Resisting the Urge (MTV's Urge, that is)

Resisting the Urge (MTV's Urge, that is)

Summary: Apparently, MTV didn't learn from Sony BMG's mistake.  In that "don't shoot the messenger" case (where the messenger got shot), Sony's customers were outraged to find that the record label was including third party-provided rootkit technology (what I called a Trojan horse) on its CDs: a rootkit that did things to end-users' PCs that most end users wouldn't want done without their explicit consent (including exposing them to malware).

SHARE:
TOPICS: Malware
15

Apparently, MTV didn't learn from Sony BMG's mistake.  In that "don't shoot the messenger" case (where the messenger got shot), Sony's customers were outraged to find that the record label was including third party-provided rootkit technology (what I called a Trojan horse) on its CDs: a rootkit that did things to end-users' PCs that most end users wouldn't want done without their explicit consent (including exposing them to malware).  There are too many parallels between the Sony/BMG case and this one to deny. Although MTV has been slightly more upfront about what it may and may not do to end users' PCs with its new music service Urge, the gall of the entertainment company as it prepares to engage in practices that most users should find even more offensive than what Sony did, is equally audacious.  As with Sony, MTV is relying on third party technology to achieve its goals.  In this case, Microsoft's.  As a side note, the Sony BMG case was settled yesterday.

Fellow ZDNet blogger Ed Bott has issued a scathing combination of posts (see I don't want my MTV and More details on the onerous MTV Urge license agreement) regarding the launch of MTV's Urge music service which also works with the beta version of Microsoft's recently released Windows Media Player 11 (WMP11).

Wrote Bott:

CNET loves the new MTV/Microsoft music service....[Urge] sounds good until you read the Urge license agreement. (Set aside some time - it's a 6800-word document that goes on for 13 printed pages.)  There is no way I’m going to allow a piece of software to update itself and install new “features” with no notification or consent to me.

Bott is referring to excerpts from the Urge license agreement which, in no uncertain terms, make it clear that MTV can basically reach into your PC to monitor it (for attempts at content piracy) and/or make changes to it at will, without first clearing it through you.  The good news is that, unlike with the Sony BMG rootkit fiasco, MTV gives you a little more advance notice that it's about to put the equivalent of a Trojan horse on your system and you can put the brakes on the installation before it happens.  The bad news is that (a) once it's on your system, it's just as bad as the rootkit Trojan (actually, worse because of the spyware component), and (b) as Bott alludes to in his second post, it could put Microsoft in the sticky position of allowing MTV to slip  through its own security technologies -- technologies that might normally stop such "suspicious" behavior in its tracks (I have not yet asked Microsoft how it intends to handle this situation).   Writes Bott:

Any impartial observer who compares those criteria with the terms of the Urge license agreement will conclude that the new service exhibits several questionable behaviors that are identical to those Microsoft uses to identify spyware. Is Urge spyware? Almost certainly not. But this add-in for Windows Media Player uses some of the same underhanded techniques that spyware distributors use.....By Microsoft’s own definition, this behavior is questionable, to say the least. Why should any program ever be allowed to update or reinstall itself without notice or consent?

There are too many parallels between the Sony/BMG case and this one to deny.  Here, we have an entertainment company reaching its tentacles into our PCs in ways that most of us wouldn't approve of.  The underlying technology comes from another company.  And, the anti-malware programs we're depending on to stop such behavior either have or potentially could end up issuing a hall pass to the entertainment companies with a limited amount of involvement from us.

In the Sony BMG case, the provider of the rootkit technology -- First 4 Internet -- got some bad press but Sony BMG eventually ended up bearing the brunt of the blame (thus, the messenger getting shot).  However, the rules could be different in this case since Microsoft is not only providing the underlying technology to the content licensor, the client side version is also included in versions of Windows Media Player that millions of people already use or will be downloading to their PCs and Microsoft is in charge of what its anti-malware software flags and doesn't flag. 

In contrast, Sony BMG's customers never had to download the enabling technology from the DRM solution provider as a prerequisite to wiring up that entertainment company's version of digital rights management. 

Bott thinks Microsoft shares the blame because of the role played by WMP11.  Does it?  Give me (and the folks at Microsoft who are undoubtedly watching) your answer below.

Topic: Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • f**k DRM and rootkits

    I don't understand why anyone puts up with this cr*p - I can only assume that Microsoft, Sony and the rest of the music business are relying on people being too dumb to know about how to use P2P/torrents or too scared of the lawsuits that come with file sharing. There is no way that this provides me as a consumer with any incentive to buy music online - why bother?! The process of purchasing the music stands to expose your machine to questionable software, you have not got a physical copy of the music for your money and the amount it costs is astronomical given that it costs a music provider practically nothing to sell music online in comparason with making a physical copy of music on a CD that I can buy and do with as i please. Sheesh! When the hell are the companies going to realise that rootkits suck and that applying DRM to lock consumers into a given vendor isn't going to work - I hope they lose a lot of money and get bad PR (I'm including Apple in this as well, they still use DRM!)

    Martin
    aurora7795
  • Rules are not different

    If you remember, in the Sony rootkit fiasco, anti-malware companies had agreements with Sony not to recognize their malware and to let it slip through. So the only real difference here is that you're talking about one company that stands to profit from the service, as opposed to third parties who should really be neutral, yet are selling out their customers. The rules should be the same--recognize all malware, or your product is useless.
    tic swayback
  • Other DRM /CRAP news

    Some links of interest:

    A blogger, using the numbers that the RIAA suggests (and that the legal penalties call for), notes that the claimed value of RIAA losses due to illegal downloads for one month exceeds the GDP of France. Wow, who knew things were really that bad? Or could their figures be insanely wrong? Links provided 2 ways, just in case:
    [url=http://donnysblog.com/one-month-of-torrents-is-worth-more-than-the-gdp-of-france-riaa-rant.php]Link[/url]

    http://donnysblog.com/one-month-of-torrents-is-worth-more-than-the-gdp-of-france-riaa-rant.php

    Here's all the details on how wrong the lawsuit against XM radio is:
    http://www.eff.org/deeplinks/archives/004679.php

    And on a lighter note, it turns out that just like George W. Bush, Hilary Clinton is also a content pirate:
    [url=http://www.consumerist.com/consumer/apple/hilary-clinton-music-pirate-175581.php]Link[/url]

    http://www.consumerist.com/consumer/apple/hilary-clinton-music-pirate-175581.php
    tic swayback
    • Grrr--ZDNet and links

      If you write them out, they get cut off. If you use tags, ZDNet screws them up. Dammit, fix your talkbacks.

      In the meantime, here's the text that was supposed to be linked:
      France:
      One Month of Torrents is Worth More Than The GDP of France

      Posted: Thursday, 11:41 PM (May 18, 2006)

      Update! Friday 6:03 PM, (May 19, 2006) Email From A Concerned Economist - Tim points out that if this trend continues, the world economy will collapse!. Read the full article to find out why this is happening and what you can do to stop it.

      We have all heard how the RIAA is suing people over piracy, giving figures such as "300 million dollars a year" in lost revenues due to piracy. However, what you might not have heard is that this figure is actually lowballed - they are actually losing significantly more!

      Lately we've been hearing more and more about the RIAA suing people over downloading music. Many people are skeptical of of the figures of lost revenue the RIAA reports, giving arguments like not every song downloaded equals a song that would have been bought. With all of this talk, I decided to investigate the cost of piracy, using the perfectly reasonable figures given by the RIAA: $150,000 per infringement.

      The Copyright Act permits a copyright owner to claim $150,000 per infringement, and the RIAA has been using that figure when they've sued individuals. However, they claim that they only lose 300 million per year due to piracy, which would equate to only 2000 songs downloaded per year. Clearly something is wrong - to find out the real cost of piracy, I went to http://www.thepiratebay.org to find out how many songs are downloaded in a month, in order to make a more accurate estimate of the losses to the music industry.

      First, I used the "Browse Torrents" link to view only music torrents. By browsing through the torrents, I found that (as of the time of writing) the torrents on pages 330 through 409 were all posted in January 2006. Then I wrote a quick Java program to download all those pages, parse it for the size of the torrent and the number of people who downloaded it, and made an educated guess as to how many infringements there were. If you want, you can see the raw output of my program. Here are the results:

      In January 2006, there were approximately 2370 music torrents posted. By estimating that each music file is 5 megs, we can estimate the number of infringements as the number of downloads multiplied by the estimated number of songs. I ran my program, and when I saw the results I was shocked! Using those figures, there were approximately 76,272,931 infringements caused by the torrents posted in January! Using the RIAA's value of $150,000 per infringement, the total cost to the music industry was $11,440,939,650,000!

      Now, it may be hard to grasp just how large a value that is, so I have provided a friendly chart which compares the net worth of Bill Gates, the 2005 Gross Domestic Product of France, and the cost of one month of torrents from one site:

      Yea, you see that line in the bottom left, where you can't even see what color it is because it's too small? That's Bill Gates' net worth (46.5 billion according to Forbes 2005) compared to the cost of piracy, using figures from the RIAA.

      With monthly losses of eleven trillion caused by one torrent site, it's a wonder we have a music industry at all. Please RIAA, keep on suing people, and stop letting them settle for less! Take it to the courts, make sure you get the full billion from that eleven year old girl, or the 80 year grandmother! It's well deserved, and it's the only way we can keep the music industry alive!

      References:
      Forbes listing of Bill Gates' Net Worth (46.5 billion)
      2005 Gross Domestic Product of France (2,105,864 million)


      Hilary Clinton:
      Hilary Clinton, Music Pirate

      hilaryclinton.jpg
      The world reacted to the news that George Bush was a no-good music pirate with an apathetic yawn; more interesting, perhaps, was the opalescent baby skull iPod Apple had custom designed him for his birthday. But would you be surprised if Hilary Clinton ? that saintly paragon of virtues and family values who personally tops my surprisingly short list of people I?d love to slap ? was also a music pirate? At least according to the RIAA.

      According to this New York Post puff piece, Hilary has ?Hey Jude? on her iPod? just like Stephen King, who never can seem to get through one of his thousand page novels without quoting the song in its entirety. But Beatles songs aren?t available over iTunes, thanks to the Apple Records vs. Apple Computers dispute. Still, it?s legal to copy your own CDs to an iPod, right? Well, not according to the RIAA, it isn?t.

      Not that anyone?s surprised that the RIAA isn?t suing the very palms it needs to grease to maintain its obsolete, heavy-handed business model. Still, you have to wonder what would happen if they dug Chelsea Clinton?s IP off of The Pirate Bay.
      tic swayback
      • Links, bugs

        I have notified our IT guys that it's something that needs to be addressed. In the meantime, tinyurl.com is a good place to go to generate usable links.

        db
        dberlind
  • Actually ...

    ... I don't think it is unreasonable to consider DRM a particularly pernicious form of spyware, since it monitors what you do, and thwarts some of your actions.
    P. Douglas
    • Mike? :) (NT)

      :)
      Spoon Jabber
  • Dear MS: WMP11 won't be installed.

    After reading some positive reports about WMP11, I did download the beta. However, it hasn't been installed yet. After reading this, it won't be.

    It sounds like the time has come to put the brakes on MS downloads and updates. I don't want any additional spyware on my machine, or MS's idea of security. Symantec shouldn't feel good about that though. I don't want theirs either.
    kiddpeat
    • If you think about it

      How else can the software/music makers have more control of content that is already on your computer? Oh, I know! You need a "critical" or "security" update! Ever wonder if the virus makers and the virus defenders and the entertainment industry, among others, aren't in the same bed? Interesting thought, though merely speculation.......or is it?

      To a certain extent, I'm serious. Many of the "updates/upgrades" aren't all about helping the user out. Take XP SP2 for example, I got a firewall turned on and......they say protection from many obscure vulnerabilities, but how many people know all of the details in these upgrades, and am I really safer? Whose security is at stake here?

      I usually do not upgrade or update most of the software that I've ever owned(rented?), if it works well, unless I really need it (SP1 for example, to support USB 2). My rule of thumb is to disable any type of automatic updates, yet for newbies I setup theirs for auto update of AV and firewall.

      Oh, and since dicovering all of the excellent free AV and firewall software, the old "stay current" subscription costs have declined dramatically......actually to $0! :)
      Spoon Jabber
      • As always Spoon you bring up some interesting things

        to ponder.

        Pagan jim
        Laff
    • URGE to dl

      I decided to try URGE
      it offers a 2 week free trial
      no credit card required
      some of its offerings are then available
      for free download

      You can't burn these files to audio CD
      they won't go on most players
      they expire

      This is a minor handicap
      for those who understand how
      to find and use software

      Andy
      andycher2
  • Another security door opened

    I would hope that when Microsoft introduced ActiveX MS had at least anticipated the security holes it would open, and had some confidence it could close them. We know what the actual result was.

    The situation here is analagous. MS opens the door to a type of spyware (around the same time as MS makes a bid to take over system security) in the hope that it can allow one type of spyware and yet prevent others.

    I hate to think what the result of that will be.
    Langalibalene
  • Shooting the messenger?

    "Sony BMG eventually ended up bearing the brunt of the blame (thus, the messenger getting shot)."

    So let me get this straight. If I ask someone to build me a bomb which I then plant and detonate, I'm innocent of any crime because all I did was deliver a package? After all, I'm just a "messenger"...
    Big Juju
  • Nothing but CRAP

    Down with Microsoft!
    Down with Sony!
    Down with Apple!
    Down with Crap
    Ole Man
  • MTV URGE BLOATWARE CRAP

    Why do I need yet ANOTHER piece of Bloat-Ware clogging up my computer? If I want to boy music, I'll buy it. I don't need a an incompetently written "shopping" program from every damn vendor. It's bad enough how big they are, but there are endless "updates" to contend with, security holes, and there own flavor of SpyWare too boot.

    JUST SAY NO TO THE CRAP!
    nateoceanside@...