In yesterday's entry I linked to a story about Sony discontinuing one of its digital rights management programs. It turned out that the XCP software they force consumers to install in order to listen to certain music CDs also installs spyware on their machine.
Things appear to have gotten even worse for Sony. An AP story circulating today points out that the XCP uninstaller Sony is distributing creates an even bigger security threat than the original malware. The story quotes Princeton University analysts as follows:
"The consequences of the flaw are severe," Felten and Halderman wrote in a blog posting Tuesday. "It allows any Web page you visit to download, install, and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get."
If you are one of the estimated 500,000 music fans who installed the XCP software on your computer, you may want to wait for the dust to settle before you use the Sony-provided uninstaller.
