It looks like that the record company really took a bite of the forbidden fruit when they released their XCP digital rights management (DRM) scheme. Now they are facing a lawsuit, bad publicity and warnings from just about every computer security company.

The Register have published comments by Thomas Hesse, The President of Sony BMG. He is quoted for saying "Most people, I think, don't even know what a rootkit is, so why should they care about it?". Amazing ignorance of the customers. Most people do not know the principles of computer viruses either, but it is still quite adviseable to care about them. (Source: The Register)

The consumers of California will not be ignored as the have just filed a class action suit against Sony. A second nation wide suit is expected to be filed in New York. According to the Californian suit, the XCP DRM violates a number laws.

The suit alleges that Sony's software violates at least three California statutes, including the "Consumer Legal Remedies Act," which governs unfair and/or deceptive trade acts; and the "Consumer Protection against Computer Spyware Act," which prohibits -- among other things -- software that takes control over the user's computer or misrepresents the user's ability or right to uninstall the program. The suit also alleges that Sony's actions violate the California Unfair Competition law, which allows public prosecutors and private citizens to file lawsuits to protect businesses and consumers from unfair business practices.

Anti-virus companies are busy to eliminate the security risk of the Sony XCP DRM. Computer Associates have released a tool for removing the virus, while Symantec's software only identifies it and gives a warning. F-Secure has already identified a threat that tries to make use of the Sony's cloaking mechanism.

We wouldn't like to say "we told you so" but unfortunately this is one of those times you just have to do it.

We have just analyzed the first malware (Breplibot.b) that is trying to hide on machines that have Sony DRM software installed.

Luckily, the bot has a design flaw. If the Sony DRM rootkit is active (hiding) in the system during infection, the bot will not run at all. Moreover, the bot cannot survive a reboot because of a programming error. In any case, this is a very good example of why software should not use rootkit hiding techniques.

Record company EMI is almost pathetic. They are now announcing that they are the good guys, as they are not dealing with the developers of XCP DRM or using rootkit technologies. I thin they were lucky not to release a similar concept before Sony BMG did.

"The content-protection software that we're using can be easily uninstalled with a standard uninstaller that comes on the disc. EMI is not using any software that hides traces of the program. There is no 'rootkit' behavior, and there are no processes left running in the background," said an EMI spokesman in a statement.