Sony BMG Music Entertainment on Tuesday re-issued the patch that reveals the copy-protection files some of its audio CDs install on PCs, but continued to be blasted by security experts outlining more details of the under-fire technology.
The revised patch, which Sony labeled "Service Pack 2a," differs from the original released last week only in size; it's a third as large, weighing in at 1.5MB compared to the first version's 3.6MB.
In other news on the Sony brouhaha, Mark Russinovich, the chief technology officer for Wininternals and one of the first researchers to publicize Sony's use of a rootkit to hide its copy-protection software, posted new information about the patch.
On his blog, which has been offering details since the story broke last week, Russinovich posted a screenshot of a Windows "blue screen of death" that identified the patch as the culprit in a crash.
He was responding to a message from First4Internet, the U.K.-based developer of the XCP (eXtended Copy Protection) technology that Sony BMG uses, which rejected Russinovich's claim that the patch could cause a PC meltdown.
"This is pure conjecture," First4Internet said.
Russinovich saw it differently.
"Besides demonstrating the ineptitude of the First4Internet programmers, this [patch] flaw highlights my message that rootkits create reliability risks in addition to security risks," he said.
"Because the software that installed the rootkit is hidden when Windows is running (in this case Sony’s software), and even if exposed not clearly identified, if an application triggers one of [the driver's] bugs a user would have no way of associating the driver responsible for the crash with any software they have installed."