Sunday, November 20

Sony to Recall CD's

Greetings. So much for copying CD's to your hard drive, at least if they are from Sony. Check out this article from the New York Times and see how Sony has royally screwed up. Enjoy.

Sony BMG to recall copy-restricted CDs
By Tom Zeller Jr. The New York Times
WEDNESDAY, NOVEMBER 16, 2005

NEW YORK The global music giant Sony BMG has announced that it plans to
recall millions of CDs by at least 20 artists, from the pop-music stars
CĂ©line Dion and Neil Diamond to the country-rock act Van Zant, because they
contain copy-restriction software that poses risks to consumers' computers.

The move, announced on Tuesday, is expected to cost the company tens of
millions of dollars. The company said it would remove all unsold CDs
containing the software from retail outlets and offer exchanges to consumers
who had bought any of the CDs involved. A toll-free number and e-mail
message inquiry system will also be set up on the Sony BMG Web site,
sonybmg.com.

"We deeply regret any inconvenience this may cause our customers and are
committed to making this situation right," the company said in a letter that
it said it would post on its Web site.

Neither representatives of Sony BMG nor the British company First 4
Internet, which developed the copy-protection software, would comment
further.

Sony BMG estimated last week that about five million discs - some 49
different titles - had been shipped with the problematic software, and about
two million had been sold.

Market research from 2004 has shown that about 30 percent of consumers
report obtaining music through the copying and sharing of tracks among
friends from legitimately purchased CDs.

But the fallout from the relatively aggressive protection system has raised
serious questions about how far the companies should be permitted to go in
seeking to prevent digital piracy.

The recall and exchange program, first reported by USA Today, comes two
weeks after news began to spread on the Internet that certain Sony BMG CDs
contained software that was designed to limit users to making only three
copies of the music but that also altered the deepest levels of the computer
systems of consumers and created vulnerabilities that Internet virus writers
could exploit.

Since then, computer researchers have identified other problems with the
software, as well as with the software patch and uninstaller programs that
the company has issued to address the vulnerabilities. Several security and
antivirus companies, including Computer Associates, F-Secure and Symantec,
quickly classified the software on the CDs, which is only known to affect
users of the Windows operating system, as malicious because, among other
things, it attempted to hide itself on the machines of users and
communicated remotely with Sony servers once installed.

On Saturday, a Microsoft engineering team indicated that it would be
updating the company's own security tools to detect and remove parts of the
Sony BMG copy-protection software to help protect customers.

Researchers at Princeton University revealed on Tuesday that early versions
of the "uninstall" process published by Sony BMG on its Web site, which was
designed to help users remove the copy-protection software from their
machines, created a vulnerability that could expose users of the Internet
Explorer Web browser to malicious code embedded on Web sites.

Security analysts at Internet Security Systems, based in Atlanta, also
issued an alert on Tuesday indicating that the copy-protection software
itself, which was installed on certain CDs beginning last spring, could be
used by virus writers to gain administrator privileges on multiuser
computers.

David Maynor, a researcher with the X-force division of Internet Security
Systems, which analyzes potential network vulnerabilities, said the
copy-protection system was particularly pernicious because it was nearly
impossible for many computer users to remove on their own.

"At what point do you think it is a good thing to surreptitiously put
Trojans on people's machines?" Maynor said. "The only thing you're
guaranteeing is that they won't be customers anymore."

Some early estimates indicate that the problem could affect half a million
or more computers around the world.

Data collected in September by the market research firm NPD Group indicated
that roughly 36 percent of consumers had reported that they listened to
music CDs on a computer. If that percentage held true for people who bought
the Sony BMG CDs, that would amount to about 720,000 computers - although
only those running Windows would be affected.

Consumers who listen to CDs on stereo systems and other noncomputer players,
as well as users of Apple computers, would not be at risk.

Although antivirus companies have indicated since late last week that virus
writers were trying to take advantage of the vulnerabilities, it is not
known whether any of these viruses have found their way onto PCs embedded
with the Sony BMG copy-protection software.

Security and digital rights advocates say that does not matter. "There may
be millions of hosts that are now vulnerable to something that they weren't
vulnerable to before," said Dan Kaminsky, a prominent independent computer
security researcher.

For some critics, the recall will not be enough. "This is only one of the
many things Sony must do to be accountable for the damage it's inflicted on
its customers," said Jason Schultz, an attorney with the Electronic Frontier
Foundation, a digital rights group in California.

No comments:

Post a Comment