Search Slyck  
Sony-BMG Pays Up
February 16, 2006
Thomas Mennecke
Font Bigger Font Smaller
The length and embarrassment suffered by Sony-BMG, First4Internet and SunnComm will last far longer than the headlines covering last year's DRM rootkit fiasco. Although SunnComm and First4Internet shared in the embarrassment, Sony-BMG bore the brunt of several important lawsuits and subsequent consumer backlash.

By now many are familiar with the rootkit situation surrounding Sony-BMG. Mark Russinovich of discovered the existence of a rootkit on his machine back on October 31, 2005. During this time, the term "rootkit" was unfamiliar to most. This would change however, as many learned a rootkit is a file or folder that masks itself from the view of the end user, and is invisible to anti-spyware and virus software. Should the consumer base be worried about this? Thomas Hesse, president of Sony-BMG's Global Digital Business, didn't think so.

"Most people, I think, don't even know what a Rootkit is, so why should they care about it?"

They should care about it, it would later be discovered, because First4Internet's XCP (Extended Copy Protection), a Digital Rights Management (DRM) scheme, posed a serious security risk. The problem XCP presented was its invisibility to anti-spyware and virus software. A clever individual could easily create a virus that is named identically as the XCP DRM files. If an individual's machine contains the XCP DRM and is also infected with identically named virus, the virus will launch once the individual inserts a First4Internet CD.

SunnComm's MediaMax software presented its own set of problems, albeit different from First4Internet. Instead of placing a rootkit on one's machine, MediaMax installed several files on the unsuspecting individual regardless of accepting or declining the EULA. The problem then became its removal. Once the XCP rootkit fiasco was in full gear, SunnComm rushed a removal tool to appease consumers groups and avoid litigation. However, the very act of removing the DRM became problematic. If an individual planted a "booby trap" virus among the MediaMax software, considerable damage could be unleashed. This vulnerability is considered a "booby trap" since it waits for the individual to alter the file, in this case uninstall it.

In response to the enormous pressure felt by the public, including several class action lawsuits with the EFF (Electronic Frontier Foundation), Sony-BMG finally settled on the proposed demands on December 30, 2005. The legal action brought about by the Attorney General of the State of Texas, however, remains unresolved.

The first visible signs of this settlement were announced today, as Sony-BMG is now accepting claims based on the copy protected CDs. As part of the settlement, anyone who purchased a Sony-BMG CD with either SunnComm or First4Internet’s copy protection software can submit a claim. Providing the claim is approved, Sony-BMG will exchange, at no cost, the copy protected CD with a copy free of any DRM.

"This settlement gives consumers what they thought they were buying in the first place -- clean, safe music that will play on their computers and their iPods as well as their stereo systems," said EFF Staff Attorney Kurt Opsahl.

While Sony-BMG’s problems may be over with the EFF, litigation continues with the State of Texas and Canada. Sony-BMG may be making legal headway, however the future of its public image remains to be seen.

This story is filed in these Slyck News categories
File-Sharing/P2P Related :: DRM

You can read the EFF story here.

You can discuss this article here - 4 replies

© 2001-2019