February 2, 2004
Volume 3, Issue 6
DCIA Winter Meeting and P2P Music Model C
Please register now at firstname.lastname@example.org for the DCIA Winter 2004 Quarterly General Meeting, taking place in New York City next Monday evening February 9th in conjunction with Digital Hollywood's Media Summit New York (MSNY). Feel free to call 888-864-3242 for more information.
Our meeting will be held in Concourse A of the NY Hilton at Avenue of the Americas and 53rd Street, from 6:30 PM to 9:30 PM US ET. A light buffet dinner will be served. An after-meeting party sponsored by DCIA Members BlueMaze Entertainment and INTENT MediaWorks will be held at the Cherry Bar in the W Hotel at 39th Street and Lexington Avenue starting at 10:00 PM. Admission tickets will be distributed at the meeting.
Our planned agenda includes opening remarks from DCIA Charter Member Sharman Networks Ltd. (SNL) CEO Nikki Hemming, a legislative update from Senator Norm Coleman chief-of-staff Erich Mische, a live demonstration of new P2P music DRM technology by DCIA Member DigitalContainers, Inc. (DCI), P2P consumer security and privacy protection updates from the FBI's Arnold Bell and CDT's Ari Schwartz, then the meeting centerpiece - a discussion of which of three alternative P2P music distribution models should be further explored for prospective implementation - followed by distribution of the DCIA Winter 2004 White Paper, and closing remarks from DCIA Charter Member Altnet, Inc. EVP and DCIA Founding Chairman Derek Broes.
Then hob-nob with other Digital Hollywood VIPs at our party, plus meet-and-greet some of the most awesome emerging musical artists on the planet, including Adam Chasan, DJ Diamond, DJ Spinna, Dujeous, Eject, Fanny Pack, Freeloader, Khromozomes, Kristen Mainhart, Kudu, Maiysha, Maya Azucena, Manic, Mike Notar, Natural Selection, Orange Factory, Plexus, Real Live Show, Robin Andre, Scott Jacoby, Scott Sinclair, Thara, and Tube. Enjoy great acoustical sounds from some amazing progressive talent.
The DCIA will announce and distribute our third alternative P2P music distribution model and final meeting agenda later this week. We're very grateful for input from all who contributed to developing this model. We believe that, taken together, the three models span a range of possibilities for music rights holders, P2P software companies, and broadband ISPs to begin moving towards a workable business solution.
Report from CEO Marty Lafferty
The DCIA 2004 Winter Meeting promises to be the best so far. Never before has the opportunity for a turning-point in the vital issues surrounding P2P music distribution been so close.
Please plan on attending so that you can actively participate.
We will announce and distribute P2P Music Model C later this week, and then post it along with Models A and B on our website at P2P Music Models. Our intention is to review and discuss each of these at next week's meeting, seeking a consensus as to which model(s), or which aspect(s) of them, should be further developed for potential execution.
This week's digital media and technology news was dominated by MyDoom (aka novarg or shimgapi), which one source said, looked "less like a virus and more like the bubonic plague of the computer world." DCIA headquarters PCs averaged nine attempted infections per machine on the peak day, and we were probably fortunate not to have more, as did some people with whom we spoke this week.
MyDoom, the fastest-spreading worm ever according to anti-virus firm McAfee, seems to have been launched by opponents of the UT-based SCO Group software company, which recently began suing companies running the Linux operating system, claiming it owns a related patent. MyDoom's primary purpose apparently was a now in-process global denial-of-service (DOS) attack on SCO (more below).
Symantec, which distributes Norton Anti-Virus, confirmed that MyDoom spread even faster than the two most prominent outbreaks of 2003. "It's actually spreading a bit faster than SoBig.F and faster than BugBear," said Sharon Ruckman, senior director of its security response team.
MyDoom comes as an e-mail to Windows users with a variety of subject lines and return addresses, making it hard to identify.
If a user clicks on its small attachment, MyDoom opens a Notepad window, displaying a series of random characters, and creates two files in the Windows folder, taskmon.exe (the worm carrier) and shimgapi.dll (the DOS attack remote-controller), adding these files to the Registry autorun key to activate when the PC restarts.
MyDoom then harvests e-mail addresses from contact lists to virally re-mail itself, spoofing the sender's address.
In addition to arriving at unsuspecting victims via widely-used Windows e-mail applications, the worm was also designed to propagate through Kazaa Media Desktop (KMD), presumably because KMD is the world's most widely downloaded software application.
In attempting to infect a Kazaa user's machine, MyDoom will try to copy itself to the KMD download folder, assuming one of the following names: winamp5, icq2004-final, activation_crack, strip-girl-2.0bdcom_patches, rootkitXP, office_ crack, or nuke2004. A search for those or similar file names in turn could then lead to another user inadvertently downloading the worm, exacerbating its massive redistribution by e-mail.
Within hours of the attack, SNL alerted Kazaa users that, not only can they be protected from this occurring to their PCs, but they can also help prevent others from being infected, by ensuring that their version of KMD is current, with its bundled anti-virus tool BullGuard enabled, as it is by default on download.
"Users of latest versions of Kazaa are protected against MyDoom and other viruses, provided they have enabled the built-in BullGuard anti-virus feature which is updated with the most recent virus definitions," explained SNL CTO Phil Morle.
"The BullGuard software is free to Kazaa users and enabled automatically when the Kazaa software is downloaded. It provides advanced virus protection for peer-to-peer use."
"We've developed a special plug-in for Kazaa which is activated whenever Kazaa is started," added Theis Sondergaard, BullGuard's CTO and co-founder. "It scans any files downloaded through Kazaa for viruses, and if it finds an infected file, it cleans it."
MyDoom launched its twelve-day global denial-of-service (DOS) attack on SCO Sunday, the full impact of which is yet to be determined. SCO has offered a $250,000 reward for information leading to the arrest of those behind MyDoom.
Microsoft is also being responsive. According to Mike Nash, VP of its security unit for business and technology, a Windows XP upgrade (Service Pack 2) slated for the first half of 2004 will include a feature that notifies users of any attachment that is able to execute code, such as MyDoom.
As the week progressed, a second version, MyDoom.B proliferated as well, although less broadly, targeting www.microsoft.com instead of www.sco.com, and prompting Microsoft to match SCO's reward offer with an additional $250,000 for the arrest of MyDoom's author.
The US Homeland Security Department has also responded by offering Americans free cyber alerts and computer advice. The new National Cyber Alert System is free to anyone who signs up. Members will receive e-mails with the latest news on major virus outbreaks and related Internet attacks with guidelines to help protect their computers. This new program is an effort by the government to ensure online security despite complex software and fast-moving hackers.
Most anti-virus program developers offer removal tools to eradicate MyDoom from infected systems. Going forward, prevention is the best practice: update your anti-virus program's definition files regularly.
New Harris Poll Supports Downloading Music
Harris Interactive Results
According to results of a survey on P2P music file-sharing released Wednesday by Harris Interactive, the vast majority of Americans believe that downloading music for personal use should not be prohibited, and that the high price of CDs has driven downloading. Harris polled 2,306 adult US residents in September 2003 for this report.
These results were consistent with Harris Interactive's survey of teens released in October 2003 indicating that approximately three-out-of-four feel that downloading music files without paying (74%) and letting others download files from them (78%) should be legal.
According to the new report, three-out-of-four (75%) US adults agree that "downloading and then selling the music is piracy and should be prohibited, downloading for personal use is an innocent act and should not be prohibited."
This is not to say that the public believes music rights holders do not deserve compensation. Nearly two-out-of-three (64%) adult Americans agree that "musicians and recording companies should get the full financial benefit of their work."
However, seven-out-of-ten (70%) also say, "if the price of CDs was a lot lower, there would be a lot less downloading of music off the Internet."
Agreement with these three statements is nearly at the same levels among Republicans and Democrats, or conservatives and liberals.
A majority also agree with the statement that, "downloading music off the Internet is no different from buying a used CD or recording music borrowed from a friend." Degree of agreement seems to be a function of age, with younger people much more likely to agree: seven-out-of-ten (70%) of 18-24 year olds versus one-out-of-three (36%) of people 65-and-older.
According to Harris Interactive's Robert Leitman, "All of this suggests that the music industry is fighting an uphill battle in winning the hearts and minds of Americans to support prohibitions against downloading."
In the DCIA's view, the preferred course of action is for major music labels and publishers to team with P2P software companies and broadband ISPs on solutions that embrace file-sharing technologies and reflect public opinion.