“Darren Dittrich followed up on the discovery that Sony was playing a dirty trick on its customers, secretly installing a malware-style ‘root kit’ on their [Windows] computers via audio CDs,” MacInTouch reports.
I recently purchased Imogen Heap’s new CD (Speak for Yourself), an RCA Victor release, but with distribution credited to Sony/BMG. Reading recent reports of a Sony rootkit, I decided to poke around. In addition to the standard volume for AIFF files, there’s a smaller extra partition for “enhanced” content. I was surprised to find a “Start.app” Mac application in addition to the expected Windows-related files. Running this app brings up a long legal agreement, clicking Continue prompts you for your username/password (uh-oh!), and then promptly exits. Digging around a bit, I find that Start.app actually installs 2 files: PhoenixNub1.kext and PhoenixNub12.kext.
Personally, I’m not a big fan of anyone installing kernel extensions on my Mac. In Sony’s defense, upon closer reading of the EULA, they essentially tell you that they will be installing software. Also, this is apparently not the same technology used in the recent Windows rootkits (made by XCP), but rather a DRM codebase developed by SunnComm, who promotes their Mac-aware DRM technology on their site.
Links included in the MacInTouch article here.
Advertisements: The New iMac G5 – Built-in iSight camera and remote control with Front Row media experience. From $1299. Free shipping.
The New iPod with Video. The ultimate music + video experience on the go. From $299. Free shipping.
Okay, we’re fed up. We are boycotting all Sony products until this and other “copy-protected CD” issues are addressed appropriately by Sony and recommend that our 2.2+ million unique visitors per month from 136 countries worldwide do the same. How’d ya like them Apples, Sony?
A “Boycott Sony” petition, written by Jeremy Johnson, can be read and signed at Petition Online here.
Related articles:
Computer security firm: ‘Stinx’ virus hides within Sony’s copy protection scheme – November 10, 2005
Sony sued over copy-protected CDs – November 10, 2005
SonyBMG antics may well cause public to turn on them and turn many people onto Apple Macs – November 06, 2005
Report: Sony copy-protected CDs may hide Windows rootkit vulnerability – November 01, 2005
Analyst: Sony BMG’s boycott of Apple’s iTunes Music Store Australia won’t last long – October 24, 2005
Apple launches iTunes Music Store Australia – October 24, 2005
How to beat Apple iPod-incompatible Sony BMG and EMI copy-protected CDs – October 04, 2005
Japan music labels look to impose ‘iPod Tax’ while Sony, Warner still not signing with Apple iTunes – October 10, 2005
Why aren’t Sony, BMG, Warner, Victor making their artists’ music available on Apple’s iTunes Japan? – October 06, 2005
Sony and Warner holding out on Apple iTunes Music Store Australia – September 08, 2005
Musicians stage mutiny against Sony, defiantly offer music via Apple’s iTunes Music Store – August 10, 2005
Sony BMG and EMI try to force Apple to ‘open’ iPod with iPod-incompatible CDs – June 20, 2005
New Sony BMG copy-protected CDs lock out Apple iPod owners – June 01, 2005
Record company causes Apple to hit ‘pause’ on Australian iTunes Music Store – May 05, 2005
We can still download Sony music off of Limewire though, right?
I have said before and will say again- I am boycotting all sony made products due to their childish tactics. Microsoft as well!!!
This is totally unacceptable. Boycott of Sony is needed unit they reverse their practices.
The Dude abides
Anyone else would like to join?
Sony will never get another dime from me. It’s my damned computer and if I choose to burn a copy for myself or rip the tracks for my iPod then so be it.
Go to China and stop all that bootlegging instead of crippling legit consumers’ computers.
Does that mean we should boycott Blue-Ray? How about Sony’s HDV camcorders or their Digital cameras? Are we just boycotting Sony Music endeavors or all Sony?
MW: Level “What level of Sony is to be boycotted?”
Shame, that Imogen Heap CD is a great disc. My fave of the year. Glad I imported it from England with no Sony distro on it… but you can always just buy it from iTunes with the good old DRM we know and trust.
Let this be a lesson to others that you should never give your username and password when running and/or installing an application on a Mac unless the application explicitly tells you what it is installing (I know in this case it did and the person who found this was experimenting/investigating). Just a reminder. I especially think any program that is going to install an kernel extension on my Mac better tell me in big, bold, red flashing type.
Found this at petionsonline.com
http://www.petitiononline.com/bcsony/petition.html
Count me in.
Well, all this crap about Sony has done ONE thing for me. Solidified the choices I will make when purchasing music.
1) I will ONLY buy from iTunes
2) If I can’t buy it from iTunes, I’ll get it off newsgroups or limewire.
SCREW YOU SONY!
Who are some acts on Sony BMG?
I don’t pay much attention to labels.
I will now…
Yes, Limewire is great way to safely download Sony material. I seem to have read a story on Google News this week about the president of SCEA instructing customers to use Gnutella or BitTorrent “until they get the whole DRM thing sorted out.”
I just like the way this highlights the difference between OSX and Windows.
I wasn’t in the market for any Sony products anyway. Their stuff just doesn’t warrant the extra cost anymore.
People, lest we forget, there’s the rift growing between Apple and the major record labels over iTMS pricing, evidenced by their actions on the openings of the iTMS Japan and iTMS Australia. And how they want two/multi-tiered pricing on the iTMS as part of contract renewals with Apple in 2006.
Well, why stop with music? What about videos, movies at the local multiplex, TV shows, themeparks, et al, which are part of the multimedia goliaths? And, no, I’m not being funny, either. Would it really hurt us to boycott these rotten movies the studios vomit on us?
Their overhead on digital downloads from the iTMS (and the wannabes) is next to nil, yet they want to raise the price by 50-100%. And they already take approximately 65% of each sale Apple makes. While at the same time they demand that their artists swallow an even smaller royalty per digital download than they receive off a CD sale (something like 6-8% digital versus 12% or so for CDs).
The ideal is for the artists to break from the RIAA overlords and strike independent deals directly with Apple (50-50 would be a boon to both parties). I mean, in the growing digital world, why do we even need the record labels? I might have bought 5-6 CDs in the past 2 years, but have downloaded over 520 songs from iTMS.
One other change I would like to see with the iTMS: let it become a truly global music bazaar. Allow me to browse and shop from the Canadian, Australian, UK, French, Germaan, Japanese, Norwegian, Swedish, (and so on) iTMSs. Apple could offer it as a premium service – I pay an extra membership fee of $5-10 per month, and Apple handles the currency exchange rates… Or, better yet, add the service to .Mac membership, and enrollment would double, triple, even quadruple within a year.
How come no matter how often I come here I’m always the 1000,000th visitor and always win a cruise that I can’t claim even if I tried?
GET RID OF THAT POP UP SHITE.
Generally speaking, I don’t buy any CD that does not have the appropriate CD label. If I get it home and it does contains that stuff, I return it to the store that I bought it from and ask for my money back (usually, I end up accepting the ol’ “in store credit”).
I was planning to buy 5, yes five, digi cams for my kids for xmas and upgrade minr to a new 8meg . . . . they have just lost it!!
Apple legal should review what SONY has been doing with their OS and see if there is a case to answer in opening up their product to malicious attack by other modifying their underhand techniques.
Sony has to ASK before installing something!
Not that it’s anything dangerous like they put on Windows anyway.
To be fair though, this software does need your authentication to install. Yes, it installs an unnecessary Kernel Extension without really warning you, but the Authentication is a pretty good give-a-way that something important is going to happen.
Also, as far as I understand, this program doesn’t auto-run, you do actually HAVE to run it in the first place.
I can’t sign the petition ’cause I gave up email. Could I just leave a bag of dog crap on their front porch or sumpin’ instead?
MDN – It would be helpful if someone would create and manage a list of all sony movies in theaters and artists associated with sony in order to help facilitate a boycott- maybe with a link off of the MDN home page…
Not buying sony speakers or sony car stereos is easy, but with the incestuous relationships in the entertainment industry, it’s hard to tell who’s in bed with whom….
thanks.
Does it play the CD WITHOUT installing the kext stuff??
Well I reckon Cher is better off without him, I actually thought Sony Bono died, or was it Sony and Bono got another job in Ireland. I wish my brain would work.