Sony: control sin limite
Sony coloca un sistema anticopia peligroso para el ordenador en dos millones de discos.
El dispositivo actúa como software espía, ya que envía información al exterior sobre los hábitos del usuario.
El software anticopia que la discográfica de Sony está colocando en sus discos es el centro de una gran polémica internacional. La causa son las contraindicaciones que el dispositivo tiene para el ordenador y la privacidad de los usuarios. El sistema está instalado en dos millones de discos, según datos de Computer Associates, aunque Sony no ha confirmado la cifra.
http://barcelona.indymedia.org/newswire/display/214573/index.php
Sony coloca un sistema anticopia peligroso para el ordenador en dos millones de discos.
El dispositivo actúa como software espía, ya que envía información al exterior sobre los hábitos del usuario.
El software anticopia que la discográfica de Sony está colocando en sus discos es el centro de una gran polémica internacional. La causa son las contraindicaciones que el dispositivo tiene para el ordenador y la privacidad de los usuarios. El sistema está instalado en dos millones de discos, según datos de Computer Associates, aunque Sony no ha confirmado la cifra.
http://barcelona.indymedia.org/newswire/display/214573/index.php
El sistema anticopia Sony XCP (Extended Copyright Protection) incluye un elemento denominado rootkit que al instalarse en ordenador, limita su capacidad normal y actúa como software espía, ya que envía información al exterior sobre los hábitos del usuario. Además, el dispositivo, que en la práctica resulta muy difícil de eliminar, puede colgar el sistema y posibilita que el ordenador sea atacado por agentes externos. Ante la avalancha de quejas, Sony ha publicado un parche para eliminar el rootkit,pero éste aún crea más problemas. Unas declaraciones de Thomas Hesse, presidente de la División de Negocio Digital Global de Sony BMG, han avivado la polémica: "La mayoría ni siquiera sabe lo que es un rootkit,entonces ¿por qué debería importarles?".
Sony BMG, que no ha facilitado la lista detallada de las grabaciones protegidas ni el nombre de los países donde han sido distribuidas, ha introducido este dispositivo dentro de una estrategia DRM (Digital Right Managament) para controlar la piratería y el número de copias privadas que se hacen. Estas son las que los usuarios tienen derecho a hacer de un disco que compran para usarlo, por ejemplo, en el reproductor del coche o en formato MP3.
El software de Sony se instala automáticamente en el ordenador con sólo reproducir los discos y sin un aviso explícito y claro al usuario. El dispositivo debería actuar a partir de un determinado número de copias, pero en realidad desestabiliza el sistema y provoca su mal funcionamiento o incluso el colapso si se intenta quitar el rootkit.
Mark Russinovich, el informático que ha destapado el caso, ha confirmado que el dispositivo de Sony funciona como espía, ya que "envía información a los servidores de Sony sobre la dirección IP del usuario en Internet y la música que escucha". Las críticas iniciales al dispositivo, se extienden también al parche publicado por Sony BMG en su web y que supuestamente debería servir para eliminarlo. Según Russinovich, "el parche puede ocasionar la caída del sistema".
La firma Computer Associates ha señalado que el software de Sony "es peligroso para el ordenador". Los laboratorios Kaspersky, especializados en antivirus, confirman que se trata de "un software espía y que al intentar quitarlo se puede colgar el sistema". Y la firma F-Secure señala que puede facilitar la entrada de hackers y virus en el sistema.
En Italia, la organización ALCEIEFI, por la libertad en la comunicación electrónica, ha pedido una investigación policial sobre el tema. Según Andrea Monti, su portavoz, "lo que ha hecho Sony es una delito desde la perspectiva de la ley italiana". En Norteamérica, el bufete Green Welling LLP, por la defensa del consumidor, ha anunciado que recaba información entre los afectados para presentar una demanda.
english*************************************************
SAN FRANCISCO — Mark Russinovich couldn’t understand how the rootkit had sneaked onto his system. An expert on the internals of the Windows operating system, he was careful when it came to computer security and generally had a pretty good idea of what was running on his PC at any given time. And yet the security tool he was using to check his PC was pretty clear: It had found the rootkit cloaking software typically used by virus and spyware writers.
After a bit of detective work, Russinovich eventually tracked down the source: a Sony BMG Music Entertainment CD titled Get Right with the Man, performed by country music duo Donnie and Johnny Van Zant.
It turns out that Sony is using techniques normally seen only in spyware and computer viruses in order to restrict the unauthorized copying of some of its music CDs. Sony’s software, licensed by Sony from a Banbury, UK, company called First 4 Internet, has become the basis of a dispute that once again pits computer advocates against an entertainment company experimenting with new ways to prevent the unauthorized copying of its products.
Sony has been using First 4’s XCP (Extended Copy Protection) software since early 2005 as a copy protection mechanism for some of its music CDs, according to Sony spokesperson John McKay. He could not say how many of Sony’s CDs currently use the XCP software, but he said it is one of two digital rights management products used by the company. The other is SunnComm’s MediaMax software, he said.
The XCP software prevents users from making more than three backup copies of any CD, and Sony puts an XCP notification on the back of CDs that use the mechanism, according to Mathew Gilliat-Smith, First 4’s chief executive officer.
Although the Van Zant CD software came with an end user license agreement (EULA) informing him that he would be installing software that would reside on his PC until removed, Russinovich, who works as chief software architect with systems software company Winternals Software, said he never expected to be installing a product that would then prove to be virtually undetectable and extremely difficult to remove.
Sony’s McKay believes that the disclosures in the license agreement are adequate. "I think the EULA’s pretty clear about what it is," he said. "The reason why consumers have really high acceptance levels of these content-protected discs is because they have the functionality that people want."
The First 4 software does nothing malicious and can be uninstalled, should the user want to remove it, McKay said.
That uninstall process is not exactly straightforward, however, and cannot be done through the Add or Remove Programs utility in the Windows control panel. When asked for instructions on how to uninstall the software, McKay directed the IDG News Service to a section of the Sonybmg.com Web site where users could ask Sony customer support for uninstall directions.
Although many computer users may not care much about the finer points of EULAs, people like Russinovich say Sony’s software calls a more important issue into question: Who gets to have control over your computer?
"When something like this installs and doesn’t advertise itself, you’ve lost control of your own computer," he said. "And the EULA description that they’ve presented doesn’t let you make an educated decision about whether you’d want this installed or not."
Ironically, the invasiveness of the XCP software punishes users who pay for their music, said Fred von Lohmann, staff attorney with the Electronic Frontier Foundation, a digital rights advocacy organization based in San Francisco. "They are installing software in a way that makes it very difficult for you to know what was installed and makes it very difficult to uninstall it. And, worst of all, the software is not very well written," he said. "I think most computer users will find that to be very outrageous."
Lawyers might also be interested in the software, von Lohmann said. The EFF attorney said a lawsuit was conceivable. "Sony is using a piece of your computer in a way that you didn’t expect or authorize," he said. "Depending on how clearly this was disclosed, some consumers may be able to make an argument that this is actually an unauthorized intrusion," he said. "It’s not beyond the realm of possibility that Sony BMG could be liable for this."
In 2001 the other provider of Sony copy protection software, SunnComm, was involved in a lawsuit that alleged that the company’s software, which was then being used by Music City Records, did not adequately notify consumers of its capabilities.
In the long term, Sony appears to be moving away from the techniques that have incensed Russinovich.
First 4’s Mathew Gilliat-Smith said his company has spent the last month developing a new version of the XCP software that does not use the controversial rootkit techniques. "We won’t use the same methodology that makes the software hidden in the way that people are concerned about," he said.
Neither Gilliat-Smith nor Sony’s McKay could say when this new software would begin appearing in Sony’s products or how many existing titles were shipping with the XCP software.
"This is a legitimate technology that we’ve been charged to produce," Gilliat-Smith said. "People who aren’t comfortable with the technology can apply to have the software removed."