2005 Sony BMG CD copy protection scandal
Encyclopedia
The Sony BMG CD copy protection rootkit scandal concerns the copy protection
Copy protection
Copy protection, also known as content protection, copy obstruction, copy prevention and copy restriction, refer to techniques used for preventing the reproduction of software, films, music, and other media, usually for copyright reasons.- Terminology :Media corporations have always used the term...

 measures included by Sony BMG on Compact Disc
Compact Disc
The Compact Disc is an optical disc used to store digital data. It was originally developed to store and playback sound recordings exclusively, but later expanded to encompass data storage , write-once audio and data storage , rewritable media , Video Compact Discs , Super Video Compact Discs ,...

s in 2005. Sony BMG included the Extended Copy Protection
Extended Copy Protection
Extended Copy Protection is a software package developed by the British company First 4 Internet, and sold as a copy protection or digital rights management scheme for Compact Discs...

 (XCP) and MediaMax CD-3
MediaMax CD-3
MediaMax CD-3 is a software package created by SunnComm and was sold as a form of copy protection for compact discs. It was used by the record label RCA Records/BMG, and targets both Microsoft Windows and Mac OS X. Some users regard the software as a form of malware since its purpose is to...

 software on music CDs. XCP was put on 52 titles and MediaMax was put on 50 titles. This software was automatically installed on Windows desktop computers when customers tried to play the CDs. The software interferes with the normal way in which the Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 operating system plays CDs by installing a rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...

 which creates vulnerabilities for other malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...

 to exploit. This was discovered and publicly revealed by Mark Russinovich
Mark Russinovich
Mark E. Russinovich is a Technical Fellow in the Platform and Services Division at Microsoft. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006.-Early life and education:...

 on the Sysinternals
Sysinternals
Windows Sysinternals is a part of the Microsoft TechNet website which offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website was created in 1996 and was operated by the company Winternals...

 blog. Other operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

s were not affected.

As a result, a number of parties have filed lawsuits against Sony BMG; the company ended up recalling
Product recall
A product recall is a request to return to the maker a batch or an entire production run of a product, usually due to the discovery of safety issues. The recall is an effort to limit liability for corporate negligence and to improve or avoid damage to publicity...

 all the affected CDs; and greater public attention was drawn to the issue of commercially-backed spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...

 and rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...

s. Additionally, further investigation revealed that Sony had created its copyright protection software, in part, using LAME
LAME
LAME is a free software codec used to encode/compress audio into the lossy MP3 file format.-History:The name LAME is a recursive acronym for "LAME Ain't an MP3 Encoder". Around mid-1998, Mike Cheng created LAME 1.0 as a set of modifications against the "8Hz-MP3" encoder source code...

 code, violating the GNU Lesser General Public License
GNU Lesser General Public License
The GNU Lesser General Public License or LGPL is a free software license published by the Free Software Foundation . It was designed as a compromise between the strong-copyleft GNU General Public License or GPL and permissive licenses such as the BSD licenses and the MIT License...

, and VLC
VLC media player
VLC media player is a free and open source media player and multimedia framework written by the VideoLAN project.VLC is a portable multimedia player, encoder, and streamer supporting many audio and video codecs and file formats as well as DVDs, VCDs, and various streaming protocols. It is able to...

 code written by Jon Lech Johansen
Jon Lech Johansen
Jon Lech Johansen , also known as DVD Jon, is a Norwegian programmer famous for his work on reverse engineering data formats....

 and Sam Hocevar
Sam Hocevar
Samuel “Sam” Hocevar is a French computer scientist, programmer, image processing expert and reverse engineer. Hocevar was the Debian Project Leader from 17 April 2007 to 16 April 2008.- Biography :...

, violating the GNU General Public License
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....

.

Background

In August 2000, statements by Sony Pictures Entertainment
Sony Pictures Entertainment
Sony Pictures Entertainment, Inc. is the television and film production/distribution unit of Japanese multinational technology and media conglomerate Sony...

 US senior VP Steve Heckler foreshadowed the events of late 2005. Heckler told attendees at the Americas Conference on Information Systems "The industry will take whatever steps it needs to protect itself and protect its revenue stream
Revenue stream
A revenue stream is a form of revenue. Revenue streams refer specifically to the individual methods by which money comes into a company. Revenue streams may be characterized...

s... It will not lose that revenue stream, no matter what... Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster
Napster
Napster is an online music store and a Best Buy company. It was originally founded as a pioneering peer-to-peer file sharing Internet service that emphasized sharing audio files that were typically digitally encoded music as MP3 format files...

 at source - we will block it at your cable company. We will block it at your phone company. We will block it at your ISP
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...

. We will firewall it at your PC... These strategies are being aggressively pursued because there is simply too much at stake." BMG in Europe experienced a similar scandal in 2001 when Natalie Imbruglia
Natalie Imbruglia
Natalie Jane Imbruglia is an Australian singer-songwriter, model and actress. In the early 1990s, Imbruglia was known to audiences as Beth Brennan in the popular Australian soap Neighbours. Three years after leaving the programme, Imbruglia launched a singing career with the international hit,...

's second album - White Lilies Island
White Lilies Island
White Lilies Island is the second album by Natalie Imbruglia. It was released in Europe and Australia in late 2001 and in the United States on 5 March 2002. The name of this album comes from the location of Imbruglia's home in Windsor.-Sales:...

- was sold with copy protection measures, but without any warning labels. They were eventually replaced by BMG, but the company made clear intentions to continue copy-protection methods. In the United States and Germany, Sony used copy protection on N' Sync's 2001 album Celebrity
Celebrity (album)
Celebrity is the third and final studio album by the pop boy band 'N Sync. It was released on July 24, 2001, by Jive Records. The label was heavily criticized for releasing singles that involved Justin Timberlake on lead vocals, and none which involved JC Chasez performing or co-writing...

. The British version of the album was unprotected. European promotional copies of Michael Jackson
Michael Jackson
Michael Joseph Jackson was an American recording artist, entertainer, and businessman. Referred to as the King of Pop, or by his initials MJ, Jackson is recognized as the most successful entertainer of all time by Guinness World Records...

's 2001 single You Rock My World
You Rock My World
"You Rock My World" is a song by American recording artist Michael Jackson from his tenth, and final, studio album Invincible . The song was released as the lead single from the album in August 2001 by Epic Records. The lyrics pertain to being in love and trying to gain a woman's affection...

were also released with copy-protection.

Sony BMG software issues

On October 31, 2005, Mark Russinovich
Mark Russinovich
Mark E. Russinovich is a Technical Fellow in the Platform and Services Division at Microsoft. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006.-Early life and education:...

 posted to his blog
Blog
A blog is a type of website or part of a website supposed to be updated with new content from time to time. Blogs are usually maintained by an individual with regular entries of commentary, descriptions of events, or other material such as graphics or video. Entries are commonly displayed in...

 a detailed description and technical analysis of the characteristics of the software contained on Sony BMG music CDs. Called "Sony, Rootkits and Digital Rights Management Gone Too Far", the article asserted emphatically that the software is illegitimate and that digital rights management
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...

 had "gone too far".

Security holes

Russinovich stated that the rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...

 software creates security holes that can be exploited by malicious software such as worms
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...

 or viruses
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...

. He also mentioned that the XCP software installed silently before the EULA appeared, that the EULA does not mention the XCP software, and that there was no uninstaller
Uninstaller
An uninstaller, also called a deinstaller, is a utility software designed to remove other software or parts of it from a computer. It is the opposite of an installer.-Components:...

, all of which are illegal in various ways in various jurisdictions.

Ed Felten
Edward Felten
Edward William Felten is a professor of computer science and public affairs at Princeton University. On November 4, 2010 he was named the Chief Technologist for the United States Federal Trade Commission, a position he officially assumed January 3, 2011.Felten has done a variety of computer...

's Freedom to tinker blog featured an article by J. Alex Halderman discussing the SunnComm DRM
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...

 also found on some Sony BMG CDs, which is very similar to the F4I software in that it installs without authorization or notification, and does not have an uninstaller.

Resource drain

The article also asserts that the software runs in the background and consumes system resources, slowing down the user's computer, regardless of whether there is a protected CD playing.

Poor design

Russinovich presented evidence that the software employs unsafe procedures to start/stop the rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...

, which could lead to system crashes (Blue Screen of Death
Blue Screen of Death
To forse a BSOD Open regedit.exe,Then search: HKLM\SYSTEM\CurrentControlSet\services\i8042prt\ParametersThen make a new DWORD called "CrashOnCtrlScroll" And set the value to 1....

) and that inexpert attempts to uninstall the software can lead to the Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 operating system failing to recognize an existing drive(s). The Sony rootkit is designed to hide any files, registry keys and processes whose name starts with the string $sys$, making it very easy for writers of worms and other malware to also hide their files by simply using the same name. Within weeks there were several trojans and worms taking advantage of this functionality in machines already compromised by the Sony rootkit.

Anti-virus firm F-Secure
F-Secure
F-Secure Corporation is an anti-virus and computer security software company based in Helsinki, Finland. The company has 18 country offices and a presence in more than 100 countries, with Security Lab operations in Helsinki, Finland and in Kuala Lumpur, Malaysia...

 asserted, "Although the software isn't directly malicious, the used rootkit hiding techniques are exactly the same used by malicious software to hide themselves. The DRM software will cause many similar false alarms with all AV software that detect rootkits. ... Thus it is very inappropriate for commercial software to use these techniques." After public pressure, Symantec
Symantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...

 and other anti-virus vendors included detection for the rootkit in their products as well, and Microsoft announced it would include detection and removal capabilities in their security patches.

Rootkit removal program

Sony BMG released a software utility to remove the rootkit component of XCP from affected Microsoft Windows computers, but this removal utility was soon analyzed by Russinovich again in his blog and revealed as only exacerbating the privacy and security concerns.

In fact, the Sony BMG removal program merely unmasked the hidden files installed by the rootkit, but did not actually remove the rootkit. In addition, this program was reported to install additional software that cannot be uninstalled. In order to download the uninstaller, it is necessary to provide an e-mail address (which the Sony BMG Privacy Policy implies to be added to various bulk e-mail lists), and to install an ActiveX control
ActiveX
ActiveX is a framework for defining reusable software components in a programming language-independent way. Software applications can then be composed from one or more of these components in order to provide their functionality....

 containing backdoor methods (marked as "safe for scripting", and thus prone to exploits).

On November 18, 2005, Sony BMG provided a "new and improved" removal tool to remove the rootkit component of XCP from affected Microsoft Windows computers.

Opponents of Sony BMG's actions, including Slashdot and Digg
Digg
Digg is a social news website. Prior to Digg v4, its cornerstone function consisted of letting people vote stories up or down, called digging and burying, respectively. Digg's popularity prompted the creation of copycat social networking sites with story submission and voting systems...

 contributors, later accused Sony BMG of violating the privacy of its customers to create a backdoor onto their machine using code that itself violates an open-source license
Open-source license
An open-source license is a copyright license for computer software that makes the source code available for everyone to use. This allows end users to review and modify the source code for their own customization and/or troubleshooting needs...

. They claimed that this DRM program, designed to give Sony BMG control over the customer's machine in the name of copyright protection, is itself infringing copyright by including code from the LAME
LAME
LAME is a free software codec used to encode/compress audio into the lossy MP3 file format.-History:The name LAME is a recursive acronym for "LAME Ain't an MP3 Encoder". Around mid-1998, Mike Cheng created LAME 1.0 as a set of modifications against the "8Hz-MP3" encoder source code...

 MP3 library.

Product recall

On November 15, 2005 vnunet.com announced that Sony BMG was backing out of its copy-protection software, recalling unsold CDs from all stores, and offering consumers to exchange their CDs with versions lacking the software. The Electronic Frontier Foundation
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...

 compiled a partial list of CDs with XCP. Sony BMG was quoted as maintaining that "there were no security risks associated with the anti-piracy technology", despite numerous virus and malware reports. On November 16, 2005, US-CERT, part of the United States Department of Homeland Security
United States Department of Homeland Security
The United States Department of Homeland Security is a cabinet department of the United States federal government, created in response to the September 11 attacks, and with the primary responsibilities of protecting the territory of the United States and protectorates from and responding to...

, issued an advisory on XCP DRM. They said that XCP uses rootkit technology to hide certain files from the computer user, and that this technique is a security threat to computer users. They also said one of the uninstallation options provided by Sony BMG introduces further vulnerabilities to a system. US-CERT advised, "Do not install software from sources that you do not expect to contain software, such as an audio CD."

Sony BMG announced that it had instructed retailers to remove any unsold music discs containing the software from their shelves.
It was estimated by internet security expert Dan Kaminsky
Dan Kaminsky
Dan Kaminsky is an American security researcher. He formerly worked for Cisco, Avaya, and IOActive, where he was the Director of Penetration Testing...

 that XCP was in use on more than 500,000 networks.

CDs with XCP technology can be identified by the letters "XCP" printed on the back cover of the jewel case for the CD according to SonyBMG's XCP FAQ.

On November 18, 2005 Reuters
Reuters
Reuters is a news agency headquartered in New York City. Until 2008 the Reuters news agency formed part of a British independent company, Reuters Group plc, which was also a provider of financial market data...

 reported that Sony BMG would exchange affected insecure CDs for new unprotected disks as well as unprotected MP3 files.

Information about the swap can be found at the Sony BMG swap program website. As a part of the swap program, consumers can mail their XCP-protected CDs to Sony BMG and would be sent an unprotected disc via return mail.

On November 29 then New York Attorney General Eliot Spitzer
Eliot Spitzer
Eliot Laurence Spitzer is an American lawyer, former Democratic Party politician, and political commentator. He was the co-host of In the Arena, a talk-show and punditry forum broadcast on CNN until CNN cancelled his show in July of 2011...

 found through his investigators that despite the recall of November 15 Sony BMG CDs with XCP were still for sale in New York City music retail outlets. Spitzer said "It is unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves, during the busiest shopping days of the year, [and] I strongly urge all retailers to heed the warnings issued about these products, pull them from distribution immediately, and ship them back to Sony."

The next day, Massachusetts Attorney General Tom Reilly
Thomas Reilly
Thomas F. Reilly is an American attorney and politician who served as the 45th Massachusetts Attorney General. He was born in Springfield, Massachusetts to Irish immigrant parents....

 issued a statement saying that Sony BMG CDs with XCP were still available in Boston despite the Sony BMG recall of November 15. Attorney General Reilly advised consumers not to purchase the Sony BMG CDs with XCP and said that he was conducting an investigation of Sony BMG.

As of May 11, 2006 Sony BMG's website offered consumers a link to "Class Action Settlement Information Regarding XCP And MediaMax Content Protection." It has online claim filing and links to software updates/uninstallers. The deadline for submitting a claim was June 30, 2007.

As of April 2, 2008 Sony BMG's website finally offered consumers their explanation and list of affected CDs.

Texas state action

On November 21, 2005, Texas Attorney General Greg Abbott
Greg Abbott
Gregory Wayne "Greg" Abbott is the Texas Attorney General, and is the second Republican since Reconstruction to serve in that role. Abbott was sworn in on December 2, 2002, following John Cornyn's election to the U.S. Senate...

 sued Sony BMG. Texas was the first state in the United States to bring legal action against Sony BMG in response to the rootkit. The suit was also the first filed under the state’s 2005 spyware law. It alleged that the company surreptitiously installed the spyware on millions of compact music discs (CDs) that consumers inserted into their computers when they play the CDs, which can compromise the systems.

On December 21, 2005, Abbott added new allegations to his lawsuit against Sony-BMG, regarding MediaMax. The new allegations claimed that MediaMax violated the state's spyware and deceptive trade practices laws, because the MediaMax software would be installed on a computer even if the user declined the license agreement that would authorize its installation. Abbott stated, "We keep discovering additional methods Sony used to deceive Texas consumers who thought they were simply buying music", and "Thousands of Texans are now potential victims of this deceptive game Sony played with consumers for its own purposes." In addition to violations of the Consumer Protection Against Computer Spyware Act of 2005, which allowed for civil penalties of $100,000 for each violation of the law, the alleged violations added in the updated lawsuit (on December 21, 2005) carried maximum penalties of $20,000 per violation.

New York and California class action suits

Class action suits have been filed against Sony BMG in New York and California.

On December 30, 2005, the New York Times reported that Sony BMG has reached a tentative settlement of the lawsuits, proposing two ways of compensating consumers who have purchased the affected recordings. According to the proposed settlement, those who purchased an XCP CD will be paid $7.50 per purchased recording and given the opportunity to download a free album, or be able to download three additional albums from a limited list of recordings if they give up their cash incentive. District Judge Naomi Reice Buchwald entered an order tentatively approving the settlement on January 6, 2006.

The settlement is designed to compensate those whose computers were infected, but not otherwise damaged. Those who have damages that are not addressed in the class action are able to opt out of the settlement and pursue their own litigation.

A fairness hearing was held on May 22, 2006 at 9:15 am at the Daniel Patrick Moynihan
Daniel Patrick Moynihan
Daniel Patrick "Pat" Moynihan was an American politician and sociologist. A member of the Democratic Party, he was first elected to the United States Senate for New York in 1976, and was re-elected three times . He declined to run for re-election in 2000...

 United States Courthouse for the Southern District of New York.

Claims had to be submitted by December 31, 2006. Class members who wished to be excluded from the settlement must have filed before May 1, 2006. Those who remained in the settlement could attend the fairness hearing at their own expense and speak on their own behalf or be represented by an attorney.

Other actions

It was reported on December 24, 2005 that then-Florida Attorney General Charlie Crist
Charlie Crist
Charles Joseph "Charlie" Crist, Jr. is an American politician who was the 44th Governor of Florida. Prior to his election as governor, Crist previously served as Florida State Senator, Education Commissioner, and Attorney General...

 was investigating Sony BMG spyware.

In Italy, ALCEI (an association similar to EFF
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...

) also reported the rootkit to the Financial Police, asking for an investigation under various computer crime allegations, along with a technical analysis of the rootkit. On November 21, EFF announced that they were also pursuing a lawsuit over both XCP and the SunnComm
SunnComm
SunnComm International Inc. was the company that developed and owned the MediaMax technology software package, which was sold as a form of copy protection for compact discs...

 MediaMax DRM technology. On December 6, 2005 Sony-BMG said that 5.7 million of its CDs were shipped with SunnComm MediaMax that requires a new software patch to prevent a potential security breach in consumers' computers. The security vulnerability was discovered by EFF and brought to the attention of Sony BMG. The MediaMax Version 5 software was loaded on 27 Sony BMG titles. All these suits are regarding security threats and other damage to customer computers, not copyright issues in the code. The EFF lawsuit also involves
issues concerning the Sony BMG end user license agreement.
The US Department of Justice (DOJ) made no comment on whether it would take any criminal action against Sony. However Sony did receive a public admonishment from Stewart Baker of the Department of Homeland Security, who in a speech at a Chamber of Commerce event made the statement, "it's your intellectual property — it's not your computer".

On January 30, 2007, the U.S. Federal Trade Commission
Federal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...

 (FTC) announced a settlement with Sony BMG on charges that their CD copy protection had violated Federal Law. The settlement requires Sony BMG to reimburse consumers up to $150 to repair damage that resulted directly from their attempts to remove the software installed without their consent. The settlement also requires them to provide clear and prominent disclosure on the packaging of future CDs of any limits on copying or restrictions on the use of playback devices, and bars the company from installing content protection software without obtaining consumers’ authorization. FTC chairwoman Deborah Platt Majoras
Deborah Platt Majoras
Deborah Platt Majoras is the former chairman of the Federal Trade Commission, appointed May 11, 2004, by President George W. Bush and sworn in on August 16, 2004. President Bush had announced his intention to appoint her to the position on July 30, 2004...

 added that, "Installations of secret software that create security risks are intrusive and unlawful. Consumers' computers belong to them, and companies must adequately disclose unexpected limitations on the customer use of their products so consumers can make informed decisions regarding whether to purchase and install that content."

Company and press reports

National Public Radio was one of the first to report on the scandal on November 4, 2005. Thomas Hesse
Thomas Hesse
Thomas Hesse is President of Sony Music Entertainment's Global Digital Business, US Sales, and Corporate Strategy. He reports to Doug Morris, Chief Executive Officer for Sony Music Entertainment...

, Sony BMG's Global Digital Business President, told reporter Neda Ulaby
Neda Ulaby
Neda Ulaby is an American reporter for National Public Radio, covering arts, cultural trends and digital media. She lives in Washington, D.C.- Early life and education :...

, "Most people, I think, don't even know what a rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...

 is, so why should they care about it?"

In a November 7, 2005 article, vnunet.com summarised Russinovich's findings, and urged consumers to avoid buying Sony BMG music CDs for the time being. The following day, The Boston Globe
The Boston Globe
The Boston Globe is an American daily newspaper based in Boston, Massachusetts. The Boston Globe has been owned by The New York Times Company since 1993...

classified the software as spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...

 and Computer Associates' eTrust Security Management unit VP Steve Curry
Steve Curry
Stephen Thomas Curry is a former starting pitcher in Major League Baseball who played briefly for the Boston Red Sox during the season. Listed at 6' 6", 217 lb., he batted and threw right-handed....

 confirmed that it communicates personal information from consumers' computers to Sony BMG (namely the CD being played and the user's IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...

). The methods used by the software to avoid detection were likened to those used by data thieves.

The first virus which made use of Sony BMG's stealth technology to make malicious files invisible to both the user and anti-virus programs surfaced on November 10, 2005. One day later Yahoo! News
Yahoo! News
Yahoo! News is an Internet-based news aggregator provided by Yahoo!. It features Top Stories, U.S. National, World, Business, Entertainment, Science, Health, Weather, Most Popular, News Photos, Op/Ed, and Local news....

announced that Sony BMG had suspended further distribution of the controversial technology.

According to ZDNet News:
"The latest risk is from an uninstaller program distributed by SunnComm
SunnComm
SunnComm International Inc. was the company that developed and owned the MediaMax technology software package, which was sold as a form of copy protection for compact discs...

 Technologies, a company that provides copy protection on other Sony BMG releases." The uninstall program obeys commands sent to it allowing others "to take control of PCs where the uninstaller has been used."

On November 8, 2005, Computer Associates decided to classify Sony BMG's software as "spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...

" and provide tools for its removal. Speaking about Sony BMG suspending the use of XCP, independent researcher Mark Russinovich
Mark Russinovich
Mark E. Russinovich is a Technical Fellow in the Platform and Services Division at Microsoft. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006.-Early life and education:...

 said, "This is a step they should have taken immediately."

Sony BMG in Australia released a press release indicating that no Sony BMG titles manufactured in Australia have copy protection.

See also

  • Extended Copy Protection
    Extended Copy Protection
    Extended Copy Protection is a software package developed by the British company First 4 Internet, and sold as a copy protection or digital rights management scheme for Compact Discs...

  • Digital rights management
    Digital rights management
    Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...

  • List of Compact Discs sold with XCP
  • OpenMG
    OpenMG
    OpenMG is a SDMI-compliant digital rights management system by Sony. It is designed for audio files in ATRAC3 format. The compliant software, eg. Sony SonicStage, is usually capable of transcoding MP3 and wav files to OpenMG/ATRAC3...

    , DRM used by Sony BMG's SonicStage
    SonicStage
    SonicStage is the name for Sony software that is used for managing portable devices when they are plugged into a computer running Microsoft Windows. It comprises a music player and library manager, similar to iTunes, Windows Media Player and RealPlayer. It is used to manage the library of ATRAC...

     software for Sony Connect
    Sony Connect
    The CONNECT Music Store was Sony's music store built within the SonicStage music management application for Microsoft Windows-based personal computers. It was one of the world’s largest online music download stores with over 2.5 million tracks to preview and purchase, with over 10,000 new songs...

     on-line music store
  • File sharing and the law
    File sharing and the law
    The legal issues in file sharing involve violation of copyright laws as digital copies of copyrighted materials are transferred between users.The application of national copyright laws to peer-to-peer and file sharing networks is of global significance...

  • SecuROM
    SecuROM
    SecuROM is a CD/DVD copy protection and digital rights management product developed by Sony DADC. SecuROM aims to resist home media duplication devices, professional duplicators, and attempts at reverse engineering software. It is most often used for commercial computer games running under the...

  • ILok
    ILok
    The iLok or InterLok is a copy protection method developed and manufactured by PACE Anti-Piracy which utilizes a USB dongle and an online registration system. It enables a licensed user of a software application to use the software on different computers without having to register each computer....


External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK