Feeds

Sony suspends rootkit DRM

No recall

High performance access to file storage

Sony BMG has said it will suspend production of audio 'CDs' that use XCP, the rootkit-style DRM developed by British company First4Internet Ltd. However the music giant refused to apologize for the software, which exposes PCs to malware and which can disable the PC's CD drive when users try to remove the software.

Sony also declined to follow EMI's example in September and recall CDs already in the retail channels.

Around 20 CDs use XCP, which has been on the market since April. (The EFF has a list, here).

But since a security website drew attention to implications of XCP last week, Sony has been deluged with complaints, prompting lawsuits in California and Italy.

"We are aware that a computer virus is circulating that may affect computers with XCP content protection software," Sony said in a statement. "Nonetheless, as a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology. We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use."

Sony may rue the wave of consumer outrage, and the subsequent lawsuits. But it may also note that the scandal took more than six months to surface.

And the music publisher isn't exactly rushing to make amends. Sony's unfortunately worded phrase "ease of consumer use" reminds us that while the stealth DRM software installs itself without permission (the click-through statement fails to inform of the user of its true nature), uninstalling it requires the CD buyer to request permission from Sony via a web form. So it's hard to take Sony BMG's assurances seriously.

You can read Sony's statement here. Symantec has posted an advisory and removal tool here. ®

SANS - Survey on application security programs

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.