Sony CD Security Fix Leaves Users Unsecured

Sony BMG Music Entertainment attempted to protect some of its music CDs from digital piracy by automatically installing copy protection software on the computers of users who attempted to play the music CDs on their computers. The security tool is a system root kit, and it restricts copying of the music on the CD. In response to a widespread outcry from consumers and security experts, Sony BMG Music Entertainment created a downloadable patch that will disable the root kit security program; however, the patch leaves the affected computer open to anyone’s downloading software to the computer.

Sony’s XCP copy protection program was included on at least different 20 CDs, and automatically installed itself when the CD was inserted into the computer’s drive, without the user’s knowledge or consent. The root kit software has a cloaking feature that hides files on the affected system. Users who attempt to manually remove the software find their CD drives inoperable.

Both the original root kit and Sony’s patch leave users’ computers open to attack from malicious software, including Trojan horse programs that allow the computer to be remotely controlled through the internet.

Dave’s Opinion
Sony BMG Music Entertainment really dropped a hammer on their toes, twice. I’m all for protecting intellectual property and digital media; however, do not expect that a system-wide security tool will do that without causing other problems for users.

This XCP root kit and its patch sound like a product created by committee without any technical expertise.

Call for Comments
What do you think? Leave your comments below.

Sony BMG Music Entertainment

About geeknews

Todd Cochrane is the Founder of Geek News Central and host of the Geek News Central Podcast. He is a Podcast Hall of Fame Inductee and was one of the very first podcasters in 2004. He wrote the first book on podcasting, and did many of the early Podcast Advertising deals in the podcasting space. He does two other podcasts in addition to Geek News Central. The New Media Show and Podcast Legends.

One thought on “Sony CD Security Fix Leaves Users Unsecured

  1. I think it’s more like Sony shot itself in the head twice, then laughed about it. Even after they got caught with the rootkit, they issued a horrid patch, then issued a SP2 because the first one was bad. On top of all that, they seemed unwilling to do the right thing and issue uninstall programs without asking for your first born in return.

    Sony was ballsy for even thinking about using the software they did. It is buggy, unstable, and blows some systems up completely. Of course, that’s without mentioning, like you said above, any patches will still leave you open outside attack.

    Unfortunatly, I believe we can look forward to seeing more of this sort of thing. Luckily, we have some pretty highly skilled people out there willing to post their findings. Let’s hope the next one will be just as willing.

Comments are closed.