Stop buying CDs. It's the only solution.
As the popularity of broadband internet increases, so does the popularity of legal song downloads. Naturally, as people buy their music increasingly via download, they'll buy it decreasingly via CD. Record companies should like this, since their profit margins for downloads are higher than via CD.
As this trend continues, one might predict that the death of the CD is near, but such a prediction would be grossly premature. Having said that, perhaps its time to bring about the CD's demise artificially. Perhaps we should make a conscious choice to no longer consume these products.
This might seem far-fetched, but the recent fiasco that Sony foisted on the public (ultimately to its own detriment) has suggested that perhaps the music industry will never comprehend that they are fighting the wrong battle by imposing copy protection upon those who have legally purchased their music. They spend so much time and money protecting their copyrights that they have forgotten their primary goal: to make money. They do not see the forest for the trees.
I haven't commented on it here yet, so for those who aren't aware of recent events (what Leo LaPorte has called "Sony Baloney"), I'll give you a quick rundown. Sony sold a whole bunch of CDs that, when inserted into the user's Windows PC, automatically installs software which prevents unauthorized copying and reports back to Sony over the internet information about how the CD is used. This is evil, both in the fact and in the manner in which it was done, for these reasons:
NONE of the above information was revealed by Sony. It had to be discovered by other people. Sony has revealed a list of CDs infected with the hell-spawned software, but even that can't be trusted, because it isn't the first list they've published. (It's actually over twice as long as the original list.)
So, if you buy CDs from any major label and try to use them in your computer, you are not only voluntarily limiting the manner in which you can use that music (by subjecting your self to the CD manufacturer's DRM nonsense), you are also risking the security of your computerized information. Your banking records. Your correspondence. Your schedule.
Here's a scenario for you: You use a Sony CD. A rootkit is installed. You get a virus written by a third party that exploits Sony's rootkit to access your private information. A smarter-than-average schmuck gets to see your schedule in Outlook, perhaps learning your travel plans. They know where you live. They know when you won't be there. Now your family and everything you own is physically endangered. Far-fetched? Perhaps. But it could happen, and if it does, Sony should be held partially accountable.
So what should we do about it?
1. If Sony has infected you, remove the offending software when a solution is found. (As far as FreeiPodGuy knows, there isn't any way to get rid of it yet without causing more problems.)
2. Take the CD back to the store and demand your money back. Tell them why.
3. To the greatest degree possible, stop buying Sony products, especially CDs. I just removed a Van Zant song from my iTunes shopping cart. I had been preparing to add it to my next purchase, but considering that it is from one of the offending Sony CDs, I'm boycotting it. (The iTunes Music Store version wouldn't cause a problem, but from now on, I don't buy Sony.)
4. Stop buying big-label CDs. You never know what you're going to get.
5. Use tools that have fewer inherent security risks. That means buy music through the iTunes Music Store, where they use a reasonable DRM arrangement that is reasonable and well published in iTunes Help. It means listen to that music on an iPod. And if you're in the market for a new computer, consider buying a Macintosh.
6. Join one of the class action lawsuits in California or New York, if you have been harmed and believe you may qualify for class status. This won't help you much personally, because if you installed the software you agreed to the license which limited Sony's liability to $5.00, which was probably about one-third of what you paid for the CD. However, if the lawsuits prevail, they will hurt Sony. And Sony really really needs to feel some pain over what they've done.
Sony has pledged to stop putting the malware on their CDs, and has recalled the offending CDs. However, they are doing this because of consumer pressure, not because they feel bad about being such poopheads. These actions shouldn't make anybody any more likely to trust Sony in the future.
For more details about Sony's recent crime against humanity, see Mark's Sysinternals Blog documenting his discovery of the Sony malware on his computer, Symantec's Security Response article, and a Google search, which will turn up millions of pages on the topic.
As this trend continues, one might predict that the death of the CD is near, but such a prediction would be grossly premature. Having said that, perhaps its time to bring about the CD's demise artificially. Perhaps we should make a conscious choice to no longer consume these products.
This might seem far-fetched, but the recent fiasco that Sony foisted on the public (ultimately to its own detriment) has suggested that perhaps the music industry will never comprehend that they are fighting the wrong battle by imposing copy protection upon those who have legally purchased their music. They spend so much time and money protecting their copyrights that they have forgotten their primary goal: to make money. They do not see the forest for the trees.
I haven't commented on it here yet, so for those who aren't aware of recent events (what Leo LaPorte has called "Sony Baloney"), I'll give you a quick rundown. Sony sold a whole bunch of CDs that, when inserted into the user's Windows PC, automatically installs software which prevents unauthorized copying and reports back to Sony over the internet information about how the CD is used. This is evil, both in the fact and in the manner in which it was done, for these reasons:
- The installation process says that installation of the offending software is necessary to make use of certain enhanced content on the CD. Though this may be true, it uses something which claims to be good to install malicious software on the computer. It therefore qualifies as a trojan horse.
- It installs a rootkit on the computer without permission. According to Wikipedia, a rootkit "a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge." Therefore, when the rootkit is installed, the user no longer has complete control of their system.
- Using conventional tools to remove the rootkit previents Windows from playing CDs altogether.
- It causes files with names which begin "$sys$" to become invisible. This is a serious security risk, because it allows other (non-Sony) evil people to hide their viruses and other malware. In fact, at least one virus has already exploited this vulnerability.
- Though details are sketchy, it is reported that Sony's DRM software also contains a bug that could allow websites the user visits to install harmful software on the PC.
- It uses system resources, even when a CD is not playing.
- It can't be completely stopped. They produced 4 million CDs with the trojan horse, and over half of those have made it all the way through the supply chain into consumers' hands. Most of those consumers are blissfully unaware of the problem, and will probably remain so.
- Sony produced an uninstaller, which turned out to introduce security vulnerabilities of its own.
- Though Macs are much safer--because unlike Windows, the MacOS doesn't automatically run software on inserted CDs--there is a Mac app on the infected CDs which will introduce unnecessary DRM to the Mac as well. The CDs work just fine on Macs without the software.
- Here's the best one: Sony's DRM software, which was designed to prevent people from infringing on copyrights, itself infringes on copyrights of others!
NONE of the above information was revealed by Sony. It had to be discovered by other people. Sony has revealed a list of CDs infected with the hell-spawned software, but even that can't be trusted, because it isn't the first list they've published. (It's actually over twice as long as the original list.)
So, if you buy CDs from any major label and try to use them in your computer, you are not only voluntarily limiting the manner in which you can use that music (by subjecting your self to the CD manufacturer's DRM nonsense), you are also risking the security of your computerized information. Your banking records. Your correspondence. Your schedule.
Here's a scenario for you: You use a Sony CD. A rootkit is installed. You get a virus written by a third party that exploits Sony's rootkit to access your private information. A smarter-than-average schmuck gets to see your schedule in Outlook, perhaps learning your travel plans. They know where you live. They know when you won't be there. Now your family and everything you own is physically endangered. Far-fetched? Perhaps. But it could happen, and if it does, Sony should be held partially accountable.
So what should we do about it?
1. If Sony has infected you, remove the offending software when a solution is found. (As far as FreeiPodGuy knows, there isn't any way to get rid of it yet without causing more problems.)
2. Take the CD back to the store and demand your money back. Tell them why.
3. To the greatest degree possible, stop buying Sony products, especially CDs. I just removed a Van Zant song from my iTunes shopping cart. I had been preparing to add it to my next purchase, but considering that it is from one of the offending Sony CDs, I'm boycotting it. (The iTunes Music Store version wouldn't cause a problem, but from now on, I don't buy Sony.)
4. Stop buying big-label CDs. You never know what you're going to get.
5. Use tools that have fewer inherent security risks. That means buy music through the iTunes Music Store, where they use a reasonable DRM arrangement that is reasonable and well published in iTunes Help. It means listen to that music on an iPod. And if you're in the market for a new computer, consider buying a Macintosh.
6. Join one of the class action lawsuits in California or New York, if you have been harmed and believe you may qualify for class status. This won't help you much personally, because if you installed the software you agreed to the license which limited Sony's liability to $5.00, which was probably about one-third of what you paid for the CD. However, if the lawsuits prevail, they will hurt Sony. And Sony really really needs to feel some pain over what they've done.
Sony has pledged to stop putting the malware on their CDs, and has recalled the offending CDs. However, they are doing this because of consumer pressure, not because they feel bad about being such poopheads. These actions shouldn't make anybody any more likely to trust Sony in the future.
For more details about Sony's recent crime against humanity, see Mark's Sysinternals Blog documenting his discovery of the Sony malware on his computer, Symantec's Security Response article, and a Google search, which will turn up millions of pages on the topic.
0 Comments:
Post a Comment
<< Home