Music giant Sony BMG, beleaguered by the fallout from the discovery that it was including rootkit style digital rights management (DRM) software on its CDs, has conceded and said that it will pull CDs with the controversial XCP software, and that it will also offer customers the opportunity to exchange CDs with the offending software for versions which do not have it.
Sony only admitted to the issue last week, shortly after a lawsuit was filed over the rootkit software.
“Sony BMG deeply regrets any inconvenience to our customers and remains committed to providing an enjoyable and safe music experience,” said Sony. They also offered to exchange any CDs with the offending software, although details of how to make the exchange were not yet available.
In addition to the lawsuit and the public outcry, even Sony’s own artists have been calling on Sony BMG to do the right thing. Ross Schilling, manager for Van Zant, on whose CD the XCP software was first discovered, urged Sony to initiate a recall. Said Schilling, “I said we’ve got to be proactive, or it could destroy the business model. Sony should be in the artist business, promoting and selling records. This type of issue sheds a negative light on their ability to do that.”
In other news, Microsoft has said that it’s free spyware program will include code to identify and remove the XCP software. Said Jason Garms, a group manager with MSN’s anti-malware team, “We have analyzed this software and have determined that in order to help protect our customers, we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta, which is currently used by millions of users.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
It’s academically and legally interesting to think about the ramifications of a company like Microsoft removing the digital rights management software from the product of a company like Sony.
Isn’t it?
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
If you’ve used the BMG uninstaller, be aware that it leaves around an ActiveX control that needs to be deleted so you don’t leave a wide open exploitable security hole on your system. The ActiveX control is signed and able to install programs without user interaction, so expect it to be exploited in the near future.
http://blogs.washingtonpost.com/securityfix/2005/11/sony_uninstall_.html
Manual uninstall directions:
http://www.freedom-to-tinker.com/?p=927
If you’re vulnerable, you can protect yourself by deleting the CodeSupport component from your machine. From the Start menu, choose Run. In the box that pops up, type (on a single line)
cmd /k del “%windir%\downloaded program files\codesupport.*�
This is not an ideal solution – depending on your security settings, it may not prevent the software from installing again – but it’s better than nothing. We’ll have to wait for First4Internet to develop a complete patch.