Sony Stops Shipping Controversial DRM Code

One day after hackers released malicious software that used controversial Sony copy-protection software to attack computers, Sony has decided to stop shipping the product, the company said today.

Sony has temporarily suspended the manufacture of CDs that contain the software called XCP (Extended Copy Protection) said John McKay, a Sony spokesperson.

McKay did not say when Sony planned to resume the use of XCP, but XCP's developers have previously stated they are in the process of writing new copy protection software that does not use the controversial cloaking techniques that were in the original XCP and that have stirred up so much negative publicity for Sony.

Background

XCP was developed for Sony by UK software vendor First 4 Internet. It has been shipping since early 2005, and is included on about 20 of Sony's music titles, including country music duo Van Zant's "Get Right with the Man." It is designed to limit the number of copies that CD owners can make.

The software first popped into the public eye two weeks ago when a Windows operating system expert named Mark Russinovich reported how XCP used "rootkit" cloaking techniques to hide itself on his computer. At the time, Russinovich described the software as "digital rights management gone too far," and criticized it for not warning users that it would become virtually undetectable and extremely difficult to remove.

Sony subsequently released a patch to decloak the software, but the move did not end the controversy.

Hackers Attack

Rootkit software uses a variety of techniques to gain access to a system and then cover up any traces of its existence so that it cannot be detected by system tools or antivirus software. Russinovich and other computer experts were concerned that hackers might somehow use XCP's cloaking ability to hide their software from antivirus products.

That prediction came true yesterday when the first variations of a malicious 'Trojan' program that exploited the XCP software began circulating on the Internet. Trojans are malicious programs similar to viruses that often appear to be legitimate software.

One of these Trojan programs, called Stinx-E, masquerades as a photo sent from a UK business magazine, security vendor Sophos said in a statement. Once clicked on, the malicious software uses Sony's rootkit techniques to hide itself on the system, Sophos said.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon