Sony to refund certain CDs; new DRM exploit found

Sony's decision to implant rootkit-based digital-rights management software into new CD releases has continued to cause problems for the company. End-users have raised Cain over the discovery of the rootkit software (rootkits are normally used by malware and other intrusive programs that deliberately seek to remain invisible). Now, Sony has announced that it will pull certain popular new CDs from stores and will offer exchanges to consumers who purchased the discs. The recall and replacement drive will extend well beyond the CD that started the controversy (Van Zant's Get Right with the Man) and will cover the more-than 20 titles released with what Sony refers to as XCP copy-protection software.

In related news, apparently Sony's web-based XCP uninstaller that was available for several weeks is theoretically capable of causing even worse damage than the rootkit itself. From Freedom-to-Tinker's article:

When you first fill out Sony's form to request a copy of the uninstaller, the request form downloads and installs a program - an ActiveX control created by the DRM vendor, First4Internet - called CodeSupport. CodeSupport remains on your system after you leave Sony's site, and it is marked as safe for scripting, so any web page can ask CodeSupport to do things. One thing CodeSupport can be told to do is download and install code from an Internet site. Unfortunately, CodeSupport doesn't verify that the downloaded code actually came from Sony or First4Internet. This means any web page can make CodeSupport download and install code from any URL without asking the user's permission.

This problem is only likely to affect a small number of people, and the FTT folks go on to detail how you can find out if you're affected—but it's problems like this that demonstrate the need for technologically intelligent people to be part of business and corporate decisions where complex software technologies are being deployed.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.