Sony Caves on RootKit, Pulls CDs, Offers Exchange Program   - 1,398 Views, 1 Comment

Summary: Following a firestorm of cries of moral and legal outrage, Sony BMG has said that they will pull their DRM software from their music CDs. The DRM software, XCP, behaves like a rootkit when surreptitiously installed on a user's computer by the Sony music CD.

Previous Article « Yahoo Shoposphere: Online Shopping Meets Everybody’s Favorites Lists
Read Next Article » Printer Helps Catch Counterfeit Money Ring

  Follow Anne on Twitter

Music giant Sony BMG, beleaguered by the fallout from the discovery that it was including rootkit style digital rights management (DRM) software on its CDs, has conceded and said that it will pull CDs with the controversial XCP software, and that it will also offer customers the opportunity to exchange CDs with the offending software for versions which do not have it.

Sony only admitted to the issue last week, shortly after a lawsuit was filed over the rootkit software.

“Sony BMG deeply regrets any inconvenience to our customers and remains committed to providing an enjoyable and safe music experience,” said Sony. They also offered to exchange any CDs with the offending software, although details of how to make the exchange were not yet available.

In addition to the lawsuit and the public outcry, even Sony’s own artists have been calling on Sony BMG to do the right thing. Ross Schilling, manager for Van Zant, on whose CD the XCP software was first discovered, urged Sony to initiate a recall. Said Schilling, “I said we’ve got to be proactive, or it could destroy the business model. Sony should be in the artist business, promoting and selling records. This type of issue sheds a negative light on their ability to do that.”

In other news, Microsoft has said that it’s free spyware program will include code to identify and remove the XCP software. Said Jason Garms, a group manager with MSN’s anti-malware team, “We have analyzed this software and have determined that in order to help protect our customers, we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta, which is currently used by millions of users.”

It’s academically and legally interesting to think about the ramifications of a company like Microsoft removing the digital rights management software from the product of a company like Sony.

Isn’t it?

Sony Caves on RootKit, Pulls CDs, Offers Exchange Program

 Follow Anne on Twitter

 Twitter Explained in Plain English

 Friend Anne on Facebook

Previous Article « Yahoo Shoposphere: Online Shopping Meets Everybody’s Favorites Lists
Read Next Article » Printer Helps Catch Counterfeit Money Ring

Read more:

»  Sony’s Latest Statement on Rootkit Recalls CDs, Offers Exchange

»  Sony BMG Pulls Rootkit - Sony BMG Statement on Pulling Rootkit

»  Sony BMG Settles Lawsuits Over First4Internet XCP Rootkit and MediaMax Security Hole

»  Sony Charged with Knowing that Their Laptop Batteries Would Overheat and Start Fires

For additional similar stories check out our archives on Pirates, Security

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.

 

1 Comment »

  1. If you’ve used the BMG uninstaller, be aware that it leaves around an ActiveX control that needs to be deleted so you don’t leave a wide open exploitable security hole on your system. The ActiveX control is signed and able to install programs without user interaction, so expect it to be exploited in the near future.

    http://blogs.washingtonpost.com/securityfix/2005/11/sony_uninstall_.html

    Manual uninstall directions:
    http://www.freedom-to-tinker.com/?p=927

    If you’re vulnerable, you can protect yourself by deleting the CodeSupport component from your machine. From the Start menu, choose Run. In the box that pops up, type (on a single line)

    cmd /k del “%windir%\downloaded program files\codesupport.*�

    This is not an ideal solution – depending on your security settings, it may not prevent the software from installing again - but it’s better than nothing. We’ll have to wait for First4Internet to develop a complete patch.

    Comment by martinelli — 11/16/2005 @ 7:34 am

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)


If you have not posted a comment here before, we apologize for having to ask you to enter the letters and numbers you see in the image above to validate your comment, but we are being attacked by thousands of comment form spams every day! You only need to do this once; once you have successfuly posted a comment here you will not be asked to do this again. Thank you for your understanding!

 
 This article first appeared on 11/15/2005
The Internet Patrol
Patrolling the Internet for You!