Personal Tech Pipeline | Sony XCP

White Papers

Sponsor Resources

Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

November 21, 2005

Sony Plays The Blues As Bloggers Turn Up The Volume

Courtesy of InformationWeek

After two weeks of withering criticism from bloggers and others, Sony BMG Music Entertainment last week found itself forced to stop selling some 50 CD titles with its Extended Copy Protection content-protection software, remove the discs from stores, and offer replacements without copy protection to customers.

Sony issued an apology on its Web site, citing security concerns raised by installation of the XCP software, provided--as Sony was quick to point out--by digital-rights-management vendor First4Internet Ltd.

"We share the concerns of consumers regarding these discs," the company said in a statement. Sony instructed retailers to remove unsold CDs with XCP software from their store shelves and inventory. But the trouble isn't over: The company faces charges of deceptive advertising, illegal spyware distribution, and computer crimes in three lawsuits.

Since Oct. 31, when security researcher Mark Russinovich first posted on his blog that Sony's music CDs surreptitiously installed digital-rights-management software based on a rootkit--software often synonymous with spyware--bloggers of all stripes, from seasoned security experts to aggrieved consumers, fumed about the record company's unethical and possibly illegal behavior.

Thomas Hesse, president of Sony BMG's Global Digital Business, attempted at first to downplay the controversy. "Most people, I think, don't even know what a rootkit is, so why should they care about it?" he said, in a Nov. 4 interview with National Public Radio. The software, Hesse explained, was designed to protect Sony's CDs from unauthorized copying and ripping.

Two days earlier, Sony tried to mollify critics by offering an update that removed what it called "the cloaking technology component" of XCP. The notes to that update state the component was "not malicious and does not compromise security." That may be true, but another component, the uninstaller provided by Sony to remove the XCP software, did compromise security, and bloggers were quick to jump on that, too.

Defensive Stance
The music industry has been torn between protecting its assets and not alienating the public. At a music industry conference in San Diego last summer, Recording Industry Association of America CEO Mitch Bainwol presented findings by market-research firm NPD Group that suggested ripping songs--copying them to a computer from a CD--has come to represent a revenue threat that's at least as significant as illegal peer-to-peer file trading.

Security-software companies and Microsoft are responding to the Sony problem with tools to detect and remove the rootkit, which might be found in business environments if employees played the Sony CDs on office PCs. Microsoft plans to update its Windows AntiSpyware software and Windows Live Safety Center, a free, online antivirus service, to dig out the rootkit. Next month, Microsoft also will add the Sony rootkit to the worms, Trojans, and viruses detected and deleted by Windows Malicious Software Removal Tool, which is updated the second Tuesday of each month.

The incident isn't comparable to a virus attack in terms of impact, according to Graham Cluley, senior technology consultant with security company Sophos plc. "Sony's code wasn't intentionally malicious, but did open up a security hole on users' computers which could be exploited by malware," Cluley says via E-mail.

But the rootkit is by no means benign. It can be used by attackers to hide malicious code, and at least two Trojan horses for that purpose already have been spotted. "Rather than malware," says Cluley, "I would term this as 'ineptware.'"

E-mail This Story
Print This Story
Reprint This Story

Get the latest Personal Tech news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed

Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
How to Achieve High Performance Through IT
Learn to achieve high performance by aligning IT to
strategic objectives and solutions to unlock that value.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?

In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.

Transform your IT infrastructure with IBM
Successful CIOs see IT as a prime stimulus for business innovation-and themselves as key participants in a process that develops business and IT strategies in concert. Read an executive summary and register to download the full IBM paper.

Understand the financial impact of open source.
Will open source pay off? Open source is becoming standard within enterprises, often because of cost savings. Find out how much of a financial impact it can have on your organization. Get this methodology and calculator now, compliments of JBoss. Go!

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

Block or Secure IM Use
IM threats up 250%. Protect your corporate network. Free Download.

Free Identity Management White Paper.
Learn how BMC's Identity Management Services can help secure your enterprise and give authorized users the access they need to critical information, so they can deliver more consistent services. Register now for 'The Black Book on Corporate Security'

Buy a Link Now

Top ten search terms from the TechWeb TechEncyclopedia
How does your pay rate? Check the InformationWeek Salary Survey
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia