Sony BMG And The Art Of Too Little, Too Late: Finally Agrees To Pull Rootkit CDs

from the really-want-to-stop-writing-about-this-story dept

The Sony BMG rootkit fiasco gets worse every day. However, the latest shows how badly Sony continues to react to the problem. When it first was noticed they didn't do much until the outcry got loud enough -- and then defiantly said it didn't cause a security problem while offering a very minimal patch that actually made the situation worse. Basically, they did as little as possible, while hoping that by saying they released a patch and telling everyone not to worry, the story would blow over. It didn't. And, as things continued to get worse and Sony BMG looked more and more ridiculous, the company again did as little as possible: saying they would stop putting out new CDs with the rootkit, but not apologizing, not pulling the rootkitted CDs from store shelves, and not offering any way to return the problem CDs. Instead, they just offered a removal tool, that we learned earlier today is actually a serious security hole on its own. So what does Sony BMG do now that the heat still hasn't gone away? They finally agree to pull the CDs from stores and offer a swap for people who bought the problematic CDs. All along, the pattern has been the same. Deny as much as possible. Never actually apologize. Do as little as possible to fix the problem and hope that the attention dies down. The move that they're doing now is what they should have done from the very beginning (with an apology), but instead they tried to do everything to deny there was a problem and stonewall.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Michael Vilain, Nov 14th, 2005 @ 11:42pm

    Sony could learn something from the yakuza...

    Just have every senior-level VP involved--hell, why not all of them--cut off their pinkies. Any with no pinkies left comits sepuku or kills their first born or spouse or watches both these events and is killed afterward.

    [no, I only watched KILL, BILL VOL 1]

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Boo, Nov 15th, 2005 @ 12:51am

    graphic

    you guys are going to have to come up with a new graphic / topic heading just for this sony saga. I suggest the sony logo spelt wrong ;p

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Michael "TheZorch" Haney, Nov 15th, 2005 @ 12:57am

    Spread the Message.

    Spread the message, let the RIAA know that we aren't taking their crap anymore. Let them know we're tried of being treated like criminals or that as their customers we don't matter. Let them know we are tired of them violating our rights.

    I am, and I'm contacting my Senator and letting him know how horribly Sony dealt with this problem and how nobody likes the way the RIAA and Hollywood is treating all of us. I'll also tell him that if it does stop we won't do business with these groups anymore.

    If all of us of voting age did this watch what happens with the RIAA and Hollywood. The almighty dollar talks, and if their revenue is treatened because we won't take it anymore just watch how fast they cave in.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Boo, Nov 15th, 2005 @ 3:10am

    Re: Spread the Message.

    I've stopped being angry; I dont care anymore because they are all ultimately doomed anyway unless they change their industry model... there is no room for a third party when artists can deliver directly over the net. The future is open licence music / media with alternative revenue streams. copy protection is not ever going to work. it will continue as a cat and mouse game (actually more like cat and very slow bug game)while open licence media silently overtakes the traditional model.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Bob3000, Nov 15th, 2005 @ 4:31am

    No Subject Given

    It will intesreting to know if Sony's retail numbers will this down this Xmas season and by how much.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    nonuser, Nov 15th, 2005 @ 5:00am

    they probably anticipated the expose

    when they decided to go with the rootkit approach, but thought they could bully their way out of it. "We're defending our IP", etc.

    Part of the problem may be a lack of net-savvy people in the upper ranks of the media companies. These guys are network programmers, lawyers and financial people. For instance this guy:

    http://www.usatoday.com/educate/college/careers/CEOs/6-13-05b.htm

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Jim Beam, Nov 15th, 2005 @ 5:16am

    No Subject Given

    This certainly makes me want to go out and buy CD's, Sony.

    Too bad, Bruce. Your label has just lost you a lot of sales.

    Jim

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Nov 15th, 2005 @ 5:49am

    No Subject Given

    I have a Sony Laptop. I used to like the company, but I am now certain that I will never buy anything from Sony anymore

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    sent them a message, Nov 15th, 2005 @ 6:26am

    what are the sony email addy's

    I went to the Sony/BMG site and the names of the executives are easy to find but not an email address. It's all well and good to say that we are not going to buy another Sony product but I'd like to tell that to ANDREW LACK the CEO of Sony/BMG. I've googled Mr. Lack (fill in joke about LACK of scruples here) with nothing that showed an email address. I'm flummoxed, can anyone find the email address of the executives of this division or maybe the email of the CEO of Sony itself. They NEED TO HEAR FROM ALL OF US. How about one of the authors who write these stories, little help....

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    The Other Mike, Nov 15th, 2005 @ 7:28am

    MS to remove rootkit...

    MSNBC.com is reporting that MS will remove the rootkit starting with the December updates. Apparently they pissed in all the wrong pots with this fiasco. When MS has to remove your crap you know you have sunk to an all-time low.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Nov 15th, 2005 @ 7:29am

    Re: what are the sony email addy's

    what are the sony email addy's?


    Who gives a shit? It's not important enough for me to clue Sony in to the way customers should be treated. They had the chance to do the right thing, and they fucked it up big time. They will find out that I'm not buying the products when they see the sales dip this Xmas.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Riley, Nov 15th, 2005 @ 7:36am

    Re: what are the sony email addy's

    Email is not the way to contact business execs... no one makes their email public these days if they actually care about what goes to the address because it gets innudated with spam. This happens to any random joe smoe when a crawler picks up your email address, let alone an exec in a major company with enemies.

    If you really want to make yourself heard, send a snail mail letter and copy your state's politicians on it. And do it properly, not internet flame style - that will just get your letter filed to the trash by an intern :) There are plenty of form letters out there that you can find about how to effectively file a complaint.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Joe Schmoe, Nov 15th, 2005 @ 7:56am

    No Subject Given

    meh. I actually feel safer visiting a porn site now than listening to a CD.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    giafly.com, Nov 15th, 2005 @ 8:03am

    Re: what are the sony email addy's

    Riley is right. Here's a mail address (via Slashdot).
    (1) Don't mail your letter(s) until the day after you write them; then check them again first.
    (2) Be very polite.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    melancolico catrin, Nov 15th, 2005 @ 8:53am

    Using Sony's own rootkit to DDoS them

    I'm still waiting on a zombie net that will actually take down the Sony site using their own rootkit... poetic justice.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Jason Hartzog, Nov 15th, 2005 @ 10:02am

    Rootkit

    Hello sony,
    I feel so sorry for the artists you have now. Their sales are about to take a major hit. Way to think about them when you were saying you did nothing wrong. I hope you weren't planning me buying a PS3.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Grifter, Nov 15th, 2005 @ 11:01am

    Re: Rootkit

    Yeah, no PS3 or any other Sony product...

    I will stick with an Xbox 360.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    thatguy, Nov 15th, 2005 @ 11:02am

    hmmm interesting...

    "All along, the pattern has been the same. Deny as much as possible. Never actually apologize. Do as little as possible to fix the problem and hope that the attention dies down."

    Anyone ever had a shitty relationship with a person fitting these characteristics? Sounds like immaturity to me...

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Javi0084, Nov 15th, 2005 @ 11:12am

    Boycott Sony.

    I WAS going to buy a PS3 after the price went down but I am not going to do business with this company ever again. No more Sony products for me.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Mike Chantry, Nov 15th, 2005 @ 11:59am

    Re: graphic

    Yeah, maybe they should change the logo to just SORRY instead of SONY! As in ooopppsss, we're sorry we got caught with our pants down and we didn't do anything wrong!

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    mike-ish, Nov 15th, 2005 @ 11:02pm

    shift key

    what's really funny is that turning off AutoRun or using the infamous Shift key override will keep their software off your machine. sharpie marker not included. boycotting Sony until the end of their existence works too. Sony just handed the game console market to M$ for the foreseeable future.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Dan Talbot, Nov 21st, 2005 @ 6:16am

    Sony MediaMax spyware damages DVD writer functiona

    Talk about having a banana in their ear, Sony sent me the following reply
    when I tried to alert them to the problem caused by MediaMax software being
    totally incompatible with Windows XP Media Center on their Sony VAIO desktop
    'puter. The idiots had the nerve to speculate that I might have a defective
    music CD from their own plant. What yahoos!!!!!
    Dan
    ----- Original Message -----
    From: "SOS"
    To:
    Sent: Monday, November 21, 2005 7:45 AM
    Subject: Re: VGC-RA820G (KMM15618491I21924L0KM)

    > Daniel Talbot,
    >
    > Thank you for contacting Sony Online Support.
    >
    > You have reached the Sony Electronics product support team. Unfortunately
    > we do not have the resources required to assist with Sony Music BMG
    > Entertainment products. We would recommend you contact the division of
    > Sony BMG responsible for providing the support for your product. Their
    > contact information will be printed on the Jewel case insert of your CD.
    >
    > TIP: If you believe you have faulty CD media, please contact
    > their quality team for replacement at: 800-255-7514.
    >
    > Sony Music / BMG
    > 550 Madison Ave.
    > New York, NY 10022
    > http://www.sonymusic.com/feedback
    >
    > Thank You,
    >
    > Your Sony Email Response Team
    > CC2S
    > Mike
    >
    >
    > This message and any attachments are solely for the use of intended
    > recipients. They may contain privileged and/or confidential information.
    > If you are not the intended recipient, you are hereby notified that you
    > received this email in error, and that any review, dissemination,
    > distribution or copying of this email and any attachment is strictly
    > prohibited. If you receive this email in error please contact the sender
    > and delete the message and any attachments associated therewith from your
    > computer. Your cooperation in this matter is appreciated.
    >
    > Original Message Follows:
    > ------------------------
    > Email Address: ttechcorp@earthlink.net
    > Recip : sos
    > Future Mail : No
    > Name : Talbot, Daniel
    > Address : 1 Dean Street
    > :
    > : Hudson, MA 01749
    > Phone : 978-562-5820
    > Model/SN : VGC-RA820G / 3000614
    > OS : Windows XP
    > Hardware : DVD/DVDRW Drives
    > Issue : Compatibility With Another Sony Product
    > Type : Support
    > :
    > Message : Microsoft defines SunnComm's MediaMax software as
    > "Malware". MAL for malformed (or for malicious, take your pick).
    > Microsoft is planning a removal tool to find and delete this module.
    > Trend Micro's Anti-Spyware (and many others) does NOT find this problem
    > code. This piece of "malware" or spyware is insidious because it is so
    > poorly written that although it is not intended to be a virus, hackers can
    > find it and exploit it to cause havoc on your computer.
    >
    > It has caused my corporate computer to intermittently lock up. The
    > symptom is the DVD writer drive light comes on and stays on periodically,
    > preventing any use of the computer while this is happening. I should sue
    > SONY and SunnComm (MediaMax). There is plenty of info to support a
    > lawsuit if I could find the time. Want to know where this code comes
    > from? You buy a PAID copy of a Sony CD. You want to listen to it on your
    > computer, so you insert it into a CD or DVD drive. Before you can give
    > your consent, it installs a small program to "phone home" whenever you
    > play a copyrighted CD or DVD (assuming you're a pirate, even though you
    > PAID for the stupid thing!). Fine, except that this violates law. You
    > haven't consented to the installation (so the subsequent EULA,
    > "end-user-license-agreement" is probably non-binding). And it hides
    > itself in your system folder.
    >
    > In my case, I was convinced the problem was hardwaare, and called tech
    > support for my computer, which is, guess what, a SONY !!!! They agreed
    > with my bad diagnosis that it was my DVD drive at fault, and sent a repair
    > person out here to replace it, which he did. For one day, I thought the
    > problem was fixed, but the next day it resurfaced. Then I remembered
    > having played a CD from SONY which autoloaded something on my screen. So
    > I found that CD, looked more carefully at what the messages were, and it
    > said "MediaMax" proudly displayed at the top of the menu. Go do a Google
    > seaarch on this and you will be horrified. The only way to completely
    > un-install it is to reformat the hard drive, but you can cripple it by
    > deleting some files from your system.
    >
    > The irony of this is the fact that SONY's own tech support for its VAIO
    > computer line was unaware of this malware, and so it spent internal money
    > trying to fix a problem which another division of its bloated organization
    > caused !!! Don't say I didn't send you a valuable warning. Be careful
    > about inserting any SONY or RCA/BMG CD or DVD's into your machine unless
    > you have time to burn trying to salvage proper functioning of your 'puter.
    >
    > Regards,
    > Dan Talbot, President
    > Talbot Technology (T-TECH) Corp
    > 1 Dean Street / PO Box 151
    > Hudson, MA 01749
    >
    > electronics engineering consultants
    >
    > web: www.ttechcorp.com
    > web: www.talbtech.com
    >
    > phone: (978) 562-5820
    >
    >

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    taylor, May 1st, 2006 @ 3:14pm

    e invented a new portable nintendo thing!!!!!!!

    hi,
    i have invented the PSTS it is a Play Station Touch Screen!if u give my your mail address i can give you pictures of it for you!so can you email me back and give me your mail address i can send you some pictures of it in the mail!!!!you don't have to create it this year.if you decide games for them could i have THESE GAMES,nintendogs,super mario 64,animal crossing,mariokart,harvest moon,underground and
    dogz! if you invent it could send me one with nintendogs and mariokart please!i'm not saying you have to invent it i'm just saying i would love it if you did!!!!!!!!!
    please could you try to invent it!!!!!!!
    taylor

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This