Mark Russinovich's latest post: http://www.sysinternals.com/blog/200...ecloaking.html The uninstaller uses 'fix it with a hammer' approach.

However, the most interesting thing is in the last few paragraphs.

From what I understand, they are not backing off at all. This had to do with uninstalling the rootkit will render your drive inopperative which is paramount to a virus. Sony could be held responsible in a class action suit if thousands of users are getting their machines messed up.

Since it only affects PCs, it isn't a problem as far as I care. The only PC I have will never see an audio CD anyway. Let the PC world fight it out with Sony. :p

For now. They just haven't had time to give us their full attention. On the rootkit programmer's site, there is reference to a version for OS X.

Yep, they could make a version for OS X. Of course, it will most likely require an admin password to install. So, if you ever put a music CD into your Mac and it brings up an installer password dialog, it's in your best interest to STOP, eject the CD, and return it unplayed.

Or maybe just rip the music files off the disc, burn it another CD, and trash the original.

We know that, but I have to wonder, how many "typical users" would know that? I bet if my mom brought home a CD and it asked for her password, she'd gleefully supply it. She's not an idiot, but she's just too trusting.

With respect to claims (that may or may not have originated with Sony) that Sony do not keep info on persons who want to download the patches or uninstaller, Sony's data collection policy (for their UK operation) is filed with the UK Information Commission. Sony do keep records on "customers, complainants and enquirers" - a list that I would have thought probably includes ungrateful customers.

It seems unlikely that this policy is only confined to Sony's UK operation.

The policy is here: http://www.esd.informationcommission...sp?reg=2693561

They would also seem to be traders in personal info (at least with the EEA) Note that for "marketing purposes" they also keep details of 'sexual life.'

This policy is the most intrusive policy I've read (not that I make a habit of comparing policies) Blanket denials that data received when the discs phone home seem a little weak under the circumstances.

Sony backing out, rootkit possibly in violation of the LGPL
 

Sony now completely fell over and calls back all "infected" disks:
http://cp.sonybmg.com/xcp/

The EFF has a grocery list of what Sony would be well advised to contain the problem:
http://www.eff.org/IP/DRM/Sony-BMG/?...005-11-14.html

There are also great chances the Sony rootkit infringes the LGPL (Lesser GNU Public License):
http://www.the-interweb.com/serendip...L-Part-II.html

That would be more than a bit ironic if, in an attempt to "secure" their content, they violated the conditions of a free software license.
Respecting it would not even cost them any money.

I think we should be grateful that Sony has staged this major PR-disaster, educating the silent majority what a bunch of robber barons the content mafia really is.

Thus bringing the phrase "infected with DRM" to the masses.

Several of the media types have started calling it "Digital Restrictions Management," and I hope that sticks with consumers. Far more accurate.

I find it hard to believe that sony thinks what they are doing is ethical. I think they knew what they were doing and just hoped they wouldn't get caught. I see how they feel that it is thier right to protect software. But that blatatly violate the EULA, and I don't know how they can do that and feel they are not breaking any rules. Then they make it a goose chase to delete thier files, fully knowing that the process can be made about 7 steps shorter.

This company breaks basic rules and violates users rights. I can only hope that this stunt costs then dearly, so they can be punished for what they have done. So the whole story can end like a nice moral fable. Like the three bears or something.

Certainly they never anticipated that their own software would be their undoing; that it was such a fragile botch up. Other than that, I agree. I think they thought they would get away with it.

Two things boggle my mind about this, however: first that they thought that the next upgrade to WinXP wouldn't completely bust the whole thing (or was MS in cahoots?), and second that not one single Virus program caught what is from my perspective a virus.

Agree here big time. Nothing pleases me more than to see a bully fall on his face. That's the situation here.

See the article by Bruce Schneier on this very question:
http://www.wired.com/news/privacy/0,1848,69601,00.html

Sony’s corporate embarrassment - and great public service
 

.
My personal policy is simple: I refuse to purchase any music CD with DRM – whether from Sony or anyone else. "Digital Restrictions Management" is indeed an apt phrase, Carlos, and I refuse to accept this. The thought of purchasing a CD, only to discover that I can’t transfer it to my Macs music library, gets me very angry.

Bramley, Voldenuit, Carlos, Hayne and everyone – thanks for posting the references. Those are well worth reading in detail. There has recently been a lot written in the Norwegian press as well.

I seem to recall a lecture given at Microsoft, arguing why DRM doesn’t work, and offering a very convincing case of why it should not even be attempted. Very, very convincing! (Maybe somebody can post that again.)

Sony has unwittingly done a wonderful public service with its triple botching of the issue:
1.) Attempting DRM
2.) Installing rootkits without the consent or knowledge of computer owners
3.) "Fixing" the problem in such a way that it leaves PCs wide open to all sorts of malware and hostile hacks

Thank you, Sony. You have truly done a wonderful public service! Talk about corporate embarrassment before a whole world.

Respecting digital rights? YES!
Accepting "Digital Restrictions Management"? NO WAY!!!


With best regards,
ArcticStones

At the end of the day, the market will decide and the market is you !
 

Thanks for the kind words, you might remember the text about DRM-sillyness from this thread:

"...
I would prefer the focus to be on DRM-free content, concurring with Cory Doctorow:

"Here's what I'm here to convince you of:
1. That DRM systems don't work
2. That DRM systems are bad for society
3. That DRM systems are bad for business
4. That DRM systems are bad for artists
5. That DRM is a bad business-move for MSFT"

Source: http://craphound.com/msftdrm.txt
..."

http://forums.macosxhints.com/showthread.php?t=41799

I think Arctic's conclusion is spot on and the Good Thing is that, at the end of the day, the market will decide and the market is you !

This just keeps getting better:

Software Writers Spot Open Source in Sony BMG CDs

It’s a pretty strong statement that Microsoft, of all companies, feels compelled to classify Sony’s DRM code as malware. From said article:

"Microsoft's anti-virus team said earlier on Tuesday it would add a detection and removal mechanism to rid a PC of the Sony DRM copy-protection software, because it jeopardized the security of Windows computers."

This astonishing sequence of failed strategic decisions has jump started a really heated debate here in Norway. And it has brought the whole issue of "Digital Restrictions Management" to the awareness of a very broad public.

Here, Sony is saying as loudly as it can: "No comment". And they’re being heard – although definitely in the way they want.

With best regards,
ArcticStones

PS. Voldenuit, that’s the one. I read that lecture three times. Searched for logical lapses in Cory Doctorrow’s argumentation – couldn’t find a single one. (I did, however, see a nice PDF of what looked like his original presentation. Far more impressive to read. Couldn’t find it now...)

At the very beginning of the text, there are links to various other formats, including pdf and even a norvegian translation, just in case ;) :

pdf:
http://www.changethis.com/4.DRM

* Norwegian translation (Espen Andersen):
http://www.espen.com/papers/doctorow-msft.html

and yes, you would really have to pay a lot of lobbyists to damage the content mafia more than Sony just did.

After reading Schneiers blog entry and Wired article, this whole thing is also an important reminder that you should carefully examine whatever you install on your computer, regardless of the size of the vendor.
The ethical behaviour you'd naturally expect is not always there, as demonstrated.

The conspiracy-like silence of both Antivirus-editors and Microsoft themselves (until the scandal got out of hand) is really scary.

And Mac users are just one password-dialog away from getting infected as well, so simply laughing at Windows-users is neither nice nor appropriate...

.
That’s the one. Thanks!

I’m just now finishing editing an article based on a corporate lecture by Kåre Valebrokk, head of Norway’s largest private TV broadcaster. It was a great lecture! I think this is an important side note; so permit me to digress:

Roughly translated, his topic was: "Honesty endures – but is it profitable?"

And he quipped about the reason som many corporations hire him to do a lecture on this topic. "I don’t think it’s necessarily because they’re so concerned with business morals. In fact I suspect it is because they wish to stay out of the headlines."

He made the point that exxagerated loyalty and subservience is a major cause of corporate troubles, offering the Norwegian bank crisis some years ago as an example. It’s a real problem when no one stands up to their bosses to say: "No, this is wrong. We shouldn’t be doing this." In fact, he felt companies should be grateful for whistleblowers.

The real test of corporate morality (and individual morality) is what they decide when they believe no one is looking. Certainly Microsoft, Sony and antivirus editors waited until the staring eye of the public was glaring at them.

I think that timing says it all.


With best regards,
ArcticStones

No more Sony anymore
 

That is enough for me. I boycott Sony until this infringement is canceled.