Sony latest experiment with digital right management technology comes straight out of a horror movie. While Sony has the most noble of intentions (to protect its copyrights), it has created a monster and in an effort to cover up its tracks is spinning a web of lies.
The quick facts: some audio CDs from the Sony record label ship with a new DRM technology dubbed XCP. The application installs itself when a user tries to play the CD on a computer, limiting the number of copies that can be made and the file format in which the file can be ripped. To prevent the user from removing the technology, it also comes with a rootkit that renders the software invisible to users, the system and anti virus software.
Again, inherently there is nothing wrong with that, except that Sony has made it ridiculously easy for other files and applications to hide behind this root kit. And guess what? Worm authors would kill for such an option.
Sony is playing dumb, denying that there are any security risks associated with its software. But the entire security industry is calling Sony's bluff.
"It is a terrible security hole," Roger Thompson, chief executive at security provider Worm Radar told vnunet.com.
"Using rootkit technology is an extremely dubious technique, and the poor coding of this particular example also raised our eyebrows," Kaspersky Labs wrote on its blog.
F-Secure: "The system is implemented in a way that makes it possible for viruses (or any other malicious program) to use the rootkit to hide themselves."
The label on Wednessday released a patch that makes the rootkit visible for security software (allowing them to remove it) but won't stop using the methodology.
"This component is not malicious and does not compromise security," the label argued.
They also make it very easy to remove the application. Don't bother using the Add/remove software tool in Windows. Sony has a better way:
"If at some point you wish to remove the software from your machine simply contact customer service."
How can a company be so out of touch with reality?
Ecostress instrument will provide new insights into water usage and plant health on Earth
Chinese cyber espionage group Thrip targeting satellite communications, telecoms and defence companies
Symantec warning over state-sponsored hackers targeting satellite operators' control systems
Letter to House of Commons Treasure Committee explains cause of payments glitch earlier this month
Would you want to live in a world without memes?