Update on Sony's Spyware
WASHINGTON - Stung by continuing criticism, the world's second-largest
music label, Sony BMG Music Entertainment, promised Friday to
temporarily suspend making music CDs with antipiracy technology that can
leave computers vulnerable to hackers.
Sony defended its right to prevent customers from illegally copying
music but said it will halt manufacturing CDs with the "XCP'' technology
as a precautionary measure. "We also intend to re-examine all aspects of
our content protection initiative to be sure that it continues to meet
our goals of security and ease of consumer use,'' the company said in a
statement.
The antipiracy technology, which works only on Windows computers,
prevents customers from making more than a few copies of the CD and
prevents them from loading the CD's songs onto Apple Computer's popular
iPod portable music players. Some other music players, which recognize
Microsoft's proprietary music format, would work.
Sony's announcement came one day after leading security companies
disclosed that hackers were distributing malicious programs over the
Internet that exploited the antipiracy technology's ability to avoid
detection. Hackers discovered they can effectively render their programs
invisible by using names for computer files similar to ones cloaked by
the Sony technology.
A senior Homeland Security official cautioned entertainment companies
against discouraging piracy in ways that also make computers vulnerable.
Stewart Baker, assistant secretary for policy at DHS, did not cite Sony
by name in his remarks Thursday but described industry efforts to
install hidden files on consumers' computers.
"It's very important to remember that it's your intellectual property,
it's not your computer,'' Baker said at a trade conference on piracy.
"And in the pursuit of protection of intellectual property, it's
important not to defeat or undermine the security measures that people
need to adopt in these days.''
Sony's program is included on about 20 popular music titles, including
releases by Van Zant and The Bad Plus.
"This is a step they should have taken immediately,'' said Mark
Russinovich, chief software architect at Winternals Software who
discovered the hidden copy-protection technology Oct. 31 and posted his
findings on his Web log. He said Sony did not admit any wrongdoing, nor
did it promise not to use similar techniques in the future.
Security researchers have described Sony's technology as "spyware,''
saying it is difficult to remove, transmits without warning details
about what music is playing, and that Sony's notice to consumers about
the technology was inadequate. Sony executives have rejected the
description of their technology as spyware.
Some leading antivirus companies updated their protective software this
week to detect Sony's antipiracy program, disable it and prevent it from
reinstalling.
After Russinovich criticized Sony, it made available a software patch
that removed the technology's ability to avoid detection. It also made
more broadly available its instructions on how to remove the software
permanently. Customers who remove the software are unable to listen to
the music CD on their computer.
music label, Sony BMG Music Entertainment, promised Friday to
temporarily suspend making music CDs with antipiracy technology that can
leave computers vulnerable to hackers.
Sony defended its right to prevent customers from illegally copying
music but said it will halt manufacturing CDs with the "XCP'' technology
as a precautionary measure. "We also intend to re-examine all aspects of
our content protection initiative to be sure that it continues to meet
our goals of security and ease of consumer use,'' the company said in a
statement.
The antipiracy technology, which works only on Windows computers,
prevents customers from making more than a few copies of the CD and
prevents them from loading the CD's songs onto Apple Computer's popular
iPod portable music players. Some other music players, which recognize
Microsoft's proprietary music format, would work.
Sony's announcement came one day after leading security companies
disclosed that hackers were distributing malicious programs over the
Internet that exploited the antipiracy technology's ability to avoid
detection. Hackers discovered they can effectively render their programs
invisible by using names for computer files similar to ones cloaked by
the Sony technology.
A senior Homeland Security official cautioned entertainment companies
against discouraging piracy in ways that also make computers vulnerable.
Stewart Baker, assistant secretary for policy at DHS, did not cite Sony
by name in his remarks Thursday but described industry efforts to
install hidden files on consumers' computers.
"It's very important to remember that it's your intellectual property,
it's not your computer,'' Baker said at a trade conference on piracy.
"And in the pursuit of protection of intellectual property, it's
important not to defeat or undermine the security measures that people
need to adopt in these days.''
Sony's program is included on about 20 popular music titles, including
releases by Van Zant and The Bad Plus.
"This is a step they should have taken immediately,'' said Mark
Russinovich, chief software architect at Winternals Software who
discovered the hidden copy-protection technology Oct. 31 and posted his
findings on his Web log. He said Sony did not admit any wrongdoing, nor
did it promise not to use similar techniques in the future.
Security researchers have described Sony's technology as "spyware,''
saying it is difficult to remove, transmits without warning details
about what music is playing, and that Sony's notice to consumers about
the technology was inadequate. Sony executives have rejected the
description of their technology as spyware.
Some leading antivirus companies updated their protective software this
week to detect Sony's antipiracy program, disable it and prevent it from
reinstalling.
After Russinovich criticized Sony, it made available a software patch
that removed the technology's ability to avoid detection. It also made
more broadly available its instructions on how to remove the software
permanently. Customers who remove the software are unable to listen to
the music CD on their computer.
Comments