Azara Blog: Sony blows it big time with CD anti-piracy technology

Blog home page | Blog archive

Google   Bookmark and Share
 

Date published: 2005/11/12

The BBC says:

Sony has said it will suspend the production of music CDs with anti-piracy technology which can leave computers vulnerable to viruses.

The move came after security firms said hackers were exploiting the software to hide their creations.

The software has been used by viruses to evade detection by anti-virus programs and infect computers.

Sony said it had a right to stop people illegally copying music, but added that the halt was precautionary.

"We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said in a statement.

In late October Sony BMG was found to be using stealth techniques to hide software that stopped some of its CDs being illegally copied.

Windows programming expert Mark Russinovich discovered that the Sony XCP copy protection system was a so-called "root-kit" that hid itself deep inside the Windows operating system.

XCP uses these techniques to install a proprietary media player that allows PC users to play music on the 20 CDs Sony BMG is protecting with this system. The CDs affected are only being sold in the US.

Soon after Mr Russinovich exposed how XCP worked security experts speculated that it would be easy to hijack the anti-piracy system to hide viruses.

Now anti-virus companies have discovered three malicious programs that use XCP's stealthy capabilities if they find it installed on a compromised PC.

A complete public relations disaster for Sony. And given that this happened in the US, the lawsuits are bound to follow. But this is what happens when you treat your customers like scum.

_________________________________________________________
All material not included from other sources is copyright cambridge2000.com. For further information or questions email: info [at] cambridge2000 [dot] com (replace "[at]" with "@" and "[dot]" with ".").