Software // Enterprise Applications
News
12/20/2006
01:22 PM
Connect Directly
RSS
E-Mail
50%
50%

Sony Settles Rootkit CD Suit With Texas, California

Under terms of the agreements, each state will receive $622,000 in damages and $128,000 to cover legal costs and fees, and Sony will refund up to $175 to people in those states who spent money to repair computers.

Sony BMG Music Entertainment settled lawsuits with California and Texas Tuesday that stemmed from the November 2005 disclosure that the company's audio CDs were planting spyware-style rootkits on users' PCs without their knowledge.

Under terms of the agreements, each state will receive $622,000 in damages and $128,000 to cover legal costs and fees. Sony BMG will also refund up to $175 to each resident of Texas and California who spent money to repair computers damaged by attempts to uninstall the rootkit code used to mask Sony's CD copy-protection software.

The Attorneys General of both states had filed lawsuits last year charging Sony with unfair business practices and/or violations of anti-spyware statutes.

"Texans deserve to be protected from harmful, hidden files that threaten their privacy or the integrity of their computer systems," said Texas Attorney General Greg Abbott in a statement. "Our first-in-the-nation action against Sony BMG shows that consumer privacy will be vigorously protected."

California's head law enforcement officer also weighed in. "Companies that want to load their CDs with software that limits the ability to copy music should fully inform consumers about it, not hide it, and make sure it doesn't inflict security vulnerabilities on computers," said Attorney General Bill Lockyer in a rival statement.

According to Lockyer, some 450,000 Californians purchased Sony BMG CDs that used rootkit technologies, but he didn't estimate the number eligible for refunds under the settlement. Texas estimates pegged the number of rootkit CD buyers at 130,000.

The brouhaha began in November 2005 when independent researcher Mark Russinovich, who has since gone on to work for Microsoft, disclosed that Sony BMG had used a rootkit to "cloak" digital rights management software on PCs that had played the company's CDs. Later analysis by Russinovich and others found that uninstalling the code could damage the computer, and that hackers could exploit the rootkit to plant other malicious code.

Sony's first attempt to deal with the problem was a debacle; the patch it issued made some computers crash.

Earlier this year, Sony settled several class-action lawsuits, including one filed by the Electronic Frontier Foundation.

The California settlement judgment can be downloaded as a PDF from here, while the Texas settlement is available here.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.