|98% of sysadmins said that Sony's copy-protection code posed a security threat.|
A web poll of more than 1500 business PC users, conducted by Sophos*, has revealed that 98% believe that Sony BMG's controversial digital rights management software, which can introduce a "cloaking" vulnerability onto PCs which play some of its music CDs, is a security threat.
The news comes as Sony announces in the media that it is suspending production of any further CDs which contain the controversial technology. Only 2% of sysadmins polled on the Sophos website felt that it was a fair way to fight music pirates.
Sony's technology caused concern after Trojan horses were discovered that exploited its functionality in an attempt to hide themselves from anti-virus products. Any file with $sys$ in its name is automatically cloaked by Sony's copy-protection code, making it invisible on computers which have used CDs carrying Sony's software.
"In taking aim at the music pirates, Sony succeeded only in shooting itself in the foot," said Graham Cluley, senior technology consultant at Sophos. "System administrators have a very low opinion of any code which endangers the safety of their networks, and they have sent a loud and clear message to Sony and other companies that this kind of code is unacceptable to them."
Sophos has issued a tool which will detect the existence of Sony's DRM copy-protection on Windows computers, disable its "cloaking" function, and prevent that functionality from re-installing. The tool also detects versions of the Troj/Stinx Trojan horse which exploit the Sony vulnerability.
Sophos recommends that businesses ensure their computers are kept automatically up-to-date with the very latest anti-virus software.
|Is Sony's DRM copy protection |
|a security threat?
|a fair way to fight music pirates?
* Sophos online survey, 1,501 respondents, 11-14 November 2005
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.