After much criticism, Sony BMG Music Entertainment has released a software patch that removes the controversial cloaking technology found in its CD copy protection software.
Critics had slammed the software for being invasive and extremely difficult to remove because it uses the same cloaking techniques normally found in spyware or viruses.
This 'rootkit' software uses a variety of techniques to gain access to a system and then covers up any traces of its existence so that it cannot be detected by system tools or antivirus software.
Sony faces the music
The patch, which was posted to Sony's website on Wednesday, was posted to "alleviate any concerns that users may have about the program posing potential security vulnerabilities," Sony said. By installing the patch, users will not remove the copy protection software, called XPC, but they will make it visible to system tools and antivirus software.
XCP has been shipping on some Sony music CDs since early 2005. Licensed by Sony from UK firm First 4 Internet, XCP prevents users from making more than three backup copies of any XCP-protected CD. Sony will not say how many of its CDs use the software.
Critics had complained that because the software was virtually impossible to detect, hackers might somehow take advantage of it in order to hide their own malicious code from antivirus software. They had also slammed Sony for not adequately informing users of how it worked and for making it extremely difficult to remove XCP.
First 4 who?
First 4 has also given software to antivirus vendors so that their products can now detect the XCP software, said First 4's CEO Mathew Gilliat-Smith.
First 4 is also in the process of developing a new version of XCP that will not use the controversial cloaking techniques, he added.
Gilliat-Smith said that the cloaking techniques were used in order to keep one step ahead of illegal copiers.
In this case, however, First 4 and Sony went too far, according to Mark Russinovich, the computer expert who first revealed how XCP works. "Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written," he wrote in a blog posting.
"Worse, most users that stumble across the cloaked files will cripple their computer if they attempt the obvious step of deleting the cloaked files."