by Mike Masnick

Sony BMG And The Art Of Too Little, Too Late: Finally Agrees To Pull Rootkit CDs

from the really-want-to-stop-writing-about-this-story dept

The Sony BMG rootkit fiasco gets worse every day. However, the latest shows how badly Sony continues to react to the problem. When it first was noticed they didn't do much until the outcry got loud enough -- and then defiantly said it didn't cause a security problem while offering a very minimal patch that actually made the situation worse. Basically, they did as little as possible, while hoping that by saying they released a patch and telling everyone not to worry, the story would blow over. It didn't. And, as things continued to get worse and Sony BMG looked more and more ridiculous, the company again did as little as possible: saying they would stop putting out new CDs with the rootkit, but not apologizing, not pulling the rootkitted CDs from store shelves, and not offering any way to return the problem CDs. Instead, they just offered a removal tool, that we learned earlier today is actually a serious security hole on its own. So what does Sony BMG do now that the heat still hasn't gone away? They finally agree to pull the CDs from stores and offer a swap for people who bought the problematic CDs. All along, the pattern has been the same. Deny as much as possible. Never actually apologize. Do as little as possible to fix the problem and hope that the attention dies down. The move that they're doing now is what they should have done from the very beginning (with an apology), but instead they tried to do everything to deny there was a problem and stonewall.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    Michael Vilain, 14 Nov 2005 @ 11:42pm

    Sony could learn something from the yakuza...

    Just have every senior-level VP involved--hell, why not all of them--cut off their pinkies. Any with no pinkies left comits sepuku or kills their first born or spouse or watches both these events and is killed afterward.

    [no, I only watched KILL, BILL VOL 1]

    reply to this | link to this | view in chronology ]

    • identicon
      Michael "TheZorch" Haney, 15 Nov 2005 @ 12:57am

      Spread the Message.

      Spread the message, let the RIAA know that we aren't taking their crap anymore. Let them know we're tried of being treated like criminals or that as their customers we don't matter. Let them know we are tired of them violating our rights.

      I am, and I'm contacting my Senator and letting him know how horribly Sony dealt with this problem and how nobody likes the way the RIAA and Hollywood is treating all of us. I'll also tell him that if it does stop we won't do business with these groups anymore.

      If all of us of voting age did this watch what happens with the RIAA and Hollywood. The almighty dollar talks, and if their revenue is treatened because we won't take it anymore just watch how fast they cave in.

      reply to this | link to this | view in chronology ]

      • identicon
        Boo, 15 Nov 2005 @ 3:10am

        Re: Spread the Message.

        I've stopped being angry; I dont care anymore because they are all ultimately doomed anyway unless they change their industry model... there is no room for a third party when artists can deliver directly over the net. The future is open licence music / media with alternative revenue streams. copy protection is not ever going to work. it will continue as a cat and mouse game (actually more like cat and very slow bug game)while open licence media silently overtakes the traditional model.

        reply to this | link to this | view in chronology ]

  • identicon
    Boo, 15 Nov 2005 @ 12:51am


    you guys are going to have to come up with a new graphic / topic heading just for this sony saga. I suggest the sony logo spelt wrong ;p

    reply to this | link to this | view in chronology ]

    • identicon
      Mike Chantry, 15 Nov 2005 @ 11:59am

      Re: graphic

      Yeah, maybe they should change the logo to just SORRY instead of SONY! As in ooopppsss, we're sorry we got caught with our pants down and we didn't do anything wrong!

      reply to this | link to this | view in chronology ]

  • identicon
    Bob3000, 15 Nov 2005 @ 4:31am

    No Subject Given

    It will intesreting to know if Sony's retail numbers will this down this Xmas season and by how much.

    reply to this | link to this | view in chronology ]

  • identicon
    nonuser, 15 Nov 2005 @ 5:00am

    they probably anticipated the expose

    when they decided to go with the rootkit approach, but thought they could bully their way out of it. "We're defending our IP", etc.

    Part of the problem may be a lack of net-savvy people in the upper ranks of the media companies. These guys are network programmers, lawyers and financial people. For instance this guy:

    reply to this | link to this | view in chronology ]

  • identicon
    Jim Beam, 15 Nov 2005 @ 5:16am

    No Subject Given

    This certainly makes me want to go out and buy CD's, Sony.

    Too bad, Bruce. Your label has just lost you a lot of sales.


    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Nov 2005 @ 5:49am

    No Subject Given

    I have a Sony Laptop. I used to like the company, but I am now certain that I will never buy anything from Sony anymore

    reply to this | link to this | view in chronology ]

  • identicon
    sent them a message, 15 Nov 2005 @ 6:26am

    what are the sony email addy's

    I went to the Sony/BMG site and the names of the executives are easy to find but not an email address. It's all well and good to say that we are not going to buy another Sony product but I'd like to tell that to ANDREW LACK the CEO of Sony/BMG. I've googled Mr. Lack (fill in joke about LACK of scruples here) with nothing that showed an email address. I'm flummoxed, can anyone find the email address of the executives of this division or maybe the email of the CEO of Sony itself. They NEED TO HEAR FROM ALL OF US. How about one of the authors who write these stories, little help....

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Nov 2005 @ 7:29am

      Re: what are the sony email addy's

      what are the sony email addy's?

      Who gives a shit? It's not important enough for me to clue Sony in to the way customers should be treated. They had the chance to do the right thing, and they fucked it up big time. They will find out that I'm not buying the products when they see the sales dip this Xmas.

      reply to this | link to this | view in chronology ]

    • identicon
      Riley, 15 Nov 2005 @ 7:36am

      Re: what are the sony email addy's

      Email is not the way to contact business execs... no one makes their email public these days if they actually care about what goes to the address because it gets innudated with spam. This happens to any random joe smoe when a crawler picks up your email address, let alone an exec in a major company with enemies.

      If you really want to make yourself heard, send a snail mail letter and copy your state's politicians on it. And do it properly, not internet flame style - that will just get your letter filed to the trash by an intern :) There are plenty of form letters out there that you can find about how to effectively file a complaint.

      reply to this | link to this | view in chronology ]

  • identicon
    The Other Mike, 15 Nov 2005 @ 7:28am

    MS to remove rootkit... is reporting that MS will remove the rootkit starting with the December updates. Apparently they pissed in all the wrong pots with this fiasco. When MS has to remove your crap you know you have sunk to an all-time low.

    reply to this | link to this | view in chronology ]

  • identicon
    Joe Schmoe, 15 Nov 2005 @ 7:56am

    No Subject Given

    meh. I actually feel safer visiting a porn site now than listening to a CD.

    reply to this | link to this | view in chronology ]

  • identicon
    melancolico catrin, 15 Nov 2005 @ 8:53am

    Using Sony's own rootkit to DDoS them

    I'm still waiting on a zombie net that will actually take down the Sony site using their own rootkit... poetic justice.

    reply to this | link to this | view in chronology ]

  • identicon
    Jason Hartzog, 15 Nov 2005 @ 10:02am


    Hello sony,
    I feel so sorry for the artists you have now. Their sales are about to take a major hit. Way to think about them when you were saying you did nothing wrong. I hope you weren't planning me buying a PS3.

    reply to this | link to this | view in chronology ]

  • identicon
    thatguy, 15 Nov 2005 @ 11:02am

    hmmm interesting...

    "All along, the pattern has been the same. Deny as much as possible. Never actually apologize. Do as little as possible to fix the problem and hope that the attention dies down."

    Anyone ever had a shitty relationship with a person fitting these characteristics? Sounds like immaturity to me...

    reply to this | link to this | view in chronology ]

  • identicon
    Javi0084, 15 Nov 2005 @ 11:12am

    Boycott Sony.

    I WAS going to buy a PS3 after the price went down but I am not going to do business with this company ever again. No more Sony products for me.

    reply to this | link to this | view in chronology ]

  • identicon
    mike-ish, 15 Nov 2005 @ 11:02pm

    shift key

    what's really funny is that turning off AutoRun or using the infamous Shift key override will keep their software off your machine. sharpie marker not included. boycotting Sony until the end of their existence works too. Sony just handed the game console market to M$ for the foreseeable future.

    reply to this | link to this | view in chronology ]

  • identicon
    Dan Talbot, 21 Nov 2005 @ 6:16am

    Sony MediaMax spyware damages DVD writer functiona

    Talk about having a banana in their ear, Sony sent me the following reply
    when I tried to alert them to the problem caused by MediaMax software being
    totally incompatible with Windows XP Media Center on their Sony VAIO desktop
    'puter. The idiots had the nerve to speculate that I might have a defective
    music CD from their own plant. What yahoos!!!!!
    ----- Original Message -----
    From: "SOS"
    Sent: Monday, November 21, 2005 7:45 AM
    Subject: Re: VGC-RA820G (KMM15618491I21924L0KM)

    > Daniel Talbot,
    > Thank you for contacting Sony Online Support.
    > You have reached the Sony Electronics product support team. Unfortunately
    > we do not have the resources required to assist with Sony Music BMG
    > Entertainment products. We would recommend you contact the division of
    > Sony BMG responsible for providing the support for your product. Their
    > contact information will be printed on the Jewel case insert of your CD.
    > TIP: If you believe you have faulty CD media, please contact
    > their quality team for replacement at: 800-255-7514.
    > Sony Music / BMG
    > 550 Madison Ave.
    > New York, NY 10022
    > Thank You,
    > Your Sony Email Response Team
    > CC2S
    > Mike
    > This message and any attachments are solely for the use of intended
    > recipients. They may contain privileged and/or confidential information.
    > If you are not the intended recipient, you are hereby notified that you
    > received this email in error, and that any review, dissemination,
    > distribution or copying of this email and any attachment is strictly
    > prohibited. If you receive this email in error please contact the sender
    > and delete the message and any attachments associated therewith from your
    > computer. Your cooperation in this matter is appreciated.
    > Original Message Follows:
    > ------------------------
    > Email Address:
    > Recip : sos
    > Future Mail : No
    > Name : Talbot, Daniel
    > Address : 1 Dean Street
    > :
    > : Hudson, MA 01749
    > Phone : 978-562-5820
    > Model/SN : VGC-RA820G / 3000614
    > OS : Windows XP
    > Hardware : DVD/DVDRW Drives
    > Issue : Compatibility With Another Sony Product
    > Type : Support
    > :
    > Message : Microsoft defines SunnComm's MediaMax software as
    > "Malware". MAL for malformed (or for malicious, take your pick).
    > Microsoft is planning a removal tool to find and delete this module.
    > Trend Micro's Anti-Spyware (and many others) does NOT find this problem
    > code. This piece of "malware" or spyware is insidious because it is so
    > poorly written that although it is not intended to be a virus, hackers can
    > find it and exploit it to cause havoc on your computer.
    > It has caused my corporate computer to intermittently lock up. The
    > symptom is the DVD writer drive light comes on and stays on periodically,
    > preventing any use of the computer while this is happening. I should sue
    > SONY and SunnComm (MediaMax). There is plenty of info to support a
    > lawsuit if I could find the time. Want to know where this code comes
    > from? You buy a PAID copy of a Sony CD. You want to listen to it on your
    > computer, so you insert it into a CD or DVD drive. Before you can give
    > your consent, it installs a small program to "phone home" whenever you
    > play a copyrighted CD or DVD (assuming you're a pirate, even though you
    > PAID for the stupid thing!). Fine, except that this violates law. You
    > haven't consented to the installation (so the subsequent EULA,
    > "end-user-license-agreement" is probably non-binding). And it hides
    > itself in your system folder.
    > In my case, I was convinced the problem was hardwaare, and called tech
    > support for my computer, which is, guess what, a SONY !!!! They agreed
    > with my bad diagnosis that it was my DVD drive at fault, and sent a repair
    > person out here to replace it, which he did. For one day, I thought the
    > problem was fixed, but the next day it resurfaced. Then I remembered
    > having played a CD from SONY which autoloaded something on my screen. So
    > I found that CD, looked more carefully at what the messages were, and it
    > said "MediaMax" proudly displayed at the top of the menu. Go do a Google
    > seaarch on this and you will be horrified. The only way to completely
    > un-install it is to reformat the hard drive, but you can cripple it by
    > deleting some files from your system.
    > The irony of this is the fact that SONY's own tech support for its VAIO
    > computer line was unaware of this malware, and so it spent internal money
    > trying to fix a problem which another division of its bloated organization
    > caused !!! Don't say I didn't send you a valuable warning. Be careful
    > about inserting any SONY or RCA/BMG CD or DVD's into your machine unless
    > you have time to burn trying to salvage proper functioning of your 'puter.
    > Regards,
    > Dan Talbot, President
    > Talbot Technology (T-TECH) Corp
    > 1 Dean Street / PO Box 151
    > Hudson, MA 01749
    > electronics engineering consultants
    > web:
    > web:
    > phone: (978) 562-5820

    reply to this | link to this | view in chronology ]

  • identicon
    taylor, 1 May 2006 @ 3:14pm

    e invented a new portable nintendo thing!!!!!!!

    i have invented the PSTS it is a Play Station Touch Screen!if u give my your mail address i can give you pictures of it for you!so can you email me back and give me your mail address i can send you some pictures of it in the mail!!!!you don't have to create it this year.if you decide games for them could i have THESE GAMES,nintendogs,super mario 64,animal crossing,mariokart,harvest moon,underground and
    dogz! if you invent it could send me one with nintendogs and mariokart please!i'm not saying you have to invent it i'm just saying i would love it if you did!!!!!!!!!
    please could you try to invent it!!!!!!!

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.