Sony Plays The Blues As Bloggers Turn Up The Volume - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
11/18/2005
06:05 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Sony Plays The Blues As Bloggers Turn Up The Volume

Company halts sales of CDs with content-protection software after complaints

After two weeks of withering criticism from bloggers and others, Sony BMG Music Entertainment last week found itself forced to stop selling some 50 CD titles with its Extended Copy Protection content-protection software, remove the discs from stores, and offer replacements without copy protection to customers.

Sony issued an apology on its Web site, citing security concerns raised by installation of the XCP software, provided--as Sony was quick to point out--by digital-rights-management vendor First4Internet Ltd.

"We share the concerns of consumers regarding these discs," the company said in a statement. Sony instructed retailers to remove unsold CDs with XCP software from their store shelves and inventory. But the trouble isn't over: The company faces charges of deceptive advertising, illegal spyware distribution, and computer crimes in three lawsuits.

Since Oct. 31, when security researcher Mark Russinovich first posted on his blog that Sony's music CDs surreptitiously installed digital-rights-management software based on a rootkit--software often synonymous with spyware--bloggers of all stripes, from seasoned security experts to aggrieved consumers, fumed about the record company's unethical and possibly illegal behavior.

Thomas Hesse, president of Sony BMG's Global Digital Business, attempted at first to downplay the controversy. "Most people, I think, don't even know what a rootkit is, so why should they care about it?" he said, in a Nov. 4 interview with National Public Radio. The software, Hesse explained, was designed to protect Sony's CDs from unauthorized copying and ripping.

Two days earlier, Sony tried to mollify critics by offering an update that removed what it called "the cloaking technology component" of XCP. The notes to that update state the component was "not malicious and does not compromise security." That may be true, but another component, the uninstaller provided by Sony to remove the XCP software, did compromise security, and bloggers were quick to jump on that, too.

Defensive Stance
The music industry has been torn between protecting its assets and not alienating the public. At a music industry conference in San Diego last summer, Recording Industry Association of America CEO Mitch Bainwol presented findings by market-research firm NPD Group that suggested ripping songs--copying them to a computer from a CD--has come to represent a revenue threat that's at least as significant as illegal peer-to-peer file trading.

Security-software companies and Microsoft are responding to the Sony problem with tools to detect and remove the rootkit, which might be found in business environments if employees played the Sony CDs on office PCs. Microsoft plans to update its Windows AntiSpyware software and Windows Live Safety Center, a free, online antivirus service, to dig out the rootkit. Next month, Microsoft also will add the Sony rootkit to the worms, Trojans, and viruses detected and deleted by Windows Malicious Software Removal Tool, which is updated the second Tuesday of each month.

The incident isn't comparable to a virus attack in terms of impact, according to Graham Cluley, senior technology consultant with security company Sophos plc. "Sony's code wasn't intentionally malicious, but did open up a security hole on users' computers which could be exploited by malware," Cluley says via E-mail.

But the rootkit is by no means benign. It can be used by attackers to hide malicious code, and at least two Trojan horses for that purpose already have been spotted. "Rather than malware," says Cluley, "I would term this as 'ineptware.'"

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll