Sony's technical and PR fiasco continues

Sony's technical and PR fiasco continues

Summary: Sony's use of rootkit technology in DRM software on some of their CD's is causing an uproar all over the blogosphere. People are calling for boycotts of Sony products, not just CDs, but all Sony products.

TOPICS: Malware

This isn't going away anytime soon, if ever.  Sony's use of rootkit technology in DRM software on some of their CD's is causing an uproar all over the blogosphere.  People are calling for a boycott of Sony products, not just CDs, but all Sony products.  There's even a Boycott Sony blog. Sony has been blasted not only for using the rootkit in the first place, but for their poor response to the public outcry. Ed Bott had some advice for Sony last week, but alas, they didn't seem to listen. 

Fire First 4 Internet immediately and publicly.
Remaster the CDs with DRM-free versions.
Offer free replacement CDs to anyone who purchased one of the rootkit-infected CDs.
Provide toll-free tech support for anyone who experiences a problem with their Windows computer that they think is related to this software.

Instead, Sony execs have continued to minimize the problem and deny what Mark Russinovich proved, that the DRM software is phoning home and transmitting information without proper notice and consent.  One antivirus vendor has already labeled the software as spyware. Even law professor Eric Goldman agrees on this point.

In my previous post, I said that Sony’s software wasn’t spyware. However, if the software is reporting back information about each user’s behavior, and that reporting back feature wasn't disclosed, then I agree with Suzi that surreptitious and undisclosed monitoring and reporting back of user activity sounds like spyware.

Declan McCullagh, writing for CNET, reports at least one attorney is talking class-action lawsuit. Mark Russinovich, who first documented the rootkit found on a CD he purchased, posted some additional damning info.  The vendor of the DRM software, First4Internet, responded to points raised by Russinovich last week and now Russinovich has blasted First4Internet and Sony right out of the water... again. His conclusion:

Instead of admitting fault for installing a rootkit and installing it without proper disclosure, both Sony and First 4 Internet claim innocence. By not coming clean they are making clear to any potential customers that they are a not only technically incompetent, but also dishonest.

Ed Bott gets first place for best blog post title, Sony’s hired guns: incompetent, dishonest, or both?

Today I spoke to a representative from a major anti-spyware company who says Sony's DRM software meets their criteria for detection and removal.  Stay tuned -- I'll have the details tomorrow.

Topic: Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • boycott until not more

    Drive Sony into the ground to scare the other moron.
    Put a serious legal action agains sony ......

    Well we all know that there too many idiot out there
    so nothing will happen

  • Thomas Hesse Is A Moron

    Thomas Hesse, president for digital business at Sony BMG said a couple of things that cracked me up.

    On npr he said "the general puplic does not know what a rootkit is and they don't care."


    he blaims apple because sonyt's file won't play on an iPod... "flick a switch" to alter its programs to work with the software. "It's just a proprietary decision by Apple to decide whether to play along or not," he said. "I don't know what more waiting we have to do.... Time is ticking, infringement of intellectual property is happening all over."
  • No Sony products for me... (NT)

  • Arrogance

    The amazing thing about Sony's response is their arrogance. Sony's motto should be: "We'd have a great business if we didn't have to put up with customers."

    I own five Sony TV's, four CD players and several other gizmos. I've bought my last Sony product for a while.
  • Arrogance

    The amazing thing about Sony's response is their arrogance. Sony's motto should be: "We'd have a great business if we didn't have to put up with customers."

    I own five Sony TV's, four CD players and several other gizmos. I've bought my last Sony product for a while.
  • Sony??

    I have a Dell box that has Sony CD+RW CRX216E It sometimes will not let me access folders that have jpeg files.
    Just how far does this go??
    If I move the CD to a different Dell Box with a NEC DVD+RW ND-3100AD it can not read the CD??
    I think I will call Dell to see if they have moved to a different supplier.
  • PR fiasco

    This is one for the books. Literally. Marketing undergrads will be reviewing this case study for a long time to come.

    They should be uninstalling this software no questions asked. Just provide the uninstaller, don't require an email address that you declare you will sell to spammers (although "reputable" spammers, as we all know that makes a difference).

    It's time for the mea culpa and removing obstacles that make it difficult to remove this unwanted software.

    none none
  • Maybe Mr. Russinovich...

    could make an uninstaller for affected users. He certainly has enough knowledge of the rootkit, and he was able to manually uninstall it. It would be fitting, since Sony still won't even admit a mea culpa. And I doubt Sony would sue him if does give everyone an uninstaller, as it would just dig a bigger PR hole for them.
    Tony Agudo
    • Technically, doesn't the DMCA prevent this...


      IANAL. Doesn't the DMCA explicitly restrict any US Citizen (of which I am assuming Mr. Russinovich is) from producing and/or utilizing such a piece of software?

      • No, it is legal to remove it

        The DMCA makes it illegal to circumvent an access control mechanism. For example, DeCSS to decrypt DVD encyption so you can pay the DVD back wherever you like or rip it to hard disk.

        But in this case we are talking about removing the software and disabling playback. Not attempting to play the music without the software.

        Although it seems rather silly that you can play the CD on a Mac or Linux box with no problems :-)
        • Thanks for explaining...

          I was going to say that an uninstaller wouldn't violate the DMCA because the DRM is really more of a rootkit, and there's nothing wrong with removing a rootkit that makes your system insecure. But I think your reasoning is good, too :)

          And you're right, it is silly that Macs and Linux boxes can play the CDs without problems. I could pop in any Sony CD on my Ubuntu Linux box at home and have no worries. Sony should realize there are better ways of protecting content without screwing up their customer's computers, and AT LEAST admit a mea culpa.
          Tony Agudo
  • Here's your boycott list

    Actually 2 lists of cd's to avoid:
    tic swayback
  • Rumours, let the self immolation continue!

    Unsubstantiated rumours exist, regarding the new upcoming PS3 feature, if true about preventing the sale of secondhand games disc's from playing on other similar PS3 consoles, this would mean it has become tied product. Since every business and trades practices act world wide has statuates, within, that virtually prohibit this stupidity! Oh well, looks like SONY, is igniting one hell of a self destruction bonfire, imagine, if every consumer and government authority worldwide sought to roast SONY over this one! There would never be enough lawyers or fire hoses available to extinguish this conflagration, on a worldwide scale. Oh well, looks like SONY's toasted itself bigtime, but alas it's recording artist will undoubtedly foot the bill, if all defective disc's are recalled! looks there will be no winners, but a lot of innocent losers from this fiasco!
  • Publish a list.

    As an avid music listener, I am most concerned that we may not be aware when people purchase offending CD's, either for personal use or as gifts for other unsuspecting users.
    Obviously, many of those recordings would have come from Sony.
    I would require that a list be published of all offending titles.
    I would further require that Sony, and all its subsidiaries be compelled, either by law or by the retailers, to publish that list and display it prominantly at all retail outlets so we can readily identify the offensive CD's and avoid them.
    Further, Sony should be forced to pay for the space required to post these warning lists. This would give the needed incentive to the retailers to enforce this plan in each and every outlet. If you don't pay the retailers, they're not too excited about extra work and lost space.
    The negative exposure would force Sony to get off its duff and make some real and public changes. I, for one, am wondering whether recent sound tracks I bought could be infected, but I'm not going to put them into my computer just to find out.
    It's moronic behavior like this that will drive the public further and further into file sharing rather than to the direct distributor; they know they're taking chances with FTP, and they can/will accept that; but to be shot down by corporate snipers is intolerable.
    Sorry Sony, but I can't trust you any more. How many honest buyers in the world will after this?