JohnnyWalkerBlackLabel
11-15-2005, 12:36 PM
'Protected' CDs raise ruckus, prompt suits
By: Charlie Moran - The Daily Iowan
Issue date: 11/14/05 Section: Metro
When UI freshman Jake Schumer bought Trey Anastasio's new album, Shine, two weeks ago, he had no idea the disc might contain more than playful psychedelic pop songs. But, buried within the ones and zeroes of musical data lurked a copy-protection system, Extended Copy Protection, that not only prevented Schumer from importing the songs onto his iPod, it also may have put his computer at the mercy of hackers.
Schumer's CD is one of 2 million Sony BMG has outfitted with the copy protection, which has already triggered a two-week squall of media attention, consumer outrage, lawsuits, an international investigation, and the spread of two Internet worms. Sony BMG reluctantly pulled the plug on its protection scheme on Nov. 11; while not directly accepting fault for security vulnerabilities, the company acknowledged a computer virus circulating that "may affect computers" with the software.
Jason Alexander, senior security analyst for UI Information Technology Services, said the software makes Windows users susceptible to identity theft and computers vulnerable to "a gauntlet of malicious software." The copy-protection software is difficult for students to install on ITC computers, but privately owned machines are prone to hacker hijacking.
Since March, Sony BMG has implemented the protection scheme into 20 albums, including new releases from Neil Diamond and Our Lady Peace. With the software, consumers may only rip songs to a digital copy-protected format, burn three CD copies of any one album, and transfer music to compatible MP3 players - iPods excluded.
The protected CDs sound garbled when played in Windows Media Player and iTunes. Users may only listen to music on their computer after agreeing to use the bundled Media Player. When run for the first time, the player permanently installs a "rootkit" into Windows, a kind of spyware used by hackers and cyber-extortionists to access a computer while hiding traces of the software.
Sony avoids using the word "rootkit" and states on its website, "The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive."
Douglas Jones, a UI associate professor of computer science, disagrees. He said the rootkit provides "unlimited access to a system" and a cloaking device that can be used by destructive programs as an "umbrella to hide and sneak in the door."
On Nov. 12, Microsoft announced that future updates of its AntiSpyware software would remove Sony's rootkit.
"We recommend rebuilding the system," Alexander said about those machines plagued by rootkits. "It's the only 100 percent sure way."
With a class-action lawsuit against Sony pending in California and a nationwide suit expected Wednesday, the company's headache over rootkits and the Extend Copy Protection will probably continue into the near future.
The Recording Industry Association of America estimates that the music industry loses $4.2 billion a year worldwide to piracy. And both Sony and EMI currently produce non-Extended Copy Protection CDs in limited numbers to deter "casual piracy." Frustrated music listeners such as Schumer who own the protected CDs believe they should be able to transfer music to their iPods and not be made vulnerable when they legally purchase music.
"I feel the reason they did this was because people were stealing music," Schumer said. "I'm not stealing; I'm giving them money."
By: Charlie Moran - The Daily Iowan
Issue date: 11/14/05 Section: Metro
When UI freshman Jake Schumer bought Trey Anastasio's new album, Shine, two weeks ago, he had no idea the disc might contain more than playful psychedelic pop songs. But, buried within the ones and zeroes of musical data lurked a copy-protection system, Extended Copy Protection, that not only prevented Schumer from importing the songs onto his iPod, it also may have put his computer at the mercy of hackers.
Schumer's CD is one of 2 million Sony BMG has outfitted with the copy protection, which has already triggered a two-week squall of media attention, consumer outrage, lawsuits, an international investigation, and the spread of two Internet worms. Sony BMG reluctantly pulled the plug on its protection scheme on Nov. 11; while not directly accepting fault for security vulnerabilities, the company acknowledged a computer virus circulating that "may affect computers" with the software.
Jason Alexander, senior security analyst for UI Information Technology Services, said the software makes Windows users susceptible to identity theft and computers vulnerable to "a gauntlet of malicious software." The copy-protection software is difficult for students to install on ITC computers, but privately owned machines are prone to hacker hijacking.
Since March, Sony BMG has implemented the protection scheme into 20 albums, including new releases from Neil Diamond and Our Lady Peace. With the software, consumers may only rip songs to a digital copy-protected format, burn three CD copies of any one album, and transfer music to compatible MP3 players - iPods excluded.
The protected CDs sound garbled when played in Windows Media Player and iTunes. Users may only listen to music on their computer after agreeing to use the bundled Media Player. When run for the first time, the player permanently installs a "rootkit" into Windows, a kind of spyware used by hackers and cyber-extortionists to access a computer while hiding traces of the software.
Sony avoids using the word "rootkit" and states on its website, "The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive."
Douglas Jones, a UI associate professor of computer science, disagrees. He said the rootkit provides "unlimited access to a system" and a cloaking device that can be used by destructive programs as an "umbrella to hide and sneak in the door."
On Nov. 12, Microsoft announced that future updates of its AntiSpyware software would remove Sony's rootkit.
"We recommend rebuilding the system," Alexander said about those machines plagued by rootkits. "It's the only 100 percent sure way."
With a class-action lawsuit against Sony pending in California and a nationwide suit expected Wednesday, the company's headache over rootkits and the Extend Copy Protection will probably continue into the near future.
The Recording Industry Association of America estimates that the music industry loses $4.2 billion a year worldwide to piracy. And both Sony and EMI currently produce non-Extended Copy Protection CDs in limited numbers to deter "casual piracy." Frustrated music listeners such as Schumer who own the protected CDs believe they should be able to transfer music to their iPods and not be made vulnerable when they legally purchase music.
"I feel the reason they did this was because people were stealing music," Schumer said. "I'm not stealing; I'm giving them money."