Security news
Security news24 May 2006
Refunds for music fans hit by Sony DRM rootkit
 |
| 98% of sysadmins said that Sony's copy-protection code posed a security threat. |
A class action suit against Sony BMG has been granted final approval for a settlement by the federal court, allowing music fans to claim refunds and free music downloads. The case was brought against the music giant after it included potentially dangerous copy protection software on an estimated 15 million music CDs.
Sony's controversial digital rights management software, included on CDs from the likes of Neil Diamond, Alicia Keys and Dido, introduced a rootkit-style "cloaking" vulnerability onto PCs. The vulnerability was exploited by malware such as the Stinx-E Trojan horse in an attempt to evade detection by anti-virus software, leading to a public relations disaster for Sony.
A poll of more than 1500 business PC users, conducted by Sophos, revealed that 98% believed that Sony BMG's controversial digital rights management software was a security threat.
District Court Judge Naomi Reice Buchwald approved the settlement, which means that CD purchasers can apply for a $7.50 refund plus a free music download, or three album download, whichever they prefer.
"Despite its good intentions in stopping music piracy, Sony's DRM copy protection was inept in its implementation and caused the company a PR nightmare," said Graham Cluley, senior technology consultant for Sophos. "Other entertainment companies interested in protecting their music and movies from pirates will hopefully have learned not to borrow techniques from malicious hackers."
Sony has published information about the settlement, and details on how to claim, on the website www.sonybmgcdtechsettlement.com. The full list of CDs carrying the software can be found here.
When considering your anti-malware security vendor, what is more important to you?
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
