http://news.bbc.co.uk/1/hi/technology/4424254.stm
Last Updated: Thursday, 10 November 2005, 11:22 GMT
Sony sued over copy-protected CDs
A CD by Celine Dion is protected with the anti-piracy system
Sony BMG is facing three lawsuits over its controversial anti-piracy software.
Revealed in late October by Windows expert Mark Russinovich, the software copy protection system hides using virus-like techniques.
One class-action lawsuit has already been filed in California and another is expected in New York.
Digital rights group, the Electronic Frontier Foundation (EFF), is also gathering information from users to see if a case can be brought.
Court claim
The row erupted following Mark Russinovich's discovery that Sony BMG in America was using a so-called "root kit" to conceal the program used to stop some of its CDs being copied.
"Root kits" are being increasingly used by virus makers to hide their malicious wares deep inside the Windows operating system.
Sony BMG used a program called XCP created by UK firm First 4 Internet that employed similar cloaking systems to hide the proprietary media player used to play tracks on 20 CDs made by the music giant and sold in the US.
But since Mr Russinovich wrote about his discovery the row has snowballed and now has led to lawsuits being filed against Sony BMG.
XCP PROTECTED CDS
Trey Anastasio - Shine
Celine Dion - On ne Change Pas
Neil Diamond - 12 Songs
Our Lady Peace - Healthy in Paranoid Times
Chris Botti - To Love Again
Van Zant - Get Right with the Man
Switchfoot - Nothing is Sound
The Coral - The Invisible Invasion
Acceptance - Phantoms
Susie Suh - Susie Suh
Amerie - Touch
Life of Agony - Broken Valley
Horace Silver Quintet - Silver's Blue
Gerry Mulligan - Jeru
Dexter Gordon - Manhattan Symphonie
The Bad Plus - Suspicious Activity
The Dead 60s - The Dead 60s
Dion - The Essential Dion
Natasha Bedingfield - Unwritten
Ricky Martin - Life
One filed in Los Angeles by Californian attorney Alan Himmelfarb wants to stop Sony BMG selling more CDs protected by anti-copying software and seeks damages for Californians that have bought any albums protected this way.
According to a report in the Washington Post the lawsuit alleges that Sony BMG has broken three Californian laws. At the same time New York lawyer Scott Kamber is planning a class-action lawsuit for all Americans affected.
The EFF is also gathering stories from buyers of Sony BMG CDs protected with XCP. In a statement the organisation said: "We're considering whether the effect on the public, or on EFF members, is sufficiently serious to merit a lawsuit".
At the same time the Italian digital rights group, Electronic Frontiers Italy, has asked the nation's government to investigate Sony over its use of anti-piracy software.
A weblog documenting the unfolding controversy and calling for a boycott of Sony products has also been created.
When contacted a representative for Sony BMG in the UK referred all calls to its corporate headquarters in New York. A call to a spokesman in that office has yet to be returned.
Artist list
The EFF also released a partial list of all the CDs protected with XCP. The list includes popular artists such as Natasha Bedingfield, Celine Dion and Amerie. It also gave advice for ways to spot if a CD is XCP protected.
So far Sony BMG has not released a list of how many CDs are protected or how many have been sold. It has only said that "about 20" titles are protected with the controversial program.
However, the row does not appear to be denting interest in one of the CDs protected by XCP because at the time of writing Neil Diamond's 12 Songs album was the top seller on the Amazon.com website.
Anti-virus companies are starting to release software that can spot the XCP files. Symantec said it had made tools that can find the files but will not remove them.
Computer Associates said that it would be releasing a tool to completely uninstall the XCP program.
At the same time anti-virus firm Kaspersky Labs branded the XCP program spyware because it hides itself, could compromise security and can slow machines down.
Mr Russinovich has continued his investigation of the XCP software and has confirmed that when installed it can make a Windows computer more unreliable.
He also criticised Sony BMG for making it difficult to get hold of software that can uninstall XCP.
Sony sued over copy-protected CDs
Moderator: mark
-
Rio
-
Guest
Sue them..
Great they should be sued.. have to download stuff on my computer to play the CD,,, that is not right.
-
Rio
Microsoft to remove Sony CD code
Sony's controversial anti-piracy CD software has been labelled as spyware by Microsoft.
The software giant said the XCP copy protection system counted as malicious software under the rules it uses to define what Windows should be protected against.
It is planning to include detection and removal tools for XCP in its weekly update to its anti-spyware software.
The news came as Sony BMG suspended production of CDs that use XCP.
Tool kit
Microsoft's decision to label the XCP system spyware was revealed on the corporate blog maintained by the software maker's anti-malware team.
Root-kits have a clearly negative impact on not only the security, but also the reliability and performance of their systems
Jason Garms, Microsoft
Malware is the generic term for malicious software and includes viruses, spyware and any other program designed to hijack or harm a computer.
Writing in the blog, Jason Garms, one of the senior managers in the anti-malware team, said the XCP software qualified as spyware under the "objective criteria" Microsoft uses to assess potentially malicious programs.
The XCP system is controversial because it uses techniques more often seen in computer viruses to hide itself on users' machines.
Specifically XCP uses a "root-kit" to conceal itself deep inside the Windows operating system.
"Root-kits have a clearly negative impact on not only the security, but also the reliability and performance of their systems," said Mr Garms in the blog entry.
As a result Microsoft will put utilities to find and remove the XCP system in the next update of its anti-spyware software.
The same utilities will also go in to the December update for Microsoft's malicious software removal tool.
Bad publicity
The row about XCP blew up following an expose by Windows programming expert Mark Russinovich.
It led to widespread criticism of Song BMG and several class action lawsuits have been started against the record label over XCP. The stealthy software is intended to stop illegal copies being made of Sony CDs.
Mr Russinovich's discovery led to a string of bad publicity for Sony, which culminated in the news that virus writers were starting to use XCP to hide their own malicious programs.
In response Sony BMG suspended use of XCP as a "precautionary measure". The XCP software was only used on CDs sold in the US.
Speaking about the suspension Mr Russinovich said: "This is a step they should have taken immediately."
Sony's controversial anti-piracy CD software has been labelled as spyware by Microsoft.
The software giant said the XCP copy protection system counted as malicious software under the rules it uses to define what Windows should be protected against.
It is planning to include detection and removal tools for XCP in its weekly update to its anti-spyware software.
The news came as Sony BMG suspended production of CDs that use XCP.
Tool kit
Microsoft's decision to label the XCP system spyware was revealed on the corporate blog maintained by the software maker's anti-malware team.
Root-kits have a clearly negative impact on not only the security, but also the reliability and performance of their systems
Jason Garms, Microsoft
Malware is the generic term for malicious software and includes viruses, spyware and any other program designed to hijack or harm a computer.
Writing in the blog, Jason Garms, one of the senior managers in the anti-malware team, said the XCP software qualified as spyware under the "objective criteria" Microsoft uses to assess potentially malicious programs.
The XCP system is controversial because it uses techniques more often seen in computer viruses to hide itself on users' machines.
Specifically XCP uses a "root-kit" to conceal itself deep inside the Windows operating system.
"Root-kits have a clearly negative impact on not only the security, but also the reliability and performance of their systems," said Mr Garms in the blog entry.
As a result Microsoft will put utilities to find and remove the XCP system in the next update of its anti-spyware software.
The same utilities will also go in to the December update for Microsoft's malicious software removal tool.
Bad publicity
The row about XCP blew up following an expose by Windows programming expert Mark Russinovich.
It led to widespread criticism of Song BMG and several class action lawsuits have been started against the record label over XCP. The stealthy software is intended to stop illegal copies being made of Sony CDs.
Mr Russinovich's discovery led to a string of bad publicity for Sony, which culminated in the news that virus writers were starting to use XCP to hide their own malicious programs.
In response Sony BMG suspended use of XCP as a "precautionary measure". The XCP software was only used on CDs sold in the US.
Speaking about the suspension Mr Russinovich said: "This is a step they should have taken immediately."
-
Peter Greenhill
- Posts: 80
- Joined: Tue Nov 01, 2005 10:04 am
- Location: London, UK
Sony will now exchange all cds with the XCP copy protection system for non XCP replacements.
Full details at:
http://news.bbc.co.uk/1/hi/technology/4441928.stm
Full details at:
http://news.bbc.co.uk/1/hi/technology/4441928.stm
-
Peter Greenhill
- Posts: 80
- Joined: Tue Nov 01, 2005 10:04 am
- Location: London, UK
Sony will now exchange all cds with the XCP copy protection system for non XCP replacements.
Full details at:
http://news.bbc.co.uk/1/hi/technology/4441928.stm
Full details at:
http://news.bbc.co.uk/1/hi/technology/4441928.stm
-
guest
CD Exchange
Does that exchange include people who bought them in USA?
Any details on that?
Any details on that?
-
Peter Greenhill
- Posts: 80
- Joined: Tue Nov 01, 2005 10:04 am
- Location: London, UK
Re: CD Exchange
My impression was that the XCP CDs all came from USA and did not originate overseas so the answer is, YES.guest wrote:Does that exchange include people who bought them in USA?
Any details on that?
Pete
-
Guest
Good piece on the issue that appeared in yesterday's NYT.
November 16, 2005
CD's Recalled for Posing Risk to PC's
By TOM ZELLER Jr.
The global music giant Sony BMG yesterday announced plans to recall millions of CD's by at least 20 artists - from the crooners Celine Dion and Neil Diamond to the country-rock act Van Zant - because they contain copy restriction software that poses risks to the computers of consumers.
The move, more commonly associated with collapsing baby strollers, exploding batteries, or cars with faulty brakes, is expected to cost the company tens of millions of dollars. Sony BMG said that all CD's containing the software would be removed from retail outlets and that exchanges would be offered to consumers who had bought any of them.
A toll-free number and e-mail message inquiry system will also be set up on the Sony BMG Web site, sonybmg.com.
"We deeply regret any inconvenience this may cause our customers," the company said in a letter that it said it would post on its Web site, "and are committed to making this situation right." Neither representatives of Sony BMG nor the British company First 4 Internet, which developed the copy protection software, would comment further.
Sony BMG estimated last week that about five million discs - some 49 different titles - had been shipped with the problematic software, and about two million had been sold.
Market research from 2004 has shown that about 30 percent of consumers report obtaining music through the copying and sharing of tracks among friends from legitimately purchased CD's. But the fallout from the aggressive copy protection effort has raised serious questions about how far companies should be permitted to go in seeking to prevent digital piracy.
The recall and exchange program, which was first reported by USA Today, comes two weeks after news began to spread on the Internet that certain Sony BMG CD's contained software designed to limit users to making only three copies. The software also, however, altered the deepest levels of a computer's systems and created vulnerabilities that Internet virus writers could exploit.
Since then, computer researchers have identified other problems with the software, as well as with the software patch and uninstaller programs that the company issued to address the vulnerabilities.
Several security and antivirus companies, including Computer Associates, F-Secure and Symantec, quickly classified the software on the CD's, as malicious because, among other things, it tried to hide itself and communicated remotely with Sony servers once installed. The problems were known to affect only users of the Windows operating system.
On Saturday, a Microsoft engineering team indicated that it would be updating the company's security tools to detect and remove parts of the Sony BMG copy-protection software to help protect customers.
Researchers at Princeton University disclosed yesterday that early versions of the "uninstall" process published by Sony BMG on its Web site, which was designed to help users remove the copy protection software from their machines, created a vulnerability that could expose users of the Internet Explorer Web browser to malicious code embedded on Web sites.
Security analysts at Internet Security Systems, based in Atlanta, also issued an alert yesterday indicating that the copy-protection software itself, which was installed on certain CD's beginning last spring, could be used by virus writers to gain administrator privileges on multi-user computers.
David Maynor, a researcher with the X-force division of Internet Security Systems, which analyzes potential network vulnerabilities, said the copy-protection feature was particularly pernicious because it was nearly impossible for typical computer users to remove on their own.
"At what point do you think it is a good thing to surreptitiously put Trojans on people's machines?" Mr. Maynor said. "The only thing you're guaranteeing is that they won't be customers anymore."
Some early estimates indicate that the problem could affect half a million or more computers around the globe.
Data collected in September by the market research firm NPD Group indicated that roughly 36 percent of consumers report that they listen to music CD's on a computer. If that percentage held true for people who bought the Sony BMG CD's, that would amount to about 720,000 computers - although only those running Windows would be affected. (Consumers who listen to CD's on stereo systems and other noncomputer players, as well as users of Apple computers, would not be at risk.)
Dan Kaminsky, a prominent independent computer security researcher, conducted a more precise analysis of the number of PC's affected by scanning the Internet traffic generated by the Sony BMG copy-protection software, which, once installed, quietly tries to connect to one of two Sony servers if an Internet connection is present.
Mr. Kaminsky estimated that about 568,000 unique Domain Name System - or D.N.S. - servers, which help direct Internet traffic, had been contacted by at least one computer seeking to reach those Sony servers. Given that many D.N.S. servers field queries from more than one computer, the number of actual machines affected is almost certainly higher, Mr. Kaminsky said.
Although antivirus companies have indicated since late last week that virus writers were trying to take advantage of the vulnerabilities, it is not known if any of these viruses have actually found their way onto PC's embedded with the Sony BMG copy protection software.
Mr. Kaminsky and other security and digital rights advocates say that does not matter. "There may be millions of hosts that are now vulnerable to something that they weren't vulnerable to before," Mr. Kaminsky said.
For some critics, the recall will not be enough.
"This is only one of the many things Sony must do to be accountable for the damage it's inflicted on its customers," said Jason Schultz, a lawyer with the Electronic Frontier Foundation, a digital rights group in California.
On Monday, the foundation issued an open letter to Sony BMG executives demanding, among other things, refunds for customers who bought the CD's and did not wish to make an exchange, and compensation for time spent removing the software and any potential damage to computers.
The group, which has been involved in lawsuits over the protection of digital rights, gave the company, which is jointly owned by the Sony Corporation and Bertelsmann, a deadline of Friday morning to respond with some indication that it was "in the process of implementing these measures."
Mr. Schultz said: "People paid Sony for music, not an invasion of their computers. Sony must right the wrong it has committed. Recalling the CD's is a beginning step in the process, but there is a whole lot more mess to clean up."
November 16, 2005
CD's Recalled for Posing Risk to PC's
By TOM ZELLER Jr.
The global music giant Sony BMG yesterday announced plans to recall millions of CD's by at least 20 artists - from the crooners Celine Dion and Neil Diamond to the country-rock act Van Zant - because they contain copy restriction software that poses risks to the computers of consumers.
The move, more commonly associated with collapsing baby strollers, exploding batteries, or cars with faulty brakes, is expected to cost the company tens of millions of dollars. Sony BMG said that all CD's containing the software would be removed from retail outlets and that exchanges would be offered to consumers who had bought any of them.
A toll-free number and e-mail message inquiry system will also be set up on the Sony BMG Web site, sonybmg.com.
"We deeply regret any inconvenience this may cause our customers," the company said in a letter that it said it would post on its Web site, "and are committed to making this situation right." Neither representatives of Sony BMG nor the British company First 4 Internet, which developed the copy protection software, would comment further.
Sony BMG estimated last week that about five million discs - some 49 different titles - had been shipped with the problematic software, and about two million had been sold.
Market research from 2004 has shown that about 30 percent of consumers report obtaining music through the copying and sharing of tracks among friends from legitimately purchased CD's. But the fallout from the aggressive copy protection effort has raised serious questions about how far companies should be permitted to go in seeking to prevent digital piracy.
The recall and exchange program, which was first reported by USA Today, comes two weeks after news began to spread on the Internet that certain Sony BMG CD's contained software designed to limit users to making only three copies. The software also, however, altered the deepest levels of a computer's systems and created vulnerabilities that Internet virus writers could exploit.
Since then, computer researchers have identified other problems with the software, as well as with the software patch and uninstaller programs that the company issued to address the vulnerabilities.
Several security and antivirus companies, including Computer Associates, F-Secure and Symantec, quickly classified the software on the CD's, as malicious because, among other things, it tried to hide itself and communicated remotely with Sony servers once installed. The problems were known to affect only users of the Windows operating system.
On Saturday, a Microsoft engineering team indicated that it would be updating the company's security tools to detect and remove parts of the Sony BMG copy-protection software to help protect customers.
Researchers at Princeton University disclosed yesterday that early versions of the "uninstall" process published by Sony BMG on its Web site, which was designed to help users remove the copy protection software from their machines, created a vulnerability that could expose users of the Internet Explorer Web browser to malicious code embedded on Web sites.
Security analysts at Internet Security Systems, based in Atlanta, also issued an alert yesterday indicating that the copy-protection software itself, which was installed on certain CD's beginning last spring, could be used by virus writers to gain administrator privileges on multi-user computers.
David Maynor, a researcher with the X-force division of Internet Security Systems, which analyzes potential network vulnerabilities, said the copy-protection feature was particularly pernicious because it was nearly impossible for typical computer users to remove on their own.
"At what point do you think it is a good thing to surreptitiously put Trojans on people's machines?" Mr. Maynor said. "The only thing you're guaranteeing is that they won't be customers anymore."
Some early estimates indicate that the problem could affect half a million or more computers around the globe.
Data collected in September by the market research firm NPD Group indicated that roughly 36 percent of consumers report that they listen to music CD's on a computer. If that percentage held true for people who bought the Sony BMG CD's, that would amount to about 720,000 computers - although only those running Windows would be affected. (Consumers who listen to CD's on stereo systems and other noncomputer players, as well as users of Apple computers, would not be at risk.)
Dan Kaminsky, a prominent independent computer security researcher, conducted a more precise analysis of the number of PC's affected by scanning the Internet traffic generated by the Sony BMG copy-protection software, which, once installed, quietly tries to connect to one of two Sony servers if an Internet connection is present.
Mr. Kaminsky estimated that about 568,000 unique Domain Name System - or D.N.S. - servers, which help direct Internet traffic, had been contacted by at least one computer seeking to reach those Sony servers. Given that many D.N.S. servers field queries from more than one computer, the number of actual machines affected is almost certainly higher, Mr. Kaminsky said.
Although antivirus companies have indicated since late last week that virus writers were trying to take advantage of the vulnerabilities, it is not known if any of these viruses have actually found their way onto PC's embedded with the Sony BMG copy protection software.
Mr. Kaminsky and other security and digital rights advocates say that does not matter. "There may be millions of hosts that are now vulnerable to something that they weren't vulnerable to before," Mr. Kaminsky said.
For some critics, the recall will not be enough.
"This is only one of the many things Sony must do to be accountable for the damage it's inflicted on its customers," said Jason Schultz, a lawyer with the Electronic Frontier Foundation, a digital rights group in California.
On Monday, the foundation issued an open letter to Sony BMG executives demanding, among other things, refunds for customers who bought the CD's and did not wish to make an exchange, and compensation for time spent removing the software and any potential damage to computers.
The group, which has been involved in lawsuits over the protection of digital rights, gave the company, which is jointly owned by the Sony Corporation and Bertelsmann, a deadline of Friday morning to respond with some indication that it was "in the process of implementing these measures."
Mr. Schultz said: "People paid Sony for music, not an invasion of their computers. Sony must right the wrong it has committed. Recalling the CD's is a beginning step in the process, but there is a whole lot more mess to clean up."