Who's more at fault, Sony, Microsoft, or anti-virus companies for not catching it? I have a discussion at http://cityofrain.com -- your comments welcome.

And for the record about the RIAA; "how many times SOFTWARE APPLICATIONS..." -- that's the point you hosehead, they weren't software, they were audio CDs.

THE RIAA BACKS SONY's ROOTKIT

RIAA president Cary Sherman has backed Sony's use of spyware rootkits and claims that other companies do it all the time.
Sherman said that music corporations have the same right to protection as movie studios, video game makers, or software companies.

He said that there was nothing unusual about technology being used to protect intellectual property. He said that you can't make an extra copy of Windows or virtually any other software. Why should CDs be any different?

The only problem he had with the Sony BMG situation was that the technology it used contained a security vulnerability.

Sherman said that Sony had handled the situation well, by backing down. He said that Sony had apologised for its mistake, ceased manufacture of CDs with that technology,and pulled CDs with that technology from store shelves.

"Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as Sony BMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?" Sherman said. You can read a transcript of the interview here.

This interview was posted in the Inquirer.

Well PC_Tool here you go. There is the proof that the RIAA does have some interest in this.

I guess Companies go first, consumer second.

How could Sony think they could get away with this? Re-releasing the CDs with the rootkit on them won't do any good. If I were one of the artists on that page I know I would not let Sony make another one of my CDs. This whole thing is completely ridiculous. If a civilian were to design a program like that and put it on tens of thousands of computers they would be locked away, but all Sony has to do is say they appoligize for any inconvience that this may have caused us! They knew what they were doing and they knew they created a huge security hole, but when they got caught they acted as though they didn't know. What makes me most mad is that they put out a patch to download that would "fix" the problem, but what did this patch do? It made the problem worse by not only allowing Sony to track you every move, but also allowing everyone else to do it too. What were they thinking?

Good thing sony only has top 20 rubbish and the like on its label, thats what saved me from buying thier rubbish, virus ridden cds.

Apology my a.s To little to late BOYCOT SONY.
Everyone make a statement. Show Sony we can make or break a company, in this case break a company.

So can the RIAA now sue itself?

I gotta ask you what the hell RIAA has to do with this?

no but sony customers can sue sony :)

And the saga continues...

I really don't think Sony knew about the copyright violations they themselves were committing, but F4I, sure as hell did.

F4I needs to be shut down. All assets frozen until a complete investigation can be made, hopefully forever ruining the financial stability of the owner(s).

SonyBMG needs to be fined heavily, and should not only re-imburse every customer, but should also be forced to either donate that same amount to charity, or to a consumer rights organization.

I will not purchase form Sony until these things, or something VERY simillar is done.

I would hope, beyond reason, of course, that SonyBMG might actually offer to do some of these things without being ordered by a court.

Yeah, that's bloody likely.

(This does not include various civil suits that should be/are being brought against them by consumers and those who's copyrights they violated)

Agreed. Well said.

And the DRM calls home to "Sony's update servers," so wouldn't they have to have known about it?

EDIT:
Wait, nevermind. I get what you're saying.

:P

For what it's worth - Sony Digital Camera

http://www.bbspot.com/Ne...sony_photo_sharing.html

Please tell me you knew this was a joke.

lol

"This Cookie Monster costume is not properly licensed for photo sharing by the Children's Television Workshop. Thank goodness for Sony DRM."

Funny stuff.

LMAO

"Hackers have already cracked the Sony DRM system by buying another digital camera and using it to take pictures of their pictures once they are displayed on their computer screen. "It's a hassle," said one hacker who wished to remain anonymous, "but at least you haven't wasted the money you spent on the Sony camera"

Nice. I guess those hackers weren't clever enough to take a screenshot.

"hackers" found a way around it by taking a picture of the pc screen with another digital camera?
wtf ...
wtf?

hahahahahahahahahahaha....lol...lol..lol.... this made ma day

OMG! Read this
http://www.tgdaily.com/2...found_in_xcp/index.html

In trying to prevent copyright infringment, Sony breaks 3 others!

Sony's CD rootkit infringes DVD Jon's copyright

http://www.theregister.c..._copyright_infringement/

I read this today and it just keep getting better and better.... Sony is going to have pay dearly for these mistakes. I guess they can do without a couple of billions. :P

Most people don't even know what a "rootkit" is, why should they object to having one on their computer ?

None of their business if Sony wants to put one there !

In the War Against Copyright Infringement there's going to be casualities. Best way to view this: Personal computers are like soldiers, and Sony the General. Maybe your PC will have to die in the battle to keep you from committing a digital infringement. Small price to pay for preventing over-priced music from being copied.

Now let's all get behind sending file swappers to Abu Ghraib !

The Computer Rodent

Another day, another Sony mishap.

Boycott Sony. www.boycottsony.us

Why believe anything this company states? They have been caught in at least 5 lies alone during this particular fiasco. Imagine what else they are holding back amongst the thousands of products they produce.

See above--sixth lie

And maybe they have some other stuff in your computer... that people have not been able to find yet. They should give a full refund, pay for a new cd for their customers, and be liable for any damages cause to the pc owner. A multi billion dollar fine would be nice too.

First it was "a few", then 10, then 20 and the actual total is 52??? Sony needs to learn how to count!

That list is pretty stupid too. Surely the CD's that would require the most piracy protection would be music popular with teens/20's/30's.
As I see it the main market to be pirated and illegally obtained is pop, rock, rap... All for people say under 40.
Wouldn't acts like Avril Lavigne, Christina, JT, Usher, (the list goes on and on...) be more prone to piracy through p2p?

The main users for p2p software are teens/20/30 year olds who nearly all have access to computers and fast download speeds...

OK there will be people over that age range downloading music but the vast majority of people will be in that age range.
Or is this just another case of how disorganised and useless Sony is....?

I agree with bourgeoisdude. I have placed a boycot with sony. I have made a new house rule for my house is not allowed to have anything from sony at all, i have took back my ps2 and all my games swaped it for a xbox, sony is out of my house forever.
Sony can kiss my ars..

I really don't think Ars Technica is all that fond of Sony ATM, either...

...unless you meant arse?

"My conclusion: Windows security isn't enough, and the problem isn't some inherent weakness in the operating system,"

Even as a supporter of Microsoft, I heartily agree. This vulnerability has been compromised for months if not years, and MS needs a new patch...

Boycott sony.

www.boycottsony.us

The list is incorrect. I ran Rootkit Revealer on all our home PC's and my brother was infected with the rootkit. After beating him for an hour, come to find out he bought a "[investigating]" cd a while ago and when he wanted to play it on his PC, it required he install the MEDIA player.

His computer was compromised and now I get to spend my friday night fixing this problem.

Thanks Sony.

Sounds like a nice class action suit :P

Rootkits for everyone!!! The lies from this dumb corporation continue. Pretty soon they will be recalling PSPs cause the phone home on a users location.

Any cd that demands that you install their own proprietary player just to be able to play it from your computer is bad news from the get go. I would never install an unknown or untested app on my computer under such circumstances; the cd would go right back to the store or manufacturer for a full refund.

This is why I'm always nagging people to use a good software firewall as well as a hardware based solution. No application on your computer should be allowed to phone home without your explicit consent. I would love to hear some research on whether the Sony XCP was able to phone home in spite of a properly configured firewall on the afflicted computers.

Sory's rootkit bypassed software firewalls, even Windows XP's built in firewall. You should be upset at your software vendor as well as Sony-- for not doing it's job...

I said properly configured firewalls. I'd like to see the data if you have links.

And everyone knows that the Windows firewall is almost like using no firewall at all. That one doesn't count.

I would say the answer is yes it still phoned home because none of the firewall venders have claimed bragging rights that they kept their users safe plus if they did detect it this rootkit would have been found much sooner don't you think.

Unless my logic is wrong, a firewall can't detect it because of the rootkit. The process would not be detectable by any firewall when it tries to access the Internet.

If someone knows of a firewall that could detect it, please let me know.

A decent firewall *should* be able to intercept all outbound and inbound traffic. If it sees something that it cannot identify with an allowed program or service, it should reject it andinform the user.

The fact that we haven't seen this before now points to a gaping hole in current security software.

Of course, it could simply be that many folks blocked it out of hand and it never got reported beyond the "more info" button on ZA leading to a page basically saying, "Sorry, we can't give you more information."

If someone knows of a firewall that could detect it, please let me know

I'm looking into the Nvidia Nforce4 motherboards with active armor from the little i read about it so far it looks like a hardware/software based solution might be the best way to go definatly worth investigating a bit more.

Hmmm... it would be interesting to see if the Onecare firewall would stop it. It blocks anything it doesn't recognize the first time.

I wish I had one of the Sony CDs to test it out (ok, not really).

"Any cd that demands that you install their own proprietary player just to be able to play it from your computer is bad news from the get go."

That is why LucasArts concerns me...play one of the Star Wars DVD's on your PC (with autorun disabled of course).

"Sory's rootkit bypassed software firewalls, even Windows XP's built in firewall."

Umm...firewalls block NETWORK TRAFFIC, not traffic between the CD-ROM drive and the hard drive. Any malicious program can disable a firewall from the inside with sufficient account privilidges, so it can phone home too.

Wasn't it also Sony's Columbia Pictures who "invented" phantom movie critic David Manning?

I miss the old days when the word SONY meant the highest quality in consumer electronics.

Me too...still have a sony CD boombox that has better sound quality than ANY OTHER BOOMBOX big or small--got it in Christmas of 1994...

Those days are gone. Sony sucks now!

Outpost Pro caught it for me.
But I daresay another properly configured firewall should have been able do to the same...

"I miss the old days when the word SONY meant the highest quality in consumer electronics."

You must be one OLD mutha. That hasn't been the case since the early seventies.

I should know - I *am* that old. :)