Sunday, November 13, 2005

DHS Warns Sony over sneaky placement of spyware on computers

Warns, but does nothing.

Wouldn't want to iritate such a fine institution bursting with money that could be filling someone's campaign coffers now would we?

Department of Homeland Security's assistant secretary for policy, Stewart Baker said:
'I wanted to raise one point of caution as we go forward, because we are also responsible for maintaining the security of the information infrastructure of the United States and making sure peoples' [and] businesses' computers are secure. ...There's been a lot of publicity recently about tactics used in pursuing protection for music and DVD CDs in which questions have been raised about whether the protection measures install hidden files on peoples' computers that even the system administrators can’t find.'...

'It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days.'"
DHS to Music Industry: It's Your Intellectual Property, *Not* Your Computer

Which brings up a point as Sony takes control of your computer and opens it's door to malicious hackers. Should you so much as have a bit of their music available to the web on you machine. (Heck, how should I know what on my machine is available since they've install their cr%$ there which hackers can use, and yes, I did by a Sony CD recently and did get their da@! program. Do I now have to buy a $100 program to get it off again? Will they send me the bucks back when I do? I think I'll try Zone Alarm and stop their spying for one thing, right away. But downloading and uploading always was very iffy for me with ZA--I don't have 100s of hours to figure out configurations. And I need to blog. Must blog...don't tell me if the world blows up. I'll be here blogging.)

Anyway, if one should have 1 of their pieces of music available somehow for download by someone on the internet, they would get me for --what is it now--a quarter of a million bucks? But they secretly put spyware on my computer (even without the extended threat from it's malfunction) and I'm supposed to say Yes, Massa. Anything you want, Massa!

Read this: Sony is only offering a patch that will protect from the opportunistic trojans, not from their own filthy spyware.

If we don't boycott Sony the rest will adopt this technology and pretty soon they will be selling their results to --wait for it-- Homeland Security. Then we'll hear no more of those bitchy little warnings from the guys in DC.

They'll be too thankful for all the info they're getting on what people listen too. They are already checking out who is surfing the web on library computers and what they are viewing.

Does someone who buys "Pete Seeger's Greatest Hits" (one of the disks that carried the spyware, like middle aged folks are going to be passing mp3s of "This Land is My Land" to their 'homeys' over the internet) constitute a threat to the nation?

(Pete Seeger and his fans are usually liberals. In fact one of his Vietnam era hits "Knee Deep in Big Muddy" is enjoying a minor resurgence lately for some reason--couldn't imagine why because everyone knows Iraq is not a quagmire.)

Now Computer Associates is finding big problems even with the uninstaller that Sony is providing according to Canada's 'Globe and Mail' Newsite. It could cause Windows to crash. (I've personally had the same problem with removing other spyware, and I mean in a way that just rebooting did not help. It meant Windows XP had to be reinstalled and still I have numerous problems and much disappeared harddrive space on two computers who were networked together as a result of one spyware attack a year and a half ago. So I imagine this can be pretty bad.)

CA warns that the program could infect business computers too when people take music to work with them. (I guess that's the only way to get powerful people excited about this. Oh No! It's going to hurt businesses. Big businesses! Whatever shall we do?)

CA also says they have instructions on how to avoid installing the program from one of Sony's trap disks and
The site will also include information on how to run CA's eTrust PestPatrol on-line scanner, which will include detection for this problem, beginning Saturday.
I gotta try that. I bet they want me to buy their program when they find the Sony junk.

Sony to Suspend Making Antipiracy CDs

Viruses Exploit Sony CD Copy-Protection

Sony Patch Reveals Its Anti-Piracy Files on PCs
The controversy started Monday after Windows expert Mark Russinovich posted a Web log report on finding hidden files on his PC after playing a Van Zant CD. He said it disabled his CD drive when he tried to manually remove it.

Russinovich made the discovery while running a program he had written for uncovering file-cloaking "RootKits." In this case, the Sony program hid the anti-piracy software from view. Similar technology has been used by virus and worm writers to conceal their code.

A firestorm quickly erupted over what appeared to be an attempt by the music company to retain control over its intellectual property by secretly installing hidden software on the PCs of unsuspecting customers.

Making matters worse, Sony did not disclose exactly what it was doing in its license agreement, Russinovich said. It only mentions that proprietary software to enable copy protection would be installed. The software affects only PCs running the Windows operating system.

The license "makes no mention that it's going to install something that's going to be hidden from view, that will constantly consume CPU resources even if I'm not listening to music and it will have no uninstall capability," he said.

BTW, read the Globe and Mail article above before you try things Sony's way.

Ok on their site CA has this warning:

Computer Associates has received uninstaller links from First4Internet, writing on behalf of Sony BGM. It is an ActiveX control. Analysis shows that the uninstaller verifies that it is on the same system which ran the initial ActiveX control as part of the uninstaller request process. In addition, each link provided by First4Internet can only be used once for a succesful uninstall. This effectively prevents easy redistribution of the uninstaller, and requires everyone who wishes to receive the uninstaller to do so through Sony BMG's official process, which involves releasing personally identifiable information for marketing use by Sony BMG and undisclosed third parties. Early versions of the uninstaller were less reliable, and could leave a running service behind, not fully uninstalling the software. This appears to have been corrected in later versions of the software, which do remove all active components of the trojan. Even in later versions, however, some registry keys remain behind.

Neither the patch nor the uninstaller ActiveX control remove the phone home technology from Music Player. Music Player continues to pose the same privacy risks after their installation/execution as it did before.
Computer Associates International, Inc.

And here come the lawsuits.

Also good: Expert explains how the Sony experiment could hurt, computer users and the music business.


Post a Comment

<< Home

Links to this post:

Create a Link