Thursday, December 15, 2005


Even while the lawsuits are piling up from their XCP copy-protection software disaster, Sony-BMG have now had to announce that their other software designed to stop you using the music you've paid for has a security flaw on it, too. Despite posting a patch for the flaw on discs "protected" by MediaMax, Sony is refusing to recall the six million CDs circulating containing this nasty. It's got the potential to allow hackers into a backdoor on computers where the discs have been played.

You can understand Sony's reluctance to take the discs off the shelf - they've already had to junk five million XCP discs; there are nearly six million ones containing MediaMax and to lose those as well would make a sizeable hole in the company's bottom line. Their attitude? We've made a patch available, that'll have to do:

"We take the security issues very, very seriously," says Thomas Hesse, Sony BMG president of global digital business. But Hesse adds that the company has no plans to recall the CDs or offer refunds: "At this point, this is pretty much it."

So, that's taking security issues seriously in what sense, then? Because it seems to us that allowing people to buy CDs containing stuff that can screw their computers isn't taking security very seriously at all, and is kind of treating your customers with contempt. What about people who buy these CDs and don't know that they need to spend the rest of their lives checking online to see if their Alicia Keys record has opened their computer to viruses? If these CDs are still on the shelves, they could remain there for a long time - would someone buying an album in 2007 even think that they might have to check news archives from two years before to see if its a security risk? Or would they assume that Sony wouldn't have allowed a security-breaching item to remain on the shelves, being a respectable company?

Sony-BMG has a duty to its customers, and if it thinks the best way to live up to that duty is to knowingly flog 'em dodgy CDs and shrug, then it probably doesn't deserve to have many customers at all.

1 comment:

karl said...

An interesting point about this whole Sony copy protection bruhaha is that they nicked some of the software from a guy called Jon Johansen. Who he? Well, he's a guy that the MPAA have been hounding for years. For, er, infringing copyright.

Full story here in The Register:

Post a Comment

As a general rule, posts will only be deleted if they reek of spam.