All the latest UK technology news, reviews and analysis
|
|
|
03 Nov 2005
Sony has released a patch for a music CD anti-piracy technology after security experts warned that it represents a potential security risk.
The copyright protection software would automatically install when a consumer inserted a music CD with the XCP digital rights management technology in their computers.
The software is designed to limit the number of copies that users can make of the CD and restrict ripping of the disk.
Software developer Mark Russinovich, of Sysinternals, reported on Monday that he had detected a secretly installed rootkit on his system.
Russinovich traced the software back to Sony and the XCP technology back to First 4 Internet, an English software developer.
The rootkit served to hide the digital rights management technology from the user as well as the system itself, including from antivirus software. When Russinovich tried to remove the application, he found that his CD drive was disabled.
Sony uses the rootkit to prevent the user from removing the copyright protection technology and violating Sony's copyright. But worm authors could exploit this feature to hide malicious applications.
The patch will remove the cloaking capability of the software to enable users to remove the Sony tool. But this will render their systems incapable of playing the CD.
Latest stories from Law
Related articles
Related jobs
Poll
What will be the biggest change to corporate technology in the future?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Chief, Partner Solution / Director, Client Solutions...
ASP.NET, C# Developer, .NET - MS Gold Partner - Preston...
SQL Server DBA (Database Administrator, Administration...
.NET Developer - Financial Services - Basingstoke, Hampshire...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
XCP on DVDs
How do we know if sony has included this 'protection' on DVD movies? Think about how many dvds are played on computers? The mind boggles!
Posted by: Haggardazrael 16 Nov 2005
speak with your money
Customer service is gone. It seems the only thing companies truly understand these days is: loss of revenue. I'm a fan of the "Now" music cd series. I'd never bothered to see who manufactured them. NOW Vol. 20 was released last week. I turned it over and read the Sony name on the back....and put it back on the shelf. You can bet I'll do the same in the future with every tech purchase I make (not just cds).
Posted by: C L 14 Nov 2005
Very damaging
"Damaged" by this? There are certainly many cases where hardware owners will or already have suffered considerable real damage. This malware requires a full reinstall of the operating system. Not including any costs for loss of data the minimum damages for any attack that destroys an OS will be 2 hours of a technicians time at the average rate of 50/hour, so we're talking 100 bucks per customer absolute minimum here.
Posted by: J James 07 Nov 2005
Phenomenal Bad Judgement on Sony's Part
I have purchased a lot of Sony products over the years but this is such a phenomenal betrayal of trust that I'm going to rethink those purchases in future, especially regarding audio CDs. I for one have enough problems keeping my windows machine running well without help from Sony to destabilize it.
Posted by: Dave Griffin 06 Nov 2005
Okay but now I my drive doesn't work
Maybe Sony didn't get my sister pregnant but now my drive is disabled, and I have rebuilt my machine from scratch twice. Thanks Sony--all I was trying to do was make a compilation disc for my own use
Posted by: Disgruntled in DC 06 Nov 2005
sony rootkit
"no sony pony" misses the point-NOBODY-but-NOBODY SHOULD BE ALLOWED TO WRITE UNAUTHORISED PROGRAMS TO YOUR COMPUTER.sony is against unauthorised use of its own material,but is prepared to install hidden programs of its own without permission!!hyppocrital i'd say.
Posted by: jock 05 Nov 2005
It's called "hacking"...
It's all very well saying you don't think it's a big deal. I know several kids who would say the same about quite minor hacks they did just to see if they could. But actually installing a back door on someone else's system?
Posted by: Guy Kewney 05 Nov 2005
SONY not any more
Well my dear friends at SONY, you just gave me one reason to stop buying from you. Do you know the meaning of BACKFIRE?
Posted by: George 04 Nov 2005
Stop buying sony.
Well, if they protect it then I stop buying. Just like their Mp3 player.. more protection means less people buying.
Posted by: a 04 Nov 2005
rootkit removal tools
Can we have a thorough review of tools to showup/remove rootkit bugs.Those I've read seem to neglect older OSs.
Posted by: Mike Perrett 04 Nov 2005
That's what MP3s are for
CDs have gone the way of tapes and records. This maneuver from Sony just put the nail in the coffin. I wonder if they were aware of their intentions? I love seeing high profiles blunders of this sort.
Posted by: Brian 04 Nov 2005
quick question....
Does anyone know if these CD's have stickers on them stating that they have rootkits on them? Similar, to a parental advisory sticker. If not, that's where the boycott needs to begin. Big fat stickers.
Posted by: ssstoner69 04 Nov 2005
Hacking -Plain and Simple
Sony should be made..by the U.S. government..to face Criminal charges and pay a hefty fine! What they're doing is Nothing less than hacking our machines! I Know I won't be buying Anything with a Sony label from now on! Stand up America and STOP letting Big Business RUN YOUR lives!
Posted by: Rj Trask 04 Nov 2005
Lawsuit?
Give me a break. Who has been "damaged" over this? It's not as if Sony got your sister pregnant. There's nothing to sue *for*. No actual damage has been done. Class action wouldnt go anywhere. If you want legal action that badly, petition your State Senators and Congressmen to pursue crimial proceedings under information security tampering statutes and the like. I do agree, however, with a vocal, and VERY public boycott. Sony needs to know that these potentially illegal activities arent going to be tolerated by their consumers. You cannot treat your customers as if they are the criminals and expect them to keep buying. Everyone, everywhere needs to blast links to this story and many others out to as many folks as they can. This is not acceptable behavior in a free market economy. I have already made several posts at the band/artist websites of several artists that I know are with Sony, urging them to seek alternate distribution. Companies thinking they can simply do whatever pleases them need to remember that they are only in the position of profit because consumers like us keep them there.
Posted by: No Sony Pony 04 Nov 2005
Sony rootkit
I would be interested to know what companys`like Norton, McAfee or even microsoft thought of this technology.
Posted by: A.Dorko 04 Nov 2005
Boycott Unethical Behavior
Sony?s intent may be to protect it?s product?s however, good intent does not justify the unethical practice of secretly installing hidden software on unsuspecting customers PC?s. Sony?s CD?s should be boycotted to send a message, and prevent other Companies from engaging in this practice.
Posted by: Al Alamo 04 Nov 2005
Sony rapped...Customers raped...
"The patch will remove the cloaking capability of the software to enable users to remove the Sony tool. But this will render their systems incapable of playing the CD." So, leave your front door unlocked or loose your money? I'd just talk the product back for refund.
Posted by: caktus 04 Nov 2005
Patch is NOT ENOUGH
Let Sony know that you will not buy any more Sony products until they STOP selling these CDs AND offer a STAND ALONE and EASY TO USE removal tool to the general public.
Posted by: Karl 03 Nov 2005
Losing battle
The next generation audio ripping programs are capturing sound as it transmitted to the sound card, making it impossible to DRM even with this technology. All this is doing is making the aging CD format less attractive day by day.
Posted by: Niero 03 Nov 2005
this must stop!
they've moved onto mistreating their own customers. There isn't a brain in the bunch. send them a message and complain! ConnecteD@sonymusic.com http://cp.sonybmg.com/xcp/english/form12.html http://cp.sonybmg.com/xcp/english/form11.html
Posted by: stop it 03 Nov 2005
Violation
This goes way beyond simply setting a cookie in someone's internet files. Rootkit's are a violation of a user's OS. The sytem techs at Sony are trying to sell us on a legal hijack program. I would consider this illegal, yes? Found a reply website to Sony: http://cp.sonybmg.com/xcp/english/form2.html
Posted by: Don Phillips 03 Nov 2005
Boycott Sony CD
i say a boycott is in order to make an example out of sony for this obstruction of privacy so that other companies do not continue with this these sort of practices
Posted by: mikejones 03 Nov 2005
SONY ROOTKIT=CLASS ACTION LAWSUIT!!
hit them where it hurts in the pocket
Posted by: bob 03 Nov 2005