November 2, 2005
Be(A)ware of Sony Audio CD Copy Protection
Various news outlets are reporting that SonyBMG is including copy protection software on selected audio CD's that install rootkits on a user's PC. The software, known as XCP (extended copy protection) hides itself and by all accounts is extremely difficult to remove. In fact, a notice on the SonyBMG site does not give out instructions, but requires consumers to contact customer service through the web site for removal instructions. The disc will not work on the computer after removal.
What makes this software so controversial is that this uses the same techniques that hackers use to hide malicious software. One report indicates that the software hides any files with names starting with $sys$ and can potentially be used by hackers who can latch on to this install to add and hide viruses or spyware on a machine. Sony's packaging is clearly labeled that DRM software is included on the disc. There is an end user license which does inform that software will be installed. Sony representatives say it is adequate, but given the difficulty in removing the software, others question that assertion or the assertion that consumers are adequately informed through the license of the practical results of what is being installed on their machines.
Although I haven't seen the EULA, I wonder what Sony's liability would be if a hacker actually did install a virus or spyware using their DRM methods.
Read the story in PC World here.
For more information on root kits, see the Wikipedia entry here.
Update: Sony will release a patch to anti-virus software manufacturers that will stop the software from hiding, but will not remove it. Consumers can also download a copy of the patch from the Sony BMG web site. Removal will still require contact with customer service. Read the story here.
November 2, 2005 | Permalink
TrackBack URL for this entry:
Listed below are links to weblogs that reference Be(A)ware of Sony Audio CD Copy Protection :
working with sonybmg as a recording, production label, whats the order of doing business?
Posted by: joshua | Apr 28, 2006 6:25:20 AM