Weekly Edition
Return to the Announcements page
| |||||||||||||
Sony's rootkit EULA
One might think that Sony's rootkit-installing CD was bad enough as it was. But the EFF read the accompanying license agreement and found that it gets worse. "Sony-BMG can install and use backdoors in the copy protection software or media player to 'enforce their rights' against you, at any time, without notice. And Sony-BMG disclaims any liability if this 'self help' crashes your computer, exposes you to security risks, or any other harm."
(Log in to post comments)
Sony's rootkit EULA Posted Nov 10, 2005 17:42 UTC (Thu) by mmarq (guest, #2332) [Link] " That 9 points only over my dead body... i wont buy it, i would restore it to the store pronto "
Meanwhile i'm very convinced that Linux still needs the label of *Virtual Impenetrability*, because the worst, an immensely over stated by a press mostly *arranged* arround old, short and misguieded views FUD, is yet to came.
http://www.eweek.com/article2/0,1895,1882889,00.asp
Remenber a not old episode about a strange failure to implement SAP on Red Hat ? Without any conspiracy, guess who is not much about cooperate with OSS
Enter capablities, a way to prevent a flush of rootkits and over FUDed worms
Microsoft already has someting much more safe cooking:
Sony's rootkit EULA Posted Nov 10, 2005 17:52 UTC (Thu) by kirkengaard (subscriber, #15022) [Link] A) Read point 6.
B) Did anything you linked have direct relevance to the article? Some of that belongs on the comments for Lipper, several articles back. Some of it is vaguely relevant as security models, but not to an article about an EULA. And SAP/Red Hat is totally in left field.
C) Your grammar needs work.
Sony's rootkit EULA Posted Nov 10, 2005 22:32 UTC (Thu) by mmarq (guest, #2332) [Link] Tipical! only wonder if you could make some comments full of errors and semantic faults, but that at least have some substance or at least point(link) to it.
a) at the least the stores that i usualy shop generally accept returns( in 24h to 48h) if i explain why and where something dont work for me,... even if i bought it without questions .
b)"Did anything you linked have direct relevance to the article?"... hello!?... EVERYTHING. The EULA analysed is a probatory fact of why establishing real safe systems can be void by license, if you transport that kind of license into your systems.
Its a legal not a technical issue, but that in my opinion *CAN* be solved you technical measures...
Almost nobody reads EULAS, outside IT departments, and if you could make systems that are absolute safe, you could make installing something without reading a EULA much more difficult, and installing something that demands authorithy and/or wants to touch importante parts of your system in a more or less transparent way for users, *absolutely impossible*, or only for fouls.
Perhaps those potencial fouls are people you despise because they are on systems not related to your direct line of work?( i ask) Perhaps if you could offer them a truly superior system then they could trust you!(got it).
c)Can you try to make a simple sentence, a phrase(any), in my natural speaking language(portuguese), without bothering too much about errors( at least try) ? I very much doubt that Linus and Andrew are anywhere near Shakespeare semantic correctness.
* Linux is an internacional multi language community *
Void the community with elitist or exclusivist issues and you void Linux no matter the technical arguments that you might present. And that is the worst that could happen. So dont be a danger!
Sony's rootkit EULA Posted Nov 11, 2005 7:47 UTC (Fri) by man_ls (subscriber, #15091) [Link] Microsoft already has someting much more safe cooking:Could you explain the gist of it in a few words? I don't feel like downloading security papers from Microsoft right now. I doubt it is much safer than anything. It goes directly against their business model: everything must work at first try, nobody should have to learn anything, business partners are free to do anything they like.
Sony's rootkit EULA Posted Nov 11, 2005 17:44 UTC (Fri) by mmarq (guest, #2332) [Link] Is this a test ?
Well, you should have read it!... its good stuff.
The principal IMO is a new paradigma for executing, in software-isolated processes and channels and absolute relience on type safe languages and compilation and runtime verification. Those isolated processes execute in domais that they call SIP(read)and are awful similar to encapsulate objects in a ObjectCapabilityModel( http://c2.com/cgi/wiki?ObjectCapabilityModel ).
Bottom line: they dont dump file systems and ACL, but they augment terribly the safeness and reliability of their systems.
(Sorry!)
Sony's rootkit EULA Posted Nov 10, 2005 18:11 UTC (Thu) by daney (subscriber, #24551) [Link] IANAL... But read the first part of the EULA. It essentially says that if you click 'Agree' in some dialog that the EULA will apply to you.
It also says that the CD contains 'Red-Book' CD audio. So presumably, if you don't agree to the EULA, you would still be able to use the CD as you would any other CD (and have all the corresponding rights and restrictions)
Wastepaper Posted Nov 10, 2005 18:56 UTC (Thu) by ncm (subscriber, #165) [Link] If you didn't get to read the EULA before you paid for the disc, it's just wastepaper. Even a button presented on-screen, "I Agree", is meaningless. (I always click those without reading them, as a policy.) Under the Uniform Commercial Code, Sony has no right to place extra conditions on your use of a product you have already paid for. So, EULAs may be discarded unread, and you may click "I Agree" anywhere without actually committing yourself to anything. What remains is whatever was on the outside of the box that you could read before paying, and your state's implied warranty laws. Note that under many states' warranty laws, various of their disclaimers are void, also.Caveats: (1) I'm no lawyer; (2) If you didn't pay (e.g., for a web download), then the UCC doesn't apply, and you'd better read the license carefully; (3) Maryland has rescinded its Uniform Commercial Code; and (4) The U.S. Federal 2nd Circuit's court of appeals (covering NY, CT, VT) has upheld shrink-wrap licensing in those states. If you live in MD or the 2nd Circuit then you're screwed until (in MD) you fix the law or (2nd circuit) you get the decision overturned.
I have an EULA for Sony Posted Nov 14, 2005 1:22 UTC (Mon) by Lou57 (guest, #12083) [Link] I have an EULA for Sony. It reads like this: I am going to keep my money.
It's just that simple. More and more, I am reluctantly reading EULAs. They are a REAL PAIN to read. Most folks don't read them and I hate having to. I've always felt that EVEN if they have 999 different items that they are "protecting" themselves from, so what? I'm not going to sue "fill_in_the_blank". I just want what I am paying for.
But I NEVER, EVER, IN MY WILDEST IMAGINATION, wanted a rootkit installed on my computer. I've schooled my children on the significance and importance of NEVER downloading music that they didn't pay for/own. I write software for a living, and it has ALWAYS been easy to equate that to "stealing" music. Now I tell them to make certain that they read the EULA's from every CD they buy ... guess what. I'm now just an over-reactive old fuddy-duddy. And they don't trust me like they did, because I'm asking them to do something that is just too hard.
I've also been the "family guru" that has had to remove this type of crap from the unknowning family member's computers. It's often a time consuming pain in the butt task. And when I am all done, their computer ONLY works the way it was supposed to. I haven't added ANY VALUE to the computer.
But for a mainstream company to CHOOSE to do this to me, well, too bad. I have Sony products all around me -- but no more.
Dear Sony -- I now feel obligated to protect myself and my family from YOU! How sad is that?
We can play all the legal games we want, justify this and that, infer what this really means or what "they" will really do. But I always lose faith in someone who smiles while he sticks a knife in my gut. And I get pissed. Fix it? Sorry. You're screwed, just like me.
Lou
Sony's rootkit EULA Posted Nov 18, 2005 17:26 UTC (Fri) by grouch (guest, #27289) [Link] It looks like they used the Microsoft EULA as their blueprint.
Sony's rootkit EULA Posted Nov 21, 2005 19:09 UTC (Mon) by NRArnot (subscriber, #3033) [Link] Don't know about the USA, but under UK law many of those terms wouldn't stand up in court even if Sony had them in the form of a contract signed by the consumer. They'd be found to be unfair contract terms, and unfair contract terms are unenforcible. (I'm not a lawyer and "unfair" is ultimately determined by a court, but I've read of contract terms much fairer than those being shot down by our judiciary).
Some of them aren't just arguably unfair, they attempt to get your permission for acts which I believe are criminal offences under UK law. Such permission is meaningless (were it otherwise, murder for hire would be legal for the person paying the killer). Furthermore they are offences against the owner of the computer system that the rootkit compromised, who is quite probably not the person who "accepted" Sony's terms (and who may have put himself out of a job by so doing).
|
|||||||||||||