Sony BMG halts "rootkit" CDs

Music giant responds to litigation by vowing to halt production of CDs containing controversial antipiracy technology abused by viruses, World of Warcraft cheaters.

by

After nearly two weeks of stinging criticism and the filing of at least one class-action lawsuit, Sony BMG Music Entertainment promised today to temporarily stop making CDs loaded with controversial copy-protection technology.

One effect of installing the company's XCP content protection software on a computer was that files with certain character combinations in their names were essentially invisible to the computer. This opened the door to virus writers who wanted to hide their work from antivirus software, as well as World of Warcraft hackers who wanted to hide their programs from that game's Warden anticheat program.

"We are aware that a computer virus is circulating that may affect computers with XCP content protection software," Sony BMG said in a statement today. "We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists. Nonetheless, as a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology."

The world's second-largest music label was using software created by First 4 Internet and designed to prevent a user from copying a CD more than twice. All of the major labels use copy-protection, digital rights management software, but Sony was using a particular type, called XCP, that used a "rootkit," a watchdog program that hides itself deep in the core of the operating system once a CD is loaded onto a computer.

Sony had loaded XCP onto about 20 of its CDs, including My Morning Jacket's Z, Trey Anastasio's Shine, Celine Dion's On ne Change Pas, Neil Diamond's 12 Songs, Amerie's Touch, Pete Seeger's The Essential Pete Seeger, and Ricky Martin's Life. Partial lists of CDs are at Slashdot and the Electronic Frontier Foundation.

First uncovered by programmer and blogger Mark Russinovich on October 31, the use of the rootkit set off a firestorm of criticism. That heat reached its peak yesterday, when a class-action lawsuit filed against the label by a Southern California attorney emerged.

The suit, filed last week in Los Angeles Superior Court on behalf of all California consumers "who purchased or acquired one of the rootkit-installed CDs," claims Sony BMG broke three state laws. It asks the court to force Sony to stop selling any more CDs containing the rootkit, and it seeks compensation for damage already incurred by users.

Sony has since released a patch that makes its software visible again. Sony has also sent the rootkit-cloaking information to antivirus software companies so they know to look for it.

The company has also said it has abandoned the rootkit strategy--but not, of course, the use of other forms of DRM copy protection.

"We also intend to reexamine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said today.

Discussion

9 comments
RavenXavier
RavenXavier

Way to f'k up people's PC's Sony, good job....good thing those CD's are all crap and no-one with a brain would want them anyway!!!

Maquis_UK
Maquis_UK

Fony certainly know how to treat the people who buy their products lol

dchispirtle
dchispirtle

I bought one of the XCP rootkit CDs and it really f'ed with my computer. I had to run a complete system restore about a month ago.

ultimate_zero
ultimate_zero

well, that'll teach them hackerz to mess with sony

Vastet
Vastet

Too little too late, but good all the same. Fortunately none of those CD's were worth buying in the first place. :P