Sony recalls copy-protected CDs
Neil Diamond’s latest album sold well despite the XCP row
Sony BMG is recalling music CDs that use controversial anti-piracy software.
The software was widely criticised because it used virus-like techniques to stop illegal copies being made.
Widespread pressure has made the music giant remove CDs bearing the software from stores. It will also swap bought CDs for copies free of the XCP anti-piracy software.
Sony is also providing software to make it easy to remove the controversial program from Windows computers.
Sony’s music arm could be recalling millions of CDs because at least 20 discs are known to use XCP some by best-selling artists such as Celine Dion, Natasha Bedingfield, and Amerie.
One of the discs, Neil Diamond’s 12 Songs, was the top seller on Amazon.com for several days.
XCP PROTECTED CDS
Trey Anastasio – Shine
Celine Dion – On ne Change Pas
Neil Diamond – 12 Songs
Our Lady Peace – Healthy in Paranoid Times
Chris Botti – To Love Again
Van Zant – Get Right with the Man
Switchfoot – Nothing is Sound
The Coral – The Invisible Invasion
Acceptance – Phantoms
Susie Suh – Susie Suh
Amerie – Touch
Life of Agony – Broken Valley
Horace Silver Quintet – Silver’s Blue
Gerry Mulligan – Jeru
Dexter Gordon – Manhattan Symphonie
The Bad Plus – Suspicious Activity
The Dead 60s – The Dead 60s
Dion – The Essential Dion
Natasha Bedingfield – Unwritten
Ricky Martin – Life
No detailed figures have been given by Sony for how many CDs are protected with XCP or how many have been sold.
However, work by respected net expert Dan Kaminsky found that more than 500,000 networks have at least one machine on them using XCP.
Although the CDs containing XCP were only released in the US, Mr Kaminsky found that 44,000 copies were installed on machines in the UK.
In its statement announcing the recall Sony BMG said: “We deeply regret any inconvenience this may cause our customers and we are committed to making this situation right.”
The alarm about XCP was raised by Windows programming expert Mark Russinovich who discovered that it used a “root kit” to install itself deep inside the operating system.
Subsequent to his discovery virus writers started exploiting XCP’s stealthy abilities to hide their own creations.
In the same statement about the recall Sony BMG said it would make it much easier to uninstall the XCP system from Windows PCs on which is has been installed.
Before now any customer wanting to rid their PC of XCP had to go through a several stage process of telling Sony what they wanted to do and then waiting for it to respond. As well as being criticised for its inconvenience security researchers found that the uninstaller left Windows machines vulnerable to several exploits. The XCP copy protection system only installed on machines running Windows.
Writing on the Freedom to Tinker blog, researchers J Alex Halderman and Ed Felten found that cleverly written webpages could exploit the programming code used to remove XCP to install their own potentially malicious programs.
The pair also provided tools that help people work out if their Windows machines have been left vulnerable in this way.
The news about the uninstaller came as anti-virus firms and Microsoft announced tools to find and remove the “root kit”.
The row about XCP has also led to Sony BMG facing several class-action lawsuits over the potential security problems that the software causes.