Sony BMG Rootkit Debacle Reaches $1.5M Settlement

Dennis Faas's picture

Recently, Sony was fined $1.5 million in penalties and costs to reimburse Californians and Texans whose computers were affected by the illegally installed Digital Rights Management software [software aimed at antipiracy] on some of their music CDs.

Consumers will be reimbursed up to $175.00 to offset the cost of repairs incurred when removing the software. Consumers without proof of the cost of repairs are still eligible for $25.00.

To date, 40 states have settled the law suit with Sony. The total settlement amount is up to $5.75 million. For a list of the 40 states affected, refer to the Massachusetts Attorney Generals Office.

The CDs might contain XCP or MediaMax 5.0 designation on the CD label, while some are labeled as "Content Protected" on the front upper-left corner. In all, 52 CD titles were manufactured with the DRM antipiracy software. A full list of the titles affected can be found here.

California Attorney General Bill Lockyer estimates that 450,000 Californians purchased Sony BMG CDs that used rootkit technologies. Texas estimates 130,000 people purchased the CDs. An estimated 12.6 million discs were sold between January 2005 and November 2005.

The antipiracy software was created by First 4 Internet, a U.K. based company. When the user inserts the disc into their Windows PC and accepts the terms of a license agreement, the DRM software (also known as rootkit software) was transparently installed -- undetectable to all but the most experienced user and most antivirus software. The software does not affect CD players in stereo systems.

Rootkits run at a very low level in the Windows operating system. A rootkit is a set of tools that hide any trace of an intruder, but can maintain full ("root") access to a previously compromised operating system. Many argue that rootkits are no better than Spyware.

Terms of the settlement also ban Sony from distributing CDs with bundled Digital Rights Management software technology without proper disclosure.

The rootkit was discovered by Mark Russinovich of Sysinternals. Claim forms are available on a special Sony web site with instructions on how to seek reimbursement for repairs to damaged computers.

Consumers have 180 days to file claims.

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
No votes yet