SonyBMG’s efforts to regain some credibility with PC users came unstuck again after it admitted that a patch for flawed content protection software included with some its CDs actually creates more problems for users.

The academics who have uncovered the latest security hole say the only way Sony can dig itself out is to recall all the CDs that shipped with the flakey software.

The hapless media giant snuggled up to the Electronic Frontier Foundation earlier in the week to admit that Sunncomm MediaMax content protection software on some of its CDs could leave users’ PCs open to hijacking by unauthorised users. It instructed users to download a patch from MediaMax.

Now, academics at Princeton University have found that the patch itself suffers from the same bug (http://www.freedom-to-tinker.com/?p=942), though in a slightly different way. They have advised users to not install the patch and indeed to not insert the affected disk in a PC under any circumstance, and the EFF and Sony have gotten behind them.

Professor Ed Felten and Alex Halderman the problem is “just as bad” as the DRM rootkit carried on other CDs and which caused a furore last month.

They go on to say that each CD sitting on a shelf is effectly a ticking timebomb, and the only way for Sony to really sort the problem is to recall all the affected disks.

Only the very paranoid would suggest that advice to not insert an audio CD into a PC delivers exactly the level of "content protection" Sony and the other music giants have been gunning for all this time.®

Related stories

How fat is my DRM? (20 December 2006)
http://www.theregister.co.uk/2006/12/20/sony_rootkit_drm_settlement/
Judge approves Sony rootkit settlement (23 May 2006)
http://www.theregister.co.uk/2006/05/23/sony_rootkit_settlement/
Sony 'rootkit' settlement clamps down on DRM (29 December 2005)
http://www.theregister.co.uk/2005/12/29/sony_settles_rootkit/
Sony BMG shortlisted for 'internet villain' gong (13 December 2005)
http://www.theregister.co.uk/2005/12/13/ispa_villain/
Intel readies rootkit- rooting hardware (9 December 2005)
http://www.theregister.co.uk/2005/12/09/intel_anti-rootkit_chip/
Sony opens up over another CD security hole (7 December 2005)
http://www.theregister.co.uk/2005/12/07/sony_cd_security/
Sony's DRM woes worsen (30 November 2005)
http://www.theregister.co.uk/2005/11/30/sony_drm_spitzer/
Study suggests DMCA takedown regs abused (27 November 2005)
http://www.theregister.co.uk/2005/11/27/dmca_takedown_regs_abused/
Sony fiasco: More questions than answers (23 November 2005)
http://www.theregister.co.uk/2005/11/23/sony_drm_questions/
Sony unsinged by rootkit CD fiasco (22 November 2005)
http://www.theregister.co.uk/2005/11/22/analysis/
Texas puts Sony BMG in its sights (22 November 2005)
http://www.theregister.co.uk/2005/11/22/texas_sues_sony_bmg/
Gaffer tape defeats Sony DRM rootkit (21 November 2005)
http://www.theregister.co.uk/2005/11/21/gaffer_tape_trips_up_sony_drm/
Sony's rootkit drives squirrels to new careers in adult movies (18 November 2005)
http://www.theregister.co.uk/2005/11/18/letters_1811/
Sony DRM uninstaller 'worse than rootkit' (17 November 2005)
http://www.theregister.co.uk/2005/11/17/sony_drm_uninstaller_peril/
Sony suspends rootkit DRM (12 November 2005)
http://www.theregister.co.uk/2005/11/12/sony_suspends_rootkit_drm/
Sophos develops Sony DRM unmasking tool (10 November 2005)
http://www.theregister.co.uk/2005/11/10/sony_drm_unmasked/
Sony hit by lawsuits over root kit (10 November 2005)
http://www.theregister.co.uk/2005/11/10/sony_sued_for_rootkit/
First Trojan using Sony DRM spotted (10 November 2005)
http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/
World of Warcraft hackers using Sony BMG rootkit (4 November 2005)
http://www.theregister.co.uk/2005/11/04/secfocus_wow_bot/
Hidden DRM code's legitimacy questioned (3 November 2005)
http://www.theregister.co.uk/2005/11/03/secfocus_drm/
Sony to offer patch for 'rootkit' DRM (3 November 2005)
http://www.theregister.co.uk/2005/11/03/sony_rootkit_drm/
Removing Sony's CD 'rootkit' kills Windows (1 November 2005)
http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/