PDA

View Full Version : Microsoft Targets Sony Spyware


Hazdaz
11-15-2005, 05:03 PM
http://news.yahoo.com/s/pcworld/20051115/tc_pcworld/123543

Microsoft Targets Sony 'Spyware'
Microsoft has joined a growing group of security software vendors who are treating Sony BMG Music Entertainment's controversial Extended Copy Protection (XCP) copy protection software as a threat. Microsoft has announced it will begin treating the software as spyware and offering users tools to remove it, just as a Princeton University computer science researcher raised questions about a second Sony copy protection product.

"We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta," wrote Jason Garms, group program manager for Microsoft's Anti-Malware Technology Team, in a Web log posting (http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/123543/17090891/SIG=125fccm7l/*http://blogs.technet.com/antimalware/archive/2005/11/12/414299.aspx) over the weekend.

Copy Controls Derided

Sony had come under heavy fire (http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/123543/17090891/SIG=11pa1p8s3/*http://www.pcworld.com/news/article/0,aid,123438,00.asp) for using so-called "rootkit" cloaking techniques--normally associated with hackers--to make it nearly impossible to detect the XCP software. After nearly two weeks of consumer backlash, however, Sony announced last week (http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/123543/17090891/SIG=11p37kip5/*http://www.pcworld.com/news/article/0,aid,123511,00.asp) that it would temporarily suspend production of XCP-enabled CDs.

In an upcoming weekly software update, Microsoft will add the new electronic signature so that Windows AntiSpyware can spot and automatically remove the software, Garms wrote. Windows AntiSpyware is a beta product that Microsoft eventually plans to rename (http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/123543/17090891/SIG=11pl5bl2q/*http://www.pcworld.com/news/article/0,aid,123460,00.asp) Windows Defender.

Microsoft will also include the XCP signature in the next update to its Malicious Software Removal tool, and with its Web-based security service called Windows Live Safety Center, according to Garms.

Microsoft joins security vendors like CA and Symantec in identifying XCP as a possible security threat. Computer experts had worried that hackers might use XCP's cloaking capabilities to hide malicious software of their own, and last week the first few examples of such programs began surfacing.

Effectiveness Questioned

Meanwhile, a Princeton University computer scientist has posted an analysis of a second copy protection product used by Sony, saying that it, too, suffers from many of the same problems as XCP. That software, called MediaMax, was written by SunnComm International Inc. Sony has confirmed that it ships CDs with both SunnComm's software and XCP, which was created by a Banbury, U.K., company called First 4 Internet.

Both copy protection products are bad for consumers, according to J. Alex Halderman, a Ph.D. student in computer science at Princeton.

"Like XCP, recent versions of MediaMax engage in spyware-style behavior," he wrote in a Saturday posting (http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/123543/17090891/SIG=119dt7blt/*http://www.freedom-to-tinker.com/?p=925) to the Freedom to Tinker Web log.

Halderman reported that MediaMax automatically installed files without user consent, that its uninstaller program does not completely remove the software, and that it secretly transmits user information back to SunnComm's servers.

"Playing First 4 Internet or SunnComm disks means not only installing new software, but trusting that software with full control of your computer," Halderman wrote. "After last week's revelations about the Sony rootkit, that trust does not seem well deserved."

This is not the first time Halderman has had something to say about SunnComm. In 2003, SunnComm threatened the computer scientist with a lawsuit after he published a paper that exposed weaknesses in their copy-protection mechanism. No legal action was ever brought against Halderman, according to SunnComm.

Sony, First 4 Internet, and SunnComm were unable to comment for the story.





I am sure that MS is LOVING this negative publicity that SONY is getting from all this insane DRM software, and now they want to be seen as the 'hero' in protecting consumers from SONY. I am very glad that MS sees SONY's software for what it really it - spyware - and their next version of their software will remove it. SONY has gone way the hell overboard on this stuff.

JByron
11-16-2005, 01:46 AM
I am sure that MS is LOVING this negative publicity that SONY is getting from all this insane DRM software, and now they want to be seen as the 'hero' in protecting consumers from SONY. I am very glad that MS sees SONY's software for what it really it - spyware - and their next version of their software will remove it. SONY has gone way the hell overboard on this stuff.


Sony's dominance over home entertainment is getting out of hand. Imagine the controls they will have if Blue-ray wins out. They are already muscling developers with their hard to code for cell processor and proprietary format, they need to be taken down a peg.

Hazdaz
11-16-2005, 01:54 AM
Sony's dominance over home entertainment is getting out of hand. Imagine the controls they will have if Blue-ray wins out. They are already muscling developers with their hard to code for cell processor and proprietary format, they need to be taken down a peg.

Well they are going to be taken down a few pegs if they even try to release the PS3 with that insane DRM scheme where you can't rent or borrow a game cuz each one is locked to a specific console - or alteast that is what the rumor says. Cuz if that is the case, the PS3 will be dead on arrival to the market. And that would hurt SONY tremendously.

-Vormav-
11-16-2005, 02:14 AM
Although I agree that Sony screwed up with this, and deserve a nice slap, isn't this kind of being blown completely out of proportion?
In any case, I guess I am glad that Sony is getting so much bad publicity for this. Hopefully, this will make various companies think twice before doing similar things. They'll probably still do it, but at least they'll have to stop and think about it...

ntmonkey
11-16-2005, 02:20 AM
*Grabs popcorn to watch the heavyweight fight*

Kion
11-16-2005, 02:37 AM
They are already muscling developers with their hard to code for cell processor and proprietary format, they need to be taken down a peg.


Muscling? not hardley, while the cell will be difficult at first to program for, developers will take it and master it just like they did with ps2. As for the drm stuff i have one of their cds with that crap on there, It pissed me off, i can't ripp it to itunes. Virgin records has the same sort of thing. I have to play the cd in media player were it contacts their server and gives me permision to play it on my pc. This stuff needs to go.

JByron
11-16-2005, 02:48 AM
Muscling? not hardley, while the cell will be difficult at first to program for, developers will take it and master it just like they did with ps2. As for the drm stuff i have one of their cds with that crap on there, It pissed me off, i can't ripp it to itunes. Virgin records has the same sort of thing. I have to play the cd in media player were it contacts their server and gives me permision to play it on my pc. This stuff needs to go.


The problem is sony makes the cd players, tv's, dvd players, and console. if it wins the BR/HD format war, it will be given even more power as to what these machines will play and do. Sony is pushing its own agenda because it can, and the cell is designed with integration in mind. They want it in all your appliances, all networking with each other. Because of their huge user base with the ps2, they are in a position to realize this dream because economically speaking developers have to create for the ps3, when the microsoft kits offer much more flexibility and portability between pc and xbox.

rakmaya
11-16-2005, 02:52 AM
Man, it took MS over 6 years to get to where they are now with their OS security. Now they get to trash Sony who rules the home entertainment market. Of course they won't miss it to any extent. Anyway you slice and dice, this is an overkill. If it was someone else, MS wouldn't have gone this much public with it. But Sony needs to be more aware of what they are doing. Only good can come to the consumers by enforcing these rules. So it is all good here although it doesn't concern me as I don't use it anyway.

PhilOsirus
11-16-2005, 03:21 AM
Well they are going to be taken down a few pegs if they even try to release the PS3 with that insane DRM scheme where you can't rent or borrow a game cuz each one is locked to a specific console - or alteast that is what the rumor says. Cuz if that is the case, the PS3 will be dead on arrival to the market. And that would hurt SONY tremendously.

That was a rumor which was probably started by MS itself. It was false. Joystiq.com recently reported having recieved various "tips" about another topic, with different user names, from the same IP, which they hinted at being from Microsoft.

This is MS's first console war, don't expect them to sit back and be nice.

They want it in all your appliances, all networking with each other.

Sounds like Microsoft to me!

JByron
11-16-2005, 04:20 AM
Sounds like Microsoft to me!


haha true enough, I'm not rooting for one side over the other

Frank Lake
11-16-2005, 05:20 AM
The problem is sony makes the cd players, tv's, dvd players, and console. if it wins the BR/HD format war, it will be given even more power as to what these machines will play and do. Sony is pushing its own agenda because it can, and the cell is designed with integration in mind. They want it in all your appliances, all networking with each other. Because of their huge user base with the ps2, they are in a position to realize this dream because economically speaking developers have to create for the ps3, when the microsoft kits offer much more flexibility and portability between pc and xbox.
LOL!

Nearly all of the developers(who are forward looking) out there know that Cell technology has been a technology that has been in the research arena for years. They know it's coming and they know that the change over will take money and retraining, they are getting ready for it! But they will still program for the Sony because they are in it for the money! Cross-platform games are becoming less and less so it gets less of an consideration.

MorituriMax
11-16-2005, 05:35 PM
Although I agree that Sony screwed up with this, and deserve a nice slap, isn't this kind of being blown completely out of proportion?
In any case, I guess I am glad that Sony is getting so much bad publicity for this. Hopefully, this will make various companies think twice before doing similar things. They'll probably still do it, but at least they'll have to stop and think about it...

Remember those words the first time some hacker steals all the secure data on your computer and reformats the drive.. all with absolutely no warning by any of the programs you use to protect your system.

ChrisMann
11-16-2005, 10:04 PM
Remember those words the first time some hacker steals all the secure data on your computer and reformats the drive.. all with absolutely no warning by any of the programs you use to protect your system.

I agree. In fact, I believe it hasnít been taken seriously enough in the wider consumer community yet either. People who donít read these boards or other similar information sources, would be horrified at the concept of their innocent music cd installing cloaked root hack's onto their family livingroom computer.

ShadowHunter
11-16-2005, 11:05 PM
*Grabs popcorn to watch the heavyweight fight**Brings some nachos and joins ntmonkey*

PizzasRgooD
11-16-2005, 11:11 PM
This is MS's first console war, don't expect them to sit back and be nice.What, the first xbox doesn't count ?

PhilOsirus
11-17-2005, 12:57 AM
What, the first xbox doesn't count ?

No, Microsoft knew they would not beat Sony by the time they released their Xbox, they just wanted to test the waters. Now they understand how to hype their console, hence it's their first console war.

I just want the PS3 to be released so all the bitching and speculations can stop, it's getting extremely annoying to be submerged in a wave of fanboyism and lies between every two game-related news.

mangolass
11-17-2005, 01:32 AM
Sounds like Microsoft to me!

I'm sure if Microsoft has a justification to make everyone's iPod stop working, they'd remove support from those too.

LT

Hazdaz
11-18-2005, 02:26 PM
.... and the story keeps getting better....
http://news.yahoo.com/s/nm/20051118/tc_nm/sonybmg_opensource_dc

Software writers spot open source in Sony BMG CDs


Controversial copy-protection software used by music publisher Sony BMG (6758.T) on music CDs appears to have tapped an open source project, raising questions about copyrights, software experts said on Friday.
The XCP program, developed by British software firm First4Internet and used by Sony BMG to restrict copying and sharing of music CDs, is already highly controversial because it acts like virus software and hides deep inside a computer where it leaves the backdoor open for malicious hackers.

Sony BMG earlier this week said it would recall some 4.7 million CDs with the software, after the discovery of the first computer viruses last week that took advantage of the weakness.

The XCP program will have installed itself on a Windows-operated personal computer when consumers want to play 49 title CDs from Sony BMG. The programme forces consumers to use a music player that comes with the program.

This music player contains components from an open source project, an MP3 player called LAME, it emerged.

"Multiple software components on the CD have references to the LAME open source MP3 code," Finnish software developer Matti Nikki said in an e-mail.

After unraveling the code, others found similar evidence.

"We can confirm that at least 5 functions in the XCP software are identical to functions in LAME," said Thomas Dullien at security software firm Saber Security in Bochum, Germany, which specializes in the analysis of complex software.

Open source software, if used, needs to be identified as such, so that it can be freely shared with others. Developers on Slashdot.org and other Internet bulletin boards could not find an open source reference in the copy-protection software.

THE RULES OF THE GAME

If open source software is tightly integrated into a single executable program, the whole application has to become open source software, even open source software such as LAME whose MP3 encoder is licensed under the more relaxed Lesser General Public License (LGPL), a lawyer said.

"That's the flipside of open source: If you don't respect the open source rules, the old regime of copy protection comes back in full force," said attorney and Internet specialist Christiaan Alberdingk Thijm at law firm SOLV in the Netherlands.

There was LAME and other LGPL code in the program, and significant amounts were tightly integrated into the executable program, Saber Security said.

"We can confirm the existence of significant amounts of code from FAAC (which is LGPL) in the executable ... These functions are part of ECDPlayerControl.ocx, thus directly integrated into the executable," Dullien said in an email.

First4Internet, which sold the XCP software program used by Sony BMG on its CDs, declined to comment after repeated requests since Monday.

Sony BMG, which also declined to comment, has positioned itself as a defender of artists' rights.

It re-emphasized last week that copy-protection software is "an important tool to protect our intellectual property rights and those of our artists."

Responding to public outcry over the unsecure software, the music publishing venture of Japanese electronics conglomerate Sony Corp (NYSE:SNE (http://us.rd.yahoo.com/dailynews/finance/nm/tc_nm/storytext/sonybmg_opensource_dc/17123685/*http://finance.yahoo.com/q?s=sne&d=t) - news (http://us.rd.yahoo.com/dailynews/biz/nm/tc_nm/storytext/sonybmg_opensource_dc/17123685/*http://biz.yahoo.com/n/s/sne.html)). (6758.T) and Germany's Bertelsmann AG (BERT.UL) said last week it would temporarily suspend the manufacture of music CDs containing XCP technology.

Microsoft's anti-virus team said earlier on Tuesday it would add a detection and removal mechanism to rid a PC of the Sony DRM copy-protection software, because it jeopardized the security of Windows computers.

Sony BMG last week was targeted in a class action lawsuit complaining it had not disclosed the true nature of its copy-protection software.



So basically SONY has no problems infecting someone's computer with essentually a virus so they can protect the rights to someone's crappy song.... yet they don't see any problems with stealing open-source software and using it as their own. Truely amazing the balls that these people have.

heavyness
11-18-2005, 04:21 PM
*Brings some nachos and joins ntmonkey*

brings some beer and sits down. pass the popcorn please!

Saurus
11-18-2005, 05:47 PM
I'm sure if Microsoft has a justification to make everyone's iPod stop working, they'd remove support from those too.
....and I'm sure Apple would do the same.

CGTalk Moderation
11-18-2005, 05:47 PM
This thread has been automatically closed as it remained inactive for 12 months. If you wish to continue the discussion, please create a new thread in the appropriate forum.