Sony/ BMG Root kit info!


EFF has confirmed the presence of XCP on the following titles (each has a data session, easily read on a Macintosh, that includes a file called “VERSION.DAT” that announces what version of XCP it is using). If you have one of these CDs, and you have a Windows PC (Macs are totally immune, as usual), you may have caught the XCP bug.

Trey Anastasio, Shine (Columbia)

Celine Dion, On ne Change Pas (Epic)

Neil Diamond, 12 Songs (Columbia)

Our Lady Peace, Healthy in Paranoid Times (Columbia)

Chris Botti, To Love Again (Columbia)

Van Zant, Get Right with the Man (Columbia)

Switchfoot, Nothing is Sound (Columbia)

The Coral, The Invisible Invasion (Columbia)

Acceptance, Phantoms (Columbia)

Susie Suh, Susie Suh (Epic)

Amerie, Touch (Columbia)

Life of Agony, Broken Valley (Epic)

Horace Silver Quintet, Silver’s Blue (Epic Legacy)

Gerry Mulligan, Jeru (Columbia Legacy)

Dexter Gordon, Manhattan Symphonie (Columbia Legacy)

The Bad Plus, Suspicious Activity (Columbia)

The Dead 60s, The Dead 60s (Epic)

Dion, The Essential Dion (Columbia Legacy)

Natasha Bedingfield, Unwritten (Epic)

Ricky Martin, Life (Columbia) (labeled as XCP, but, oddly, our disc had no protection)

Several other Sony-BMG CDs are protected with a different copy-protection technology, sourced from SunnComm, including:

My Morning Jacket, Z

Santana, All That I Am

Sarah McLachlan, Bloom Remix Album

This is not a complete list. So how do you recognize other XCP-laden CDs in the wild?

full article here:


heres a little more to the story Ijust found:

There’s more to the story than rootkits, however, and that’s where I think Sony is missing the point. As I’ve pointed out in press interviews related to the post, the EULA does not disclose the software’s use of cloaking or the fact that it comes with no uninstall facility. An end user is not only installing software when they agree to the EULA, they are losing control of part of the computer, which has both reliability and security implications. There’s no way to ensure that you have up-to-date security patches for software you don’t know you have and there’s no way to remove, update or even identify hidden software that’s crashing your computer.

The EULA also makes no reference to any “phone home” behavior, and Sony executives are claiming that the software never contacts Sony and that no information is communicated that could track user behavior. However, a user asserted in a comment on the previous post that they monitored the Sony CD Player network interactions and that it establishes a connection with Sony’s site and sends the site an ID associated with the CD.

I decided to investigate so I downloaded a free network tracing tool, Ethereal, to a computer on which the player was installed and captured network traffic during the Player’s startup. A quick look through the trace log confirmed the users comment: the Player does send an ID to a Sony web site. This screenshot shows the command that the Player sends, which is a request to an address registered to Sony for information related to ID 668, which is presumably the CD’s ID:

In response the Sony web site reports the last time a particular file was updated:

I dug a little deeper and it appears the Player is automatically checking to see if there are updates for the album art and lyrics for the album it’s displaying. This behavior would be welcome under most circumstances, but is not mentioned in the EULA, is refuted by Sony, and is not configurable in any way. I doubt Sony is doing anything with the data, but with this type of connection their servers could record each time a copy-protected CD is played and the IP address of the computer playing it.

The media has done a great job of publicizing this story, which has implications that extend beyond DRM to software EULAs and disclosure, and I hope that the awareness they’re creating will result in Congressional action. Both the software industry and consumers need laws that will clearly draw lines around acceptable behaviors.

complete article here:


Last bit for tonight… will keep an eye on it tho!

Sony-BMG Rootkit: EFF Collecting Stories, Considering

EFF is collecting stories from EFF members and supporters who
have purchased Sony-BMG CDs that contained the rootkit copy
protection software. We’re considering whether the effect on
the public, or on EFF members, is sufficiently serious to
merit EFF filing a lawsuit.

If you satisfy the following criteria, we would like to hear
from you:

  1. You have a Windows computer;

  2. First 4 Internet’s XCP copy protection has been installed
    on your computer from a Sony CD (for more details, see our
    blog post referenced above or the SysInternals blog,

  3. You reside in either California or New York; and

  4. You are willing to participate in litigation.

We have not made a final decision about filing any legal
action, but we would like to hear from music fans who have
been harmed by the Sony-BMG rootkit copy protection
technology. Please contact for more


alittle newer info:

  1. Why isn’t Sony publicizing the uninstall link on their site in any way?

  2. Why do you have to tell Sony twice that you want to uninstall?

  3. Why is the email with the uninstall link labeled confidential?

  4. Why does Sony generate a unique uninstall link for each computer?

Sony has left us to speculate, but under the circumstances the answer to all these questions seems obvious: Sony doesn’t want customers to know that there’s DRM software installed on their computers and doesn’t want them to uninstall it if they somehow discover it. Without exaggeration I can say that I’ve analyzed virulent forms of spyware/adware that provide more straightforward means of uninstall.

For those readers that are coming up to speed with the story, here’s a summary of important developments so far:

-The DRM software Sony has been shipping on many CDs since April is cloaked with rootkit technology:

-Sony denies that the rootkit poses a security or reliability threat despite the obvious risks of both

-Sony claims that users don’t care about rootkits because they don’t know what a rootkit is.

-The installation provides no way to safely uninstall the software

-Without obtaining consent from the user Sony’s player informs Sony every time it plays a “protected” CD.

-Sony has told the press that they’ve made a decloaking patch and uninstaller available to customers, however this still leaves the following problems:

-There is no way for customers to find the patch from Sony BMG’s main web page

-The patch decloaks in an unsafe manner that can crash Windows, despite my warning to the First 4 Internet developers.

-Access to the uninstaller is gated by two forms and an ActiveX control.

-The uninstaller is locked to a single computer, preventing deployment in a corporation.

Consumers and antivirus companies are responding:

  • F-Secure independently identified the rootkit and provides information on its site.

  • Computer Associates has labeled the Sony software “spyware”

  • A lawfirm has filed a class action lawsuit on behalf of California consumers against Sony

  • ALCEI-EFI, an Italian digital-rights advocacy group, has formally asked the Italian government to investigate Sony for possible Italian law violations.

full article here:


I read that some antivirus companies are already considering it a virus and detected and deleting it. Apparently it opens a hole in your computer that could be exploited by other viruses.



It is true that this opens a security hole in your computer, new viruses have already been detected that are using the rootkit technology to cloak themselves, heres the latest article:

Sony: No More Rootkit - For Now

There have been several significant developments in the Sony DRM story since my last post. The first is that, despite Sony’s and First 4 Internet’s claims that their rootkit poses no security risk, several viruses have been identified in the wild that exploit the cloaking functionality provided by the rootkit. Besides F-Secure and Computer Associates, most antivirus companies were slow to label the Sony rootkit as a risk. But the discovery of viruses that use the rootkit to hide files has caused many to identify and disable the rootkit in their latest scanning signatures. My guess is that they were waiting for an actual security threat to shield them from a potential problem with Sony. For example, Microsoft initially responded cautiously when questioned about its position on Sony’s use of rootkits, but Jason Garms, a member of the Microsoft Windows Defender team (formerly Microsoft Antispyware), announced in the Windows Defender blog this weekend that Microsoft is also releasing signatures and a cleaner for the rootkit.

While I’m glad that the viruses have resulted in continuing media coverage of the story, the viruses being discussed in the media are not really the primary security issue. The viruses simply take advantage of the Sony rootkit if it’s present, but could just as easily install their own rootkit to hide their presence on the system. If a user activating the virus, which is transmitted as an email attachment, is running with administrator privileges, the virus can install a kernel-mode rootkit just as powerful as Sony’s. But even if the virus is activated from a non-administrator account it can install a less powerful, though still effective, user-mode rootkit. The bottom line is that it’s not rootkits themselves that are the problem; it’s the inability to manage the objects that they hide that creates security, reliability and manageability problems.

I’m not the only one that realizes the dangers of rootkits, especially those bundled with commercial software. On Friday, the US Chamber of Commerce co-sponsored a conference in Washington, D.C. on combating intellectual property theft. The conference concluded with a panel that included major representatives of the entertainment and technology industries such as the chairman and chief executive officer of the Recording Industry Association of America (RIAA) and Stewart Baker, the assistant secretary for policy in the Department of Homeland Security. Baker concluded with a comment aimed squarely at Sony: “It’s very important to remember that it’s your intellectual property – it’s not your computer. And in the pursuit of protection of intellectual property, it’s important not to defeat or undermine the security measures that people need to adopt in these days.”

full article here:


Microsoft gives us a little update on the BMG/Sony rootkit:

Microsoft: Sony Rootkit’s Gotta Go

By Gregg Keizer Courtesy of TechWeb News

Microsoft’s security tools will be updated to detect the controversial Sony BMG copy protection software installed on PCs when some audio CDs are played, the software giant said over the weekend.
The Redmond, Wash.-based developer joins other security vendors – including some which acted a week earlier – to label the copy protection as spyware.

“We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta,” wrote Jason Garms, the group program manager for Microsoft’s anti-malware team, on his blog Saturday.

“Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems,” added Garms.

Microsoft plans to update Windows AntiSpyware, it’s stand-alone spyware sniffer, and Windows Live Safety Center, a free online anti-virus service it launched earlier this month. No date was given for the availability of either update.

Next month, Microsoft will also add the Sony rootkit to the worms, Trojans, and viruses detected and deleted by Windows Malicious Software Removal Tool, which is updated and re-issued the second Tuesday of each month.

Sony’s copy-protection scheme has been under fire since the month began, with security researchers and vendors blasting Sony for using the rootkit, which could be used by attackers to hide malicious code. At least two Trojan horses using the Sony rootkit for just that purpose have been spotted.

full article here:


Heres the lastest :

Sony BMG Music Entertainment is pulling its copy-protected audio CDs, which have caused a firestorm of consumer protest.
By Alexander Wolfe

Sony BMG Music Entertainment is pulling the copy protected CDs which have caused a firestorm of consumer protest.
In a statement on its Web site, Sony said customers who’ve already purchased the discs can exchange them, and remaining inventory will be pulled.

“We share the concerns of consumers regarding these discs, and we are instituting a program that will allow consumers to exchange any CD with XCP software for the same CD without copy protection,” the Sony statement said. “We also have asked our retail partners to remove all unsold CDs with XCP software from their store shelves and inventory. We will make further details of this program available shortly.”

Sony’s copy-protection scheme has been under fire since early November, when security researchers began blasting Sony for using a rootkit as the core of its protection software. That rootkit installed software unbeknownst to users, which could be exploited by attackers to install and hide malicious code on any PC playing the discs.

“We deeply regret any inconvenience this may cause our customers and we are committed to making this situation right,” the Sony statement continued. “It is important to note that the issues regarding these discs exist only when they are played on computers, not on conventional, non-computer-based CD and/or DVD players.”

full article here :;jsessionid=5O3AWSXE4OO0GQSNDBGCKHSCJUMEKJVN?articleID=174300104


More bad news on the other company dealing out DRM for Sony/BMG:

Not Again! Uninstaller for Other Sony DRM Also Opens Huge Security Hole
Thursday November 17, 2005 by J. Alex Halderman

I have good news and bad news about Sony’s other CD DRM technology, the SunnComm MediaMax system. (For those keeping score at home, Ed and I have written a lot recently about Sony’s XCP copy protection technology, but this post is about a separate system that Sony ships on other CDs.)

I wrote last weekend about SunnComm’s spyware-like behavior. Sony CDs protected with their technology automatically install several megabytes of files without any meaningful notice or consent, silently phone home every time you play a protected album, and fail to include any uninstall option.

Here’s the good news: As several readers have pointed out, SunnComm will provide a tool to uninstall their software if users pester them enough. Typically this requires at least two rounds of emails with the company’s support staff.

Now the bad news: It turns out that the web-based uninstaller SunnComm provides opens up a major security hole very similar to the one created by the web-based uninstaller for Sony’s other DRM, XCP, that we announced a few days ago. I have verified that it is possible for a malicious web site to use the SunnComm hole to take control of PCs where the uninstaller has been used. In fact, the the SunnComm problem is easier to exploit than the XCP uninstaller flaw.

To be clear, the SunnComm security flaw does not apply to the software that ships on CDs, but only to the uninstaller that SunnComm distributes separately for removing the CD software. So if you haven’t used the uninstaller, you’re not vulnerable to this flaw and you don’t need to do anything.

If you visit the SunnComm uninstaller web page, you are prompted to accept a small software component—an ActiveX control called AxWebRemoveCtrl created by SunnComm. This control has a design flaw that allows any web site to cause it to download and execute code from an arbitrary URL. If you’ve used the SunnComm uninstaller, the vulnerable AxWebRemoveCtrl component is still on your computer, and if you later visit an evil web site, the site can use the flawed control to silently download, install, and run any software code it likes on your computer. The evil site could use this ability to cause severe damage, such as adding your PC to a botnet or erasing your hard disk.

You can tell whether the vulnerable control is installed on your computer by using our AxWebRemoveCtrl detector.

full article here:


here is a larger list of the Infected Disks that Sony has released:

CD’s Containing XCP Content Protection Technology

Note: We will shortly be releasing new versions of these titles without the XCP software. You therefore need to check this list for both the name of the album and the item number (which can be found on the spine of the CD). If the item number is not listed below, your CD does not contain XCP content protection.

A Static Lullaby
Faso Latido



Art Blakey
Drum Suit

The Bad Plus
Suspicious Activity?

Bette Midler
Sings the Peggy Lee Songbook

Billy Holiday
The Great American Songbook

Bob Brookmeyer
Bob Brookmeyer & Friends

Buddy Jewell
Times Like These

Burt Bacharach
At This Time

Celine Dion
On Ne Change Pas


Chris Botti
To Love Again

The Coral
The Invisible Invasion

Cyndi Lauper
The Body Acoustic

The Dead 60’s
The Dead 60’s

Deniece Williams
This Is Niecy

Dextor Gordon
Manhattan Symphonie

The Essential Dion

Earl Scruggs
I Saw The Light With Some Help From My Friends


Emma Roberts
Unfabulous And More: Emma Roberts

Flatt & Scruggs
Foggy Mountain Jamboree

Frank Sinatra
The Great American Songbook

Live In Tokyo

George Jones
My Very Special Guests

Gerry Mulligan

Horace Silver
Silver’s Blue

Jane Monheit
The Season

Jon Randall
Walking Among The Living

Life Of Agony
Broken Valley

Louis Armstrong
The Great American Songbook

Mary Mary
Mary Mary

Montgomery Gentry
Something To Be Proud Of: The Best of 1999-2005

Natasha Bedingfield

Neil Diamond
12 Songs


Our Lady Peace
Healthy In Paranoid Times

Patty Loveless
Dreamin’ My Dreams

Pete Seeger
The Essential Pete Seeger

Ray Charles

Rosanne Cash

Rosanne Cash
King’s Record Shop

Rosanne Cash

Shel Silverstein
The Best Of Shel Silverstein

Shelly Fairchild

Susie Suh
Susie Suh

Nothing Is Sound

Teena Marie

Trey Anastacio

Van Zant
Get Right With The Man

Vivian Green

Note: Two titles, Ricky Martin’s “Life” and Peter Gallagher’s “7 Days in Memphis” were released with a content protection grid on the back of the CD packaging but XCP content protection software was not actually included on the albums.

source site here:


Special announcment to be made on Monday by the EFF:

  • Announcement Monday on EFF’s Plans re: Sony BMG

The Electronic Frontier Foundation (EFF) will have an
announcement on Monday about EFF’s plans regarding the
First4Internet XCP software and the SunnComm MediaMax
software that Sony BMG included in 24 million copies of their
music CDs. The software has affected the computers of
unsuspecting customers when they used their CDs on computers
running the Windows operating system.

I Will post the Info as soon as it becomes available Monday!!!


More here:

November 18, 2005


New York, NY - November 18, 2005 - SONY BMG Music Entertainment today announced the commencement of a mail-in program through which consumers can exchange compact discs (CDs) containing XCP content protection software for a replacement version of the same CD without the XCP software, in addition to receiving MP3 files of that CD.

XCP content protection software is included on 52 SONY BMG titles. Further information about the exchange program, including an FAQ for consumers about XCP technology and a list of titles may be found at the website dedicated to providing consumers with information on this subject,

Consumers can also download a software update from SONY BMG’s website at This update addresses the security vulnerabilities associated with XCP software.

In addition to consulting the list of titles at the website, consumers can identify titles with XCP content protection by checking the back of the CD packaging. If there is a black and white table with the words “Compatible With”, and if the URL in that table ends with the letters “XCP” (, that indicates the disc contains the XCP software.

Information on the CD Exchange Program
Consumers who wish to exchange their XCP content protected CDs or also receive MP3 files of the titles in addition to their replacement CDs should visit for a list of titles and versions, specific instructions and shipping information. There will be no charge to consumers for shipping in either direction.


As promised , here’s the EFFs’ announcement :

November 21, 2005
EFF Files Class Action Lawsuit Against Sony BMG
Company Should Repair Damage to Customers Caused by CD Software

The Electronic Frontier Foundation (EFF), along with two leading national class action law firms, today filed a lawsuit against Sony BMG, demanding that the company repair the damage done by the First4Internet XCP and SunnComm MediaMax software it included on over 24 million music CDs.

EFF is pleased that Sony BMG has taken steps in acknowledging the security risks caused by the XCP CDs, including a recall of the infected discs. However, these measures still fall short of what the company needs to do to fix the problems caused to customers by XCP, and Sony BMG has failed entirely to respond to concerns about MediaMax, which affects over 20 million CDs – ten times the number of CDs as the XCP software.

“Sony BMG is to be commended for its acknowledgment of the serious security problems caused by its XCP software, but it needs to go further to regain the public’s trust,” said Corynne McSherry, EFF Staff Attorney. “It is unconscionable for Sony BMG to refuse to respond to the privacy and other problems created by the over 20 million CDs containing the SunnComm software.”

The suit, to be filed in Los Angeles County Superior court, alleges that the XCP and SunnComm technologies have been installed on the computers of millions of unsuspecting music customers when they used their CDs on machines running the Windows operating system. Researchers have shown that the XCP technology was designed to have many of the qualities of a “rootkit.” It was written with the intent of concealing its presence and operation from the owner of the computer, and once installed, it degrades the performance of the machine, opens new security vulnerabilities, and installs updates through an Internet connection to Sony BMG’s servers. The nature of a rootkit makes it extremely difficult to remove, often leaving reformatting the computer’s hard drive as the only solution. When Sony BMG offered a program to uninstall the dangerous XCP software, researchers found that the installer itself opened even more security vulnerabilities in users’ machines. Sony BMG has still refused to use its marketing prowess to widely publicize its recall program to reach the over 2 million XCP-infected customers, has failed to compensate users whose computers were affected and has not eliminated the outrageous terms found in its End User Licensing Agreement (EULA).

The MediaMax software installed on over 20 million CDs has different, but similarly troubling problems. It installs files on the users’ computers even if they click “no” on the EULA, and it does not include a way to fully uninstall the program. The software transmits data about users to SunnComm through an Internet connection whenever purchasers listen to CDs, allowing the company to track listening habits – even though the EULA states that the software will not be used to collect personal information and SunnComm’s website says “no information is ever collected about you or your computer.” If users repeatedly requested an uninstaller for the MediaMax software, they were eventually provided one, but they first had to provide more personally identifying information. Worse, security researchers recently determined that SunnComm’s uninstaller creates significant security risks for users, as the XCP uninstaller did.

“Music fans shouldn’t have to install potentially dangerous, privacy intrusive software on their computers just to listen to the music they’ve legitimately purchased,” said EFF Legal Director Cindy Cohn. “Regular CDs have a proven track record – no one has been exposed to viruses or spyware by playing a regular audio CD on a computer. Why should legitimate customers be guinea pigs for Sony BMG’s experiments?”

“Consumers have a right to listen to the music they have purchased in private, without record companies spying on their listening habits with surreptitiously-installed programs,” added EFF Staff Attorney Kurt Opsahl, “Between the privacy invasions and computer security issues inherent in these technologies, companies should consider whether the damage done to consumer trust and their own public image is worth its scant protection.”

Both the XCP and MediaMax CDs include outrageous, anti-consumer terms in their “clickwrap” EULAs. For example, if purchasers declare personal bankruptcy, the EULA requires them to delete any digital copies on their computers or portable music players. The same is true if a customer’s house gets burglarized and his CDs stolen, since the EULA allows purchasers to keep copies only so long as they retain physical possession of the original CD. EFF is demanding that Sony BMG remove these unconscionable terms from its EULAs.

The law firms of Green Welling, LLP, and Lerach, Coughlin, Stoia, Geller, Rudman and Robbins, LLP, joined EFF in the case. Sony BMG is also facing at least six other class action lawsuits nationwide and an action by the Texas Attorney General. EFF looks forward to representing the voice of digital music fans in the resolution of these disputes between Sony BMG and consumers.

original article here:


Texas is also suing Sony over this foul-up.



If anyone would care to read the full complaint against Sony/BMG , here is the link! :


Caklling all California Wooters! please read this!

  • Action Alert: Tell California to Investigate Sony’s DRM

The discovery of dangerous software installed on Sony BMG CDs
in the name of digital rights management (DRM) has sparked
global outrage. Numerous lawsuits have been filed, including
one by EFF.

But Sony BMG is not only in trouble with customers and
artists over its DRM scandal. Sony BMG has also run afoul of
various state consumer protection laws. In Texas, the
Attorney General is pursuing a case against the company under
that state’s anti-spyware legislation. New York’s Elliot
Spitzer is said to be considering action after uncovering
that Sony did not do an adequate job of recalling infected
CDs from that state, calling Sony’s dithering “unacceptable.”

Here in California, our Attorney General has not yet taken
action against Sony BMG. The Attorney General’s Office says
that they’ve not heard many complaints from disgruntled
California citizens.

Hmm. Are any of you out there? Are any of you mad about what
Sony BMG is doing to your computers? We thought so.

California’s Attorney General takes complaints from members
of the public online. You don’t need to have bought an
infected Sony BMG CD. Just let the Attorney General’s office
know that you’re upset with what Sony BMG did, that you think
what they did harmed Californian consumers, and that you
think the company’s practices should be investigated.

Be sure to let the Attorney General’s office know if:

  • You bought an XCP CD, and you’re angry it installed a
    rootkit on your machine and made it vulnerable to compromise
    by other malicious software.

  • You bought a SunComm MediaMax CD, and you’re mad that it
    breaches your privacy by calling home and that it installs
    files without your permission, before you even click on an

  • You bought either type of CD and want to complain that
    Sony BMG’s EULA tricked you into agreeing to outrageous
    conditions to which no reasonable person would agree (such as
    the requirement to give up ownership of your music in the
    event of bankruptcy).

  • You’re a music fan who has noticed that weeks after Sony
    first heard of the problems with its software, its dangerous
    CDs are still on the shelves–even after the company publicly
    announced a mass recall.

After you’ve filled in the consumer complaints form, mail us
at and let us know what you told the AG. We’d
like to know how you feel about Sony BMG’s actions–and the
company’s continuing inaction.

The California Attorney Generals’ Consumer Complaint Form: