Sony BMG to revise XCP uninstaller procedure, claims DNS propagation estimates "flawed"
New York (NY) - Responding to a deluge of reports in TG Daily and elsewhere, regarding estimates of the damage caused by its XCP copy protection software, a spokesperson for music publisher Sony BMG told us today that the company will be revising the procedure it currently offers customers for disconnecting its stealth techniques, and for uninstalling the software. In the meantime, the existing uninstallation tool has been taken offline.
John McKay, Sony BMG’s spokesperson, told TG Daily that stress tests are being performed now for the replacement procedure, which the company hopes to make available in the immediate future. An open letter to customers issued this morning on Sony BMG’s Web site states, "We will shortly provide a simplified and secure procedure to uninstall the XCP software if it resides on your computer.
"Ultimately, the experience of consumers is our primary concern," the letter goes on to state, "and our goal is to help bring our artists’ music to as broad an audience as possible. Going forward, we will continue to identify new ways to meet demands for flexibility in how you and other consumers listen to music."
Last weekend, Felten’s colleague, J. Alex Halderman, published to his personal blog, Freedom to Tinker, a renewed examination of a completely different copy protection scheme used in other Sony BMG audio CDs. There, Halderman stated that MediaMax protection software used by the company since 2003 has installed drivers on users’ systems without their consent, transferred personal information to MediaMax’s servers, and has not included a complete uninstallation procedure. Those CDs that do include an uninstaller, he notes, fail to remove the key drivers. However, he pointed out, MediaMax does not resort to using stealth to hide its drivers and deflect attempts at identification or uninstallation, as does First 4 Internet’s XCP.
Sony BMG’s McKay had no immediate comment on Halderman’s claims, and indicated that this may be the first significant complaint the company has seen regarding MediaMax.
Yesterday, TG Daily reported on a different set of claims by security expert Dan Kaminsky that over half a million DNS servers on the Internet may have cached the XCP software’s IP address within a given eight-hour period of time. Kaminsky believes this may be an indication that millions of Windows computers could contain the XCP stealth software. Today, Sophos Labs senior technology consultant Graham Cluley told us Kaminsky’s claims may be difficult to verify. "I’m afraid we can’t confirm Dan Kaminsky’s ’guesstimate’ on how many computers may have run the offending code," said Cluley, adding, "It would seem to me to be a very difficult thing to quantify in a meaningful way."
Later today, Sony BMG’s McKay stated that his company’s technical team looked into Kaminsky’s claims, and reported to him that they believe his numbers would be "significantly exaggerated," and that his methodology for determining the contents of over half a million DNS server caches across the world is, in their opinion, flawed.
Finally, The Washington Post’s security columnist, Brian Krebs, this morning quoted the assistant secretary for policy at the US Department of Homeland Security, Stewart Baker, as having admonished Sony BMG (though not by name) during a speech at a function produced by the US Commerce Dept. "In the pursuit of protection of intellectual property," stated Baker, "it’s important not to defeat or undermine the security measures that people need to adopt in these days."
Sony BMG’s spokesperson had no immediate comment to Krebs’ column.
Commenting this afternoon on Sony BMG’s actions, Sophos’ Graham Cluley told us, "I’m delighted to hear that Sony is now seeing sense and is actively working to withdraw versions of their CDs out in the shops which still contain this controversial code. Of course, that’s not much help to those poor souls who have already bought the CDs and may have unknowingly opened up their home PCs and company computers to potential attack."