Sony sues maker of MediaMax DRM system

Posted by   Virus Bulletin on   Jul 16, 2007

CD protection developer accused of damaging Sony name.

Sony BMG, the division of the Sony group embroiled in a long-running scandal after releasing a number of CDs using suspect techniques to implement anti-piracy protection, has brought a damages case against the firm it hired to develop some of the software involved.

The CD protection system using the 'XCP' rootkit technique to cloak the actions of the software and prevent removal, and CDs using the software were shipped to consumers in late 2005. The suspicious activity was soon spotted by malware experts and a sizeable backlash against the CD maker ensued, with many security products detecting and removing the software to reduce the risk of other malware piggy-backing the simple method used to hide files.

Shortly afterwards worries were raised about some other technology employed by Sony CDs, the MediaMax system developed by SunnComm, now called The Amergence Group. This included further suspect techniques, rendering systems even more vulnerable to other attacks.

The scandal added to the growing movement attacking the concept of 'digital rights management' (DRM) and the validity of attempting to control access to media data on the web. Sony recalled the dangerous CDs and went on to pay out over $5 million in compensation to customers whose systems were compromised by the malcode. Further controversy followed when Canadian consumers were offered less than those in the US.

Now, Sony is suing the Phoenix, Arizona, based developer of MediaMax for $12 million in damages, accusing the company of providing defective software and harming its good name. Amergence has responded with claims that Sony is at fault for not properly testing the software before release and providing them with inadequate design specifications, and many commentators have wondered why MediaMax should be targeted ahead of the maker of XCP, UK-based First4Internet, whose software is generally thought the most serious aspect of the 'Sony Rootkit' fiasco.

The case was filed on July 3rd. Details can be found at IT law website, here. More commentary is here, in a McAfee blog entry, or here from a blogger at Zdnet.

Posted on 16 July 2007 by Virus Bulletin



Latest posts:

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.