Sony Rootkit: The gift that keeps on giving
Mikey 5 comments
Perhaps Sony feel they didn't get enough bad PR the first time around with the Rootkit debacle. Consumer groups are outraged that spyware infected CD's were (and are) still on sale.
Apparently music shops are still allowed to sell CD's with the XPC Rootkit, despite Sony claiming to be working with retailers to withdraw the 'infected' items.
From Sony's web site:
"SONY BMG is working with its retail partners to withdraw compact discs with XCP software from distribution and retail chains. It has asked retailers to cease sale of those discs and to return them to SONY BMG. This withdrawal program has been and is being widely communicated."
In this author's humble opinion, that these CD's are still on sale is unforgivable given the distribution will no doubt have increased significantly over the Christmas rush.
But most curiously, is the question of just how serious is Sony about copy protection? To commit PR suicide and then turn around to say "Yeah we were wrong. Here is a replacement CD and the MP3 files to go with it" is nothing short of insane.
Yes you read that correctly. Sony will not only replace your infected CD, but also give you the MP3 files to go with it. After making the initial defence the Rootkit was intended to protect the artists (translated as "increase Sony revenue"), then how does providing MP3 files to the P2P generation help artists? Perhaps MP3 trading doesn't affect the sales pipeline as bad as the recording companies would like us believe.
Again from Sony's web site:
"In addition to providing replacement CDs by mail, SONY BMG is making available MP3 files to consumers who are exchanging their XCP content protected CDs. Consumers who choose to receive MP3 files will receive an e-mail with a link to the MP3 downloads upon SONY BMG's receipt and verification of their XCP CDs."
So what was the point of the Rootkit in the first place? This would be freaking hilarious if it were not so serious.
Ben
Thursday 29th December 2005 | 01:50 AMYeah this is gold. I have a uncle in USA who bought one of these CDs for his niece. He was pissed because his job is internet security stuff.
Bilingual Zombie
Sunday 1st January 2006 | 02:04 PMI wish the regular TV and Newspaper media would get onto this topic, because no-one I know is even aware of what Sony did. Apart from s few nerdy mates who troll slashdot.
Rodney
Monday 2nd January 2006 | 04:55 PMSo you have to apply by email for the mp3s? So they get confirmation of your email address and at the least, your current IP address. Surely Sony would then be using this to track if the mp3s you just recieved appear in p2p land? Perhaps each mp3 has a tiny encoding bit, related to your email. Wouldn't be hard, just append some random looking garbage to the ID tag or some place in the mp3 file, then see if it turns up later on on KaZaa, etc?
Mike
Monday 2nd January 2006 | 05:19 PMRodney Says: "Surely Sony would then be using this to track if the mp3s you just recieved appear in p2p land'
That's potentially something that could happen. But easily cirumvented by simply re-encoding the MP3's at the same (or different) bitrate, and then deleting the originals Sony provided. In light of what is happening I doubt Sony would risk another round of bad PR. But then who really knows that they are thinking?
Aficionado
Wednesday 28th December 2005 | 01:03 AMLOL! Now thats some funny sh*t. Let the PR wars begin.