NationStates Jolt Archive


Big Sony Is Watching You

Cluichium
09-11-2005, 16:52
Our IT Dept. sent this around via email as a warning (they're so bloody paranoid). Just figured I'd share.

Security firm: Sony CDs secretly install spyware
Company denies it, saying program aims to foil music piracy
By Hiawatha Bray, Globe Staff | November 8, 2005

Sony is spying on thousands of listeners who buy and play its music CDs on their

Computer Associates International Inc. said that new anticopying software Sony is using to discourage pirating of its music also secretly collects information from any computer that plays the discs.

One of the world's largest software and information technology companies, Computer Associates is the latest to wade into the growing controversy over Sony's efforts to curb theft and illegal pirating of its music.

The software works only on computers running Microsoft Corp.'s Windows operating system. It limits listeners' ability to copy the music onto their computers, and locks copied files so they cannot be freely distributed over the Internet.

But Computer Associates said the antipirating software also secretly communicates with Sony over the Internet when listeners play the discs on computers that have an Internet connection. The software uses this connection to transmit the name of the CD being played to an office of Sony's music division in Cary, N.C. The software also transmits the IP address of the listener's computer, Computer Associates said, but not the name of the listener. But Sony can still use the data to create a profile of a listener's music collection, according to Computer Associates.

''This is in effect 'phone home' technology, whether its intent is to capture such data or not," said Sam Curry, vice president of Computer Associates' eTrust Security Management unit.

''If you choose to let people know what you're listening to, that's your business. If they do it without your permission, it's an invasion of privacy."
Sony and the British firm that wrote the antipirating code for the music company flatly denied the software snoops on listeners.

''We don't receive any spyware information, any consumer information," said Mathew Gilliat-Smith, chief executive of First 4 Internet Ltd., which makes the software for Sony BMG Music Entertainment.

So far, Sony BMG has installed the software on about 20 titles in its music catalog, including works by jazzman Dexter Gordon, singer Vivian Green, and the new issue by country rockers Van Zant, ''Get Right with the Man."
It was the Van Zant disc that led to the controversy over Sony's new software.

In late October, a well-known Windows computer engineer, Mark Russinovich, stumbled across the Sony software on one of his personal computers while running a security scan. Russinovich had used the computer to play the Van Zant CD, not realizing that it had installed the anticopying program.

When he tried to remove it, Russinovich found that the program lacked the ''uninstall" feature found in most Windows software. Indeed, key components of the software hid themselves deep in his computer by applying the same techniques used by data thieves to conceal their activities. Even a skilled user who identifies the correct files can't safely remove them, said Russinovich.

''Most users that stumble across the cloaked files . . . will cripple their computer if they attempt the obvious step of deleting the cloaked files," he wrote on his technology website, SysInternals.

Computer Associates yesterday concurred with Russinovich's assessment. Curry said Sony has made it so difficult for listeners to uninstall its software that some could lose all their data in the process.

''It can damage the operating system and the operating system's integrity, so it can't reboot at all," Curry said. ''As an expert in security, I can say this is bad behavior."

Indeed, Computer Associates has added the software to its list of spyware programs that collect personal information from computer users without their permission.

Russinovich also said that a patch Sony and First 4 released Friday to stop the software from hiding inside computers malfunctions and can cause an irreparable loss of computer data.

Gilliat-Smith of First 4 said he knows of no case in which this has happened. Sony offers a website where users can obtain a program that uninstalls its software. He said both efforts should prove that Computer Associates and Russinovich's complaints are unfounded.

''In theory there should be no concern," Gilliat-Smith said.
The South Islands
09-11-2005, 16:53
About the 8th time this has been posted.
Cluichium
09-11-2005, 16:55
Sorry. I was too busy invading Chechnya over the past few days to have seen the threads on it.
UpwardThrust
09-11-2005, 16:55
Jesus H Christ this is the 4th thread about this ... and everyone thinks its new news lol

Not only has sony stoped ... they have created a removal tool
(and other third party software)
http://blogs.zdnet.com/Spyware/index.php?p=698
(also fsecure)
They are also being sued
http://www.smarthouse.com.au/Entertainment/Industry/?article=/Entertainment/Industry/News/Q7P7L4N2
Lazy Otakus
09-11-2005, 16:56
The funny thing is that cheaters use Sony's copy protection to bypass the anti-cheating-spyware in Wolrd of Warcraft.

http://www.boingboing.net/2005/11/03/defeat_wow_spyware_u.html
The South Islands
09-11-2005, 16:57
Microsoft Corp. v. Sony Corp., here we come!
UpwardThrust
09-11-2005, 17:00
The funny thing is that cheaters use Sony's copy protection to bypass the anti-cheating-spyware in Wolrd of Warcraft.

http://www.boingboing.net/2005/11/03/defeat_wow_spyware_u.html
Frigging sweet

Lol though I am running WOW in a non windows envyron so the spyware that comes with wow does not ... how we say ... run
Ravenshrike
09-11-2005, 17:29
Our IT Dept. sent this around via email as a warning (they're so bloody paranoid). Just figured I'd share.


It also only can be installed if you have admin level access on your computer. I doubt you would have that at work.
Biotopia
09-11-2005, 17:47
is this another step towards Capitalizm?
Neutered Sputniks
09-11-2005, 19:31
It also only can be installed if you have admin level access on your computer. I doubt you would have that at work.

From what I saw, it doesnt require admin rights to install. Something about the program is written to give itself admin rights regardless of whether the actual user has them...

Or did I misread?//