Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Where are the Prosecutors?

Cliff posted more than 8 years ago | from the companies-violating-your-property dept.

Security 35

a_greer2005 wonders: "In the past 5 years, we have seen plenty of virus writers in the United States brought to justice both criminally and when possible financially. In the past couple of weeks it has been discovered that Sony has shipped a rootkit, which is worse than the common spyware or virus, so I ask you, where are the law suits? Is anyone planning criminal/civil action at all? Does Sony frighten the entire legal industry? If nothing is done about this, will we have ANY right to tell a company 'NO' in the future when it comes to DRM worms -- Is this but a sample of things to come?" Update: 11/12 10:20 PM EDT by C :Whoops! Missed the fact that we've already reported on the fact that California has already started a class action suit against Sony (thanks to the posters that caught this). New York may soon follow. However that is only 2 states out of 50. Is there a possibility of more to follow?

Sorry! There are no comments related to the filter you selected.

SONY rootkit violates LPGL (5, Interesting)

isn't my name (514234) | more than 8 years ago | (#14013535)

Looks like the corporation defending copyrightsmay have some copyright problems of their own. []

A computerexpert, whose name is known by the redaction, discovered that the cd "Get Right With The Man" by "Van Zant" contains strings from the library version.c of Lame. This can be conluded from the string: "", "0.90", "LAME3.95", "3.95", "3.95 ".

Re:SONY rootkit violates LPGL (1)

Free_Trial_Thinking (818686) | more than 8 years ago | (#14013551)

I haven't had mod points in years, but I reccomend modding this interesting, it should be brought to the attention of the people.

Re:SONY rootkit violates LPGL (2, Interesting)

_LORAX_ (4790) | more than 8 years ago | (#14013642)

Maybe because the rootkit is LOOKING for these binaries in order to SHUT THEM DOWN.

Re:SONY rootkit violates LPGL (1)

Geoffreyerffoeg (729040) | more than 8 years ago | (#14013670)

A computerexpert, whose name is known by the redaction,

That has BabelFish's German to English fingerprints all over it. Unfortunately, the site doesn't site the German website that they plagiarized their content from, so I can't attempt to guess what "whose name is known by the redaction" really means (other than vaguely "who kept his name secret").

Re:SONY rootkit violates LPGL (3, Funny)

AtrN (87501) | more than 8 years ago | (#14013727)

Nah, they're okay. The install the source under $sys$src

Re:SONY rootkit violates LPGL (1)

MEForeman (930504) | more than 8 years ago | (#14013773)

The main reason there aren't lawsuits yet is for there to be a lawsuit, there must be actual loss (often referred to as "harm"). There really isn't any. The only other way to sue would be under trespass of chattel (basically entering a computer without the OK, "chattel" is all personal property or [for the layman] all property that isn't land or a building), whereas the software would be "trespassing" the computer. it's pretty hard to allege because you WILLINGLY run the CD. California will probably be a test run. Either way, Sony is gonna get their asses kicked over this by consumers. And for those wondering, I'm a second year law student at The Dickinson School of Law of The Pennsylvania State University.

Re:SONY rootkit violates LPGL (2, Informative)

dtfinch (661405) | more than 8 years ago | (#14014089)

You may expect a program CD to auto-run, but nobody expects a music CD to run executable code. You expect music CD's to simply be read and played, which does not involve running code from the CD. Music and data CD's are even encoded differently. Pure music CD's have no filesystem. If you look carefully on the surface of a DRM'd CD, you'll see two faint bands, a large outer band for audio, and a thin, almost invisible inner band for data. For a long time, CD's were either all-audio, or all-data, and almost never hybrid, and for the most part that's how it still is, which leads some people to the false assumption that music CD's can't infect their system.

The amount of harm in installing a rootkit is often uncertain, except that there's always some harm. They modify internal operating system structures, and can cause quirks and instability. Rootkits simply do not get the same quality of testing as mature operating system code. We already know that Sony's DRM'd CD's will crash Windows Vista. At the very least, they cause a slight slowdown and make it easier for other unwanted programs to hide from the user. At the worst, any patch to the operating system which changes one of those internal structures could render a system running the rootkit unbootable, which for an average user (not most skilled users) means the loss of everything they had on the system, if they're forced to reformat and reinstall the system using the restore CD that came with the system. For such an inexperienced user, the damage caused by the rootkit could be in the tens of thousands of dollars.

I got a computer science degree from Southern Oregon University, and I've taken a few classes on computer related legal issues, but none of which (as far as I can remember) has any relation to what I just said.

Re:SONY rootkit violates LPGL (1)

MEForeman (930504) | more than 8 years ago | (#14018692)

If you read the literature (crap) that comes with the CD, i bet you that it has an agreement written by some lawyer (hey maybe me in like 2 years) that says "by inserting this cd in your computer you agree to let us install the software." while this statement may be unconscionable (and therefore bad and therefore unenforceable), it may also be ok. it depends on the judge and the jurisdiction. the "click here if you agree" EULA's have been met with a resounding chorus of "they don't matter and they don't mean you agree" so who knows. either way i like all the bad press Sony is getting, it will stop others from doing this.

Re:SONY rootkit violates LPGL (0)

Anonymous Coward | more than 8 years ago | (#14014379)

I'm a second year law student at The Dickinson School of Law of The Pennsylvania State University.

dood. that means you are not a lawyer.

anyway, it's actually quite easy to **allege** anything you want. Further, these are music CD's we're talking about and I don't know anyone who willingly RUNS a music CD. And for those wondering, the parent poster is not going to be a very good lawyer if he can't keep his details straight.

Re:SONY rootkit violates LPGL (1)

Goose In Orbit (199293) | more than 8 years ago | (#14014468)

these are music CDs

A fine statement - but with two minor drawbacks:

One, they are NOT music CDs;

Two, they are NOT music CDs, as you won't find the CD logo on these discs because they don't strictly adhere to the standards for music CDs.

Now technically speaking that's only one drawback, but it was such a big one that I thought it needed mentioning twice...

Re:SONY rootkit violates LPGL (3, Insightful)

miu (626917) | more than 8 years ago | (#14014684)

it's pretty hard to allege because you WILLINGLY run the CD

Just like you willingly ran an executable containing a virus? I don't buy it. Basically that argument comes down to a rootkit being okay for Sony because they are the good guys and not okay for anyone else because they are criminals/terrorists/anarchists.

Re:SONY rootkit violates LPGL (1)

MEForeman (930504) | more than 8 years ago | (#14015272)

Technically spyware isn't a virus. A virus replicates itself, this isn't. It's an absurdly fine line (which Congress will soon obliterate, believe me) which makes it hard. From Merriam-Webster's online dictionary ( "4 : a computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs and that usually performs a malicious action (as destroying data)" It doesn't (a) copy itself (b) insert itself into other programs nor (c) perform malicious action. Annoying isn't thesame as malicious. I'm not defending them, I'm just saying it will take a creative attorney to get this off the ground.

Re:SONY rootkit violates LPGL (1)

Dachannien (617929) | more than 8 years ago | (#14015065)

I'm disappointed that there's not a front page /. article on this issue alone. If it turns out that F4I and Sony really are using LGPL code without complying with the license, that is big news, at least as big as the whole rootkit deal. It shows Sony's hypocrisy when it comes to copyrights, and reinforces the notion that content producers are only interested in copyright protections because they can make Even More Money off of them, not because it "promote[s] the Progress of Science and useful Arts".

They've got protection... (3, Insightful)

ForumTroll (900233) | more than 8 years ago | (#14013539)

It's easy to take legal action and be successful against a single person, especially one who often is very young and simply cannot afford to hire good legal counsel. On the other hand, it's not so simple to take legal action and be successful against a huge corporation with ties high up in the government and loads of money to protect themselves. Legal action is being pursued in several states and by several different parties, but due to the fact that this is a major corporation with very important friends in high places they will receive nothing more than a slap on the wrist.

Re:Let's not forget (1)

symbolic (11752) | more than 8 years ago | (#14019040)

There's winning the battle, and winning the war. Large corporations with deep pockets are well-suited to winning battles, but there isn't much they can do about losing the war with regard to the effects of negative public opinion.

Re:They've got protection... (1)

ciscoguy01 (635963) | more than 8 years ago | (#14020411)

They have protection with their money against the private lawyers who have filed civil actions.

But the real question is whether the Sony rootkit constitutes a criminal act on their part. If it is criminal (and I sure hope it is, I hate the idea that the only recourse we have against computer hackers is a civil action) when will the government discipline Sony?

Why should a major corporation be able to get away with hacking our computers and installing backdoors when we actually bought something from THEM? Why should we have to take being treated like criminals? We are customers. We deserve their respect.

I want the government to investigate this. If they are found to have done what we think they have done is there any valid reason they should be allowed to operate any sort of business in the US? Should other countries kick their fannies out of the country? I think so. I don't think foreign entities who are known criminals should be able to operate openly with complete impunity.

Sony is going to have to do damage control now, but I can tell you it is going to be a while before I consider Sony products.

By the time this is over Sony may very well be a sharply discounted brand. If they survive this incident, that is.

Uhhh (4, Informative)

timdorr (213400) | more than 8 years ago | (#14013554)

Wrong! (3, Informative)

sconeu (64226) | more than 8 years ago | (#14014197)

Nope. Class Action Suits are civil actions. Story Poster is asking "Where are the *CRIMINAL* penalties for this"?

Where have you been? (0, Redundant)

pyrrhonist (701154) | more than 8 years ago | (#14013557)

In the past couple of weeks it has been discovered that Sony has shipped a rootkit, which is worse than the common spyware or virus, so I ask you, where are the law suits? Is anyone planning criminal/civil action at all?

Where have you been lately? []

Not a rootkit (2, Insightful)

jgoemat (565882) | more than 8 years ago | (#14013560)

A rootkit is a set of tools used by a hacker to hide his presence on a system and maintain 'root' privileges (Administrator on Windows). While Sony's DRM app does hide its presence, I don't believe there has been any indication of systems comprimised and hacked into by Sony and I don't think that was their intention. I don't know what it is, but I wouldn't call it a 'rootkit'.

Re:Not a rootkit (3, Insightful)

Thing 1 (178996) | more than 8 years ago | (#14013821)

Doesn't matter whether Sony uses their hidden software to compromise a system. They installed the hidden software which allowed someone to compromise. That hidden software is commonly known as a "rootkit".

A "virus" or "trojan" or "worm" is the software that performs the compromise. A "rootkit" allows the V/T/W writer to produce their creation with less effort.

Sony is directly responsible for reducing system security on PCs that have been infected with their rootkits. That is actionable, but likely nobody will go to jail.

Re:Not a rootkit (1)

mabhatter654 (561290) | more than 8 years ago | (#14016302)

to be blunt, "little people" HAVE been arrested and tried by prosecutors for much smaller infractions than that... like the School admin that installed SETI on some school computers... this is AT LEAST as bad as that so where is that prosecutor now???

Re:Not a rootkit (3, Informative)

max born (739948) | more than 8 years ago | (#14013842)

I don't believe there has been any indication of systems compromised and hacked into by Sony ...

Not hacked by Sony but others are beginning to take advantage as a result of Sony making it easy for them. Sony Rootkit Trojans Emerge [] . So far, trojans Backdoor.IRC.Synd.a and its variant Backdoor.IRC.Synd.B have been detected.

The thing is... (1)

Nik13 (837926) | more than 8 years ago | (#14013576)

it's not self replicating and doesn't attack other people's PC over the internet or such. The nuisance is limited to the computer the disc is inserted into. It sucks, and it doesn't make it right, but it's nowhere as bad as a virus that hits corporate LANs and that directly cost millions to fix (manpower, lost productivity, etc etc). It's mostly single homer users affected.

Re:The thing is... (2, Insightful)

the eric conspiracy (20178) | more than 8 years ago | (#14013596)

Well, considering the rootkit can easily be carried into the office by people wanting to listen to their protected music at work this software does at least rise to the point of annoyance for corporations too. Not to mention that it phones home, and other malwares have appeared that use the cloaking nature of this software to hid themselves.

It is just a dirty deal.

Re:The thing is... (2, Insightful)

GuyverDH (232921) | more than 8 years ago | (#14013768)

So what it seems like you are saying (or at least implying) is this.

If it only FUCKS over the little guy, then fuck it - it's okay.

However, if it fucks over a big fish - then shit - we have to prosecute.

There's something distinctly wrong with that, and I really hope that that was not your intent.

Re:The thing is... (1)

onetwentyone (882404) | more than 8 years ago | (#14016420)

It's mostly single homer users affected.


Re:The thing is... (2, Interesting)

barc0001 (173002) | more than 8 years ago | (#14016930)

it's not self replicating and doesn't attack other people's PC over the internet or such

Oh. So by that definition ANY rootkit is just peachy.

It's mostly single homer users affected

Where do you think those zombie botnets that send out all the crap spam are located?
That's right. Compromised home users who don't even know something's wrong because their system has been hit with a rootkit. Now Sony has created a powerful new tool for the spambot creators to use. Thanks Sony!

This is what you get... (2, Interesting)

BrokenHalo (565198) | more than 8 years ago | (#14013591)

This is what you get when you allow large corporations to dictate your laws: they will only be enforced when it suits those corporations. And when you allow nearly all laws to defend only the interests of the very rich at the expense of everyone else, a travesty of justice is the inevitable result.

Some information (3, Informative)

_LORAX_ (4790) | more than 8 years ago | (#14013635)

I spent the better part of an hour yesterday ridding my mothers computer of this "rootkit". Most of that time was spent attempting to restore the use of her CD/DVD drive that went missing after the core DRM code is shut down. Before people get on my case, my mom is no idiot and is very protective of her computer. I asked her specifically if she ran or saw anything run when she put the CD in her drive and I believe her version of events.

She did not install anything

She did not agree to anything

She never saw an EULA

Her computer could not RIP ANY CD's afterwards

All she did was attempt to import a CD into iTunes and from then on out any attempt to import CD's would freeze up her computer, not just XCD protected disks.

Re:Some information (3, Informative)

karnal (22275) | more than 8 years ago | (#14013957)

I have Our Lady Peace's new disc, Healthy in Paranoid Times.

On insertion (simulated here via the AUTORUN.EXE, since my autorun is off) the CD displays an "Enhanced CD Installer" window, which has the title and artist of the cd. "End User License Agreement" is off to the right.

In the center is the familiar legalese of the EULA - stating "IMPORTANT - READ CAREFULLY:" Off to the bottom is an "Agree/Disagree" radio button, which if you select Disagree (agree is defaulted, BTW - without any scrolling in the main EULA part) the CD automatically ejects to protect itself.

But it will not install any software if you select Disagree. Given, I am only able to test on this specific CD, so I can't really state with full authority that your mother clicked on "Next" without moving the radio button, but in my case you'd have to hit something to install this rootkit.

p.s. You can also rip away with EAC while the agreement is being displayed, if you don't want to turn off Autorun. My thoughts are to just turn off Autorun, however... It is handy in certain cases, but I'm not a typical user I guess.

pps bottom of my eula = (ID:239675.18 -- 1/7/2005)

Re:Some information (1)

_LORAX_ (4790) | more than 8 years ago | (#14015102)

She inserted the disc while in iTunes and never accepted or rejected anything. Chris Botti was the artist in question I don't know the album name.

editor flambe (1)

jasongetsdown (890117) | more than 8 years ago | (#14013661)

let the editor flambe begin

Bigger response than you think (1)

soma_0806 (893202) | more than 8 years ago | (#14018247)

It's not just a domestic issue anymore. Before CA filed or people began talking about the NY case, a consumer protection group from Italy filed suit.

The domestic issues are just the tip of the iceberg. Other countries that are not so impressed by the financial might of companies like Sony are going to nail anyone using such underhanded methods. Rootkits like this one most likely violates the Berne Convention, TRIPS, and possibly WIPO.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?