Sony BMG's "rootkit" copy protection technology may affect Macs -- and the software can also be exploited by malicious hackers, reports claim.
MacInTouch reports claims by a reader who recently purchased a Sony BMG CD. The reader found that the CD installs a Mac application, "Start.app" which itself installs two files: PhoenixNub1.kext and PhoenixNub12.kext.
This is not the same software as is currently causing such a furor against Sony BMG. The Register claims: "It's a Mac version of SunnComm's DRM software, MediaMax, which Sony BMG uses to copy-protect a range of CDs."
Sony BMG faces consumer backlash
The label's aggressive attempt to protect what it construes as its rights has driven consumers to turn to the courts to protect their own. The company already faces a class-action lawsuit in California, another in New York and possible legal action in Italy.
The California suit claims Sony BMG broke three state laws -- the Consumer Legal Remedies Act, the Consumer Protection against Computer Spyware Act, and the California Unfair Competition law. It wants the court to stop Sony BMG selling any more CDs using the technology, and seeks compensation for damage done.
The filing also accuses the company of not fully disclosing the extent of what the software does. A report on Gamespot claims the software has the effect of disabling the CD player on a computer if a user tries to uninstall the cloaked software.
Virus-writers exploit the error
Woes continue for the combined record label while the merger between Sony and BMG is protested against in the European courts on the grounds that it threatens competition and consumers.
Computer security experts across the world are this morning reporting that a new piece of malware, in this case a Trojan Horse, is exploiting Sony's software and is contained in an email that purports to be a message from a business magazine.
Sophos reports this message says: "Your photograph was forwarded to us as part of an article we are publishing for our December edition of Total Business Monthly. Can you check over the format and get back to us with your approval or any changes? If the picture is not to your liking then please send a preferred one. We have attached the photo with the article here."
Sophos has issued a tool which will detect the existence of Sony's DRM copy-protection on Windows computers, disable its "cloaking" function, and prevent that functionality from re-installing. The tool also detects versions of the Troj/Stinx Trojan horse which exploit the Sony vulnerability.
Sony BMG eases malware-writers task
Antivirus firm Trend Micro also warned against the risk of the Sony BMG rootkit software. Chief technologist Raimund Genes said: "The issue is less about the Trojan than it is about the underlying rootkit technology utilized by it. This is because the rootkit is a 'kernel-mode' program, which can be used for more dramatic malicious purposes than can 'user-mode' programs."
"We don't blame Sony for attempting to exercise its right to manage its digital property" he said. "However, what's important to understand is that this technology can now be used by malicious malware writers to hide and spread their creations. These writers include those who might not know how to write their own rootkits - but now they don't have to."
Sony BMG seems determined to transform the affair into a complete PR disaster.
Ovum declares scheme "unacceptable"
Ovum analyst Graham Titterington reports that Thomas Hesse, the president of SonyBMG's global digital business division, said in an interview on radio station NPR: "Most people don't even know what a rootkit is, so why should they care about it?".
"The entertainment industry must sort out the limits on how far it can go to protect its copyright material. It is totally unacceptable that it is laying its customers open to identity theft as the price of protecting its royalty revenues," he writes.
Consumer advocates demand music-lover rights
The activity takes place during the same week as European consumer rights advocates launch a campaign demanding that consumer rights in the digital age be defined and protected.
The campaign launched yesterday with a press conference at the European Parliament. The groups want to draw attention to the way consumers: "Are treated as criminals and pirates for person-to-person file sharing and downloads."
"We believe it is high time to guarantee consumers certain basic rights in the digital world and to tell them what they can do with their digital hardware and content," the groups said.