All the latest UK technology news, reviews and analysis
|
|
|
15 Nov 2005
Sony BMG has promised to stop making music CDs that use its controversial XCP anti-piracy technology.
The record label had come under fire for the technology, which security experts warned was poorly designed and could be easily exploited by worm authors to hide malware from antivirus software.
Consumers inserting the CDs in their computers would unknowingly install the application, which was very hard to remove. In an effort to remain installed, the technology used a so-called rootkit to hide itself from the user and the system.
It took only one week for the first virus to surface that exploited the features of the rootkit to try and hide from antivirus software.
The software made alterations at a deep level of the Windows operating system to allow it to monitor and limit the number of copies that a consumer made of a CD, as well as to regulate the file formats that could be used to rip the disk.
Sony reserved the right to explore other anti-piracy technologies, but said it will re-examine its content protection initiatives to ensure that they meet security and ease of use standards.
The label will recall all unsold CDs from stores and has instated a consumer exchange programme for consumers who have previously purchased XCP equipped CDs. The Electronic Frontier Foundation on its website has published a list of titles affected by the technology and offers instructions on how to recognise the CD.
About two million CDs with the technology have been sold worldwide. Consumers have called for a boycott of Sony's music, and CDs that carried the anti-piracy technology have been slammed on online review sites such Amazon, causing their ratings to drop.
Sony is also facing lawsuits in California and Italy over the technology and more actions are likely to follow.
The XCP technology was developed by UK software company First 4 Internet.
Several security vendors including Computer Associates, Sophos, Symantec and Microsoft have started to provide or will provide a tool to remove the XCP software.
Sony has always maintained that there were no security risks associated with the anti-piracy technology.
Latest stories from Security
Related articles
Related jobs
Poll
What will be the biggest change to corporate technology in the future?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Chief, Partner Solution / Director, Client Solutions...
ASP.NET, C# Developer, .NET - MS Gold Partner - Preston...
SQL Server DBA (Database Administrator, Administration...
.NET Developer - Financial Services - Basingstoke, Hampshire...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Rootkit breaches copyright
New investigations finally prove that the Open Source Lame libary has been included in the Sony DRM kit: http://www.the-interweb.com/serendipity/index.php?/archives/51-Is-Sony-in-violation-of-the-LGPL.html "Even though go.exe apparently does not contain any LAME code, a considerable amount of tables and constants from the LAME source files can be found in the go.exe file. Here's a list of the LAME tables I've been able to locate. The first column shows the hex address where the table can be found in the go.exe file, the second column shows the name of the table as it appears in the LAME source code and the third column shows the LAME source file where the table can be found." This has been previously reported by Brenno de Winter: http://dewinter.com/modules.php?name=News&file=article&sid=215 "The spyware that Sony installs on the computers of music fans does not even seem to be correct in terms of copyright law." The well known Dutch internet lawyer Christiaan Alberdingk Thijm says this might have far stretching consequences for Sony: http://dewinter.com/modules.php?name=News&file=article&sid=216 "The point is that Sony BMG seems to deliver just an executable program (GO.exe), without keeping the libraries separate. "If it has become one executable, those works can no longer be considered as being separate of each other. You also distribute them together and then it is a different situation", says Alberdingk Thijm. "Then you have created a new, modified work from the open source work and you are obliged to release the source code.""
Posted by: Arend Lammertink 15 Nov 2005
True Irony
Let's see--because of Sony's actions, customers who did the "honest" thing and went and spent money on one of these CDs are now having to deal with a Sony-induced security nightmare. Meanwhile, the folks who download music through file-sharing services and other "illegal" means are worry-free. Seems to me that Sony has just offered what has to be the biggest inducement ever for their soon-to-be-former customers to turn to the very piracy Sony claims it was trying to prevent.
Posted by: Melanye Karter 15 Nov 2005
What about Sony VAIO computers?
People who are thinking about buying Sony VAIO computers should now think twice about it since Sony customizes the operating system to work with their components. Think about what might be going on with those machines?
Posted by: Jamie 15 Nov 2005