Sony claims this was unintentional. Sony BMG initially denied that the rootkits were harmful. It then released, can you embed a virus in a pdf one of the programs, an “uninstaller” that only un-hid the program, installed additional software which could not be easily removed, collected an email address from the user, and introduced further security vulnerabilities.
CDs, and the suspension of CD copy protection efforts in early 2007. US senior VP Steve Heckler foreshadowed the events of late 2005. It will not lose that revenue stream, no matter what Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will block it at your phone company. We will firewall it at your PC These strategies are being aggressively pursued because there is simply too much at stake. The CDs were eventually replaced.
2002 report indicated that all BMG CDs sold in Europe would have some form of copy protection. Sony BMG, the record company formed by the 2004 merger of Sony and BMG’s recorded music divisions. EULA which made no mention of the software. F4I’s XCP software that he ascertained had been recently installed on his computer by a Sony BMG music CD.
Although the software isn’t directly malicious, the used rootkit hiding techniques are exactly the same used by malicious software to hide themselves. The DRM software will cause many similar false alarms with all AV software that detect rootkits. Thus it is very inappropriate for commercial software to use these techniques. Microsoft announced it would include detection and removal capabilities in its security patches. It constantly runs in the background and excessively consumes system resources, slowing down the user’s computer, regardless of whether there is a protected CD playing. It employs unsafe procedures to start and stop, which could lead to system crashes.
Soon after Russinovich’s first post, there were several trojans and worms exploiting XCP’s security holes. Some people even used the vulnerabilities to cheat in online games. Russinovich analyzed the utility, he reported in his blog that it only exacerbated the security problems and raised further concerns about privacy. Russinovich noted that the removal program merely unmasked the hidden files installed by the rootkit, but did not actually remove the rootkit.