Texas sues Sony over rootkit

Powered by SC Magazine
 

The state of Texas sued Sony-BMG Entertainment on Monday, claiming the company has violated its recently enacted anti-spyware law.

State Attorney General Greg Abbott said in filing the lawsuit that Sony had deceived customers with the application.

"Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," he said. "Customers who purchased a Sony CD thought they were buying music. Instead, they received spyware that can damage a computer, subject it to viruses and expose the consumer to possible identity crime."

Meanwhile, all that's needed to stop Sony's spyware-like CD-Rom technology is a miniscule piece of tape, one security firm has claimed.

Gartner said on its website Monday that a small piece of tape placed along the outer edge of the CD leaves the digital rights management software useless.

"The bottom line: Sony-BMG has created serious public-relations and legal issues for itself, and for no good reason," Gartner said.

"The user simply applies a fingernail-sized piece of opaque tape to the outer edge of the disc, rendering session 2 – which contains the self-loading DRM software – unreadable," the company claimed. "The PC then treats the CD as an ordinary single-session music CD, and the commonly used CD 'rip' programs continue to work as usual."

A blogger-fueled media storm ensued after Windows security expert Mark Russinovich said on his weblog in late October that Sony was using Spyware-like rootkit technology to "phone home" the listening habits of users. The company withdrew the XCP application earlier this month after a number of viruses were found using the cloaking technology to compromise PCs. Sony offered an exchange program to customers unhappy with the compromised CDs last week.

Ed Felten, the Princeton University computer science professor who helped make public the possible compromise of PCs from use of Sony's uninstaller program, said on his "Freedom to Tinker" blog Monday that Sony could be infringing copyrights by use of the XCP.

"The upshot of all this is that it appears the authors of at least some of these programs can sue First4Internet and Sony for copyright infringement," he said on his blog. "First4Internet wrote the allegedly infringing software and gave it to Sony, and Sony distributed the software to the public."

www.gartner.com
www.bmg.com
www.sysinternals.com
www.oag.state.tx.us
www.freedom-to-tinker.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 437

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 210

Vote