If you are a copyright owner and believe that your copyrighted works have been used in a way that constitutes copyright infringement, here is our DMCA Notice.

« Remixed Halloween Safety Soundtrack | Main | Air America's Next Big Mistake? »

November 01, 2005

Comments

Taso Stefanidis

I download a lot of stuff from itunes onto my mac. Is this really a bad thing? As a freeform supporter, should I be avoiding DRM music?

That whole sony business is bad though. Let's hope a big time lawsuit results. Anybody remember the kid who got in trouble because he figured out if you hold the shift key, the DRM blocker was disabled.

Alex

It's not "an extremely well hidden way"; a rather idiotic rootkit, in fact. What's hilarious and sad is how a complete beginner (judging by his posts asking for help) wrote a rootkit that will protect (read: cripple) all Sony CDs.

Alex

PS. I just noticed you require an email address to post. Besides immediately deluging the innocent poster with spam, what else does it accomplish? Have you heard of the "hide the poster's email" concept? (Hint: use a web form if someone wants to contact the poster.)

Wookey

Taso - yes, DRM is bad - you shouldn't be using iTunes. Read the Cory Doctorow article linked in the blog entry for an excellent explanation of the general problem. iTunes is bad because they can change the restrictions at any time _retrospectively_. You could easily lose access to use that music the way you want to in the future. You can already only play it on a very limited selection of players (Itunes, iPods).

There are a host of sites that put out non-DRMed music, like magnatune.com, allofmp3.com, audiolunch.com, mp3tunes.com. The first three will give you oggs as well so you can avoid patent issues too. All but allofmp3 also pay the artists a decent share.

ChairmanTubeAmp

Alex - So the researcher only needed about five different reverse engineering tools (one he wrote himself) to find and remove this malware - but you don't consider that well hidden?

Also, I wouldn't call it idiotic, it's just pared down from what it could have been (and what it will probably evolve into). The malware could have scanned the entire contents of your drive for mp3s from Sony artists, videos of Sony movies, or some budget spreadsheet which shows how much money you spent on electronics last year (i.e. anything!). With some extra code, the program could have reported back to Sony everything that it found at which point they could a) delete what they thought was their property, b) sue you c) cripple your computer (you know, that box that you paid $2,000 for?). And all of this could be legitimately covered by a well crafted EULA that none of us would have read before popping in the CD.

So don't worry Alex, the next one will be better hidden and less idiotic.

Kenzo (lastever.org / kenzodb.com)

Actually, Russinovich used EIGHT tools to diagnose and identify this malware, seven of which he wrote himself (sometimes with his partner Bryce Cogswell).

I highly recommend the free Sysinternals tools they wrote: I have found many of them completely indispensible for years. I think I run Filemon and Process Explorer at least daily.

I also just found a reference online to someone having found this Rootkit and tracing it back to Sony on Aug. 25, 2005.

Alex: Yes, it's annoying that TypePad asks for an email address. It doesn't make you give a real one. Also, if you create a TypePad account before posting a comment, then your provided email address won't be posted with your comment (instead, a link to your "TypePad profile" will be provided).

Whitehouse

When is the mainstream media gonna pick this up!!

ChairmanTubeAmp

If you want the convenience of iTunes without the restrictions of their DRM, you can buy songs and use this tool:

http://hymn-project.org/

Legal disclaimer: I advise that you follow all laws.

Shawn Fumo

Magnatune is great (lots of audio formats and really supporting the artists). I wouldn't support allofmp3, as that seems like an illegal service which just exists in Russia due to loopholes in the laws there.

IMO, the best site all-around for non-DRM music is eMusic. Tons and tons of indy labels and only about 25 cents a song. It uses a subscription ($10 a month for 40 songs) instead of pay-as-you-go, which is kind of annoying, but it is great overall. I think $1 is too much to pay for a song, especially with DRM...

Omuf Nwahs

allofmp3.com is legal - in Russia. Unblocked loophole(if that's what you want to call it) = legal. If americans in the U.S. own a piece of it or do business with it, they are the ones who have to deal with any s-storm. But there will not any. The world doesn't rotate around the RIAA and the United States government.

Tom Ciarlone

Class Action Law Firm Investigating Sony CDs:
My law firm is investigating the situation surrounding “rootkits” on Sony-label CDs. In connection with our investigation, we are interested in learning more about the experiences consumers have had with those CDs. I can be contacted at (212) 239-4340 or, by e-mail, at tciarlone@lawssb.com.

The comments to this entry are closed.