[SGVLUG] Sony rootkit

Dustin laurence at alice.caltech.edu
Wed Nov 16 10:48:43 PST 2005 

Luggers,

I wrote this up for a friend, and since there has been some interest on 
the list I thought I'd pass it on.

Dustin

-----------------------------------------------------------------------

Here are a few articles about the Sony Rootkit.  But first, since the
current User Friendly strips are about this (and a stupid patent):

http://ars.userfriendly.org/cartoons/?id=20051112
http://ars.userfriendly.org/cartoons/?id=20051114

Good overview:

http://www.security.ithub.com/article/Sonys+DRM+It+Just+Keeps+Getting+Worse/165201_1.aspx?kc=ewnws111505dtx1k0000599

More details on the evidence that Sony itself violated the LAME copyright
with their own DRM kit:

http://dewinter.com/modules.php?name=News&file=article&sid=215

The EFF has a list of known albums that contain the rootkit:

http://www.eff.org/deeplinks/archives/004144.php

However, the EFF appears to be wrong about Macs being immune:

http://www.security.ithub.com/article/Sonys+DRM+Rootkit+Comes+in+Mac+Flavor+Too/165172_1.aspx

The EULA is almost worse than the rootkit.  From
http://www.eff.org/deeplinks/archives/004145.php:

   1. If your house gets burgled, you have to delete all your music from 
your laptop when you get home. That's because the EULA says that your 
rights to any copies terminate as soon as you no longer possess the 
original CD.

   2. You can't keep your music on any computers at work. The EULA only 
gives you the right to put copies on a "personal home computer system 
owned by you."

   3. If you move out of the country, you have to delete all your music. 
The EULA specifically forbids "export" outside the country where you 
reside.

   4. You must install any and all updates, or else lose the music on your 
computer. The EULA immediately terminates if you fail to install any 
update. No more holding out on those hobble-ware downgrades masquerading 
as updates.

   5. Sony-BMG can install and use backdoors in the copy protection 
software or media player to "enforce their rights" against you, at any 
time, without notice. And Sony-BMG disclaims any liability if this "self 
help" crashes your computer, exposes you to security risks, or any other 
harm.

   6. The EULA says Sony-BMG will never be liable to you for more than 
$5.00. That's right, no matter what happens, you can't even get back what 
you paid for the CD.

   7. If you file for bankruptcy, you have to delete all the music on your 
computer. Seriously.

   8. You have no right to transfer the music on your computer, even along 
with the original CD.

   9. Forget about using the music as a soundtrack for your latest family 
photo slideshow, or mash-ups, or sampling. The EULA forbids changing, 
altering, or make derivative works from the music on your computer.

Dustin

More information about the SGVLUG mailing list