CD protection developer accused of damaging Sony name.
Sony BMG
, the division of the
Sony
group embroiled in a long-running scandal after releasing a number of CDs using suspect techniques to implement anti-piracy protection, has brought a damages case against the firm it hired to develop some of the software involved.
The CD protection system using the
‘XCP’ rootkit technique
to cloak the actions of the software and prevent removal, and CDs using the software were shipped to consumers in late 2005. The suspicious activity was soon spotted by malware experts and a sizeable backlash against the CD maker ensued, with many security products detecting and removing the software to reduce the risk of other malware piggy-backing the simple method used to hide files.
Shortly afterwards worries were raised about some other technology employed by
Sony
CDs, the
MediaMax
system developed by
SunnComm
, now called
The Amergence Group
. This included further suspect techniques, rendering systems even more vulnerable to other attacks.
The scandal added to the growing movement attacking the concept of ‘digital rights management’ (DRM) and the validity of attempting to control access to media data on the web.
Sony
recalled the dangerous CDs and went on to pay out over $5 million in compensation to customers whose systems were compromised by the malcode. Further controversy followed when Canadian consumers were
offered less
than those in the US.
Now,
Sony
is suing the Phoenix, Arizona, based developer of
MediaMax
for $12 million in damages, accusing the company of providing defective software and harming its good name.
Amergence
has responded with claims that
Sony
is at fault for not properly testing the software before release and providing them with inadequate design specifications, and many commentators have wondered why
MediaMax
should be targeted ahead of the maker of
XCP
, UK-based
First4Internet
, whose software is generally thought the most serious aspect of the ‘
Sony
Rootkit’ fiasco.
The case was filed on July 3rd. Details can be found at IT law website
OutLaw.com
,
here
. More commentary is
here
, in a
McAfee
blog entry, or
here
from a blogger at
Zdnet
.
Posted on 16 July 2007 by
Virus Bulletin
Leave a Reply