Sony outlines rootkit CD recall plan

• Tags:
• Copy Protection,
• Product Recall,
• CD,
• Copy-restriction

John Borland CNET News

Published: 21 Nov 2005 12:00 GMT

• 
• 
• 
• 
• 

Sony BMG Music Entertainment released details on Friday of a virtually unprecedented CD recall program that will allow music buyers to exchange recently purchased CDs with copy-restriction for new discs and MP3s.

The company is responding to widespread security worries over copy-restriction technology contained on 52 albums released over the last year. When put in a Windows-based computer's CD player, the discs install antipiracy technology on a hard drive that exposes the PC to the risk of viruses and other hacker attacks.

Sony said on Friday that customers who have purchased any of the affected CDs can mail the discs back to the company using instructions found on the record label's Web site. Once they have sent in the discs, customers will also be provided with a link to download MP3s of the songs on the album.

"Sony BMG is reviewing all aspects of its content protection initiatives to be sure that they are secure and user-friendly for consumers," the company said in a statement. "As the company develops new initiatives, it will continue to seek new ways to meet consumers' demands for flexibility in how they listen to music, while protecting intellectual-property rights."

The recall of 4.7 million compact discs, along with the exchange offer for the roughly 2.1 million discs sold with the copy-restriction technology included, is an expensive step for a record company that has been battered by criticism online and in other media for the past two weeks.

The copy-restriction software, created by British company First 4 Internet, hid traces of itself on hard drives using a powerful programming tool called a "rootkit", a technique sometimes used by virus writers to similarly mask the presence of an infection on a PC.

Because of flaws in the rootkit, Sony's software was left open enough such that other, malicious software could take advantage of its presence on a computer to hide itself. Several pieces of malicious software have already appeared online that piggyback on the copy-restriction to vanish in a PC, opening the computer to outside attacks.

Security researchers have found flaws not only in the original First 4 Internet software, but also in an uninstaller tool temporarily distributed by Sony that could directly allow an attacker access to a PC.

The Sony exchange offer is immediately available and the company said it will pay all shipping charges in both directions. Discs are already being pulled off retail shelves and are no longer available at online stores, including Amazon.com.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed