Quick. Which is safer:
- Slapping down your hard-earned cash for a DVD at WalMart, or;
- Buying your album on line, then downloading the vendor’s version, or;
- Downloading an album for free through BitTorrent or the like?
If you answered “Number Three,” you were probably correct.
P2P file sharing offers some risk of infecting your computer with dangerous, unknown and unwelcome code. But until recently, an off-the-shelf Sony BMG disk purchased from your favorite music source presented a 100% risk. And what about other vendors?
While they blurt, “We do not install rootkits on our discs,” it sounds more to us like “I did not have sex with that woman.” The real answer may depend on what the meaning of the word “rootkit” is. A cloud of suspicion now hovers over an industry that was already in deep, deep trouble.
Speaking of trouble, some experts have recorded a startling increase in the quantity of viruses plaguing the p2p community. What makes you think Sony BMG or its cohorts aren’t behind them, building distrust among users for p2p file sharing? A month ago, we would have brushed off the very idea as nuts. Today? We’re not so sure.
At any rate, the music-movie industry’s quest for a new business model just became more urgent. Time’s running out.
Disclaimer: Email Battles does not condone illegal copying, and our past articles (and the flames) prove it. You oughta pay the producer for the movie or album, no matter how you got it.
Background (updated):
- “Damage Runs Deep With Sony-BMG Fiasco; Thomas Mennecke; Slyck; 17 November 2005.
- The Death of Sony BMG; Email Battles, 11 November, 2005.
- P2P Attacks Up, IM Hits Down; Tim Gray; internetnews; 2 November 2005.
- p2p Shriekers Force Network Lock-Downs; Email Battles; 17 November 2005.
- P2P Safer Than Buying The DVD; Email Battles; 11 November 2005.
- Rootkit Guru: Win 9x/ME Are Hopeless; Email Battles; 13 December 2005.
- Signature War: Rootkits vs Antivirus; Email Battles; 19 October 2005.
- Threat Center Reports Significant Rise in Targeted Attacks on Instant Messaging Networks; Government Technology; 11 July 2005.
6 comments
Comments feed for this article
November 18th, 2005 at 2:24 pm
lolli
In my mind, when firms like Sony BMG start surreptitiously installing malware on my system, all bets are off. What they’re doing is simply evil.
November 18th, 2005 at 2:56 pm
Dan
How could Sony/BMG be so stupid? I’m sure that they’re driving more people to filesharing than they’re dissuading from it. I’m just shocked that’d they’d do something so reckless.
November 18th, 2005 at 3:03 pm
Porsche
I saw this article in your Hand-Picked News headlines, but it bears repeating:
From ZDNet UK: “At Microsoft’s IT Forum 2005 event in Barcelona this week, Windows programme manager Mike Danseglio delved into the technical aspects of rootkits.
How do we remove rootkits?
There is only one guaranteed way to remove a rootkit: you destroy the system and then rebuild it. There is no other way to reliable remove a rootkit - no other way whatsoever.
You can’t delete the file or even reinstall the operating system over the top of the existing OS - which is a horrible practice anyway. It is super important to nuke the system because a rootkit’s primary function is stealth - what is it hiding? Do you know? Usually not. How can you reliably know what it was hiding, what it was compromising or what it was removing?”
Wow.
http://insight.zdnet.co.uk/internet/security/0,39020457,39237277,00.htm
November 18th, 2005 at 5:17 pm
Christopher
Sony stepped over the line big-time with this rootkit on their latest CD’s. Whether they are worried about piracy or not is a moot point, they should not have installed something on a computer that keeps people from doing lawful activities with their purchases and that damages some computers.
On another point, what is the thing with DRM anyway? It does not stop real piraters who sell for profit, since they are usually doing their pirating on the same equipment that the real manufacturer uses!
DRM is just an undue infringement on the rights of the person buying the software, game or music legally, since it only effects the people who buy legally.
November 19th, 2005 at 10:14 am
waterboy
Get this from LANJackal at slyck:
“This article sounds good superficially - after all the recent Sony fiasco has made it difficult, if not foolhardy, to trust any original media at all.
However, the article fails to mention the one thing that would cause its logic to fall apart: most of the material available for free on P2P networks was sourced from the very media the article is urging users to avoid. Take a look at the NFOs of your album downloads, for example, and you’ll notice that they’ll say “Source: CDDA” with a release date or some other indication that the files were ripped from a commercial release. The same with a large portion of the movies available for download.
If release groups (NOT to be confused with pirates-for-profit, who are straight-up criminals) are getting by, then most fairly knowledgeable users should be able to.
The reason for this is simple: most of the media released nowadays was made for standalone players, which precluded the content industry for mandating the installation of any software for playback to be enabled. Most, if not all active copy protection schemes (active = implemented by locally run software that interferes with the ripping process, as opposed to passive, such as CSS) rely on AutoPlay to work. Turning off AutoPlay solves most (if not all) of the malicious software issues, and if you try several ripping programs you’re likely to find that at least one will read the protected disc.
ASIDE: the above argument does not apply to software discs, which often require installation, period.
Those who want even more security can install AnyDVD to actively block unauthorized installations from any inserted discs.
Bottom line: if you know what you’re doing, there’s hardly any real risk from original media in general.”
Wouldn’t you love to see this clown negotiate his way out of bed in the morning? HIS bottom line is BS. And everybody who writes rootkits knows it. Does his mother know he’s using her computer again? http://www.slyck.com/forums/viewtopic.php?t=16474
November 22nd, 2005 at 8:37 am
Big Red
Sounds to me like somebody oughtta plant their foot up Sony-BMG’s rootkit.