The Legacy Sunbelt Software Blog

Joe Wells, our chief scientist for security research, interviewed by Jennifer LeClaire:

TechNewsWorld: When consumers buy a top-rated software product, are they really getting what they paid for?

Joe Wells: It depends on the reliability of the rating method. On one hand, the more the method depends on precise testing the better; on the other hand, the more the method depends on the tester’s personal opinion, the worse it is. So tests that emphasize look and feel tend to be less dependable.

TNW: What is your philosophy on quality assurance and testing for anti-malware software?

Wells: We test our software in the same basic way all software is tested. But in addition, we must test against real, active threats, including detection, remediation, correct information, as well as false positive testing.

TNW: In the wake of this Consumer Reports incident, what can we learn about the art and science of testing anti-malware software?

Wells: The CU testing is a simple example of a testing body not researching to find out what the current state of the art in security testing actually is. There are papers available on well-established scientific procedures for testing antivirus and anti-other malware products.

Link here.

Alex Eckelberry

 

WGA in Vista: a growing concern
There’s a growing concern about the way Windows Genuine Advantage, Microsoft’s anti-piracy technology, will be implemented in Vista. It’s been reported that if your copy of the OS doesn’t pass the test, some functionalities won’t work, including the Aero interface and Windows Defender (the built-in anti-spyware software). Microsoft says the operating system itself won’t be “shut down” for failing to pass the “genuineness” test, but it will run in “reduced functionality mode.” Now, you might be able to get along okay without Aero, but according to the following, another little “functionality” that will be shut off (after one hour) is your Web browser. Link here.

Now that could cause some problems. On the other hand, if the software really is pirated, Microsoft certainly has the right to deny all functionality. The problem is when WGA is wrong. I wrote more on this dilemma in my blog post of October 4 here.

More laptop battery recalls: is yours on the list?
If you have a laptop computer, there’s a good chance that it uses a Sony battery. So far, Dell, Toshiba, Apple, IBM, Fujitsu and now Hitachi have announced recalls of Sony batteries installed in their laptop. Acer is considering doing so. HP has said that their laptops are safe from the overheating problem because of the way their systems are configured. Now we hear that Sony is planning to announce their own recall to encompass all these batteries. Wondering whether or not your laptop has one of these recalled batteries? For information on exactly which laptop model from each manufacturer are affected, see this guide.

Vista goes to sleep
A cool new feature in Windows Vista is “sleep” mode, which combines the benefits of Standby and Hibernation. Standby mode in XP saves your data in RAM and goes into a power-saving mode, and Hibernate mode saves it to the hard disk and then shuts down completely. This new power management option, Sleep, saves your current data to both RAM and the hard disk, and then goes into a very low- power-consumption state where only a few key components such as RAM and CPU are turned on. When you press a key or move the mouse, the computer “wakes up” almost instantaneously (2 to 3 seconds).

It works a little differently with laptops. When you go into Sleep mode, the data is saved in RAM. If the battery level gets low, the machine will power itself back up to the level needed to save the data to the hard disk, then shut off completely. This makes you less likely to lose data. Although Sleep mode will be the default when you push the power button, you can still shut down completely from the Start menu.

How to log onto your XP computer when you’ve forgotten the password
If you forget the password to your XP user account, you may still be able to get back in. The easiest way is to use a password reset disk, but if you didn’t create one, there’s still hope:

1. Log onto the computer with the administrator account (or have someone who has the administrator password perform these steps).
2. Click Start | Run.
3. In the Run box, type control userpasswords2
4. Click OK.
5. Click the user account for which you’ve forgotten the password.
6. Click Reset Password.
7. Enter a new password, confirm it, and click OK.

There are a few caveats to keep in mind before using this procedure. With XP Pro, you’ll no longer to be able to access encrypted files or encrypted email messages. With XP Home, or with Pro in a workgroup, you’ll need to boot into safe mode before logging on with the administrator account.

Display the Power Meter on your laptop all the time.
If the icon in the system tray goes away when you plug your laptop into an A/C outlet, but you’d like to be able to continue to see the icon (to check on how fully the battery has charged), you can do the following:

The default setting is to display the Power Meter icon when you’re using battery power, but you can indeed set XP to add the icon to the taskbar permanently. Here’s how:

1. Click Start | Run.
2. In the Run box, type PowerCfg.cpl.
3. Click OK.
4. Click the Advanced tab.
5. Check the box to Always Show Icon On The Taskbar.
6. Click OK.

The icon image will display as a plug when you’re on A/C power, and as a battery when you’re on battery power. It will indicate whether the battery is charging or is fully charged. You can also configure the Power Meter to display information for multiple batteries, or set it to sound a warning when your battery gets low, from the Power Meter and Alarms tabs, respectively.

How to make a local printer available during Remote Desktop connection
If you connect to a Windows XP Pro computer via remote desktop, you normally have access to the printer(s) that are installed on the remote computer, but you may want to print on a local printer instead (that is, a printer that’s installed on your client machine), since it’s likely to be physically closer to your location. You can make the local printer available in the Remote Desktop session, via the Remote Resources tab in the Remote Desktop Options dialog box. For complete instructions on how to do so, see KB article 312135.

Having trouble creating a scheduled task in XP?
If you try to use the Scheduled Task Wizard to create a new scheduled task on your XP computer, and the Wizard hangs up, it may be because of a problem with permissions for the Start Menu folder in the All Users profile when you’re logged on as a local user. You can fix the problem by installing the latest service pack, but if you have a compelling reason not to do so, there is a hotfix available from Microsoft that addresses this specific problem. You can find out more about it in KB article 841846.

How to use Network Monitor Capture Utility to capture network traffic information
You can use Netcap.exe, a utility included with XP, to find out network traffic information for troubleshooting performance problems. This is useful to determine which computer (source or destination) is causing slow network transfer performance. Netcap.exe is a command line tool. For instructions on how to use it, see KB article 924037.

Note: Netcap is installed when you install the Support tools that are on the Windows XP CD-ROM.

Deb Shinder, MVP

There are all sorts of “free” software downloads that you can find on the Web. Some are illegally shared pirated programs, but most are either genuine freeware (the developer gives the program away, expecting nothing in return), shareware (you can use the program for a while to determine whether you want to keep it, and then are expected to pay if you decide that you do) or adware (the developer is supported by advertising of some sort). This can be in the form of banner ads embedded into the program’s interface, or services that deliver targeted advertising when you’re online.

Last week, we recommended a number of utilities to help clean up duplicate files on the hard disk, all of which had been referred to us by readers. Afterwards, we discovered that one of these reader-recommended software programs is associated with an adware service, 180Solutions. The name of the program is Duplicate File Killer, and it includes and installs the Zango Search Assistant, which displays ads based on your Internet browsing. If you tried out this software and want to remove it, you can remove it using using the Add/Remove Programs applet in Control Panel.

Meanwhile, we tested several more duplicate file removers and found one, with a confusingly similar name, DupKiller, that really is freeware with no adware or other “hidden features,” doesn’t impose a limit on the number of files/folders or drives it works with as some free versions do, and doesn’t include nag screens asking you to donate or upgrade to a paid version.

It’s a fairly quick download over a broadband connection, at 2.76 MB, and it installed easily in less than a minute and includes an uninstall option. We liked it because it works with removable media as well as hard drives, and gives you lots of options. For example, you can have files moved to the Recycle Bin or delete them completely from the hard disk, and you can exclude specified folders or file types from the scan altogether. You can also choose whether to scan hidden system files.

The interface is simple and easy to use, and the scan is fast. The program scanned my C: drive, containing 16,459 files, in just 45 seconds using quick scan mode, and found 417 duplicate files. This program can also be configured to do a byte-by-byte comparison, so that if even one byte is different, the files will not be flagged as duplicates. Best of all, it has received “no spyware, no adware, no viruses” awards from several different sites. You can find out more and download the program here.

Tell us what you think about the whole adware concept. Is obvious adware just as bad as spyware? Or is it okay as long as you’re notified before installation that the adware is included and told how it works?

Would you prefer to pay for software to avoid advertising of any kind, or are you willing to tolerate advertising in exchange for free software? Do you ever use “donationware”? If so, do you ever donate to help support the developers?

Deb Shinder, MVP

Every year, SC Magazine hosts a vote on the best security products.   Of course, CounterSpy Enterprise and Ninja are both nominated . 

If you’re a user and would like to vote, here’s how:

Best Anti-malware Solution  – Both Ninja and CounterSpy Enterprise are listed.
 
Best Email Security Solution – Ninja is listed.

Note that these are for the enterprise versions of our products — not the consumer.

Alex Eckelberry

Last week I wrote about the Patchou MVP issue.  On Sunday, I posted a message to a forum on MessengerPlus, and then the entire thread was removed.

Anyway, now Patchou has had his MVP status revoked by Microsoft. 

From Microsoft:

“Cyril Paciullo was awarded with MVP status this year on the basis of his technical expertise and strong community contribution. However, his active MVP Award status was revoked as soon as the extent of the connection between his application and spyware was made apparent to the MVP Program,” the company said in a statement.

Link here.

There was, of course, a flurry of support for Patchou from the faithful, including a comment storm on the VitalSecurity blog.

Ok, to those who support Patchou?  Fundamental problem:  LOP stinks.  And imagine someone installing MessengerPlus and getting that little cute icon to “upgrade your antivirus program” and getting an outright fraudulent scam.  Imagine that person being a relative of yours who doesn’t quite know much about computers, and getting scammed.  Or getting popups they don’t know the source of (because LOP does not disclose that the popup was generated by LOP, unlike even WhenU or Zango).  

And here’s what’s really sad:  Patchou is an impressively good programmer and deserves better.  But he made his bed and he now has to sleep in it.

The one thing to his credit is that the LOP install is clearly disclosed and the user gets a choice — and you can uninstall it through Add/Remove programs.  That’s good. But he chose to associate himself with this adware program, while there are other ways to make money in the shareware model.  Have a premium version that people pay for — the standard shareware model.   Have a version with banner ads, like AOL IM (inside the program, not as popups) and then maybe have a separate version which people pay for that doesn’t have ads.  Or splash Google adwords all over the site.  Or do a deal with the Google Toolbar or Yahoo Toolbar — not the best solution but much better than LOP.  Whatever. Christ, even an adware program like WhenU would have been better than LOP. 

To all those who support Patchou, install LOP.  And perhaps after that experience, you’ll understand why so many people were upset by Microsoft’s decision.

More at VitalSecurity and Sandi’s blog.

Alex Eckelberry

 

New energy drink called SPAM.

Link here via John Murrell.

You can view a 41 minute Webex presentation/interview with Dean Turner, Executive Editor of the Symantec Security Report here.

More at Inside Digital Media.

Alex Eckelberry

My partner in crime with PIRT (Phishing Incident and Takedown squad), Paul Laudanski, just got back from Amsterdam where he presented at the RIPE conference.

From Paul:

300+ folks live plus a live webcast.  The presentation was received very well by the audience.

No excerpt for the moment, but they’ll be adding it in shortly.

The PDF form doesn’t do it justice as the animation was removed.  The phish screen shots come from Gary [Warner] who I credited live.

You can see his presentation here.

And an urgent note:  We need more volunteers to do phishing takedown.  If you like a challenge, love solving puzzles and are sick of phishing, you’ll really enjoy the work. Email me if you can help.

Alex Eckelberry

“Patchou” (aka Cyril Paciullo) has just been given Microsoft MVP status.  Worthy of congratulation, except… Patchou got his fame through a program called Messenger Plus!, which has the option of installing LOP (a not-so-pleasant piece of adware). 

Note that he does give the option to infect your machine (and quite politely, at that). But it’s still LOP.

And here’s what a typical LOP popup looks like after having installed Messenger Plus:

Not even an indication that it’s coming from LOP — unlike even Zango or WhenU, who at least tell people where the pop-up came from.

And then when you go to Add/Remove programs, you don’t see it either.  Instead, it’s lumped together with Messenger Plus:

And here’s a cute little addition to the mix.  There’s a bunch of icons installed with LOP, like this:

Notice that “My Antivirus Update”? What a misleading icon, because this crap is what you actually get:  A fake McAfee-looking page doing the age-old scam of “click here to test your CD-ROM Drive”.

And this has all has made at least one highly respected MVP quite unhappy.

Alex Eckelberry

We have removed innovagest.com from the list of sites affiliated with PestCapture.  The site has been verified as clean (thanks, Andrew).

Patrick Jordan

HP Senior Counsel Kevin Hunsaker in an email on Febuary 3rd, 2006:

“If/when we put the tracer in an email and/or document to the reporter, is there any chance it will be discovered? . . . This needs to be part of the risk assessment. If CNET knows something like that was sent to them, and they ultimately trace it back to us somehow, we could end up with some seriously bad publicity,”

Link here via GMSV.

Alex Eckelberry

 

Sunbelt research has found a new rogue antispyware application, PestCapture.  Incientally, it uses dlls that are the same as that of the notororious Spysheriff

IP: 69.50.166.195   
pestcapture(dot)com           

(Incidentally, it shares this IP with another rogue, bravesentry(dot)com)

More rogue sites:

Innovagest(dot)com  (Update: Verified as not connected)
pesttrap(dot)com
pesttrap(dot)com
Innovagest2000(dot)com
1stantivirus(dot)com
Anti-virus-pro(dot)com
Spycontra(dot)com
Spydeface(dot)com
Virushammer(dot)com 

They also have a new site to take payments called isoftpay(dot)com (IP: 69.50.168.101)

 

Patrick Jordan

In this week’s Sunbelt tech tips, we recommended a number of utilities to help clean up old files.  These recommendations came from users who provided them to us. 

Unfortunately, we have come to find that one of the utilities, Duplicate File Killer, has a partnership with 180Solutions (makers of Zango Search Assistant).   Obviously, we cannot recommend a product which advertises itself as a file cleaner, but is in cahoots with an adware company.

For now, we have removed all links referencing any duplicate file cleaners from that post — just to be safe.  

Alex Eckelberry
(Thanks Andrew)

This is just one of my all-time fave grumpy internet blogs.   The whole site is dedicated to finding out how consumers are getting ripped off from various companies.

For example:

Some things always come in quarts: milk, motor oil, and mayonnaise, for example.  You don’t have to look at the net weight statement, because a quart is 32 ounces, and that is what you always get.

Next time you go to the supermarket and pick up a quart-size jar of Hellmann’s (in the east) and probably Best Foods (in the west), you are going to be in for a little surprise.

*MOUSE PRINT:  The net weight statement now reads “30 oz.” instead of 32.

The site is MousePrint.org.  

Alex Eckelberry
(Hat tip to John Murrell)

(Note: An earlier version of this blog recommended some tools to delete duplicate files.  We have since removed these links pending further research.  Explanation here. )

Fix for some IE 7 rendering problems
IE 7 beta testers have noticed that quite a few web sites don’t work correctly in the new browser. In some cases, that’s because those sites are misidentifying it as an outdated version of the browser. This utility lets your IE 7 browser identify itself as IE 6, as a workaround to the problem. It didn’t solve my “tiny font” problem with IE 7, but it did seem to help with the text alignment problem I was experiencing with some pages. Link here.

Resize photos all at once
High megapixel digital cameras are popular and increasingly affordable, and that high resolution is needed when you want to print large copies of your photos. But when you’re sending them in email or putting them on a web page, it would be nice to be able to reduce them to a smaller size without having to do it one picture at a time. This handy little image resizer lets you resize or convert images from JPG, GIF or BMP formats in batch mode. Check it out here (also, if you have Microsoft Office, the Microsoft Office Picture Manager is quite a nifty little tool for this type of work). 

Can’t have your Java in a Glass?
If you pour hot coffee into a fragile glass cup, you may crack it. Likewise, Java-based applications don’t seem to want to play well with Vista’s Aero Glass interface. It seems running them causes the OS to revert to its non- transparent, non-3-D version. Not a huge problem, but it would be nice if that could be fixed before the final release. Read more about the problem here.

How secure are your credentials?
Is there a point at which requirements for increased length and complexity of passwords and random assignment of user account names – all in the name of better security – can backfire and result in a less secure system or network? That’s something I discussed last week in my technology and security blog. Scroll to the entry titled When “more secure credentials” aren’t.  Link here.

Vista Performance Information Feature
Vista has a new feature called the Windows Experience Index that lets you find out the base score for your system and individual scores for different components such as the processor, memory, hard disk, and graphics card. You find it in Control Panel, labeled Performance Information and Tools, and you can use the score to compare one system to another, to evaluate new PCs or the effect of hardware upgrades, and when buying software, to determine whether it will run properly on your PC. My system got very respectable 4 and 5 point something scores on processor, memory and hard disk, but my ATI Radeon X600 with 256 MB of RAM proved to be the “weak link” at 3.6/3.8. You can read more about it on the Vista team blog here.

How to Uninstall VTP or Get Rid of Aero (Transparent) Theme

Several of you who installed the Vista Transformation Pack asked how to get rid of the transparent background that’s installed by default as part of the VTP. Unfortunately, it’s part of the Aero Glass theme. You can get rid of it temporarily by switching to a different theme:

1. Right click the Desktop and select Properties.
2. Click the Appearance tab.
3. Under Windows and Buttons, choose the Windows Classic or XP Style theme.
4. Click OK.

To uninstall VTP completely, run the installer program again (Vista Transformation Pack 5.0 or 5.5.exe) and select “I want to enter Vista Transformation Pack – Maintenance Center,” then select “Uninstall Vista Transformation Pack.” From the Maintenance Center, you can also change the toolbar style, rebuild the icon cache, enable or disable themes services, or repair the transformation.

How to disable Remote Desktop using Group Policy
Remote Desktop is a great tool that allows you to connect to your XP Pro computer from another location, but for security reasons, you might want to prevent remote desktop connections. You can disable RD on the Remote tab in the Systems applet of Control Panel, but if you share the computer with others and don’t want them to be able to reenable it, or if you want to disable RD on a group of computers in a Windows domain, you can use Group Policy to disable it. Step by step instructions are in KB article 306300.

Can’t reconnect to a wireless network with a hidden SSID?
If your Windows XP SP2 computer is connected to a wireless network that doesn’t broadcast its SSID and you manually disconnect, you can’t reconnect either manually or automatically, unless you remove and re-create the SSID profile for the network in the Preferred Networks list. There’s a hotfix for this problem, but you’ll need to contact Microsoft Product Support Services (PSS) to get it. Find out how in KB article 907405.

Can’t change Windows wallpaper after removing spyware?
You may find that after you remove spyware from your Windows XP system, you’re still not able to change your desktop wallpaper. What’s up with that? The problem is that the malware has set the registry to hide or lock the display settings. You can fix the problem by editing the registry. Instructions are in KB article 921049. Note that this registry setting may also have been changed by an administrative policy, in which case you’re out of luck unless you can convince your system administrator to change

Deb Shinder, MVP 

Although studies show that young people are abandoning email in favor of text messaging and IM programs for social communications, businesses and many of us “oldies but goodies” continue to depend on email for exchanging messages with family, friends, co-workers, clients and others. Some of the information we put in email is personal, and some of it is even subject to laws such as HIPAA or the GLB Act that mandate we protect it from unauthorized disclosure. So the subject often comes up: just how private is email, and what can we do to make it more so?

In the past, we’ve discussed how the nature of email communications makes it easy for them to be intercepted. Sending an unencrypted email over the Internet is like sending a post card through the postal system – anyone who happens upon it along the way can read it. Of course, you can use encryption program such as Pretty Good Privacy (PGP) to make it more difficult for anyone but the intended recipient to open the mail.

But then another problem arises: how do you protect against the recipient him/herself divulging the contents of your mail to others, either intentionally or accidentally? Or what if the message goes awry; for example, you mistype one letter in the address and the mail is sent to the wrong address? It’s obvious that people are worried about this, because more and more companies are adding disclaimers to some or all of the messages sent from their networks. These messages usually read something like this:

“If you are not the intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it.”

Reader Kip M. recently wrote to ask what legal obligation this actually places on a person who receives such a message. I’m not an attorney, and this is by no means legal advice, but the attorneys I’ve talked to about this acknowledge that in most cases, companies do this primarily for the purpose of “covering their own behinds” in case a message ends up in the wrong hands. The appended disclaimer indicates that they took steps to make it clear that the message was confidential.

Of course, if an email containing national security secrets fell into your hands and you published it in a letter to the editor of the New York Times, you might face some serious legal repercussions. And of course, under the U.S. civil court system, anyone can pretty much sue anyone for anything (with some specific limitations), so it’s possible that a company could bring a lawsuit against you if you forwarded a copy of their confidential mail to the wrong person. In a world where big record companies sue elderly grandfathers who don’t own computers for music piracy, anything can happen.

From the point of view of those who want to keep information private, disclaimers are of dubious value in accomplishing that. I see forwarded messages all the time that contain the disclaimers. And of course, since the disclaimer is usually added to the end of the message, it’s a bit unreasonable to demand that the recipient not read the message that he already read before getting to the disclaimer.

If you do elect to use disclaimers, it might make more sense to put them at the beginning of the message instead of at the end. And if you’re really serious about it, put the disclaimer in the body of the email and put the confidential message itself in an attachment; at least then it’s possible for the recipient to do what you’re asking (not open the message). Better yet, password protect that attachment.

Yet none of this keeps the intended recipient from forwarding, copying or printing that message. There are ways to technologically control that to some extent, by using a software solution such as Microsoft’s Rights Management Services (RMS). With RMS, which is supported by the Professional version of Office, you can set permissions on messages you send in Outlook that prevent the recipient from forwarding, copying or printing the message. Those options are simply grayed out. You can even set the message to “expire” after a particular time; even the user won’t be able to open it once it’s expired.

RMS sounds great, and it does prevent easy, casual, often mindless “clicking and forwarding.” However, it requires an RMS server, and if the recipient is really determined to breach your privacy, RMS won’t stop it. He can just open the message and hit PrtScn to capture a screenshot that can be saved, printed and sent to others – or even take a picture of it with a digital camera, for that that matter.

Bottom line: it’s still wise to treat email as a non-private medium. There are a lot of things you can do to increase privacy, but as long as another person (the recipient) is able to open your messages – and what would be the point of email if they couldn’t? – there will always be a weak link.

What do you think? Do you pay any attention to disclaimers? Do you use disclaimers on your own messages, or does your company add them automatically to outgoing mail? Do you think they do any good? Under what circumstances, if any, would you consider suing someone for disclosing an email message you sent to them? If a service like RMS were available to you, would you use it? Do you encrypt some or all of your email messages? Should a law be passed making it illegal to read someone else’s email without permission (like the laws regarding opening postal mail) or would that create more problems than it would solve? 

Deb Shinder, MVP

All since August.  For your blacklisting pleasure:

IP: 85.255.117.51          
uptodateprotection(dot)com         
uptodateprotection(dot)net           
theuptodatesecurity(dot)com        
syssafetypage(dot)net     

IP:85.255.118.36           
thesecuritytool(dot)net     
givegate(dot)com
testonsecuritypages(dot)com       
thessecuritypages(dot)com          

IP: 204.13.161.33          
spywarequake2(dot)com   

Patrick Jordan

The folks over at SiteAdvisor have made a video on spyware, called Spyware Rubbernecking.   It shows a machine getting infected by WMF exploits and the like, set to opera.

Link here.

Just a little side humor, we’ve had a number of amusing emails from a malware author, Dark Omega.  Apparently, we’ve made grave errors in the classification of his product. 

It starts off with this (edited for clarity, as he’s using our web-based form to email us):

you got my website address wrong! it is http://www. dark-omega.co. uk not darkflame.tripod.com … you stupid people

Then:

i am only 15 and waz a bit drunk wen i sent the last message so soz 4 bein a bit of a tw*t, i created my trojan based on my schools remote admin tool.  nice to talk to you. if you want…more information on other security threats please email me…. p.s. you need a way of contacting you with out having to use the report virus form. 

Then:

one other thing… Dark-Avenged is a BackDoor!…u got it rong again

And finally:

actualy dark-avenged is classed as a RAT (Remote Administration Tool.) please change this….  i got it wrong last time! :S

Alex Eckelberry

 

“Music should flow freely…there should be an ability to get what you want when you want it…and I’m not sure you’re protecting that much with DRM…I think it puts a lot of obstacles up…the consumer is buying those files, and they have the right to do whatever they want with them…we [the industry] really have to think hard about what are we protecting… and are we really afraid of our consumers to the extent where we basically don’t trust them…”   —  Jim Sturgeon, CEO of Naxos USA

As an (albeit rusty) classically trained musician, I’m a big fan of this music genre and have a broad selection of classical music at the house.  Unfortunately, at maybe 4% of the overall market, it’s not a genre that most of the population cares much about.

So it’s even more unfortunate that the only significant record label that actually “gets it” is Naxos, the world’s largest classical music label — as opposed to the often reprehensible tactics of the rest of the industry (harassing people with idiotic lawsuits, using rootkits for DRM, etc.).  

And there’s a practical effect as well. As digital analyst Phil Leigh says:

…Classical is a disproportionately large share of digital music sales. Naxos finds that the classical genre market share doubles online.

Naxos endorses the advantages of DRM-free digital files. Their music is sold on eMusic in the dot-MP3 format with no DRMs. While some piracy may occur, Naxos feels that the enhanced user utility a DRM-free file provides outweighs the minimal piracy that may happen.

About 20% of Naxos revenues this year will be from digital music downloads or online subscriptions. That’s about three times the proportion for the major labels like Sony, Warner, Universal, and EMI. 

Now, taking the other side, it’s perhaps enlightened self-interest on the part of Naxos, since classical is probably less likely to be pirated than the latest pop hit.  Nevertheless, their pragmatic CEO does seem to have a good understanding of what the customer actually needs and wants.

You can listen to an interview with Jim Sturgeon, CEO of Naxos, here (MP3, approximately 33 minutes).

Alex Eckelberry