Sony budges, pulls rootkit from CD-Roms

Sony-BMG Entertainment, the target of public outcry over spyware-like technology installed on 20 of the company's CDs without end-user notification, pulled the application from its products this week.

The company, which has seen several "boycott Sony" weblogs appear on the internet in recent weeks, said in a statement that it was withdrawing the XCP technology, but must continue to defend itself from music pirates.

"We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists," the company said. "Nonetheless, as a precautionary measure, Sony-BMG is temporarily suspending the manufacture of CDs containing XCP technology."

Sony-BMG, the second-largest music label in the world, came under fire from consumers after Windows programming expert Mark Russinovich said on his weblog last month that Sony was using rootkit technology on CDs that could "phone home" users' personal information to Sony and its partners. Sony had claimed it was using the technology as a defense against illegal CD copying and also provided a patch to remove the application on its website.

Meanwhile, a poll conducted by Sophos revealed that 98 percent of business PC users believed Sony's digital rights management software is a security threat. The remaining 2 percent of users, as reported by SC Magazine on Monday, felt that the rootkit was a fair way to fight music piracy.

Russinovich said in his blog on Monday that rootkits become dangerous to users when combined with viruses seeking a way into the PC.

"The bottom line is that it's not rootkits themselves that are the problem," he said. "It's the inability to manage the objects that they hide that creates security, reliability and manageability problems."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.