This chart is based on various press and blog reports. The ✘ and ✔ marks where features apply (✘ for a negative feature, ✔ for a positive one).
I also note where a feature may have been inadvertent (that is, a bug rather than a feature), since some press reports and industry comments concentrate on inadvertence as an excuse. As can be seen from the chart, most of the features do not fall into this category.
I hope I got everything right - please let me know if you notice any errors or omissions...
| malware | name | XCP | MediaMax |
|---|---|---|---|
| manufacturer | First4Internet | SunnComm | |
| distributed by | Sony BMG | ||
| CDs | titles | 52 | 267 |
| units sold | ~2 million | ~20 million | |
| affects | MS Windows | ✘ | ✘ |
| Mac | - | ✘ | |
| (note: Linux is not affected by either piece of malware) | |||
| rootkit | cloaks files belonging to the malware | ✘ | - |
| inadvertently(?) cloaks other files (including worms and cheats) | ✘ | - | |
| uses misleading filenames and other descriptions | ✘ | - | |
| DRM | consumes resources (disk space, memory, CPU) even while CD is not playing | ✘ | ✘ |
| interferes with normal operation of the CD drive | ✘ | ✘ | |
| can reduce stability and reliability of the whole computer | ✘ | ✘ | |
| prevents fair use | ✘ | ✘ | |
| ineffectual against pirates | ✘ | ✘ | |
| piracy | itself infringes copyright | ✘ | ? |
| includes DRM-circumvention code | ✘ | ? | |
| spyware | "phones home" with Internet (IP) address | ✘ | ✘ |
| "phones home" with CD identifier | ✘ | ✘ | |
| Sony, the manufacturer and/or the EULA denied the "phone home" behaviour | ✘ | ✘ | |
| nominally intended to download | artwork, lyrics | advertising | |
| EULA | unconscionable terms | ✘ | ✘ |
| inadvertently(?) installs the malware even if user clicks "no" | - | ✘ | |
| original uninstaller |
difficult to obtain | ✘ | ✘ |
| Sony required personal details | ✘ | ✘ | |
| inadvertently(?) grossly insecure | ✘ | ✘ | |
| major anti-virus companies |
either didn't notice or ignored the malware for many months | ✘ | ✘ |
| ignored the malware for many days after it's been reported | ✘ | ✘ | |
| still do not remove the malware | very limited | ✘ | |
| recall | Sony BMG has recalled the CDs and is offering replacement CDs and MP3 files | ✔ | - |
| the CDs are still on shop shelves | ✘ | N/A | |
| litigation | Texas | ✔ | ✔ |
| EFF class action (California) | ✔ | ✔ | |
| NY class action | ✔ | - | |
| Italy | ✔ | - | |
| Californian class action | ✔ | - | |
| District of Columbia suit | ✔ | ✔ | |
| Oklahoma class action | ✔ | ✔ | |
(previous entries: mistakes vs intentions, the recall, I heart rootkit, who do they
serve and who can we trust?, bloggers vs Sony, EULA, my Sony link
collection and
DRM of adhesion)
(later entries: on the copyright infringement, extinguishing fair use, boycott Sony this Christmas and Sony BMG malware summary)
- 1.12.2005: Added District of Columbia suit
- 1.12.2005: Number of MediaMax titles is ~140, according to the DC suit ("approximately 140 most popular titles").
- 2.12.2005: Added Oklahoma suit. Also, the number of MediaMax titles is apparently 267; and note the recall is not very thorough...
- 5.12.2005: Added link to a 日本語 translation somebody had done.
- 6.12.2005: Looks like the DRM-circumvention code was intentional, so I'm taking the "inadvertently(?)" off that one.
- 27.12.2005: The Texas lawsuit has been expanded to include MediaMax (previously it was XCP-only).
- 27.12.2005: Added link to an Italian translation somebody had done (though I'm not sure it's accurate on a couple of points).
⇦ Sony BMG - mistakes and intentions | ⇨ Summer-friendly, vegetarian/vegan turkey option |
Comments disabled on account of spam.
