The story goes on ... This in todays Desktop Pipeline Newsletter
Editor's Note: Smarten Up, Sony
Question: You have two pieces of computer code. Both install themselves on your PC without your permission or knowledge. Both hide their files from the operating system so that they can't be detected or removed. Both keep track of what you're doing on your PC. Both transmit the information they collect across the Internet. One was written by an anonymous slacker in either Peoria or Budapest and sold to a fat guy with multinational mob connections. The other was written by First 4 Internet Ltd. in London and sold to Sony BMG Music Entertainment, a multinational corporation.
Which of these pieces of software is malware?
For my money, both of them are.
Sony, for its part, says its "antipiracy" software is no such thing.
Forgive me, but Sony's credibility isn't at an all-time high with me right now -- not after last week's report that CDs from the company install a rootkit on PCs that play the disks. At the time I wondered how stupid could these guys be?. Then this morning The Boston Globe had a story saying the Sony spyware surreptitiously collects data.
I'm having trouble believing even Sony is so stupid they'd use a rootkit to invade the privacy of their own customers, so I'm inclined to accept their denial. I mean, anonymous slackers and fat mob guys don't have too much to lose from public-relations backlashes, but you'd think a company like Sony would have thought it through, wouldn't you?
Well, just wait, it gets worse.
After the rootkit foo hit the fan Sony posted a patch to reveal the files, and a link to contact the company for help in uninstalling the rootkit. But Mark Russinovich, one of the researchers who first revealed the Sony rootkit, told The Globe that the patch doesn't work and can cause data loss.
Sony and Mathew Gilliat-Smith, chief executive of First 4 Internet Ltd., the company that sold the rootkit to Sony, deny that, too.
"In theory there should be no concern," Gilliat-Smith told The Globe.
Yeah, right. I quote Balaban's Law: "In theory, theory and reality are the same thing. In reality, they're different."
My advice to Sony has short-term and long-term components:
In the short term, Sony, like later this afternoon, remove the rootkit from your CDs and offer to replace any copies that escaped into the wild for free. That won't keep the rootkit out of the hands of hackers, but it will perhaps reduce the annoyance felt by the rest of us.
And in the longer term, quit treating your customers like prison inmates. Treat them like customers. There's a solution to this whole CD piracy thing, and it works in a way that is very much in line with your business model: You sell me something.
In particular, you sell me a one-time license to do what I want with the products I buy from you. I'd even agree not engage in activities that materially reduce the market for your products, like distributing an unreasonable number of copies. If you'd figure out how I could do it, I'd be happy to pay a reasonable fee for copies I give to others, perhaps a couple of dollars, something equivalent to the profit you would make on the copy based on the figures you report to the recording artist in royalty statements.
I can hear you screaming, but believe me, I'm making a big compromise here. I don't treat any other company that sells me a product that way. I don't pay Ford a fee when I drive my car, for example.
I realize that computers and the Internet have changed things. But you've got to realize it, too. The quicker you do, the smarter you'll look, and right now, Sony, you could use the help because you're not looking so smart. If you got stuck in a police line-up I couldn't pick you out from the anonymous slackers and fat mob guys.
Editor, Desktop Pipeline