Sony Music issues fix to anti-piracy program

updated 12:37 p.m. ET Nov. 3, 2005

SAN JOSE, Calif. - After a chorus of criticism, Sony Corp.'s music division said Wednesday it is distributing a free software patch to reveal hidden files that automatically installed to hard drives when some of its music CDs were played on personal computers.

The offending technology was designed to thwart music piracy.

Sony BMG Music Entertainment and its partner, UK-based First 4 Internet, said they decided to offer the patch as a precaution, not because of any security vulnerability, which some critics had alleged.

"What we decided to do is take extra precautionary steps to allay any fears," said Mathew Gilliat-Smith, First 4 Internet's CEO. "There should be no concern here."

The controversy started Monday after Windows expert Mark Russinovich posted a Web log report on how he found hidden files on his PC after playing a Van Zant CD. He also said it disabled his CD drive after he tried to manually remove it.

Russinovich made the discovery while running a program he had written for uncovering file-cloaking "RootKits." In this case, the Sony program hid the antipiracy software from view. Similar technology also has been used by virus and worm writers to conceal their code.

A firestorm quickly erupted over what appeared to be an attempt by the music company to retain control over its intellectual property by secretly installing hidden software on the PCs of unsuspecting customers.

Making matters worse, Sony did not disclose exactly what it was doing in its license agreement, Russinovich said. It only mentions that proprietary software to enable copy protection would be installed. The software affects only PCs running the Windows operating system.

"The (license) makes no mention that it's going to install something that's going to be hidden from view, that will constantly consume CPU resources even if I'm not listening to music and it will have no uninstall capability," he said.

Because the technology looks for a specific prefix in the filename, it also could be used by malware authors to mask their programs, Russinovich said. There's also the question of how a PC user is supposed to maintain a system that runs hidden programs.

"If you've got software on your computer that you can't see, there's no way for you to manage it from a security point of view," he said. "You don't know if you need updates for it. You don't know if you should uninstall it because you don't know it's even there."

MORE FROM SECURITY

Security Section Front

Was Palin's SSN published on the Web? Facebook to test N.J.'s Web safety icon French issue call to storm 'electronic Bastille' A new way to 'spy' on neighbors? 'Net ad targeting may lose to privacy concerns Phone companies plan backups for Gustav Tips for staying connected in disasters iPhone security flaw exposes private data A new way to avoid bogus Web sites 'Forgot your password?' may be weakest link Security Section Front   Add Security headlines to your news reader: