Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Sony BMG Pulling Controversial DRM

By Nate Mook, BetaNews

November 11, 2005, 1:58 PM

Following a week of consumer pressure, Sony BMG is backing away from its controversial CD copy-protection software, which installs a rootkit to prevent the DRM from being removed and potentially opens the door for security vulnerabilities. The label will stop making CDs that use the technology, known as XCP.

"As a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology," the company said in a statement. "We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use."

The news comes one day after antivirus firms discovered a new trojan horse that takes advantage of a cloaking mechanism employed by Sony's software. Security researchers warned that viruses and other malware could hide using the DRM and thus make removal more difficult.

Lawsuits have also been filed against Sony BMG in both California and New York by consumers who claim that Sony's DRM, which attempts to stop computer users from copying a CD's audio tracks to a hard drive, is invasive and damaging to computer systems.

Beyond the cloaking risk, coding errors in the DRM software have been reported to leave systems vulnerable to crashes.

SysInternals' Mark Russinovich first reported on the software after his company's security tool recognized a "rootkit" on his machine. Rootkits are malicious applications that hide deep within an operating system to perform tasks without a user's knowledge. The technology can be used to cloak viruses and worms, or in this case, DRM.

Russinovich's report spread like wildfire across the Net and was quickly picked up by mainstream media. Sony responded with a statement claiming it no longer used the technology and offered instructions for customers explaining how to remove the hidden software from their PCs.

Antivirus vendors have also been forced to decide whether to classify Sony's software as malware if it is detected on customers' systems. McAfee, Sophos and Computer Associates have taken an aggressive stance and offer removal tools, while Symantec is directing users to Sony customer support and Microsoft remains undecided.

For its part, Sony says it has been responsive to the situation by posting removal instructions. But Russinovich disagrees, saying, "Without exaggeration I can say that I've analyzed virulent forms of spyware/adware that provide more straightforward means of uninstall."

Add a Comment (50 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By JacenSolo

posted Nov 13, 2005 - 4:47 PM

"Microsoft remains undecided."

Torrentspy reports that M$ has classed it as malware and WinDefender will remove it. ^_^

Oh, and I just remembered. An easy way to by pass the DRM, and pirate the disk... Use Linux's (KDE's) audio ripping software, as KDE (linux) isn't effected by Autorun, nor Windows DLLs :P

The same can apply to Gnome and mac ^_^

Score: 0

By TheAntiMe

posted Nov 13, 2005 - 12:55 AM

I am not impressed with the overall quality of Sony products. To be fair, I will concede that their VAIO line of computers is reasonably decent. Other than that, in my opinion the performance level of Sony products is at the low end of the scale. Even their renowned Playstation has proven to be less than durable. I went through 3 Playstations and am currently on my 2nd PS2.
The sound quality of Sony audio components is comparable to great brands such as "K-Pro" and "Valu-King". Sony is to Marantz and Denon as what MD 2020 and Thunderbird are to Dom Perignon.

Having said that, Sony would be wise to rethink this arrogantly agressive strategy of infecting our computers and other electronic devices with their immoral cybervermin. These activities are a disgusting slap in the face to all consumers, and should in fact prove to be illegal, at least in a court not affected by corporate corruption.

Score: 0

By kholdstare

posted Nov 14, 2005 - 9:25 AM

"Even their renowned Playstation has proven to be less than durable. I went through 3 Playstations and am currently on my 2nd PS2."

Note to be a fanboy or anything but what the heck do you do to your gae systems. I have bought 2 playstations in my life a ps one and a PS2 and they are still working with no problems. If i took my 6 year old PSX out of my closet it would still play any game. I am a hardcore gamer too so they have had lots of hours where they were kept running

Score: 0

By terminalx

posted Nov 12, 2005 - 7:46 PM

the sony president is an idiot I am sure he knows how to turn a pc on and thats about it

Score: 0

By gawd21

edited Nov 12, 2005 - 8:56 PM

I have met a LOT of CEO's that know how to turn on the computer, but asking them to shut it down, is a whole new world. LMAO

EDIT: Other than to hit the power button.

Score: 0

By terminalx

posted Nov 13, 2005 - 5:21 PM

personally ceos seem to be a waste of time really... as they seem to have less clue what is going on in their company then the workers

Score: 0

By wincement

posted Nov 13, 2005 - 1:30 AM

Lol. I had a customer call in one time that unplugged her computer every time because she didn't know how to properly turn it off. She couldn't even find the power button...

Score: 0

By terminalx

edited Nov 13, 2005 - 5:25 PM

I had a customer who just ripped the power surge protecter out of the wall which had 8 devices connected to it including the phone and she couldnt figure out why everything kept getting shut off... I also had customers who believed that if they switched from a pc to a mac while switching ethernet cords it would blow up the modem...ahh work can be much entertainment

Score: 0

By terminalx

posted Nov 12, 2005 - 7:45 PM

if they do that to the ps3...it ll be the death of playstation...no one would buy into this especially the people developing the games...this is suicide...hopefully just a rumor but one that they should clean up fast because xbox2 is coming and there are a lot of people that are shifting to xbox simply because of the drm fiasco if a rumor creeps up into drm for ps3 and the high price tag who would buy it?

Score: 0

By mehvii

posted Nov 12, 2005 - 6:32 PM

didnt the sony president just say something like "dont worry about rootkit"? i saw it on bn =p

Score: 0

By elopez17

posted Nov 12, 2005 - 12:54 PM

For those who like PS3

http://www.theinquirer.net/?article=27568

Score: 0

By adamdawg

posted Nov 12, 2005 - 7:36 PM

I highly doubt that will ever happen. What would they do about game rentals? The first person to rent the game is the only one allowed to play it? No. Even if they did do something like that, they'd have to make exceptions for games used for renting, in which case it would be pointless.

Plus, they'd run into a load of problems with used-game retailers such as GameStop and GameRush. They'd be destroying a billion dollar industry.

Score: 0

By joeshmoe7

posted Nov 12, 2005 - 1:51 PM

well it's just a patent, I doubt sony would use it in the end, but either way im still going xbox. Sony is forever on my crap list. Not for the rootkit, but for their attitude towards their cutomers.

Score: 0

By wincement

posted Nov 12, 2005 - 2:15 PM

Ditto.

Score: 0

By joeshmoe7

edited Nov 12, 2005 - 12:54 PM

"We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use."

I'll translate: Sony is currently looking into new ways to screw our customers and cover our own butts.

Score: 0

By terminalx

posted Nov 12, 2005 - 10:00 AM

it appears it is hitting mainstream now...

http://www.usatoday.com/...g-suspends_x.htm?csp=34

Score: 0

By PC Rat

edited Nov 12, 2005 - 6:35 AM

"As a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology"

Temporarily.

Hopefully, Microsoft will now take notice of this important new feature, and add it onto their DRM for Windows Vista.

Copyright protection is just too vital for consumers to even know the modalities of it they have on their personal computers !

The Computer Rodent

Score: 0

By wingo

posted Nov 11, 2005 - 11:46 PM

this has no effect on mp3 downloaders.

make the big guys cry download free music and/or listen to internetradio.

Score: 0

By mehvii

posted Nov 12, 2005 - 6:34 PM

internet radio doesnt hurt sony...

Score: 0

By wincement

posted Nov 12, 2005 - 2:16 PM

I would not recommend that route. There are *legal* ways to make Sony hurt. By breaking the law, you risk screwing yourself over a lot worse than you could possibly hurt Sony all by yourself.

Score: 0

By NoMore

posted Nov 12, 2005 - 5:03 PM

The important thing is not to pay for music to Sony, RIAA, etc.

Live without music or download it for free, the choice is yours.

Score: 0

By wincement

posted Nov 12, 2005 - 5:49 PM

Wow... it took me two reads through your comment to tell if you were serious or not.

1. Music is a privilege; not a right.

2. There are other alternatives.

Score: 0

By rebradley

posted Nov 11, 2005 - 10:45 PM

hmm, I wonder if they are going to replace the infected CDs they already made and pay for the dammage to the infected computers?

I would recommend that you still not buy Sony products. Instead save your money and buy Sony Stock. The corporates fear stockholder more than lawyers. We need to fire CEOs and other corporate heads that don't understand the tech they sell. Stockholders can do that. While Consummers can only suck their thumbs and cry for change.

Score: 0

By midfingr

edited Nov 11, 2005 - 9:48 PM

"...One effect of installing the company's XCP content protection software on a computer was that files with certain character combinations in their names were essentially invisible to the computer. This opened the door to virus writers who wanted to hide their work from antivirus software, as well as World of Warcraft hackers who wanted to hide their programs from that game's Warden anticheat program..."

World of Warcraft?
Oh yeah, great. Smooth move Sony.

Score: 0

By yleclerc

edited Nov 11, 2005 - 7:55 PM

Now, we just need to continue to put press on Sony, and other recording lables, to not include such drastic DRM management systems. Boycott their music media!!!!!!

Score: 0

By wincement

posted Nov 11, 2005 - 6:56 PM

"As a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology"

"temporarily"!?!?

Not. Good. Enough.

Score: 0

By rotjong

edited Nov 11, 2005 - 7:58 PM

They worded it this way for a reason. By saying it this way they are accepting no blame for their idiotic actions. They will "temporarily" suspend the production and then switch to another method saying that the method is actually better. They'll have never admitted they were jack###es. It's all about PR spin. However, it's too late to get their integrity back, IMO.

Score: 0

By mjm01010101

posted Nov 11, 2005 - 6:39 PM

Sony would be responsible by making every one of those songs free for the world.

How do you pull DRM on read-only medium.

Die cd's already, die.

Score: 0

By (*steve*)

edited Nov 11, 2005 - 6:28 PM

Where I work we are now prohibited from bringing in original music on CD. We are still allowed to bring in CDROMs of MP3s though, and tech support are helping people by pointing them at the software they need to use to create them.

Well done Sony -- perfect use of the footgun

Score: 0

By rijp

posted Nov 11, 2005 - 3:35 PM

Just earlier this week "rootkit" what is it? Most users don't even know what it is... Came into question.

Now Sony is using a rootkit, and they don't see a problem further evidence that proves a rootkit in and of itself is NOT bad, its how you use it.

Score: 0

By roj

edited Nov 11, 2005 - 3:48 PM

Guns don't kill people either. People kill people.

Sony kills consumer rights.

So does the entertainment industry.

Make them hurt where it counts - for the first time, they're scared.

Payback is a mutha and it's all about payback.

Score: 0

By Jedite

posted Nov 11, 2005 - 2:34 PM

To add to this.. The Department of Homeland Security made an indirect mention of this situation, and what can only be categorized as a warning directed at Sony.

Stewart Baker newly appointed Assitant Secretary for Policy for the DHS had this to say.

"I wanted to raise one point of caution as we go forward, because we are also responsible for maintaining the security of the information infrastructure of the United States and making sure peoples' [and] businesses' computers are secure. ... There's been a lot of publicity recently about tactics used in pursuing protection for music and DVD CDs in which questions have been raised about whether the protection measures install hidden files on peoples' computers that even the system administrators can’t find."

In a remark clearly aimed directly at Sony and other labels, Stewart continued: "It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days.

"If we have an avian flu outbreak here and it is even half as bad as the 1918 flu epidemic, we will be enormously dependent on being able to get remote access for a large number of people, and keeping the infrastructure functioning is a matter of life and death and we take it very seriously."

Credit goes to Brian Krebs from the Washington post and his blog that has a bit more on this.

http://blogs.washingtonp...11/the_bush_admini.html

Score: 0

By PC_Tool

posted Nov 11, 2005 - 2:19 PM

Really? Imagine that...

Sony's facing lawsuits, the worst PR nightmare they've seen since...lord only knows.

The word, "Duh" comes springing to mind.

Yes. Springing. With a "BOING!" sound as well. And then it bounces off down the hall way.

"Someone tell Kary to get out of the Way!!!"

oooh...that had to hurt.

Score: 0

By roj

edited Nov 11, 2005 - 3:45 PM

My friend, they haven't learned. Their latest PR announcement indicates that they will stop doing this "temporarily".

That means that a lesson still needs to be taught.

Hit them where it hurts: at retail. Purchase NO products that have ANY DRM attached to them. Furthermore, don't purchase ANY products from vendors that use DRM - from any of their other divisions, including consumer electronics.

TANK the new Sony Bean mp3 player at retail.

TANK the list of albums that the EFF has published.

"Hey Carlons, I luv ya man, but yer latest CD is gonna TANK. Blame yer bosses.

Luv,

A customer who won't be."

Don't just single out Sony - do 'em all.

It's time to take it back - take it ALL back. Now. They're at a disadvantage and the power is ours.

Why?

Because it's OUR money.

Make this the dryest holiday season EVER for DRM-loving companies. That WILL get the point across.

Score: 0

By KSzostek

posted Nov 11, 2005 - 7:05 PM

NO NO No Don't buy any Sony product. What they did is unforgivable. Who the h*ll do they think they are?

Score: 0

By kholdstare

posted Nov 14, 2005 - 9:32 AM

"NO NO No Don't buy any Sony product. What they did is unforgivable. Who the h*ll do they think they are? "

Now are you going to buy what you want or are you going to listen to what all these nerds say. all these people are pissed about is a company putting a peace of software on there gaming systems and they just bkame it on this instead of thining there gaming PC is flawed or too slow.

Score: 0

By PC_Tool

posted Nov 11, 2005 - 4:24 PM

Can't fault your enthusiasm, but...

Not that I enjoy shattering peoples rose-colored glassess, but what you predict is simply not going to happen.

While I will be boycotting Sony, signing petitions, and watching the legal affairs closely, being a realist, I understand that pretty much nothing will change.

Why?

I've been watching the news. Not a word. They all talk about rights, but Sony? Rootkits? DRM? Nope. Not a single station. This means the average joe doesn't know sh1t about what's going on and thus, couldn't care less.

Hell, I've even emailed 3 of the 4 stations in my area. Amazingly enough, I've had absolutely zero responses, which in itself is a response of, "no-one's listening, no-one cares."

I'll enjoy watching the show, but am not expecting a suprise ending.

Score: 0

By nield

edited Nov 11, 2005 - 6:38 PM

Hiawatha Bray has already had two articles on this in the Boston Globe. Both should get some kudos.

Score: 0

By googun

edited Nov 12, 2005 - 9:27 AM

Agreed. It has not made any impact on the national media, at least not in the UK.

The deafening silence does not surprise me at all. Never mind the wholesale abuse of rights and the law, the subject is a tiny bit technical, so obviously nothing in the story to interest your average Joe :-/

Score: 0

By barcrest

posted Nov 15, 2005 - 9:44 AM

Poof as if by magic, this morning it was in the metro. Although it is a free paper it is read by virtually every comuter and public transport traveller in the UK. The article was pretty cool because it was about microsoft adding the patch, so to the layman this will look like the sony CD was actually more harmful than in reality it was....

Score: 0

By Neoprimal

posted Nov 12, 2005 - 2:34 AM

In order to 'not support Sony' here's what you'd have to abandon...

Film
Sony Pictures Entertainment
Columbia TriStar
Sony Pictures Classics
Screen Gems

Television
Sony Pictures Television
AXN
Animax Japan
SoapCity
GAME SHOW NETWORK (50% with Liberty Media)
Movielink (jointly owned with Paramount Pictures, Sony Pictures Entertainment, Universal Studios and Warner Bros. Studios)

Music
Sony BMG Music Entertainment (50% with Bertelsmann)
Labels include: Arista Records, BMG Classics, BMG Heritage, BMG International Companies, Columbia Records, Epic Records, J Records, Jive Records, LaFace Records, Legacy Recordings, RCA Records, RCA Victor Group, RLG - Nashville, Sony Classical, Sony Music International, Sony Music Nashville, Sony Wonder, So So Def Records, Verity Records
Sony/ATV Music Publishing (joint venture with Michael Jackson)
Music Choice (venture with Time Warner, EMI, Motorola, Microsoft, and several cable companies: Cox, Comcast, Adelphia, Time Warner Cable)

Other
Sony Electronics
Sony Computer Entertainment America
PlayStation
989 Sports
Sony Connect Inc.
Metreon

CDs and music, are but a small, small part of their corporate puzzle. I for one will not buy their CDs as I said, not until I'm sure they don't have something that will infect my computer (autorun or not). But it's hard, and rather naive to say "don't buy anything Sony", it's damned near impossible.

Score: 0

By PC_Tool

posted Nov 14, 2005 - 9:28 AM

Meh..

Haven't seen one thing on that list I can't live without. Most of which I already do.

Film? Haven't gone to the theater or bought a DVD (other than Barney) in about 2 years.

Television: Over-the-air. It's all free.

Music: Too many alternatives to mention, and I'm not talking about the genre.

Other seems to revolve around their electronics, compuer/software, which is quite easy to avoid.

Naive? Nope. Impossible? Hardly.

Score: 0

By wincement

posted Nov 14, 2005 - 6:48 PM

"Haven't gone to the theater or bought a DVD (other than Barney)"

LOL. Watch out. Barney might install a rootkit on your DVD player.

Score: 0

By TheKing75

posted Nov 13, 2005 - 5:15 PM

Don't forget MGM, they own them now too.

Score: 0

By KSzostek

posted Nov 12, 2005 - 12:48 PM

Boycot away! Just one item from each person would be a start.

Score: 0

By roj

edited Nov 11, 2005 - 5:07 PM

I don't expect it to happen.

What I do expect is a certain measure of respect (based on detente) and caution to be gained on the part of the other side given that they'll come to the realization that they CAN be hurt. That will slow things down and shatter THEIR rose colored glasses enough for some sort of compromise to be reached.

However if the "go big or go home" attitude is NOT adopted by our side at the get-go, we'll get rolled over before we even start.

And with all due respect, email ain't gonna do it. There is only One God and that's Money.

Period.

They'll understand being deprived of that, even if it's a momentary dip in sales, say, for their most lucrative season of the year, perhaps?

I'm not expecting help form politicians - they're already bought and paid for. I'm not expecting help from altruism - it doesn't exist in those circles. I'm expecting help from one source and only one: FEAR. Fear of lost profits, to be precise.

This has to be grass-roots, from blog to blog, from customer to customer.

It may not work, but at least we can say we tried. If we don't, we'll ALL end up like your country, sheep led to the slaaughter by DMCA, political lobbies bought and paid for by the entertainment industry, privacy rights strangeled by the Patriot Act and efforts to change the Constitution to elect an entertainment industry shill.

Not a pretty picture - and that ain't no rose-colored view.

Score: 0

By wildwild

posted Nov 13, 2005 - 2:37 PM

Bottom line is we need to stop talking... let all your friends, relatives, blogs know about how they are having their content controlled and *name* the company. 'What do you mean my johnny can't take his PS3 game to his friends and play it there?' -
http://www.theinquirer.net/?article=27568 .
We think that we don't make a difference, they squeeze us like no tomorrow - prices rise with no regard while reducing functionality and freedom...yet their customer base increases ( then, for whatever reason, we seem to have the ability to communicate when we like something increasing their profit but when there is something there that just isn't fair we sit idly by and take it... ) / profits increase incredibly and their CEO's sit back and make choices for us. What about us as a consumer base - we can make choices enmass. Information is passed so quickly we *need* to make a difference now before they DRM our freedom to death.
I have a few sony items and am relatively happy with the products I bought. But all this with DRM, installing items on my computer without me knowing ( called spyware, very simply - the same as spammers - they should be treated the same way but it's funny how this never hits the courts ( though I understand there are a few that are prosecuting SOny - all I can say is GOGOGO! )).
Sorry for venting - someone with more time than I should put up a site where people BLog - I am not buying Sony, I am not Buying the PS3 - get that on CNN with 300,000 blogs. Maybe even mention what you are buying - XBox, Ninetendo... it's time they hear from us *before* they release their controlling junk into our homes.
For lack of a blog ( if someone does start one please post it here ) I was thinking of PS3 , I have an Xbox...I will not buy Sony...done. Are you next? Make it known.

Score: 0

By PC_Tool

posted Nov 11, 2005 - 5:25 PM

Meh...still don't see it changing anything. But hey, I could be wrong. Hope so.

Score: 0

By roj

posted Nov 11, 2005 - 6:00 PM

Me 2. :)

BTW, i posted the followup info you wanted on the file sharing ruling in Canada and a couple extras.

Laterz...

Score: 0

By PC_Tool

edited Nov 14, 2005 - 9:31 AM

Saw it, replied. ;)

Thinking about moving to Canada. :P

Score: 0

Aug 7 - 6:04 PM ET Ubuntu attracts the lion's share of LinuxWorld's smaller crowds

Aug 7 - 5:25 PM ET IBM VP urges open source devs to make Linux less like Windows

Aug 7 - 5:18 PM ET LinuxWorld shows off the latest data center-in-a-truck

Aug 7 - 4:58 PM ET Toshiba doubles its embedded flash capacity to catch up with Samsung

Aug 7 - 3:57 PM ET Merged Sirius XM sees growth for sat radio, despite low stock price

Aug 7 - 3:35 PM ET Report: BitTorrent cuts staff by 20 percent

Aug 7 - 3:29 PM ET How did Dell get 'carbon neutral?'

Aug 7 - 3:01 PM ET Could open source be the solution to the e-voting debacle?

Aug 7 - 12:56 PM ET Report: Unhackable e-passports hacked within minutes

Aug 7 - 12:41 PM ET What's behind AT&T's Synaptic 'cloud' initiative?