Make that doh, a double please

Okay so a few posts back (Oh Crap...I got it Wrong, Nov 5) I mentioned the copy protection software that SonyBMG had started to ship with new CDs and what a disaster it had been.

Well poor SonyBMG, things on that front have just kept right on going downhill, a PR coup this most certainly is not.

Sony's controversial anti-piracy CD software has been labelled as spyware by Microsoft.

The software giant said a key part of the XCP copy protection system counted as malicious software under the rules it uses to define what Windows should be protected against.

It plans to include detection and removal tools for parts of XCP in its weekly anti-spyware software update.

The news came as Sony BMG suspended production of CDs that use XCP.

BBC if this wasn't enpough to send a shiver down ya average consumers spine, there is even more. Remember this software is designed to protect Sony BMG copywrites, which is understandable. But here the eggs really start piling up on the cheeks as it seems the code used for this charming piece of software has been pirated itself, doh!

Sony's rootkit infringes on software copyrights

Close examination of the rootkit that Sony's audio CDs attack their customers' PCs with has revealed that their malicious software is built on code that infringes on copyright. Indications are that Sony has included the LAME music encoder, which is licensed under the Lesser General Public License (LGPL), which requires that those who use it attribute the original software and publish some of the code they write
to use the library. Sony has done none of this.

This is info is taken from a blog, so treat with caution, it may not be accurate, though consdiering this whole bungled affair one tends to feel it probably is so - link

In a effort to steam the PR disaster this must surely be, Sony BMG have stopped including the software/malware on all new CDs and have gone a step further and created a software fix that will remove the offending malware from your PC...

...and now here comes the double whammy, grab some dohs and scatter liberally around the board room

researchers have found new flaws in a program designed to remove portions of an anti-piracy software included in an unknown number of Sony BMG music CDs.

A patch that Sony issued a week ago when virus writers began taking advantage of the software's file-hiding capabilities actually introduces serious new security risks onto the user's machine, according to research released today by Princeton University computer science professor Edward Felten.

The Sony Web page where users can download the removal patch installs a program that remains on the user's PC even after removal tool has done its job, Felten said. And because of the way the tool is configured, he said, it allows any Web page that the user subsequently visits to download, install and run any code that it likes.

I was speechless when I read this news, and had roughly the same thoughts as Felten expressed in his blog: "That’s about as serious as a security flaw can get."

Washington Post

On a bright note I'm sure this situation will not have any adverse effect on Sony BMG's chief executives getting a healthy annual bonus this year.

Is it any wonder a fucking frog has ruled our singles charts for so long?