The media isalways under constant pressure to find new ways of protecting digital mediafrom being distributed illegally by pirates. In order to fight piracy, Sony BMG(Bertelsmann Music Group) went a step ahead in June 2005 which resulted in thisdebacle.In June 2005, Sony BMG sold over one million copies containing a softwarepackage called XCP (Extended Copy Protection) which was developed by First 4Internet (F4I) company, based in United Kingdom, in order to counter piracy. ThisXCP software package was designed so that customers cannot make more thencertain number of copies of the original protected disks. Not all the titles ofSony BMG contained this software but a large number of the copies sold by SonyBMG had this protection software. When these CD’s were inserted into a personalcomputer, it would install a software on Windows systems after the consumeraccepts end-user license agreement (EULA). But there was no mention aboutthis particular software in EULA.This scandalcame to light when Mark Russinovich, a researcher of Winternals, scanned hissystem using RootKitRevealer and discovered that his system was infected bysome sort of rootkit software.
Upon further investigation, he found out thatrootkit was installed because of the CD he had purchased which was released bySony BMG. He discovered that XCP kept on running in background consumingexcessive resources irrespective of whether the CD was being played or notwhich resulted in slowing down of consumer’s computer. XCP also left computersopen to possible security breaches from malicious software such as trojans.Moreover, it was impossible to uninstall it as it came without any uninstallerand if any attempt of uninstalling was made, the operating system failed torecognize existing drives.Soon after this,Sony BMG released a patch for their software stating that this service packwould remove the XCP component from affected computers.
Upon further analysisof this service pack by Russinovich, he found out that the only thing theservice pack did was to disable the cloacking technology and not to actuallyuninstall the rootkit. Not only this, the service pack installed an uninstallsoftware based on ActiveX programs because of which Internet Explorer WebBrowser would automatically run malicious code which left many computersvulnerable.This DRM debacle led to many lawsuits againstSony due which they incurred huge financial losses. Sony had to pay penalty of$750,000 to Texas state for violation of law and additional $150 for everydamaged computer as a result of lost battle against Greg Abbott. On January 30,2007, Sony made a settlement with the US Federal Trade Commission and wererequired to reimburse affected consumers up to $150 for the damage done bythem.