This chart is based on various press and blog reports. The ✘ and ✔ marks where features apply (✘ for a negative feature, ✔ for a positive one).
I also note where a feature may have been inadvertent (that is, a bug rather than a feature), since some press reports and industry comments concentrate on inadvertence as an excuse. As can be seen from the chart, most of the features do not fall into this category.
I hope I got everything right - please let me know if you notice any errors or omissions...
|distributed by||Sony BMG|
|units sold||~2 million||~20 million|
|(note: Linux is not affected by either piece of malware)|
|rootkit||cloaks files belonging to the malware||✘||-|
|inadvertently(?) cloaks other files (including worms and cheats)||✘||-|
|uses misleading filenames and other descriptions||✘||-|
|DRM||consumes resources (disk space, memory, CPU) even while CD is not playing||✘||✘|
|interferes with normal operation of the CD drive||✘||✘|
|can reduce stability and reliability of the whole computer||✘||✘|
|prevents fair use||✘||✘|
|ineffectual against pirates||✘||✘|
|piracy||itself infringes copyright||✘||?|
|includes DRM-circumvention code||✘||?|
|spyware||"phones home" with Internet (IP) address||✘||✘|
|"phones home" with CD identifier||✘||✘|
|Sony, the manufacturer and/or the EULA denied the "phone home" behaviour||✘||✘|
|nominally intended to download||artwork, lyrics||advertising|
|inadvertently(?) installs the malware even if user clicks "no"||-||✘|
|difficult to obtain||✘||✘|
|Sony required personal details||✘||✘|
|inadvertently(?) grossly insecure||✘||✘|
|either didn't notice or ignored the malware for many months||✘||✘|
|ignored the malware for many days after it's been reported||✘||✘|
|still do not remove the malware||very limited||✘|
|recall||Sony BMG has recalled the CDs and is offering replacement CDs and MP3 files||✔||-|
|the CDs are still on shop shelves||✘||N/A|
|EFF class action (California)||✔||✔|
|NY class action||✔||-|
|Californian class action||✔||-|
|District of Columbia suit||✔||✔|
|Oklahoma class action||✔||✔|
(previous entries: mistakes vs intentions, the recall, I heart rootkit, who do they
serve and who can we trust?, bloggers vs Sony, EULA, my Sony link
DRM of adhesion)
(later entries: on the copyright infringement, extinguishing fair use, boycott Sony this Christmas and Sony BMG malware summary)
- 1.12.2005: Added District of Columbia suit
- 1.12.2005: Number of MediaMax titles is ~140, according to the DC suit ("approximately 140 most popular titles").
- 2.12.2005: Added Oklahoma suit. Also, the number of MediaMax titles is apparently 267; and note the recall is not very thorough...
- 5.12.2005: Added link to a 日本語 translation somebody had done.
- 6.12.2005: Looks like the DRM-circumvention code was intentional, so I'm taking the "inadvertently(?)" off that one.
- 27.12.2005: The Texas lawsuit has been expanded to include MediaMax (previously it was XCP-only).
- 27.12.2005: Added link to an Italian translation somebody had done (though I'm not sure it's accurate on a couple of points).
⇦Sony BMG - mistakes and intentions
⇨Summer-friendly, vegetarian/vegan turkey option