MadamHydra (madamhydra) wrote,

  • Mood:

Attack of the Stupid Pills(tm) - The Real-Life Corporate Edition

I've griped about how various characters in the Star Wars prequels and the Harry Potter books simply HAD to have gobbled down Stupid Pills(tm), because that's the only explanation for their incompetent behavior in certain movies/books (e.g., the Jedi Council in the Revenge of the Sith; most of the adults in Harry Potter and the Order of the Phoenix).

Well, it seems that certain individuals in the corporate/business world have also over-indulged in the very same Stupid Pills(tm). I'm referring to the entire Sony-BMG debacle involving the nefarious and exceedingly poorly coded DRM (digital rights management) software on some of their recently released audio CDs -- called XCP (Extended Copyright Protection).


Basically, this DRM software is supposed to prevent piracy by limiting the number of times you can copy/rip a CD. Unfortunately, it accomplishes this by surreptiously instally a little piece of nastiness called a 'rootkit' onto your PC which cloaks (hides) the actual DRM software. Unfortunately, due to its very nature, this rootkit thingie is imminently hackable AND therefore readily hijacked by even barely competent amateur virus/worm writers because: (1) it resides in the very lowest levels of the Windows OS, therefore making it almost impossible to get rid of, short of completely reinstalling Windows; and (2) its ability to hide not only itself, but virtually any other file/activity. Sweet, huh? Rootkits also tend to degrade system performance and cause nasty, persistent problems like random crashes, freezing, etc. By now, most security firms and even Microsoft are treating Sony's XCP software as spyware or malware, or at least a definite security vulnerability.

In fact, the rootkit/DRM software was so sneaky, it took a world renowned Windows expert (Mark Russinovich) who specializes in this sort of stuff to discover its presence and figure out what the hell it did and how to get rid of it. And he only tripped over it by accident. O_o So you can imagine what chances any normal computer user would have against this diabolical beastie.

BTW, if you disabled Autorun on your PC (a really, really good idea for security reasons -- just Google "disable autorun" and pick a reputable website), you get a lengthy EULA (End-User License Agreement) you have to agree to before you can play the CDs on your PC via Sony's proprietory software. But honestly, how many of us actually read through several pages of legalese when those things come up? And in this particular case, the EULA apparently flat out lies.

You can find a general rundown on this story on But most of the best coverage of this delightful PR debacle is in various blogs. For example: and Technorati.

Now I have no problems with artists and corporations earning money for their workproduct and even making a reasonable profit doing so. And yes, something needs to be done about rampant, brazen music piracy, etc. But Sony-BMG has chosen the most spectacularly dumb-assed way to do it, and when Sony-BMG got caught, they then showed incredible contempt for their customers -- their paying customers, whom they assume are (or will be) guilty of copying their precious music. Not your music, even though you spent good money for the CD, but their music.

One of my friends (who I consider a bit of a Luddite because she doesn't have a PC at home) wondered why I was so irritated with the situation since: (1) I mostly use a Mac; and (2) I didn't buy/use one of those nefarious CDs. Unfortunately, I'm afraid that she's exactly the sort of technically ignorant/oblivious consumer Mr. Thomas Hesse, Sony BMG's Global Digital Business President was thinking of (and hoping for!) when he said that "Most people, I think, don't even know what a rootkit is, so why should they care about it?" (in an interview on NPR).

Well, now the public is starting to learn, right? ::smirk::

And to paraphrase one blogger, "You don't need to know how to use a lockpick to know what it does and why it's a security risk."

Why does this fiasco involving Sony-BMG (and now the RIAA) make me so mad, even though I'm not personally affected? Perhaps it's because that since I don't own actual real estate, I tend to think of my computers as my castle, and I don't like strangers screwing around with my personal property without my permission and knowledge.

It's like asking a cable company to install cable in your house. You need cable to watch TV. The company installs the cable, but they also install a secret backdoor into your house that you don't know about. Then to add insult to injury, they don't even lock that secret backdoor properly so any unscrupulous knave who knows about this backdoor can open it and rob you blind, if not worse. And when you find out and complain, the cable company merely shrugs its shoulders and says that: (1) it's no big deal; (2) there is no security problem; and (3) we're just trying to keep people from stealing cable.

But perhaps most of all, it's the sheer, overwhelming blithering incompetence of this mess that aggravates me so!

-- There's Sony-BMG's incredible lack of business judgment for picking such a devious, customer-hostile method of 'protecting copyrights'. Whoohoo! What a brilliant way to treat customers who are silly enough to be honest and shell out money for your damn CDs.
-- There's Sony-BMG's incredible technical incompetence for licensing and using poorly written code to do it -- code which apparently contains portions which are copyrighted by other people and used WITHOUT permission. And then for providing uninstallers which create even more massive security holes than the original problem software. Terrific attempt at damage control.
-- There's Sony-BMG's incredible clumsy and arrogant handling of the public when they eventually got caught red-handed and exposed by a highly reputable Windows expert. Yup, they attempted the tried-and-true 'trivialize it' and 'sweep it under the rug' routines. They can't make the effort to put a remotely plausible spin on the current debacle?

Do you see now what I mean by massive corporate consumption of Stupid Pills(tm)? -_-

I know, if Sony's XCP software had been written properly and securely, Sony-BMG probably would gotten off relatively unscathed and unchastised. But Sony (and the farce of a company called First4Internet who supplied the software) manage to screw up both the original software and the uninstaller.

Listen, if even the Department of Homeland Security starts giving you not-so-subtle public warnings about excessive measures, that's a sure sign that you (i.e., Sony-BMG) have managed to seriously cross the line.

I do feel sorry for the artists caught up in this debacle. Regardless of the quality (or lack thereof) of the music, it's likely that those copy-protected CDs are going to be forever remembered for carrying spyware/malware. Oh joy for them.

BTW, Sony-BMG does have sneaky, vile DRM software that will affects Macs, only it's harder to install accidentally and easier to get rid of once installed.

::slithers off to cuddle her cute Mac Mini::


  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded