If you’ve been attacked by Sony’s XCP rootkit software, you can finally remove it. Here are the download links.
Remarkably, Sony has finally admitted that the XCP software is dangerous. Their announcement confesses:
CDs containing XCP content protection software developed by First4Internet for SONY BMG may increase the vulnerability of your computer to certain computer viruses.
The uninstaller allows you to completely remove the XCP software (good idea) or update it to a newer version that Sony claims is free of the rootkit component (do you feel lucky?).
Not so remarkably, Sony can’t resist the urge to say dumb things. Like this:
Please be advised that this [update/uninstall] program is protected by all applicable intellectual property and unfair competition laws, including patent, copyright and trade secret laws, and that all uses, including reverse engineering, in violation thereof are prohibited.
Yes, it certainly wouldn’t be appropriate for any security researchers to look closely at this software and determine whether it’s safe and effective. Especially given Sony’s track record so far.
Interesting phrasing
“… by First4Internet for SONY BMG ….”
Looks a lot like they are trying to pass the buck. Things are looking bad at SonyBMG. First a rootkit and now serious flaws in MediaMax, shame on them.
Sony needs still more clues: Researchers have discovered that First4Internet stole the code for XCP by violating the LGPL for LAME, among other things. If I were Sony, I wouldn’t bother copyrighting anything related to XCP. It would dig them in so deep that the EFF might actually win this case for a change.
I can’t decide if this is an extreme case of ignorance on Sony’s behalf, or whether this is an advanced case of arrogant stupidity. Either way, Sony BMG is out on a limb. I hope it breaks…