EFF has published an open letter to Sunncomm, one of the DRM arms-dealers that provided malicious anti-customer software to Sony, the use of which has resulted in lawsuits being filed against Sony by music fans whose computers were infected with Suncomm's spyware.
Sunncomm's MediaMax is a piece of dangerous spyware that is installed by Sony music CDs — the software even installs itself if you decline the "agreement" that comes up when you insert the disc. It leaves your computer vulnerable to many cyber-attacks, and the uninstallers don't work — they create more vulnerabilities than they close.
Sony has taken some steps to provide better uninstallers and disclosure of the titles of the infected CDs, but Sunncomm has sold its malware other music companies, and there's no master list of all infected CDs:
To ensure that all affected consumer received notice of the problem and to reduce the possibility that such problems will re-occur, we urge SunnComm International, Inc. and MediaMax Technology Corp. to promptly:1. Publish a list of every CD, regardless of label, that employs the MediaMax technology, including the version.
2. Provide every other label using MediaMax with information about the vulnerability, and confirm this to EFF.
3. Work with those labels to quickly and effectively resolve the security vulnerability.
4. Publicly commit to ensuring that MediaMax software does not install when the user clicks "No."
5. Publicly commit to including true uninstallers in all versions of MediaMax software.
6. Publicly commit to providing all future MediaMax software to an independent security testing firm, and to the public release of the results of such test.
Previous installments of the Sony Rootkit Roundup: Part I, Part II, Part III, Part IV
(Cool Sony CD image courtesy of Collapsibletank)
