Software // Enterprise Applications
01:22 PM
Mobile Threats & How to Keep Them at Bay
Jun 01, 2016
With savvy cybercriminals using vulnerabilities in apps, networks, and operating systems to gain c ...Read More>>

Sony Settles Rootkit CD Suit With Texas, California

Under terms of the agreements, each state will receive $622,000 in damages and $128,000 to cover legal costs and fees, and Sony will refund up to $175 to people in those states who spent money to repair computers.

Sony BMG Music Entertainment settled lawsuits with California and Texas Tuesday that stemmed from the November 2005 disclosure that the company's audio CDs were planting spyware-style rootkits on users' PCs without their knowledge.

Under terms of the agreements, each state will receive $622,000 in damages and $128,000 to cover legal costs and fees. Sony BMG will also refund up to $175 to each resident of Texas and California who spent money to repair computers damaged by attempts to uninstall the rootkit code used to mask Sony's CD copy-protection software.

The Attorneys General of both states had filed lawsuits last year charging Sony with unfair business practices and/or violations of anti-spyware statutes.

"Texans deserve to be protected from harmful, hidden files that threaten their privacy or the integrity of their computer systems," said Texas Attorney General Greg Abbott in a statement. "Our first-in-the-nation action against Sony BMG shows that consumer privacy will be vigorously protected."

California's head law enforcement officer also weighed in. "Companies that want to load their CDs with software that limits the ability to copy music should fully inform consumers about it, not hide it, and make sure it doesn't inflict security vulnerabilities on computers," said Attorney General Bill Lockyer in a rival statement.

According to Lockyer, some 450,000 Californians purchased Sony BMG CDs that used rootkit technologies, but he didn't estimate the number eligible for refunds under the settlement. Texas estimates pegged the number of rootkit CD buyers at 130,000.

The brouhaha began in November 2005 when independent researcher Mark Russinovich, who has since gone on to work for Microsoft, disclosed that Sony BMG had used a rootkit to "cloak" digital rights management software on PCs that had played the company's CDs. Later analysis by Russinovich and others found that uninstalling the code could damage the computer, and that hackers could exploit the rootkit to plant other malicious code.

Sony's first attempt to deal with the problem was a debacle; the patch it issued made some computers crash.

Earlier this year, Sony settled several class-action lawsuits, including one filed by the Electronic Frontier Foundation.

The California settlement judgment can be downloaded as a PDF from here, while the Texas settlement is available here.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
2016 InformationWeek Elite 100
Our 28th annual ranking of the leading US users of business technology.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.