Posted by Virus Bulletin on Jul 16, 2007
CD protection developer accused of damaging Sony name.
Sony BMG, the division of the Sony group embroiled in a long-running scandal after releasing a number of CDs using suspect techniques to implement anti-piracy protection, has brought a damages case against the firm it hired to develop some of the software involved.
The CD protection system using the 'XCP' rootkit technique to cloak the actions of the software and prevent removal, and CDs using the software were shipped to consumers in late 2005. The suspicious activity was soon spotted by malware experts and a sizeable backlash against the CD maker ensued, with many security products detecting and removing the software to reduce the risk of other malware piggy-backing the simple method used to hide files.
Shortly afterwards worries were raised about some other technology employed by Sony CDs, the MediaMax system developed by SunnComm, now called The Amergence Group. This included further suspect techniques, rendering systems even more vulnerable to other attacks.
The scandal added to the growing movement attacking the concept of 'digital rights management' (DRM) and the validity of attempting to control access to media data on the web. Sony recalled the dangerous CDs and went on to pay out over $5 million in compensation to customers whose systems were compromised by the malcode. Further controversy followed when Canadian consumers were offered less than those in the US.
Now, Sony is suing the Phoenix, Arizona, based developer of MediaMax for $12 million in damages, accusing the company of providing defective software and harming its good name. Amergence has responded with claims that Sony is at fault for not properly testing the software before release and providing them with inadequate design specifications, and many commentators have wondered why MediaMax should be targeted ahead of the maker of XCP, UK-based First4Internet, whose software is generally thought the most serious aspect of the 'Sony Rootkit' fiasco.
The case was filed on July 3rd. Details can be found at IT law website OutLaw.com, here. More commentary is here, in a McAfee blog entry, or here from a blogger at Zdnet.
Posted on 16 July 2007 by Virus Bulletin