Sony BMG And The Art Of Too Little, Too Late: Finally Agrees To Pull Rootkit CDs

from the really-want-to-stop-writing-about-this-story dept

The Sony BMG rootkit fiasco gets worse every day. However, the latest shows how badly Sony continues to react to the problem. When it first was noticed they didn’t do much until the outcry got loud enough — and then defiantly said it didn’t cause a security problem while offering a very minimal patch that actually made the situation worse. Basically, they did as little as possible, while hoping that by saying they released a patch and telling everyone not to worry, the story would blow over. It didn’t. And, as things continued to get worse and Sony BMG looked more and more ridiculous, the company again did as little as possible: saying they would stop putting out new CDs with the rootkit, but not apologizing, not pulling the rootkitted CDs from store shelves, and not offering any way to return the problem CDs. Instead, they just offered a removal tool, that we learned earlier today is actually a serious security hole on its own. So what does Sony BMG do now that the heat still hasn’t gone away? They finally agree to pull the CDs from stores and offer a swap for people who bought the problematic CDs. All along, the pattern has been the same. Deny as much as possible. Never actually apologize. Do as little as possible to fix the problem and hope that the attention dies down. The move that they’re doing now is what they should have done from the very beginning (with an apology), but instead they tried to do everything to deny there was a problem and stonewall.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Sony BMG And The Art Of Too Little, Too Late: Finally Agrees To Pull Rootkit CDs”

Subscribe: RSS Leave a comment
Michael "TheZorch" Haney (profile) says:

Re: Spread the Message.

Spread the message, let the RIAA know that we aren’t taking their crap anymore. Let them know we’re tried of being treated like criminals or that as their customers we don’t matter. Let them know we are tired of them violating our rights.

I am, and I’m contacting my Senator and letting him know how horribly Sony dealt with this problem and how nobody likes the way the RIAA and Hollywood is treating all of us. I’ll also tell him that if it does stop we won’t do business with these groups anymore.

If all of us of voting age did this watch what happens with the RIAA and Hollywood. The almighty dollar talks, and if their revenue is treatened because we won’t take it anymore just watch how fast they cave in.

Boo says:

Re: Re: Spread the Message.

I’ve stopped being angry; I dont care anymore because they are all ultimately doomed anyway unless they change their industry model… there is no room for a third party when artists can deliver directly over the net. The future is open licence music / media with alternative revenue streams. copy protection is not ever going to work. it will continue as a cat and mouse game (actually more like cat and very slow bug game)while open licence media silently overtakes the traditional model.

nonuser says:

they probably anticipated the expose

when they decided to go with the rootkit approach, but thought they could bully their way out of it. “We’re defending our IP”, etc.

Part of the problem may be a lack of net-savvy people in the upper ranks of the media companies. These guys are network programmers, lawyers and financial people. For instance this guy:

sent them a message says:

what are the sony email addy's

I went to the Sony/BMG site and the names of the executives are easy to find but not an email address. It’s all well and good to say that we are not going to buy another Sony product but I’d like to tell that to ANDREW LACK the CEO of Sony/BMG. I’ve googled Mr. Lack (fill in joke about LACK of scruples here) with nothing that showed an email address. I’m flummoxed, can anyone find the email address of the executives of this division or maybe the email of the CEO of Sony itself. They NEED TO HEAR FROM ALL OF US. How about one of the authors who write these stories, little help….

Anonymous Coward says:

Re: what are the sony email addy's

what are the sony email addy’s?

Who gives a shit? It’s not important enough for me to clue Sony in to the way customers should be treated. They had the chance to do the right thing, and they fucked it up big time. They will find out that I’m not buying the products when they see the sales dip this Xmas.

Riley says:

Re: what are the sony email addy's

Email is not the way to contact business execs… no one makes their email public these days if they actually care about what goes to the address because it gets innudated with spam. This happens to any random joe smoe when a crawler picks up your email address, let alone an exec in a major company with enemies.

If you really want to make yourself heard, send a snail mail letter and copy your state’s politicians on it. And do it properly, not internet flame style – that will just get your letter filed to the trash by an intern 🙂 There are plenty of form letters out there that you can find about how to effectively file a complaint.

Dan Talbot (user link) says:

Sony MediaMax spyware damages DVD writer functiona

Talk about having a banana in their ear, Sony sent me the following reply
when I tried to alert them to the problem caused by MediaMax software being
totally incompatible with Windows XP Media Center on their Sony VAIO desktop
‘puter. The idiots had the nerve to speculate that I might have a defective
music CD from their own plant. What yahoos!!!!!
—– Original Message —–
From: “SOS”
Sent: Monday, November 21, 2005 7:45 AM
Subject: Re: VGC-RA820G (KMM15618491I21924L0KM)

> Daniel Talbot,
> Thank you for contacting Sony Online Support.
> You have reached the Sony Electronics product support team. Unfortunately
> we do not have the resources required to assist with Sony Music BMG
> Entertainment products. We would recommend you contact the division of
> Sony BMG responsible for providing the support for your product. Their
> contact information will be printed on the Jewel case insert of your CD.
> TIP: If you believe you have faulty CD media, please contact
> their quality team for replacement at: 800-255-7514.
> Sony Music / BMG
> 550 Madison Ave.
> New York, NY 10022
> Thank You,
> Your Sony Email Response Team
> CC2S
> Mike
> This message and any attachments are solely for the use of intended
> recipients. They may contain privileged and/or confidential information.
> If you are not the intended recipient, you are hereby notified that you
> received this email in error, and that any review, dissemination,
> distribution or copying of this email and any attachment is strictly
> prohibited. If you receive this email in error please contact the sender
> and delete the message and any attachments associated therewith from your
> computer. Your cooperation in this matter is appreciated.
> Original Message Follows:
> ————————
> Email Address:
> Recip : sos
> Future Mail : No
> Name : Talbot, Daniel
> Address : 1 Dean Street
> :
> : Hudson, MA 01749
> Phone : 978-562-5820
> Model/SN : VGC-RA820G / 3000614
> OS : Windows XP
> Hardware : DVD/DVDRW Drives
> Issue : Compatibility With Another Sony Product
> Type : Support
> :
> Message : Microsoft defines SunnComm’s MediaMax software as
> “Malware”. MAL for malformed (or for malicious, take your pick).
> Microsoft is planning a removal tool to find and delete this module.
> Trend Micro’s Anti-Spyware (and many others) does NOT find this problem
> code. This piece of “malware” or spyware is insidious because it is so
> poorly written that although it is not intended to be a virus, hackers can
> find it and exploit it to cause havoc on your computer.
> It has caused my corporate computer to intermittently lock up. The
> symptom is the DVD writer drive light comes on and stays on periodically,
> preventing any use of the computer while this is happening. I should sue
> SONY and SunnComm (MediaMax). There is plenty of info to support a
> lawsuit if I could find the time. Want to know where this code comes
> from? You buy a PAID copy of a Sony CD. You want to listen to it on your
> computer, so you insert it into a CD or DVD drive. Before you can give
> your consent, it installs a small program to “phone home” whenever you
> play a copyrighted CD or DVD (assuming you’re a pirate, even though you
> PAID for the stupid thing!). Fine, except that this violates law. You
> haven’t consented to the installation (so the subsequent EULA,
> “end-user-license-agreement” is probably non-binding). And it hides
> itself in your system folder.
> In my case, I was convinced the problem was hardwaare, and called tech
> support for my computer, which is, guess what, a SONY !!!! They agreed
> with my bad diagnosis that it was my DVD drive at fault, and sent a repair
> person out here to replace it, which he did. For one day, I thought the
> problem was fixed, but the next day it resurfaced. Then I remembered
> having played a CD from SONY which autoloaded something on my screen. So
> I found that CD, looked more carefully at what the messages were, and it
> said “MediaMax” proudly displayed at the top of the menu. Go do a Google
> seaarch on this and you will be horrified. The only way to completely
> un-install it is to reformat the hard drive, but you can cripple it by
> deleting some files from your system.
> The irony of this is the fact that SONY’s own tech support for its VAIO
> computer line was unaware of this malware, and so it spent internal money
> trying to fix a problem which another division of its bloated organization
> caused !!! Don’t say I didn’t send you a valuable warning. Be careful
> about inserting any SONY or RCA/BMG CD or DVD’s into your machine unless
> you have time to burn trying to salvage proper functioning of your ‘puter.
> Regards,
> Dan Talbot, President
> Talbot Technology (T-TECH) Corp
> 1 Dean Street / PO Box 151
> Hudson, MA 01749
> electronics engineering consultants
> web:
> web:
> phone: (978) 562-5820

taylor says:

e invented a new portable nintendo thing!!!!!!!


i have invented the PSTS it is a Play Station Touch Screen!if u give my your mail address i can give you pictures of it for you!so can you email me back and give me your mail address i can send you some pictures of it in the mail!!!!you don’t have to create it this year.if you decide games for them could i have THESE GAMES,nintendogs,super mario 64,animal crossing,mariokart,harvest moon,underground and

dogz! if you invent it could send me one with nintendogs and mariokart please!i’m not saying you have to invent it i’m just saying i would love it if you did!!!!!!!!!

please could you try to invent it!!!!!!!


Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...