Mark Russinovich's Sysinternals blog has a update on the Sony DRM issue. In this post he goes through how and what the software update performs on a system affected by this problem.

The scary part is that the software actually does a 'Phone Home' on the internet tracking the title ID of the CD and posting your internet IP address back to a Sony website.

On a NPR.org news item

Thomas Hesse president of Sony BMG's Global Digital Business division state the following two quotes:-
“Most people I think don't even know what a root kit is so why should they care about it” and
“No information ever gets gathered about the user’s behaviour, no information ever gets communicated back to the user. This is purely about restricting the ability to burn MP3 files in an unprotected manner”

An offical reply from XCP Support has also been posted on the latest Sysinternals post.
http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html#113115114916278358

...once an individual or company lies to you...

"You look great in that suit, honey... now let's go, we're late..."

"This DRM software is a ROOTKIT!!! (Well, not really, but it _could_ be part of something that might be a rootkit if some "crackers" already got into your computer and decided to use their access to make this into a rootkit (rather than doing all the other things they could conceivably far more easily do))."

"I'm just finishing up my article now, Mr. Editor..."

Is there _anyone_ you trust, Charles?

Fred, have you noticed how hollow the words 'media beat up' sound as you say them?

How many times do you need to be slapped in the face before you decide not to stick your neck out?

The fact is Sony have deceived their paying customers.

The end result now is that the only way for these customers ensure that they can play Sony/BMG music on their PC/MP3 player (without adding potentially harmful software that can't be uninstalled) is to use a P2P service to download it.

That's my favourite kind of irony!

For the sake of clarity when I say "...slapped in the face..." of course, I'm refering being slapped in the face by a business.

This is not just Sony telling a lie. There is a pattern here and the pattern is one of systematic deceit.

It is clear Sony is deliberately pursuing a policy that has as central components (a) interfering with consumers hardware and software without their knowledge (b) not disclosing, and even misleading, consumers about what they are doing (c) flagrantly violating people's privacy (apparently on the basis that their rights are greater than yours, ie a human being has less rights than a company)

To not trust someone because in a moment of weakness they lied to you is harsh but not unreasonable. To trust or forgive an impersonal company dedicated to profit, that has a policy of systematic deceit and manipulation, is plain foolishness.

The message remains simple - Don't buy Sony, and, if you can, contribute to undermining and exposing their dirty tricks.

Skype is Malware that allows hackers to run malicous code on your home PC.


http://www.channelregister.co.uk/2005/11/07/skype_vuln_analysis/

A security bug in the Skype for Windows means the software can be crashed and forced to execute arbitrary code through a buffer overflow when presented with malformed URLs in the Skype-specific URI format callto:// and skype://. Skype can also be made to execute arbitrary code via the importation of a maliciously formated VCARD (an electronic business card format).

A second security vulnerability covers a heap-based buffer overflow security flaw that is not restricted to Windows PCs and hits Skype across all supported platforms.

Regardless of efforts to correct these vulnerabilities both Skype and Yahoo can no longer be trusted and have endangered large numbers of computers. Do not use these service providers.

I'll go along with the "misleading" tag for the sake of argument -- although it's all in the EULA I'll accept that most users don't read them and therefore "weren't told".

But where do you get this:

...flagrantly violating people's privacy...

Not even the most paranoid of Mark Russinovitch's fantasy "could/might/maybes" about this software came up with anything about any personal details being sent to anyone. Stephen's comment above is a flat-out misrepresentation of what Mark said.

Thinking more about the way this has been represented in even the cleverer portions of the press, this last is actually the thing that irks me most. After Y2K, the computer press has been largely an island of sanity compared to the popular press, where every virus is a "killer flu" and every criminal is a "crime wave".

But now, five years later, and that's changing. This isn't poorly-designed DRM, it's a !!!ROOTKIT!!! We don't put pressure on Sony BMG to provide an uninstaller, we scream !!!BLACK BAN!!!

People (rightly) stopped believing the IT guy after Y2K, and that trust has taken years to restore.

I wonder what will happen after the world spectacularly fails to end this time?

I think we can say Fred, that as far as Sony's DRM software is concerned, the world has now ended. Spectacularly.