Music That Kills (Your Computer)

Here’s a scary story for Halloween. You might be able to read it here; if not, go to the main blog page and look for the last post of October 2005. Or, read the Slashdot story on the matter.

Sony is evidently releasing music CDs now with digital rights management software on it that secretly installs when you try to play the music on your Windows-based computer. The purpose of the software is supposedly to control how many copies you can make of the songs.

To this end, it cripples your CD player, making it impossible to create digital copies of any songs. It also hides itself in a way that makes it easy for hackers to hide anything they want on your system. It replaces part of the operating system with itself (and does a poor job of it too, making your system more crash-prone). For whatever reason, it slows your computer down while reading information about the other software you’re running on the machine. Oh, and if you try and remove it, either manually or via some anti-spyware program, it disables the CD drive completely, making it impossible to play other CDs, play CD-based games, install new software, or even fix your broken computer.

If you’re a techie, you can fix all the crap these CDs put on your computer by following the instructions in the article above. Quick recap, in case the article goes away: stop all processes with $sys$ in the name, delete all $sys$ files in Command Prompt (you won’t be able to find them anywhere else), reboot, run RegEdit as the LocalSystem user, look for lower and upper filters containing $sys$, delete them, reboot.

If none of that makes sense to you, and you can’t find someone who can understand it, you’re probably going to have to reinstall Windows to get your system back. Linux users are unaffected. No word on how Apple handles this.

Need I mention that you should avoid buying CDs from Sony? If you absolutely must, be sure never to play the CD on your computer. (You can turn off AutoRun if you feel daring; this may help you prevent getting infected from the CD.)

Oh, by the way, the album in question in this case was Van Zant’s latest, Get Right With The Man. (heh!) It’s also been reported on Amazon that Healthy In Paranoid Times, by Our Lady Peace, has the same problems.

What lesson does this teach us? Follow the law, respect Sony’s rights, buy a legal copy of a copyrighted work, and you’re just a sucker, since Sony gets a free pass when it comes to returning the favor. As “Alan” on Slashdot posted:

I’m glad I get my music off of p2p networks and don’t have to worry about trojans and rootkits and that evil hacker stuff!

UPDATE (2005-11-02): Publicity is starting to mount; see the Washington Post blog, for example, which quotes virus researchers on the problem. Sony will now help you remove the code, but only if you call them, tell them about your computer, go to their Web site, install still more software on your computer, get an E-mail once their software has proven that you’re worthy of it, and install yet more software on your computer. I expect this will not prove to be sufficient for most people who experience problems.

UPDATE 2: Via PC Pro, we find Sony’s site for this software. Check the system requirements; in particular, if you follow Microsoft’s recommendations for securing your system, you can’t play this CD. Also, a Slashdot journal-ist provides this link to the rootkit’s original author and this Google search for other CDs that hack your system when you try to play them.

UPDATE 3: Sony has yielded to the pressure and released the removal tool.

UPDATE (2005-11-06): More from Mr. Russinovich: his experiments with using Sony’s removal tool, which appears to do very little in the way of removal. Also, Mark reports that hackers are now using the Sony rootkit to hide their own cracks, despite Sony’s insistence that this was not possible.

UPDATE (2005-11-14): And Sony caves completely after getting an indirect lecture from the White House.

UPDATE (2005-11-16): More here.

What Time Is It?

Daylight savings time is at an end. For most of us, this means that it’s time to set your clocks back an hour. For Indiana, it means that it’s time to rearrange our lives so we can leave the clocks alone. New times for TV shows, radio shows, out-of-state meetings, etc.

So remember, everyone: Indianapolis is now on the same time as New York, even though it’s been on the same time as Chicago all summer.

Boy, am I glad we’re not doing this anymore.

Lying About the Law

Our dear daughter is in volleyball this year, and at today’s practice, the coach distributed team pictures. They’re good pictures, with the usual team and individual shots. But on the envelope, this:

Did you know? Professional photographs are protected by copyright laws. It is illegal to scan or reproduce Lifetouch portraits. If you need additional prints, please use this reorder form. Thank you for respecting our work.

As I understand the law (and, I should warn you, I’m no lawyer), this is wrong, and a little reflection will make this obvious. Scanners and copiers are everywhere. I’ve seen scanners on sale for less than $20, and those all-in-one scanner-copier-printer-fax copyright violation factories are big sellers. They even put copiers in libraries, right next to piles of books that are nearly all “protected by copyright laws” too. And yet, all those librarians manage to stay out of jail for contributory copyright infringement, somehow. Is the FBI hitting the chain electronics stores yet, looking for suspicious OfficeJet buyers?

While the doctrine of “fair use” has been taking a beating in recent years, what with the recording industry suing grandmas who never owned computers for song swapping on the Internet months after their funerals, it’s still the law of the land. Most personal uses of copyrighted material fall under it, which is why it’s legal to tape TV shows on a VCR, copy encyclopedia pages and magazine articles in libraries, and sing “Happy Birthday” at your kid’s birthday party. If Lifetouch was right, all of those things would also be illegal.

The idea behind the scam is to increase the cost of scanning via a little fear, and encourage people to order the pictures “legally” to avoid the risk of the Copyright Police raiding their houses mid-scan.

Of course, they will have to increase the cost of scanning a lot more to cover the inconvenience of ordering from this outfit. Check out their company web site. See any online ordering link? Nope. The only way to order more pictures is to write on the back of the envelope the pictures came in and send it snail-mail to Chattanooga, Tennessee. Too bad my dad (who inspired my daughter to try volleyball after taking her to an Illinois volleyball game last year) can’t order any pictures without a magic envelope. I guess we’ll just have to scan in a few to send to him over E-mail.

I wonder which approach would make them more money: lying to their customers to scare them into ordering, or making it as easy as possible to order?

UPDATE (2005-10-20): It’s been pointed out to me in the comments that I’ve been vague at best about Lifetouch’s rights, and about fair use. First of all, Lifetouch does have a valid copyright in those pictures. Second, while fair use covers many purposes for copying a picture, it doesn’t cover them all. My example about scanning a picture and sending it to Dad may be illegal, depending on the financial harm done and a lot of other factors (see a lawyer for details). My point was not that it was legal, but that it was easy, and that lots of people will ignore the threats in the envelope if ordering prints is too much of a pain.

Cyberstalking

You’ve probably been avoiding it. Heck, I probably would. But the comments on the George Jones deception post really have gotten me into a bother.

I suppose I need to stop arguing with trolls. They’re beyond convincing, or are just being cynical. And I suppose I need to have more faith that most people will see the trolls for what they are: stalkers.

Having made their point several times over, why else would they continue to play their games? Is it really so bad that someone say something nice about Charlene Blake, that they have to insult people’s intelligence and otherwise make snide remarks for the crime?

(Oh, and I love the loud disclaimers about how the discussion is such a waste of their time. If only they had acted like they believed it, and just left!)

But what did it for me was this post by “callsemhowiseesem”:

…if you expect respect, show the same in return.

Of course, I have not hesitated to show the same respect I have been shown. Better, even, since I have backed up my “respect” with evidence. If you throw mud, don’t cry over getting dirty.

(Sensitive I may be, but stupid I am not. That’s why comments are disabled now on all Toyota and Charlene Blake-related posts, including this one.)