Sony backs out of rootkit anti-piracy scheme

Record label caves in under intense pressure

Sony BMG has promised to stop making music CDs that use its controversial XCP anti-piracy technology.

The record label had come under fire for the technology, which security experts warned was poorly designed and could be easily exploited by worm authors to hide malware from antivirus software.

Consumers inserting the CDs in their computers would unknowingly install the application, which was very hard to remove. In an effort to remain installed, the technology used a so-called rootkit to hide itself from the user and the system.

It took only one week for the first virus to surface that exploited the features of the rootkit to try and hide from antivirus software.

The software made alterations at a deep level of the Windows operating system to allow it to monitor and limit the number of copies that a consumer made of a CD, as well as to regulate the file formats that could be used to rip the disk.

Sony reserved the right to explore other anti-piracy technologies, but said it will re-examine its content protection initiatives to ensure that they meet security and ease of use standards. 

The label will recall all unsold CDs from stores and has instated a consumer exchange programme for consumers who have previously purchased XCP equipped CDs. The Electronic Frontier Foundation on its website has published a list of titles affected by the technology and offers instructions on how to recognise the CD.

About two million CDs with the technology have been sold worldwide. Consumers have called for a boycott of Sony's music, and CDs that carried the anti-piracy technology have been slammed on online review sites such Amazon, causing their ratings to drop.  

Sony is also facing lawsuits in California and Italy over the technology and more actions are likely to follow. 

The XCP technology was developed by UK software company First 4 Internet. 

Several security vendors including Computer Associates, Sophos, Symantec and Microsoft have started to provide or will provide a tool to remove the XCP software.

Sony has always maintained that there were no security risks associated with the anti-piracy technology.