Sony have replied…
Sony BMG Music Entertainment and a technology partner are working with antivirus companies on a fix for a potential security problem in some copy-protected CDs.
http://news.com.com/2100-7355_3-5928608.html
Here is the Sony update update and the FAQ
Over at the FAQ at Sony
6. I have heard that the protection software is really malware/spyware. Could this be true?
Of course not. The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system. Also, the protection components are never installed without the consumer first accepting the End User License Agreement.
A legal point of view is posted here
Another security based review of what the main ‘features’ or this software are here
Here are some of the comments from the legal post above:-
If you’ll read Mark Russinovich’s blog entry, you’ll notice several things that this XCP software does in addition to hiding itself like malware:
– scans the executables corresponding to the running processes on the system every two seconds
– degrades system performance 24/7 (not just when the media player is in use)
– uses misleading names such as “Plug and Play Device Manager” to deceive users into thinking it’s a legitimate part of Windows
– tampers with the low-level operation of the system, causing stability and compatibility problems
– installs hooks and filters, making it difficult to uninstall without breaking WindowsIf that’s not malware, I don’t know what is.
I think J. Stanley’s comment starts to expose the real problem here, and why all the “nerds” are pissed.
This represents DRM gone too far. The techniques used with this DRM package are hacker (the malicious kind) techniques. There has got to be a point at which EULAs cannot protect companies from doing whatever they want.
Here is the Wikipedia entry for a rootkit