Sony-BMG caves after copy-protected CD DRM uproar

“On Tuesday, we reported the story of Mark Russinovich’s discovery that the new new Van Zant CD, published by music giant Sony-BMG, contains aggressive anti-piracy malware. This low-level, hidden code not only prevents you from playing the CD in Windows Media Player, WinAmp or any other software, but the drivers installed without user consent to run the in-built player chew CPU time even when you’re not playing music, and can leave your PC crippled if you attempt to remove them,” Geoff Richards reports for bit-tech.net. “In a victory for common sense everywhere, the enormous public backlash (including bit-tech readers) against this ‘technology’ has forced Sony-BMG into an embarrassing U-turn.”

November 2, 2005 – This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers.

“You can download the Service Pack from the XCP-Aurora,” Richards reports. “Amusingly, the fun & games doesn’t stop there, as the download requires the use of Microsoft’s ActiveX – one of the major vulnerabilities in the browser-based security issues that have plagued Internet Explorer. FireFox is commonly believed to be a more secure browser because it does not support ActiveX, yet FireFox users wanting to download the XCP Service Pack because of concerns it opens them to ‘potential security vulnerabilities’ are greeted with this message:”

ActiveX Unsupported
Sorry, your Internet Browser does not support ActiveX Controls.
Please use Microsoft Internet Explorer to continue.

“In other words, please switch back to the browser you’ve moved away from for security reasons in order to download the patch that removes the security issues from our software that we installed without your permission,” Richards writes.

Full article with links to the Service Pack here.

[Thanks to MDN reader “DreamTheEndless” for the heads up. If you have an article, you’d like to see, click “contact” above and send us the link and the name you’d like us to use to thank you below the article.]

Advertisement: The New iPod with Video.  The ultimate music + video experience on the go.  From $299.  Free shipping.
Sony lost their edge long ago. That company needs to conduct a serious rethinking of its goals. Does Sony want to continue to throw up 1-inch tall wet cardboard roadblocks that Apple doesn’t even see as it drives of them at the speed of music? Or does Sony want to start making quality products again and compete with others on the merits of their products and services?

Our advice to Sony: give up the music device and music service markets. You’ve already lost badly and you simply look foolish and full of sour grapes. Concentrate on working WITH Apple and you’ll end up with Sony monitors, cameras, etc. in Apple Stores, Sony Pro products tied to Apple’s pro audio & video applications and systems plus, who knows, maybe even a Mac OS X license for your PCs (okay, that’s pushing it, but you get the idea).

Related articles:
Report: Sony copy-protected CDs may hide Windows rootkit vulnerability – November 01, 2005
How to beat Apple iPod-incompatible Sony BMG and EMI copy-protected CDs – October 04, 2005
Sony BMG and EMI try to force Apple to ‘open’ iPod with iPod-incompatible CDs – June 20, 2005
New Song BMG copy-protected CDs lock out Apple iPod owners – June 01, 2005

33 Comments

  1. Just when you think they’ve made as big a mess with the music business as possible, they go and out-do themselves again. Congratulations Sony! You’ve taken a great company and flushed it down the toilet! Bravo!

  2. Between M$ and Sony here are prime examples of what is going terribly wrong on the Windoze platform. They don’t worry about the people who write malware, they are too busy writing it themselves!

    MW = working
    as in, working against you, not for you.

  3. an OS that ALLOWS such low-level malware to be planted in the first-place!

    If you can’t trust your OS, you can’t trust the most basic things… like a music CD!

    Live in fear, Windows lemmings. I’m happy on my Mac.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.