News 

Professor Ed Felten and Alex Halderman of Princeton University, New Jersey, report that the patch for the SunnComm MediaMax DRM software and previously released uninstaller do not prevent the booby-trapping of the files that MediaMax places on a PC in order to automatically run hostile software when you insert a 'protected' CD.

They recommend that you do not use the patch, do not use the uninstaller and do not insert a MediaMax-bearing CD into a PC.

Although they agree that Sony's efforts to fix

ADVERTISEMENT

the vulnerability and publicise the problem are a positive step, they believe that the record company should now recall all the CDs - as it has with its CDs that use XCP copy protection - and press SunnComm to release a new installer that safely and permanently removes all MediaMax files.

'It is impossible to patch the millions of MediaMax-bearing CDs that are already out there,' Felden writes. 'Every disc sitting on somebody's shelf, or in a record-store bin, is just waiting to install the vulnerable software on the next PC it is inserted into. The only sure way to address this risk is take the discs out of circulation.'

The affected CDs - listed here - have only been released in the US and Canada, thought that won't stop them making their way across the Atlantic as unhappy customers attempt to offload them via eBay. SunnComm's FAQ notes that each CD is labelled on the reverse, though p2pnet reports that at least one does not have the SunnCom 'Compatible With' label.