Sony’s CD copy protection patch that it issued in response to concerns over security vulnerabilities in the DRM technology has not fixed the security issue, according to Professor Ed Felten and Alex Halderman of Princeton University, New Jersey. These are the US computer scientists who first discovered the security flaw, and they claim that the patch Sony supplied does not prevent the booby-trapping of the files that MediaMax places on a PC in order to automatically run hostile software when you insert an effected CD. They recommend not using the patch at all, and are recommending that Sony recall all of the affected CDs without delay.
"It is impossible to patch the millions of MediaMax-bearing CDs that are already out there," Felden writes. "Every disc sitting on somebody's shelf, or in a record-store bin, is just waiting to install the vulnerable software on the next PC it is inserted into. The only sure way to address this risk is take the discs out of circulation."