Thu, Nov 17, 2005 News Editorials 526018364 visits
 Photo News
 More World Business
 More IELTS
 Johnny Neihu
 
 Community Compass
 
  • Back Issue

  •   << >>   Full List

  • TaipeiTimes
  •   Subscribe
  •   Advertise
  •   Employment
  •   FAQ
  •   About Us
  •   Contact Us
  •   Copyright
    		•
    Search Most Read Story Most Viewed Photo
     Print
     Mail
     wiki links

    Sony BMG gets flack for `spyware' CD


    AP, BOSTON
    Thursday, Nov 17, 2005, Page 12

    "This is a surprisingly bad design from a security standpoint ... It endangers users in several ways."

    Ed Felten, a Princeton computer science professor

    The fallout from a hidden copy-protection program that Sony BMG Music Entertainment put on some CDs is only getting worse. Sony's suggested method for removing the program widened the security hole the original software created, researchers say.

    Sony has moved to recall the discs in question. But music fans who have listened to them on their computers or tried to remove the dangerous software they deposited could still be vulnerable.

    "This is a surprisingly bad design from a security standpoint," said Ed Felten, a Princeton University computer science professor who explored the removal program with a graduate student, Alex Halderman. "It endangers users in several ways."

    The "XCP" copy-protection program was included on at least 20 CDs, including releases by Van Zant and Celine Dion. Sony BMG said 4.7 million were shipped, with 2.1 million sold.

    When the CDs were put into a PC -- a necessary step for trans-ferring music to iPods and other portable music players -- the CD automatically installed a program that restricted how many times the discs' tracks could be copied, and made it extremely inconvenient to transfer songs to iPods.

    That antipiracy software -- which works only on Windows PCs -- came with a cloaking feature that allowed it to hide files on users' computers.

    Researchers classified the program as "spyware," saying it secretly transmits details about what music the PC is playing. Manual attempts to remove the software can disable the PC's CD drive.

    The program also gave virus writers an easy tool for hiding their malicious software. Last week, "Trojan horse" programs emerged that took advantage of the cloaking feature to enter computers undetected, antivirus companies said.

    Stung by the controversy, Sony BMG and the company that developed the antipiracy software, First 4 Internet Ltd of Oxfordshire, England, released a program that uninstalls XCP. But the uninstaller created a new set of problems.

    To get the uninstall program, users were asked to request it by filling out online forms. Once submitted, the forms themselves download and install a program designed to ready the PC for the fix. Essentially, it makes the PC open to downloading and installing code from the Internet.

    Experts say the program fails to make the PC confirm that such code should come only from Sony or First 4 Internet.
    This story has been viewed 1641 times.

  • Advertising



    		•