The perils of buying music legally

[lindiril]

Okay, who out there has been buying music from Sony? Because you might want to, you know, not do that anymore. Why? Well, because Sony figures that it has the right to install deceptive, underhanded, and, according to Mark Russinovich, sloppily-written potentially computer-crippling software on your computer if you're honest enough to buy your

Comments

[lindiril]

I don't fully understand the exploitative techniques that F4I uses in its software; my current understanding is that MS's main culpability here may be in driver signing or not alerting the user that the software is messing with driver settings. I'm not certain what you mean by installing and running arbitrary code; as I understand it, this code is not installed automatically and without user input on disc insertion, but is installed with a player that the user must agree to install in order to play the music. That is, the user sees a EULA and clicks a button to install the software, but the EULA does not mention that the program is hiding files on your system, messing with your driver installation, sending info to Sony (mostly in the form of banner requests, as I understand it), or that it is not easily uninstallable/does not come with uninstallation utilities. MS isn't really more culpable here than it is in most computer exploits (unless, of course, F4I actually did have to license some driver signing to accomplish what it did here).

I'm more interested in boycotting the shady business practice side of this than bad software side--in as much as I am interested in boycotts at all. It's an empty gesture for me to claim I'm boycotting them personally, since I don't buy much music anyway. And regardless, Sony/F4I are active participants in this particular incident; MS is probably at most passive. Not that I'm typically in the business of defending MS, but I don't think they're particularly relevant to this issue.

As for your point (B), you're probably right. The big companies are perfectly happy to infringe on our rights if we let them get away with it. So why make it easy for them to get away with it?

[dysan27]

As far as I know it was the installing of the player, which was an autorun thing, which also installed the root kit. And you are correct the EULA mentions nothing about the rootkit.

Also it was fun half the links in your post were the "Visited" colour.

P.S. I still have your copy of "The Sims 2"

[lindiril]

Yeah, I still want that back. At least my lack of it is preventing me from thinking too much about buying any of the expansions. Their business model apparently works.

Actually, come to think of it, regarding Brad's point, are there any limits on what an autorun program can do? Even if this particular piece of software (and most others) required confirmation before installing or running much, that's not really enforced by anything on the system, is it? Yeah, bad show on MS's part for allowing installation and running of arbitrary code. I still wouldn't include them in my boycott of slimey business practices (on this issue; God knows MS is less than a paragon of business virtue), but I suppose there's something to be said for asking for more security-minded and less sloppy software practices. You can turn autorun off, but of course it defaults to on. I think that's the case with all kinds of potentially security-compromising things on the modern Windows system--UPnP services come to mind.