Info
Sony BMG pulls plug on rootkit snafu
After weeks of scorching criticism and legal action, music giant says it is pulling CDs that use controversial copy-protection off shelves; exchange program started.
Unable to quell the furor over its use of controversial copy-protection software on CDs, Sony BMG Music Entertainment said today that is recalling CDs that use the software and is offering exchanges to anyone who purchased one.
The controversial XCP software, licensed from British software developer First 4 Internet, is called a "rootkit," and it acts like virus software by hiding itself within the Windows operating system when a CD is loaded into a computer. The software has already been used by virus makers to disseminate a Trojan horse virus, and it was recently deemed "malware," or malicious software, by Microsoft.
"We share the concerns of consumers regarding discs with XCP content-protected software, and, for this reason, we are instituting a consumer exchange program and removing all unsold CDs with this software from retail outlets," Sony BMG said in a statement.
The XCP software, designed to prevent a user from copying a CD more than twice, has been loaded onto CDs by at least 20 Sony BMG artists, including My Morning Jacket, Sarah McLachlan, Celine Dion, and Trey Anastasio. Sony did not give exact figures on the number of CDs that will be recalled.
Sony BMG said in a separate statement that it would distribute a program to remove the software from a PC where it jeopardizes security.
"We deeply regret any inconvenience this may cause our customers. Details of this [recall] program will be announced shortly," the company said.
The issue has created a public relations and legal nightmare for the music giant ever since it was exposed by programmer and blogger Mark Russinovich on October 31. A Southern California attorney has already filed a class-action lawsuit against the company, alleging that Sony BMG had not disclosed the true nature of its copy-protection software.
In a post to his blog today, Russinovich said he was happy that Sony has finally done the right thing. But he wasn't completely satisfied.
"They don't admit wrongdoing, only that the software was a security concern," he wrote. "[And] there's no statement on Sony's site or their press releases regarding future policy. They go as far as saying that they 'will continue to identify new ways to meet demands for flexibility in how you and other consumers listen to music,' but say nothing about their stance on rootkits or disclosure during software installation."
Prior to the recall decision, Sony made several attempts to stifle the controversy, but in many cases only made matters worse. It issued a patch to remove the software from PCs that ended up creating even larger security problems for those computers, according to software engineers.
The company said last Friday that it was temporarily suspending production of CDs with the XCP software.
Prior to Sony's announcement of the recall, the Electronic Frontier Foundation issued a statement calling for it to do just that. The digital advocacy group said the company's decision to halt production of CDs with the rootkit software on it, and its attempts to issue patches, were simply not enough.
"Sony-BMG should treat its customers with respect and fairness; instead it acted little better than the thugs who unleash stealth computer viruses on the public," said EFF staff attorney Corynne McSherry.
"Halting production is not enough. Sony needs to take steps to fix that damage it has already caused and ensure that nothing like this happens again in the future."
The company has yet to say how it will balance the computer security of its customers and its desire to load copy-protection software onto its CDs. It has called such digital rights management [DRM] software "an important tool to protect our intellectual property rights and those of our artists."
"Sony-BMG needs to be strongly reminded that it doesn't own your computer, you do," said EFF senior staff attorney Fred von Lohmann in a statement.
Just added
