Pressure from Electronic Frontier Foundation on music-CD copy-protection firm SunnComm appears to have paid off. Responding to EFF's open letter, the company has set out how it intends to end security problems with its MediaMax CD copy-protection software used on music CDs by a number of indie record labels.
Although this is the same software in which security issues were identified on some Sony BMG CDs - but seemingly resolved with an updater - it is NOT the software over which there has been so much Sony-related publicity, First4Internet's XCP, which uses root-kit technology.
Clear? No? Well, read on. The main thing at issue with MediaMax seems to be the sneaky way it could install itself even if the user declined the terms of the licensing agreement that appear when a disc starts to play on a PC. And that's set to change in new versions. SunnComm also says it will ensure that future versions come with uninstallers. Further, it's promised to submit new versions of the software for independent security testing to try to spot and prevent any nonsense - and to make public the results.
There was a security risk on Windows PCs, "A file folder installed on users' computers by the MediaMax software that could allow malicious third parties who have localized, lower-privilege access to gain control" - but this can, it seems be sorted out by a simple updater.
Commenting on SunnComm's decisions, EFF attorney Kurt Opsahl, said, "While we continue to disagree with SunnComm on the wisdom of CD copy protection in general, we are pleased that it has taken important steps to notify consumers of the security vulnerability and help resolve the security and privacy issues raised by the MediaMax software."
Talks are apparently still going on betweeen SunnComm and Electronic Frontier Foundation about how to prevent legitimate security researchers - past, present and future - working on MediaMax from being accused of copyright violations.
EFF - press release about SunComm's response to its open letter
EFF - home URL
MediaMax - home URL
Sony BMG - statement about stopping production of XCP copy-protected CDs
Sony BMG - statement about SunnComm security vulnerability
Microsoft targets Sony DRM and other rootkit malware - news story