The rootkit in question was a spyware-like application encoded onto certain copy-protected music CDs that Sony sold in the US and which did some “ET phone home” type of activities from your computer without you knowing if you played one of those CDs on your PC. It also introduced significant security risks on that PC.
In the end, Sony BMG capitulated in the face of a rising groundswell of vocal and highly-critical comment on their behaviour – including from many bloggers – and they issued a fix for the rootkit and recalled the affected CDs.
But it’s getting worse for Sony BMG.
Yesterday, the Electronic Frontier Foundation filed a class action lawsuit against the music publisher, “demanding that the company repair the damage done by the First4Internet XCP and SunnComm MediaMax software it included on over 24 million music CDs.” There’s even been a call for a boycott of Sony products.
Sony has clearly mis-handled this crisis. They originally denied that the rootkit posed any kind of threat, even arrogantly claiming in a radio interview, “Most people don’t even know what a rootkit is, so why should they care about it?”
So much for this company caring about its customers and their concerns.
Whatever backpedalling Sony BMG is now doing, it is customers’ perceptions of the company that is the damaging issue. This could turn out to be a bit like the Dell Hell story in the sense that whenever you see a Sony-branded product, you might think twice about buying it, asking yourself, “Do I now trust any product from this company?”
In any event, the communicators at Sony BMG have quite a job on their hands.