Sony has
released a patch for a
music CD anti-piracy technology after security experts warned that it represents
a potential security risk.
The copyright protection software would automatically install when a consumer
inserted a music CD with the XCP digital rights management technology in their
computers.
The software is designed to limit the number of copies that users can make of
the CD and restrict ripping of the disk.
Software developer
Mark
Russinovich, of
Sysinternals,
reported on Monday that he had detected a secretly installed rootkit on his
system.
Russinovich traced the software back to Sony and the XCP technology back to
First 4 Internet,
an English software developer.
The rootkit served to hide the digital rights management technology from the
user as well as the system itself, including from antivirus software. When
Russinovich tried to remove the application, he found that his CD drive was
disabled.
Sony uses the rootkit to prevent the user from removing the copyright
protection technology and violating Sony's copyright. But worm authors could
exploit this feature to hide malicious applications.
The patch will remove the cloaking capability of the software to enable users
to remove the Sony tool. But this will render their systems incapable of playing
the CD.
Do you agree?
Have your say on this article