We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Sony patch uncloaks CDs' hidden DRM code

Climb-down after 'spyware' criticism

After taking a drubbing from computer enthusiasts, Sony BMG Music Entertainment has released a software patch that removes controversial cloaking technology found in copy protection software the company has been shipping with some of its CDs.

Critics had slammed the software for being invasive and extremely difficult to remove because it uses some of the same 'rootkit' cloaking techniques normally found in spyware or viruses. Rootkit software uses a variety of techniques to gain access to a system and then cover up any traces of its existence so it can't be detected by system tools or antivirus software.

The patch, which was posted to Sony's website on Wednesday, was posted "to alleviate any concerns that users may have about the program posing potential security vulnerabilities", Sony said in a statement on the site. By installing the patch, users will not remove the copy protection software, called XPC, but they will make it visible to system tools and antivirus software.

XCP has been shipping on some Sony music CDs since early 2005. Licensed by Sony from a Banbury company called First 4 Internet, XCP prevents users from making more than three backup copies of any XCP-protected CD. Sony will not say how many of its CDs use the software.

Critics had complained that because the software is virtually impossible to detect, hackers might somehow take advantage of it in order to hide their own malicious code from antivirus software. They also criticised Sony for not adequately informing users of how it worked and for making it extremely difficult to remove XCP.

First 4 has described such concerns as "unnecessary".

Mathew Gilliat-Smith, CEO of First 4, said that in addition to writing the patch posted to Sony's website, First 4 has given software to antivirus vendors so that their products can now detect the XCP software.

First 4 is also in the process of developing a new version of XCP that will not use the controversial cloaking techniques, he added. "We feel it's sensible to allay any unnecessary fears," Gilliat-Smith said in an interview on Thursday.

He added that the cloaking techniques were used in order to keep one step ahead of illegal copiers. "This is content-protection software. One of the additional measures is to dissuade someone who is aggressively trying to circumvent the protections."

In this case, however, First 4 and Sony went too far, according to Mark Russinovich, the computer expert who first revealed how XCP works. "Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, but the software is poorly written," he wrote in a blog posting. "Worse, most users that stumble across the cloaked files will cripple their computer if they attempt the obvious step of deleting the cloaked files."

Sony's patch can be found here.

A list of Sony CDs using the XCP software is being compiled here.

Russinovich's blog posting can be found here.


IDG UK Sites

Black Friday 2014 tech deals UK Live: Best Black Friday deals from Apple, Amazon, Argos, eBay,...

IDG UK Sites

Black Friday feeding frenzy infects the UK

IDG UK Sites

VAT MOSS: Will I be affected by the EU VAT changes? Here are the facts for designers and artists

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & Black Friday tech offers