is:
Any software, firmware, or devise of any kind, regardless of how or by whom it is installed on a given users system, that collects any user data whatsoever, and reports that data, for any reason, to any outside system, database, person(s), etc., without the specific knowledge and consent of the user, ought to qualify as spyware and ought to be made illegal.

Full disclosure of what is being collected, why it is being collected and to whom, including any third parties the collector intends to make the information available to, as well as the specific consent of the user from whom the info/data is being collected ought to be required for legal collection of any data from any system not owned by those seeking to collect the information.

Collapse -
Nice one
by lampietheclown / December 4, 2005 11:42 AM PST

It's tough to come up with a definition. Yours hits it pretty good.
I noticed that you limit it to what is installed on the users equipment. Was that deliberate? There are many ways to gather information without putting anything onto a person's computer. It's harder, and slower, but it can happen. Spyware on a server for example.
As I understand it, Google's "G-Mail will allow you to store a Gig before your mailbox is full, but Google will scan your e-mail, keep track of your searches and use all of this info to (according to them) put targeted ads on your screen. Spyware?

Your def would also include cookies.
This is why it's so hard to come up with a working legal definition. We don't want to be spied on, but we have uses for the technology. I wouldn't have a prroblem if I had to OK new cookies, but if every time the site want's to update a cookie I have to read an EULA, it's going to make internet banking, and internet shopping, a hard task.

What do you think?


Lampie

Collapse -
Rather than asking about spyware...
by grimgraphix / December 4, 2005 3:36 PM PST
In reply to: Nice one

maybe we should we be looking at disclosure and what a EULA should tell you up front ? As I said on my other post it is a failure to inform or an attempt to mislead you that is disturbing. Just as there are laws re: what/how food ingredients should be listed, maybe the computer industry should be required to adhere to strict guidelines regarding what they must tell the consumer and how they must tell it. After all, Al Capone was busted for tax evasion... maybe companies like Sony should be busted for failure to disclose what a product does.

What incentive do companies have to be forth coming ?

Content providers, just like spammers and phishers depend on what the consumer doesn't know to achieve their ends. Make "social engineering with intent to mislead" a crime and we wouldn't have had this little hack from Sony hidden in the first place. Of course a law like this could really screw political careers as well... Devil

grim

Collapse -
Disclosure? As a legal term?
by lampietheclown / December 4, 2005 11:49 PM PST

I think were gonna need a new definition for disclosure.

According to the EFF, http://www.eff.org/deeplinks/archives/004145.php
Sony's EULA pretty much covered what they did.
Well, it covered their butts, anyway. According to EFF lawyers, here's the breakdown of some of it.

If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.

You can't keep your music on any computers at work. The EULA only gives you the right to put copies on a "personal home computer system owned by you."

If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside.

You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.

Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm.

The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD.

If you file for bankruptcy, you have to delete all the music on your computer. Seriously.

You have no right to transfer the music on your computer, even along with the original CD.

Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.

So, they can put whatever they want on your computer, and if they change it, you have to install the updates. It's OK if it gives them a back door, and their not at risk if they leave the back door open.
Sounds like exactly what they did.

The question then is, when they hide that information in legalese, and bury it in fine print, is it still disclosure?
I'm not a lawyer, but since before I was old enough to sign a contract I was told that if I didn't read it - my though luck. If I didn't understand it - I shouldn't have signed it.
The only bit of hope is if a judge rules that the contract is not binding for some reason. Maybe because the things it asks for are not legal, or not possible, or something like that. As EFF states in the above link, Sony's EULA has changed the rules. Rights that we have enjoyed while owning a standard CD, through "Fair Use" and "First Sale", have been taken away now. Sony may not be able to do that legally in an EULA. Like I said, I'm not a lawyer.

I do know this;

When things get to the point where you have to read a 3 page contract to buy a $15 item that doesn't shoot, explode, or even plug into the wall, It's a bad day for the free market system. Business, the legal system, and the consumers need to sort some things out fast, or commerce is going to grind to a halt.

I have a better chance of getting my computer infected by clicking OK on the contract, than I do downloading pirate copies on the internet. For anybody with a Windows machine that really needs it for school or work, what are you going to do?
It almost looks as though Sony has become the marketing division of Limewire and BitTorrent. If one of them had gone public in the last few months, I'd have looked into which Sony and First4internet Execs. had the stock.

So, does the EULA cover it? Or should Sony be required to put a large skull and crossbones on the cover, AND the CD.

Were going to have a dictionary when we are done, but...

How do you define "disclosure"?

Lampie (just call me webster) the Clown

Collapse -
Vote, Influence & Boycott with Dollars
by RogerB299 / December 5, 2005 1:02 AM PST

I know this is going to sound impotent and ineffective, after all, what can one person do against the giant corporations.

Money isn't everything but it sure is powerful in politics and the market place.

The one thing we always retain is our power to influence and change things we don't like by with holding our dollars. When all else fails, when software agreements like we are discussing seemingly force us to accept terms we feel unfair, possibly illegal or just flat out not right, we always have the option to disagree by not buying the product, or not buying any more from the offending company.

Well one person in this case exposed this problem and it has already forced some changes, though not good enough yet. Exposing the problem was the first step, but if consumers do not react against Sony by complaining and ultimately not buying Sony products, or if Sony did not at least fear these consequences from the market place, they would not have done a thing.

Individual voices do not effect changes, but collectively we do. I have learned from experience that letters to politicians and company's logically detailing our concerns without being abusive or sounding like crackpots, or becoming chronic complainers does get their attention fast. Especially when we promise not to vote for them or purchase their products until the right kinds of changes are made. It doesn't always take an avalanche of letters on a given issue either. Often it only takes a few.

Having said that - I will be writing my State and Federal reps and senators, appropriate Senate committees, and of course Sony to let them know my concerns and the need for legislation to fairly control this sort of thing.

At the same time it remains important to keep these discussions going and getting them spread to wider and wider audiences using the most widely/easily understood descriptions of the problem as possible.

Collapse -
I agree
by lampietheclown / December 7, 2005 11:49 PM PST

Part of the reason I started the thread here, was that I wanted Mac users to understand the situation, and realize that it it's their problem too. Your point is also proven by the fact that when Sony was told about the problem (but it hadn't gone public yet), they did nothing, and denied everything.

From there to recalling the CD's, making removal software, and giving customers MP3's with no copy protection, was due to publicity. Sonys estimate of the sales lost if the story got bigger, and became a story even my grandmother would have an opinion about, got them woried. Oh yea, the Texas and California AG's might have helped too.

Sony realised that no one who knows the story is on their side. Their only hope is to make it a ''non-story'' as quickly as possible, so more people don't find out.
They also know that the public is fickle, and may just forget about it. A few well placed price drops for the Christmas shoppers will test just how strongly the public feels about a Sony boycot. Sad, but true (and effective).
The funny thing about it is that Sony stepped in it so many times, that the story got redundant, and it seems people stopped paying attention.
I wonder how many people know that the un-installer didn't, or that the second un-installer opened security issues, or that Sunncomm's un-installer was pulled for security issues after only a few hundred people downloaded it. Sony crashes on every lap, and no one will be watching by the time they finish the race.

I only own one Sony product at the moment, an older ''digital 8'' camcorder. It will be my last Sony product.

My Texas AG is already on the case without my prodding, and I made sure the Ohio AG's office was aware of what was going on while I was up there. (it's good to have family in government)

This Christmas is the time that will make it or break it money wise. If Sony doesn't see the result of their actions in the December sales report, they will know that they can do what ever they want.

Lampie

Collapse -
Just to clarify
by mrmacfixit Forum moderator / December 9, 2005 9:01 AM PST
In reply to: I agree

Sony never did make any removal software. All they did was issue a patch that made the files visible. It was up to you to figure out how to remove it and this is what caused a lot of CDROM players to stop working

P

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.