Premature Victory Declaration?

Premature Victory Declaration?

  • Comments 1
  • Likes
Two weeks ago I declared victory in what the media is now referring to as the “Sony rootkit debacle”, but now I’m wondering if I jumped the gun. It turns out that the CDs containing the XCP rootkit technology are still widely available, there’s still no sign of an uninstaller, and comments made recently by the president of the Recording Industry Association of America (RIAA) make it clear that the music industry is still missing the point.

I declared my victory a few hours after Sony announced that it would withdraw the somewhere between 2 and 5 million (the number varies depending on the source) infected CDs that are on store shelves. However, even close to two weeks later it’s obvious that Sony has done little to advertise to store owners, even larger chains, that a recall is in place. They were present in stores in the Austin, Philadelphia and Chicago areas And as of last week Eliot Spitzer, the Attorney General of New York State, reports that his investigators found them in the New York City area. Many store clerks were unaware that a withdrawal had even been ordered.

At the same time that Sony announced the recall it also withdrew the flawed DRM-software uninstaller it had posted and its statement to the public dated November 18, which is still posted, they promise “We will shortly provide a simplified and secure procedure to uninstall the XCP software if it resides on your computer.” That was two weeks ago and still there’s no uninstaller. I could write an uninstaller in an hour based on my own research of the software without access to the source code. They have source code and an existing uninstaller. I find the delay utterly inexcusable.

As for notifying consumers of the problem, Ben Edelman has researched the phone-home behavior of the Sony Player software that comes on the CDs and found that, if it wanted, Sony could inform every infected customer that a recall is in place. That they haven’t taken advantage of that is particularly telling.

Besides the various comments and actions Sony has made it’s obvious that they didn’t, and still don’t, understand the issues they’ve raised from the perspective of their customers. The president of the RIAA, Cary Sherman, held a question and answer session with college journalists on November 18, just after Sony announced the recall, where he had this to say about Sony’s actions:

The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware. They have apologized for their mistake, ceased manufacture of CDs with that technology,and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?

First, Sony never admitted to or apologized for making a mistake, they expressed “regret” for “any inconvenience” they caused customers. Second, Sherman overlooks the fact that more than a security vulnerability, the Sony software actively hides from customers, is not uninstallable, and sends information to Sony servers without disclosure or consent, not to mention Sony’s subsequent behavior with respect to the onerous multistep uninstall request procedure. Does he consider that behavior “responsible”? And I wonder if he still agrees that Sony’s withdrawal and uninstaller development efforts are “aggressive”? My guess is that he would, despite the evidence to the contrary.

Perhaps the strongest evidence of Sony’s own confused view of their actions is their response when F-Secure, a Finnish antivirus company, contacted them about the rootkit a month before I initially blogged about it. Business Week has an article on the inside story that documents Sony’s attempt, which it appears my blog post foiled, to sweep the whole thing under the rug.

Sony’s day of reckoning is coming, however. Last week my home state of Texas filed a law suit in civil court that charges Sony with violations of an antispyware law that the Texas legislature passed in September. How many violations? Several thousand since each Texas consumer that’s installed the XCP software counts as a violation. If Texas gets the $100,000 per violation that they are asking for, the maximum fine under the new law, Sony will feel some real pain. If you haven’t seen the news conference where Greg Abbott, the Attorney General of Texas, announces the suit I recommend you do: “Sony, don’t mess with Texas computers!”

And that’s just one law suit. There are still pending class action suits in several states, including one filed last week by the Electronic Frontier Foundation (EFF), Eliot Spitzer may file suit on behalf of New York consumers, and I’m serving as an expert for New York attorney Scott Kamber in the national class action suit.

Like I’ve said before, I hope things don’t end when the suits end, but that there’s some lasting policy change to the way that software installations disclose their effect on our computers. Would this have been the mainstream story it’s become if the Sony XCP EULA disclosed somewhere deep within it that hidden software would be installed and that the player would contact Sony’s site with a CD identifier so as to obtain banner information? I’m afraid that, while just as unethical, that behavior would be legal in most states, even ones with spyware laws. Are we okay with that?

Finally, here’s a funny comic related to the story (my apologies to Celine Dion fans...never mind).

Originally by Mark Russinovich on 11/30/2005 3:48:00 PM
Migrated from original

# re: Premature Victory Declaration?

So Sony was hoping you would just go away since you "won." Again, just like the initial uninstaller, the declaration of a mistake was for the media, and the real uninstaller and recall have yet to be seen.

Oh well, the level of effort that they put forward to remedy the situation, not the amount of press releases they posted, will be a factor in their upcoming trials (but I don't think they really are concerned...)

Thanks again Mark for staying on top of Sony. Just a friendly reminder now that the Christmas shopping season is well under way: stay WELL CLEAR of Sony.

11/30/2005 4:34:00 PM by Schlice
# re: Premature Victory Declaration?

From a quick look around this weekend, the word is getting out to some retailers but not others. Borders has removed all the titles from their shelves. Target still has some titles on the shelves but has marked them in their database as recalled; if you try to buy one they are supposed to tell you it's recalled and not sell it. Best Buy was clueless about the recall and still selling all the titles.

I don't know how much of this is Sony and how much is the retailers, but Sony surely has the ability to let those retailers know it's important to move quickly. As Ben Edelman observed, they also can let every affected user know about it using their own software. Perhaps that will be one of the outcomes of the settlement that Texas gets. New York looks to be getting into the action with Eliot Spitzer getting annoyed with Sony's behavior as well.

11/30/2005 5:00:00 PM by dave
# re: Premature Victory Declaration?

What's more, they were apparently planning on doing something like this by themselves, even if you hadn't discovered the rootkit and publicized it. So it's all going according to plan.

11/30/2005 7:49:00 PM by anonymous
# re: Premature Victory Declaration?

So do you think that the stores that fail to remove the CDs should also be held accountable after a certain time? At what point does the seller as well as the maker become liable for selling and distributing a product that allegedly breaks the law? Allegedly because one is innocent till proven guilty in court.

It would seem that Sony is waiting to see what happens in court. Why spend more money and try to offer tools to remove their program if there's a chance the courts will rule in their favor. If Sony loses, then offer the software tools and pull the CDs. Doing it now won't stop the lawsuits.

11/30/2005 10:48:00 PM by spidy2
# re: Premature Victory Declaration?

It looks like more woes for Sony today in the form of disappointing second quarter results where a reported whopping %46 drop in net profit was shown over the last year.
Obviously this does not reflect any negative impact yet from the revelations brought forth in this blog, so it does clearly show that this company can ill afford a PR fiasco on the scale that they are tempting right now. Their behavior regarding the poor follow through and lack of good faith in providing an uninstaller for their spyware and getting these disks off the shelves seems reckless and naive given the easily proven and significant damages that can happen to any computer affected by their underhanded and sloppy code - coupled with the apparent determination of some high profile attorneys general of various states to bring them to account. Customers like myself who are angry at Sony about this issue will likely abandon the wide range of other Sony products like Playstations.

12/1/2005 12:07:00 AM by webdonkey
# re: Premature Victory Declaration?

Ok, keep up the good work, it sounds great lol

12/1/2005 2:03:00 AM by fontier
# re: Premature Victory Declaration?

It is amazing that F-Secure was upset that people thought they were stealing Mark's work. The reality was far worse: F-Secure was sitting on the story for a month to appease Sony:
"F-Secure decided against going public, but blogger Russinovich, who had found the XCP problem on his own, felt no such restraint. 'I felt this was an issue that would be best addressed more quickly and thoroughly if handled in a public forum,' he says. 'I accomplished what I set out to do, which was raising awareness.'"

You *rock* Mark!!

12/1/2005 2:14:00 AM by Miles
# re: Premature Victory Declaration?

Do people really sues Sony ?

12/1/2005 2:24:00 AM by sway
# re: Premature Victory Declaration?

Admittance of ignorance to the problem is still best fitted as an excuse although it might have been quite troublesome to many people.

But will such an damage be able to kill such a global business ? I am expecting a true answer at the end of the journey.

12/1/2005 2:37:00 AM by Janetor
# re: Premature Victory Declaration?

Wow, it really feels great to not do something.

My Sony 5-CD changer died last week. I replaced it with a non-Sony brand.

I'm buying a desktop and the VAIO was one of three under consideration. No more.

I own a Sony F717 camera and will be replacing it by February with a Canon or Olympus.

Bye bye Sony.

12/1/2005 3:23:00 AM by ws
# re: Premature Victory Declaration?

Mark's decision to go public was the right one. But I doubt he'd be too eager to blame F-Secure. Some other AV companies seem to have cut Sony much more slack. Some, indeed, even after agreeing to uncloak the software, still seem to be taking the view that this was all a rather regrettable hole in otherwise "legitimate" software and are using weasel words like "ineptware". AFAICT F-Secure has never taken the view that the software was unproblematic in itself. Their failing seems to have been the assumption that Sony would be keen to put right without delay what its subcontractor had done. With hindsight, that was a very naive assumption.

Something else to have come out of all the publicity around this: it's been pointed out that Sony has previously been found guilty of price-fixing and of payola. I didn't know; and I doubt many people did. I think that, together with their deliberate foot-dragging over XCP (and Mediamax) is a clear demonstration that they have little regard for ethics or legality.

Bad Sony

12/1/2005 5:05:00 AM by Damian
# re: Premature Victory Declaration?

Microsoft Antispyware now detects and removes the rootkit it seems.

More here:

12/1/2005 5:17:00 AM by cluelessdrifting
# re: Premature Victory Declaration?

Is it just me, or does it seem that Sony is trying to pin this on First4Internet. It looks like they're going to try for the "I didn't know!" defense. It also seems that from this statement: "Security experts say within a week of Russinovich's revelations, hackers had produced viruses designed to exploit the software. Sony's patch was available by then, and there have been no reports of a virus outbreak.", that they will try to blame the virus stuff on Mark. Very subtly they are saying that if Mark kept quiet, no-one would have been vulnerable. What a crock! But what else would you expect from a company that's in bed with Bertelsmann Germany. These are the same guys that runs Random House publishers and stole ideas from another writer and sold it as their own. (

It does seem that for all the good that Mark's revelation did, Sony is still trying to squirm their way out of this by blaming other people. Hopefully the court cases will not be dropped in favour of measly settlements and Sony will be made to bear the brunt of their blunder. Although, it is difficult to fathom what would restore our (the consumers) trust in this company and in copy protection initiatives in the future.

12/1/2005 6:16:00 AM by Kodewulf
# re: Premature Victory Declaration?

We cannot boycott FBI for not going after Sony maleware, like they would for a common person spreading bit for bit the same virus.

We cannot boycott Congress/parliament.

We cannot boycott the Constitution, even that it appears some special interest groups are above the law.

What I already do is
- Stop watching CNN, for not revealing the important stories, this is what I do 10 years now ...

- Don't buy anything Sony. Teach others to do the same.

12/1/2005 11:27:00 AM by Enough
# re: Premature Victory Declaration?

This post has been removed by the author.

12/1/2005 11:35:00 AM by Tom
# re: Premature Victory Declaration?

Looking on the bright side of this, Texas has the death penalty. ;-)

12/1/2005 11:35:00 AM by Tom
# re: Premature Victory Declaration?

Does anyone know if any investigation has been done do see if Sony is also packaging this same rootkit software with the software that ships and gets installed with its DVD & CD RW burners?

This seems like a simple packaging effort that Sony could do which would also be totally unnoticed when the burner software gets installed.

12/1/2005 11:36:00 AM by fluteman
# re: Premature Victory Declaration?

Is anyone else under the impression that the software is on many more than the 50 or so CDs that Sony has admitted to? From what I am seeing on the network, the rootkit seems to be far too widespread to be attributed to a few lesser-known artists and other crappy ones. Either that, or music taste has taken a huge downward turn as well.

12/1/2005 12:00:00 PM by emptybeerkann
# re: Premature Victory Declaration?

My Hero,
You can relax. The last thing that a faltering company would do is to recall their products. Why would they do something like then when they want to shut shop and flee? Just wait and see how they commit hara-kiri. As of now I've stopped watching TV channels in which Sony has a stake - just to rub in my point.

12/1/2005 12:01:00 PM by The Prince Of Lightning
# re: Premature Victory Declaration?

Which channels does Sony have a stake in? I learned too late that a movie I took the kids to benefited the Sued Out of New York (S.O.N.Y.) crowd. I did pass by a boom box that was perfect for the need to buy a Curtis which was merely adequate, but find myself wondering if there are any other brand names that ultimately mean money to SONY? Any help on this is appreciated.

Someone should start a blog listing which channels and products and movies are on the black list. I don't have time for the research, or I'd do it myself.

Thanks, Mark, for standing by your guns on this. I am finding that the hardest part of this is explaining just how sick and wrong this is to people with no tech understanding. As soon as I get it right, I'll post the results....

12/1/2005 12:47:00 PM by Donosaur
# re: Premature Victory Declaration?

Anti-DRM Protest Part II in NYC

12/1/2005 3:43:00 PM by Enough
# re: Premature Victory Declaration?

In what way you discover Sony malware ?

Many of the people I know of understand how to hack people's computers and crack software.

Anyway, it's kind of teh so called development... Enjoy and good luck!

12/1/2005 3:48:00 PM by Lupor
# re: Premature Victory Declaration?

One thing I'm confused about, and maybe you know more. I noticed the CD protected label on a Foo Fighters CD I was looking at on Amazon. I did a google search to find out what that meant and came up with all this Sony stuff. I noticed, though, that on the list of Sony CDs containing the software, that disk is not listed. Is it because a different company, and not just Sony is doing it? Is this because that CD has a different software but still a 'anti piracy' software? Or did Sony not list all the CDs affected?

12/1/2005 4:01:00 PM by Joanne
# re: Premature Victory Declaration?

Thanks Mark, you are so good.;-) bringing up such a story is always good, keep up the good work. Yeh yeh

12/1/2005 6:01:00 PM by Mark Kemble
# re: Premature Victory Declaration?

joanne wrote:
"One thing I'm confused about... Foo Fighters CD... that disk is not listed"

I understand your confusion...

Welcome to Sony's eternal reign of deception and denial. What you ran into was the other brand of Sony malware... and I hope you didn't put it in your PC.

The original uproar was triggered by Mark's discovery about the F4I's XCP malware that Sony commissioned for some of its CD's.

What you have on the Foo Fighters CDs is Sony's other brand of malware: Sunncomm's MediaMax. The one that lies to you and installs even if you decline the EULA.

General question to the average
Windows user:

Did you ever put any of the following CDs into your Windows PC? Did you accept or decline the EULA when it
popped up?

It does not matter if you did or not.

The Sony malware on the CD was already secretly INSTALLED and RUNNING while you looked
at the EULA.

It REMAINED installed and running
regardless of whether you accepted the
EULA or declined it.

It STILL REMAINED installed and running even if you removed the Sony CD.

And it's still there on your PC.

And if, at any time therafter, you ever put another of these Sony malware infected CDs in your PC... then that secretly installed malware was written into your Windows registry and set to restart every time you turn on your computer... IN SPITE OF the user having declined it twice... and you're stuck with it.

Following is the malware CD list that Sony
hopes you don't learn about (Hint:
there's a hell of a lot more than 50
of them):


20137-(HED) PE-4 Song Sampler
439-40 Below Summer-The Mourning After
20077-Afterdark-San Francisco
20149-Afterdark-New York City
20237-Alicia Keys-Unplugged - Premium
20238-Alicia Keys-Unplugged - Standard
20247-Alicia Keys-Unplugged - Premium Canadian Release
20248-Alicia Keys-Unplugged - Standard Canadian Release
20162-Amici forever-Defined
20195-Amici forever-Defined - Canadian Release
326-Ana Victoria-Love Is All
202-Ana Victoria-3 Song Sampler
208-Ana Victoria-5 Song Sampler
10083-Angie Stone-Stone Love
268-Anthony Hamilton-Comin' From Where I'm From
20268-Anthony Hamilton-Ain't Nobody Worryin'
418-Aretha Franklin-So Damn Happy
248-Automatic Black-Automatic Black - Album Sampler
203-Automatic Black-3 Song Sampler
819-Avril Lavigne-Under My Skin
20117-Babyface-A Love Story
249-Babyface-Babyface 5 Song Sampler
20181-Babyface-Grown & Sexy
20186-Babyface-4 Song Sampler
20204-Babyface-Grown & Sexy - Canadian Release
20189-Backstreet Boys-Never Gone - Canadian Release
20183-Backstreet Boys-Never Gone
250-Bebel Gilberto-Bebel Gilberto
360-Ben Kweller-On My Way
20208-Black Rebel Motorcycle Club-Howl
20171-Blitzkrieg Pop-T. Raumschmiere
251-Blu Cantrell-Bittersweet
255-Boyd Tinsley-Boyd Tinsley
20082-Boyz II Men-Throwback
275-Brand New-Deja Entendu
20244-Brian Wilson-What I Really Want For Christmas
20258-Britney Spears-Remixed">Britney Spears - Remixed
20262-Britney Spears-Remixed - Canadian Release
309-Britney Spears-In The Zone
420-Cassidy-Split Personality (explicit)
20205-Cassidy-I'm A Hustla (Explicit) - Canadian Release
20191-Cassidy-I'm a Hustla (explicit)
20192-Cassidy-I'm a Hustla (edited)
261-Cee Lo Green-Cee Lo Green...Is The Soul Machine
20196-Charlie Wilson-5 Song Sampler
20223-Charlie Wilson-Charlie Last Name Wilson
20029-Charlotte Martin-On Your Shore
20264-Chris Brown-Chris Brown
10071-Christopher Lawrence-All Or Nothing
735-Citizen Cope-Under The Sun
20135-Clay Aiken-Merry Christmas With Love
20190-Cook Dixon Young-Volume One
20210-Cuban Link-Chain Reaction (Explicit)
20144-Cuban Link-Chain Reaction - Demo
321-da Brat-Limelite Luv & Niteclubz (Edited)
322-da Brat-Limelite Luv n Niteclubz (Explicit)
20172-Dave Matthews Band-Stand Up - Canadian Release
20161-Dave Matthews Band-Stand Up
20211-David Gray-Life In Slow Motion
20232-David Gray-Life In Slow Motion - Canadian Release
357-Death Threat-Now Here Fast!
320-Dido-Life For Rent
474-Dido-White Flag
20180-Dido-Dido Live
20273-Donell Jones-Journey Of A Gemini Sampler
237-Donell Jones-Album Sampler
20241-Donovan Banzana-Life's Code Of Ethics
267-Elvis Presley-Close Up Sampler
325-Elvis Presley-Live In Texas 1972
454-Elvis Presley-Unreleased Movie Gems
455-Elvis Presley-Unreleased Stereo Masters From The `50s
437-Elvis Presley-The Magic Of Nashville
311-Eve6-It's All In Your Head
20206-Faithless-Forever Faithless
20222-FlamBey-The Flamerous Life
20187-Foo Fighters-7 Song Sampler
20178-Foo Fighters-In Your Honor (Electric)
20179-Foo Fighters-In Your Honor (Acoustic)"
20127-Frequent Flyer-Bombay
20044-Frequent Flyer-Rio De Janeiro
353-From Zero-My So-called Life
262-Gavin DeGraw-Chariot Album Sampler
299-GOB-Foot In Mouth Disease
443-Heather Headley-this is who I am
20018-Hot Import Nights-Driving Beats
435-Ike and Tina Turner-The Early Sessions
20239-Imogen Heap-Speak for Yourself
438-In Essence-The Master Plan
305-J-Kwon-Hood Hop (Edited)
306-J-Kwon-Hood Hop (Explicit)
20074-J-Zone-A Job Aint Nuthin but Work
372-Jacksoul-PROMO - HMV value add
307-James Taylor-Hourglass
20260-Jamie Foxx-Unpredictable - THE SAMPLER
20240-Jeff Bates-Good People
20166-Jim Brickman-Grace - Canadian Release
20156-Jim Brickman-Grace
20158-Jody Sticker-5 Minutes
20182-Judd And Maggie-Subjects
20132-Kalan Porter-219 Days
20167-Kasabian-Kasabian - Canadian Release
20157-Keith Anderson-Three Chord Country And American Rock & Roll
20151-Kelis-Tasty (Edited)"
427-Kelis-Tasty (Explicit)
20145-Ken Oak-Half Step Down
20113-Kenny G-4 Song Sampler
809-Keshia Chanté-Sampler
476-Kings Of Leon-Youth And Young Manhood
20134-Kings Of Leon-Aha Shake Heartbreak
20169-Kings Of Leon-Aha Shake Heartbreak - Canadian Release
20272-Leilani Jaster-Leilani Jaster
362-Len Doolin-Once In A Lifetime
20198-Leo Kottke/Mike Gordon-Sixty Six Steps
20217-Living Things-Ahead Of The Lions
20152-Longwave-There's A Fire
20126-Los Razos-La Raza Anda Acelrada (Explicit)
354-Manmohan Waris-Nachiye Majajne
20106-Mario-Here I Go Again
20229-Maroon 5-Maroon 5 Live - Friday The 13th - Canadian Release
20225-Maroon 5-Live: Friday the 13th
20215-Mashonda-January Joy
20263-Melissa O'Neil-Melissa O'Neil - Canadian Release
20128-Moderato-Detector De Metales
20129-Moenia-Stereo Hits
310-My Morning Jacket-it still moves
20216-My Morning Jacket-Z
20174-Nathaniel Kimble-Better Get Ready
20219-Nikka Costa-Can'tneverdidnothin' - Australian Release
298-Nodesha-Get It While It`s Hot
368-North Star-Pollyanna
20125-Other-Please Detail in Question
20214-Our Lady Peace-Healthy In Paranoid Times - Candadian Release
278-Out Of Your Mouth-Draghdad
424-Ozomatli-Street Signs
20220-Paul van Dyk-Politics of Dancing 2
366-Pedro Vargas-Pedro Vargas Canta a José Alfredo Jiménez
20024-Peggy Scott-Adams-God Can And He Will
20136-Peter Cetera-You Just Gotta Love Christmas
20261-Philosopher Kings-Castles
448-Pink-Try This
20147-Play-N-Skillz-The Album Before The Album
20025-Projet Orange-4-Track Sampler
20097-Projet Orange-Megaphobe
20227-Quenga-Quenga - U.S. and New Zealand Release
808-Rachael Yamagata-Happenstance
20194-Raheem DeVaughn-The Love Experience
20014-Ray Charles-Genius Loves Company
20038-Ray LaMontagne-Trouble
20193-Richard Hawley-Cole's Corner
20197-Röyksopp-The Understanding - Australian & New Zealand Release
20030-Sak Pasé Presents Wyclef Jean-Welcome To Haiti Creole 101
20199-SalonMusique-Uptown Conditioner
20200-SalonMusique-Ultimate Relaxer
20245-Santana-All That I Am
20256-Santana-All That I Am - Canadian Release
20207-Sarah McLachlan-Bloom (Album Remix)
20138-Sarah McLachlan-Afterglow Live
235-Sarah McLachlan-Afterglow
289-Sarah Mclachlan-Fallen
20249-Say Anything-Say a Real Boy
20250-Say Anything-Say Anything...was a Real Boy
20251-Say Anything-Say a Real Boy - Canadian Release
20252-Say Anything-Say Anything...was a Real Boy - Canadian Release
20257-Shane Capone-Heated Speech
20148-Shawn Desman-Sampler - Canadian Release
20163-Shawn Desman-Back For More - Canadian Release
20120-Shawn Kane-Full Version Sampler
20188-Shawnie-The Return
20094-Silvertide-Show And Tell (Explicit)
20095-Silvertide-Show And Tell (Edited)
457-Skrape-Up The Dose
213-Sloan-Action Pact
20173-Sloan-A Sides Win: Singles 1992 - 2005 - Canadian Release
20259-Smitty-Life Of A Troubled Child (Album Advance)
20221-Soundtrack-Masters of Horror Soundtrack Sampler
20170-Soundtrack-The Cave
20159-Soundtrack-XXX: State of the Union (explicit)
20160-Soundtrack-XXX: State of the Union (edited)
20165-Sountrack-XXX: State Of The Union (Explicit) - Canadian Release
475-South-With The Tides
415-Spymob-Sitting Around Keeping Score
20201-StellaStarr*-4 Song Sampler
20203-StellaStarr*-Album Advance
20231-Stellastarr*-Harmonies For The Haunted - Canadian Release
20235-Stellastarr*-Harmonies For The Haunted
356-Steve Myland-Not Every Rhyme Has A Reason
371-Strawberry Shortcake-Premium Giveaway
20255-Suburban Tragedy-Tonight We'll Watch The Sun Come Up
20224-Syleena Johnson-Chapter 3: The Flesh
20228-Syleena Johnson-Chapter 3: The Flesh - Canadian Release
20266-T-Pain-Rappa Ternt Sanga - Explicit
20267-T-Pain-Rappa Ternt Sanga - Edited
20176-T. Raumschmiere-Blitzkrieg Pop
20177-Tazz Calhoun-It's All Good
204-Tears For Fears-3-Song Sampler
288-Tears For Fears-Everybody Loves A Happy Ending
276-Tha Rayne-Didn`t You Know
20202-The Appearance-Are We Not Entertained?
10073-The Calling-Two Copy
20168-The Chieftains-Live From Dublin; A Tribute To Derek Bell - Canadian Release
20143-The Chietains-Live From Dublin; A Tribute To Derek Bell
318-The Crystal Method-Legion of Boom
440-The Neptunes-The Neptunes Present...Clones
20142-The Residents-Animal Lover
432-The Sound Of Urchin-The Diamond
406-The Strokes-Album Advance
20269-The Strokes-First Impressions Of Earth
20213-The Trews-Den of Thieves - Canadian Release
20175-The Warlocks-Surgery
263-Theo-Chemistry...You And Me
365-Tita & Sãozinha-Papá
20133-UGK-Jive Records Presents: UGK - Chopped & Screwed
20041-Various-Relaxation: A Windham Hill Colletion
20027-Various-Urban International Sampler
245-Various-Arista Fall 2003 Sampler Promo CD
20146-Various-Down South Party Mix!
20212-Various-Elizabethtown - Songs From the Brown Hotel
20218-Various-Canadian Idols: High Notes - Canadian Release
20209-Various-2005 NARM Sampler
20226-Various-So Amazing An All Star Tribute To Luther Vandross
20230-Various-So Amazing An All-Star Tribute To Luther Vandross - Canadian Release
20242-Various-Masters Of Horror
20234-Various-Masters of Horror Radio Sampler
343-Various Artists-Music Snapshot of LG Action Sports Championship
824-Various Artists-Majestic II
828-Velvet Revolver-Contraband (Explicit)
822-Velvet Revolver-Contraband (Edited)
20130-Velvet Revolver-Bonus Material
300-Vertical Horizon-Go
277-Vue-Down For Whatever
241-Wakefield-American Made
20184-Wakefield-What Side Are You On? (explicit)
20185-Wakefield-Which Side Are You On? (edited)
363-Whitney Houston-One Wish
447-Whitney Houston-Try It On My Own
441-Wyclef Jean-The Preacher`s Son
20089-Yaga Y Makie-Clase Aparte
10077-Yogacharya Swami Kripalvanandji-Premdhara 3 & 4 - U.S. & India Release
20154-Yogacharya Swami Kripalvanandji-Premdhara 5 & 6 - U.S. & India Release
20253-Yogacharya Swami Kripalvanandji-Premdhara 7 & 8 - U.S. & India Release
20270-YoungBloodZ-Ev'rybody Know Me (Explicit)
20271-YoungBloodZ-Ev'rybody Know Me (Edited)
279-YoungBloodZ-Drankin` Patnaz
20086-Yung Wun-The Dirtiest Thirstiest (Explicit)
20087-Yung Wun-The Dirtiest Thirstiest (Edited)

12/1/2005 6:08:00 PM by zapkitty
# re: Premature Victory Declaration?

the zapkitty wrote:

"What you have on the Foo Fighters CDs is Sony's other brand of malware: Sunncomm's MediaMax. The one that lies to you and installs even if you decline the EULA."

In rearranging that rather oversized post I accidentally blanked the very important link to where the folks at Freedom To Tinker have made these and other discoveries:

My apologies to the Freedom To Tinker crew :)

12/1/2005 6:18:00 PM by zapkitty
# re: Premature Victory Declaration?

That's quite rediculous becauese I also have some sony cd's in your list of accusation, my computers are all harmless, I checked them after Mark's marvelous discovery.
I am sorry to also say that I bought these CD's I have on hand now when I visited Pensylvania long ago. They all now also work well on Apple G4.

12/1/2005 6:21:00 PM by Mark Kemble
# re: Premature Victory Declaration?

I believe that a serious possiblity exists of someone exploiting the backdoor that Sony installs. This would entail pretending to be and posting an instruction like run //
- I'm not giving any secrets away here, as any malware writer will already thought of this.

However, with the safegards in place, it's a fair bit of work to spoof Sony's location, so we may have some time before it happens. I assume the xml will then run under full admin priviledge, correct?

12/1/2005 6:29:00 PM by kgr1
# re: Premature Victory Declaration?

To expand and put zapkitty's comments in "historial context":

Mark's exposure of the XCP rootkit opened a lot of people's eyes to DRM. Consequently, Freedom-To-Tinker investigated Sony's other DRM software, which apparently does not use a rootkit, MediaMax, which is produced by SunnComm.

What was initially discovered is that MediaMax copies itself to your hard drive before before it presents you with an EULA. After the copying is complete it, the EULA is presented ; should you accept, the MediaMax driver is set to boot with Windows. If you decline, the MediaMax driver is NOT set to boot with Windows. The effect is that if you decline the EULA, MediaMax will reside on your system but not actually run itself after you reboot. Freedom-To-Tinker tested this extensively, the information it provided became part of the EFF's lawsuit.

Somebody then posted something very intriguing in the comments of Freedom-To-Tinker's post: he had declined the EULA, but somehow, MediaMax was still running. Some creative investigation found that, if you decline the EULA, and then reboot, and then re-insert your CD, MediaMax set the driver to boot with Windows. So you can decline the EULA, and then if you follow a completely normal usage pattern and re-insert the CD after reboot, you suffer the same effects as if you had accepted the EULA!

This clearly adds a lot of steam to EFF's case against MediaMax and SonyBMG.

Again, the link:

12/1/2005 10:37:00 PM by icarus
# re: Premature Victory Declaration?

Still not a lot of talk as to the alleged copyright infringement on SonyBMG's behalf regarding the use of the LAME software under the GPL or LPGL license.

The LAME guys have put out an open letter, in which they assume SonyBMG will do the right thing and let the public know what they've done.

I suspect they'll be disappointed in this respect.

12/1/2005 11:31:00 PM by Joshua Graham
# re: Premature Victory Declaration?

Confirming No Sony Recall

In spite of a warning from the U.S. Department of Homeland Security Computer Emergency Readiness Team (, some national retailers continue to sell music CDs containing the Sony 'rootkit' software. According US-CERT, this software "hides certain files from the user" and thus "can pose a security threat, as malware can take advantage of the ability to hide files."

Since Thanksgiving day I visited four national retailers of CDs in my vicinity in Massachusetts. All of them had 'rootkit' CDs available for sale. Employees at KMart, Walmart, and Circuit City were unaware of any corporate policy concerning the recall or return of these CDs. An employee of FYE stated that the company had a voluntary return policy, meaning that the customer had to initiate the return.

Note that the Sony website does not use the word 'recall' or 'return' for retail outlets. What Sony is offering is not a recall but a 'mail-in exchange'. According to

"SONY BMG is commencing a consumer exchange mail-in program whereby consumers may
return any CD containing XCP software for a replacement version of that title without the software."

There is nothing in this language to prevent Sony from giving these customers CDs with another type of copy protection software.

Sales of 'rootkit' CDs will likely continue until current stocks are exhausted. Thus many people will receive Christmas presents that will harm their computers and put the bank accounts in jeopardy. Sony seems to have no sense of corporate responsibility. It seems that Sony is more interested in its profits than the well-being of its customers.

Considering that lawsuits are being filed against Sony BMG, it seems surprising that these retailers would also expose themselves to bad publicity and possible lawsuits.

12/2/2005 4:55:00 AM by Tover van Ooteldonk
# re: Premature Victory Declaration?

As someone requested, I have come back with the website of the Sony Pictures [copyrighted trademark...blah blah]

Come on guys, lets see whether they like television and movie ratings to drop even by a few thousands !!

12/2/2005 9:57:00 AM by The Prince Of Lightning
# re: Premature Victory Declaration?

Jeff Leeds at the New York Times needs to go back to Journalism 101 regarding this so-called recall of SONY's malware-encrusted CDs. In his article today in the Times about management changes at SONY BMG labels, he noted in the very last sentence: "The turmoil is being made worse by a recent debacle in which the company was forced to recall millions of CD's with anti-piracy software. Critics say the software is invasive and a potential risk to the security of computers that play the CD's."

Hey Jeff, am I missing something here?

Who forced SONY to recall millions of CDs that are apparently still on the shelves according to every source who has looked?

It seems that as long as the larger media outlets like the Times misreport the facts behind this story, it won't cause an uproar as most of us would expect. This article makes it sound like it is all past history and SONY was forced to rectify the problem. It would be nice to see a correction, but don't hold your breath.

NYTimes article (requires free registration)

12/2/2005 11:26:00 AM by webdonkey
# re: Premature Victory Declaration?

I bought David Gray's CD "Life in Slow Motion and requested an uninstall from Sony. I just received and email from them with instructions to manually remove the file "codesupport" from the folder WINDOWS\Downloaded Program Files\ . Will this work? I have checked my computer and I do have a file called "CodeSupport Control"

12/2/2005 11:31:00 AM by The Irish Guy
# re: Premature Victory Declaration?

Reply to Webdonkey: Long before the rootkit debacle broke I observed that several newspapers and computer magazines would abstain from discussing DRM from the consumers perspective. This has included the NY Times, LA Times, and PCMagazine. PCMagazine, in fact, had a so called "article" that read like a press release that shilled the "benefits" of DRM for consumers. As you have noticed the newsmedia appears to spin the news rather than actualy report it.

12/2/2005 1:21:00 PM by srynas
# re: Premature Victory Declaration?

Mark, I think you should go ahead and make an uninstaller for everyone affected. Like you said, even with First4Internet having both the source code and a previous uninstaller to work from, they still haven't released a decent uninstaller. This speaks volumes about the programming abilities of F4I's developers. Or lack of abilities. I am confident you could make a much more decent uninstaller than Sony, judging by your first post on the rootkit. Even though I can't get affected because I have Ubuntu Linux, I have friends and relatives who are at risk of getting infected with XCP or MediaMax, so an easy uninstaller would benefit them, just in case. If Sony and F4I can't clean up their mess properly, someone else should. Until then, thanks for all you've already done for us :)

12/2/2005 2:19:00 PM by Rafterman2
# re: Premature Victory Declaration?

Mark, you wrote

Premature Victory Declaration?

Change the question mark into an exclamation! Sony must figure that they lost just a small skirmish. But in the main battle they will prevail. I predict that in a year that all of their CDs and DVDs will have copy protection software. The only way to stop that is to make a major impact on their bottom line.

Mark or somebody, please discuss a couple of issues that arise out of this XCP mess.

1. Backup.

Suppose someone backups a disk with XCP software installed.

a. If the backup program uses low level disk reads and deblocks the directory entries, it will 'see' the $sys$ file and registry entries and backup these files. If the user has to restore these files, will the system work properly?

b. If the backup program uses high level calls to access the directory, then it will not 'see' the $sys$ file and registry entries and will not back them up. Then a restore will leave the system in a state similar to what happened when Mark's CD ROM drive was disabled. Will the system work properly?

2. Does the XCP software examine the serial number of the hard disk? If one should replace a hard drive with a larger one, will the XCP software consider that to be unauthorized copying?

3. Can the copy protection be defeated by copying the music files to a flash memory like a SanDisk then copying them into another computer?

4. If two or more copy protection systems are installed on one computer, under what conditions will they clash and disrupt the computer?

5. How soon will it be before virus writers rip off Sony's cloaking software and incorporate it into their offerings, changing the file name prefix? We may soon see hidden files with names like $lol$... .

My blog is

Mark, thank you for sticking up for the little guy.

And have a merry, Sony-less Christmas.

12/2/2005 3:39:00 PM by Tover van Ooteldonk
# re: Premature Victory Declaration?

the irish guy wrote:
"I bought David Gray's CD "Life in Slow Motion" and requested an uninstall from Sony."

That's one of the CDs infected by Mediamax spyware.

the irish guy wrote:
" I just received and email from them with instructions to manually remove the file "codesupport" from the folder WINDOWS\Downloaded Program Files\ . Will this work?"

codesupport is the uninstaller that removes the the XCP malware while at the same time blowing a bigger security hole in Windows than the original XCP rootkit+spyware posed...

The Mediamax-malware uninstaller-that-is-worse-than-the-spyware-it-replaces has a different name: AxWebRemoveCtrl

Both have one thing in common... after removing the malware they stay resident on the system and will gleefully execute any malicious code that might be on any web site you visit. These things are not malware themselves... just badly designed idiotware.

the irish guy wrote:
"I have checked my computer and I do have a file called "CodeSupport Control"..."

Then presumably you were also infected by the XCP rootkit CD and asked for an uninstall... or, wait a sec, codesupport is also installed if you ever used the "update XCP malware" utility that Sony first offerd while trying to play down their crime. So if you tried to update to remove the rootkit cloaking from the XCP malware or tried to uninstall it, you got codesupport inflicted on your system.


The information you need is at

Browse back and forth to see the whole sordid story from their point of view, as they tackle different-but-very-similiar things than Mark here did.

Once you're sure you understand what happened, and know just how many different ways Sony fucked you over, then :

XCP malware uninstaller "codesupport" detection and removal.

Mediamax malware uninstaller "AxWebRemoveCtrl" detection and removal.

And remember... this only removes the botched uninstallers: they don't deal with the malware the uninstallers were intended to remove.

12/2/2005 4:13:00 PM by zapkitty
# re: Premature Victory Declaration?

The current phase of the Sony/First4 story serves as an illustration of how public relations can kill a story with rhetoric.
When the story first broke I mailed a link to a friend, recalling a conversation we'd had earlier about disc burning. My friend was recounting the applications he had accumulated for burning cds: nero, roxio, etc.
So when I saw the Sony thing on the BBC site, I thought I'd better warn my friend.
Over the weekend the story developed, and, at the start of the week, I saw my friend. I asked him if he got the email.
His response was:

"I read it. What was it about?"

And there you have it, if most folk who saw even the mainstream media version, saw nothing more than a bunch of words on the screen, its staggering to think what a really clever company could get away with. All they'd have to do is make sure any issues thrown up would take more than three-syllables to explain, and they'd bypass 75% of the worlds population.

A broader point is the willingness of the larger majority to accept more and more technological innovations into their lives without a second thought for what exactly they are inviting into their homes, and what degree of personal information they are secreting in the process.

Digital forensic analysis, as the author of the blog has trenchantly shown, is an area of rapid development. Currently, law enforcement agencies are looking to introduce digital evidence analysis into crimes that, on the surface, have little to do with computers. Comparatively speaking, law enforcement agencies have been slow off the mark.
Commercial web-sites were not so slow. Users routinely see things like cookies, auto-fill, java-script and activeX, as being there to make their web-browsing experience more intuitive. I'm not so sure they'd feel so cosy if they saw the sensitive data that can be gleaned from these little convieniences.
But then again, they are unlikely to gain the insight, because if you are unwiling to read beyond the opening sentence, you are unlikely to follow technical documentation or raw data structures.
So the headline said Sony was withdrawing the "infected" CD's. Story over. Once they withdrew the CD's that were in headline-format, they withdrew them from the minds of the headline-readers. To whom the mainstream media are in tow.

12/3/2005 5:51:00 AM by ruy_lopez
# re: Premature Victory Declaration?

A very telling insight, Ruy Lopez, and apparently quite close to the mark.

I've been telling people for ages now that we are only now starting to see the downside of this marvellous new Digital Technology we are surrounding ourselves with. From big media companies to governments, from copy protected CDs to ID cards, "Digital" has one enormous implication that the public at large have not yet grasped; control. If we are not careful we will find ourselves in a few years' time totally controlled, watched and logged by the very digital technology we own; you will not be able to walk a step, say a word or spend a penny without it going onto a database somewhere for somebody else's profit, benefit or misuse. Digital = Controllable. We are all sleepwalking into Orwell's 1984, the only difference is that Big Brother now has computers.

12/3/2005 12:47:00 PM by Elwood Herring
# re: Premature Victory Declaration?

Very overwhelming posts on the topic I have to admit, and now I am ready to step back with "Merry Christmas" to all, and surely would also enjoy myself much more when hearing cases in several other states if any.
Nothing I think would be within your concern by the way because I don't forget my Happy New Year. Period!

12/3/2005 6:47:00 PM by Double Dealer
# re: Premature Victory Declaration?

Yes, it is overwhelming, and it looks like practising book-writing skills to me too.

Hey Mark, I also like your use of word 'Digital'

12/3/2005 7:04:00 PM by Genie in Beer Cans
# re: Premature Victory Declaration?

Got to keep up if we're going to match elocution with the Sunncomm shills popping up right and left on the blogs in their vain attempts to keep their subpar penny stock from plunging further into the abyss.

But, unlike a printed book, I can make an immediate correction in this media when I learn something new:

The EFF has sorted out that list from Sunncomm's site and put up a web page for spotting malware infected CD's

It turns out that only 24 of the titles that carried the "infected with Mediamax auto-installing malware" labels were Sony titles.

There is one CD that carries the "infected" stigma that is a from non-Sony label.

Of the remainder: there are another 12 Sony titles listed on the Sunncomm site that don't carry a warning label.

And the rest of the list are non-Sony titles that also carry no warning.

Which leads to the question:

"Why are these unlabeled CDs listed on the Sunncomm tech support page... if the only Sunncomm product that is available that applies to CDs is the Mediamax spyware?"

Could it be those CDs are carrying unlabeled auto-installing malware?

12/3/2005 8:02:00 PM by zapkitty
# re: Premature Victory Declaration?

Several other lawsuits have been filed this past week against Sony BMG:

D.C., apparently a non-class action at the moment:

Oklahoma, apparently a class action, covering both XCP and MediaMax:

12/4/2005 12:32:00 AM by icarus
# re: Premature Victory Declaration?

This post has been removed by the author.

12/4/2005 3:58:00 AM by zapkitty
# re: Premature Victory Declaration?

carus wrote (concerning news lawsuits):


And remember folks, that's:

As, strangely enough, the domains
have been bought up by Sony for some reason :)

(an image of Sony execs in their thousand dollar suits picketing in the streets from Shinjuku to Sydney to New York...)

12/4/2005 4:09:00 AM by zapkitty
# re: Premature Victory Declaration?

Found via WHOIS. You are free to draw your inferences. Mine was : they expected a bycott in 1999. Wonder what happened then......

WHOIS information for

[] - The Leader in Corporate Domain Management
For Global Domain Consolidation, Research & Intelligence,
and Enterprise DNS, go to:

The Data in's WHOIS database is provided by
for information purposes, and to assist persons in obtaining information
about or related to a domain name registration record.
does not guarantee its accuracy. By submitting a WHOIS query, you agree
that you will use this Data only for lawful purposes and that, under no
circumstances will you use this Data to: (1) allow, enable, or otherwise
support the transmission of mass unsolicited, commercial advertising or
solicitations via e-mail (spam); or (2) enable high volume, automated,
electronic processes that apply to (or its systems). reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.

SPDE Domain Names Inc. (DOM-1302499)
10202 W. Washington Blvd. Culver City CA 90232 US

Domain Name:

Registrar Name:
Registrar Whois:
Registrar Homepage:

Administrative Contact:
Sony Pictures Entertainment Inc. (NIC-14369782) SPDE Domain Names Inc.
10202 W. Washington Blvd. Culver City CA 90232 US +1.3102448313 Fax- +1.3102448103
Technical Contact, Zone Contact:
Sony Pictures Entertainment Inc. (NIC-14369782) SPDE Domain Names Inc.
10202 W. Washington Blvd. Culver City CA 90232 US +1.3102448313 Fax- +1.3102448103

Created on..............: 1999-Jul-01.
Expires on..............: 2008-Jul-01.
Record last updated on..: 2005-Nov-09 15:09:25.

Domain servers in listed order:


12/4/2005 8:04:00 AM by The Prince Of Lightning
# re: Premature Victory Declaration?

I forgot to add this. Since Sony likes to prevent boycott pages from appearing, here are a few more domains that they should consider buying:

*****lifted off****

Buy these available domains:
You might also consider:

*********Endo of Ctrl+V*******

The last one sounds so enticing.

12/4/2005 8:13:00 AM by The Prince Of Lightning
# re: Premature Victory Declaration?

Mark. Good Show.

I'm not sure if you mentioned or not, what is really disturbing about this Sony incident is the market trend with more and more software vendors becoming more "daring" with what is traditionally a taboo and unethical in your software engineering - user privacy.

Hey, VS2005 is no angel here too. MS has opened Pandora's Box with its intent on "networking" the world. You start small and you build on this unethical practice. It is now an OPT-OUT process to disable all its internet activity, and even then I am sure it doesn't continue to try. I know turn off my internet connection when I start up VS2005.

All I know this this, in my 30 years of software engineering, I had never been so paranoid. I was trained and practive ethical software development. But the time has changed, to say the least.

Finally, take a look at Uniform Computer Information Transactions Act (UCITA). Google it. There are FEDERAL laws preventing all this. One side of the industry (the microsofts) want to change the provisions to allow for unsolicated communications (partly for software licensing control). But so far, the strong opposition has not allowed it to become law.

Over the years, the software has creep in and done it anyway and no one is taken them to task. Thats the problem.

It its not so much the Sony's or the Microsoft's now getting more involved in networking their software. Its everyone else who will follow!!

Thats the problem.

Hector Santos, CTO
Santronics Software, Inc.

12/6/2005 7:19:00 AM by Hector Santos
# re: Premature Victory Declaration?

"If you were SonyBMG, and you were clever but not overly concerned with telling the truth in public ..."

Sentence of the week from Ed Felten. :-)

Seriously, a couple of interesting posts from Felten and Halderman on why it seems the LGPL code was there:

The more I read about the activities of this disreputable company, the more it leaves a bad taste in my mouth.

Is it credible that they didn't appreciate what F-Secure was telling them? My guess is that, as Felten thinks, they had some pretty close discussions with First 4 about exactly what the software was doing.

And is it credible now that such a a pack of liars wasn't storing and using the information they were collecting with their spyware despite their claims?

By now Sony's word is worth about as much as a Gary Glitter fan T-Shirt.

12/6/2005 3:33:00 PM by Damian
# re: Premature Victory Declaration?

The uninstaller is available at!

It still does not uninstall the DRM software :-(

12/7/2005 6:19:00 AM by RayC
# re: Premature Victory Declaration?

More of the same:

now the EFF congratulates sony for their fast response

Somebody learned the lesson.

I though I had read somewhere especulations about the mediamax software being able to install files even though you were not running in admin mode.

"The security issue involves a file folder installed on users' computers by the MediaMax software that could allow malicious third parties who have localized, lower-privilege access to gain control over a consumer's computer running the Windows operating system.

SONY BMG will notify consumers about this vulnerability and the update through the banner functionality included on the player..."

what's interesting is the second paragraph, Sony does not collect or phones home, that what they have being saying all the time.
So, How are they going to use the banner to notify you, if they do not know who you are?

Man, are they stupid!

Texas will get a lot of money from that lawsuit.

12/7/2005 11:41:00 AM by NotAvailable
# re: Premature Victory Declaration?

This post has been removed by the author.

12/7/2005 12:23:00 PM by Stephen
# re: Premature Victory Declaration?

A few things... Congratualtions Mark.

And to show the popularity and great efforts Mark has gone to hear in a month of very hard and solid work on his behalf.

Some Stats from

Domain Popularity:
PageRank: 7/10
Alexa Rank: 9,609
Link Popularity:
Incoming Google Links: 8,970
Incoming Yahoo Links: 83,700
Incoming MSN Links: 113,391
Incoming Alexa Links: 836

Domain Popularity:
PageRank: 6/10
Alexa Rank: 9,609
Link Popularity:
Incoming Google Links: 1,070
Incoming Yahoo Links: 10,500
Incoming MSN Links: 0
Incoming Alexa Links: 836

Sony at state that the NYTimes published an article on 'The Exchange Program" So even sony themselves will not quote the NYTimes completly. NYTimes it was not a RECALL please print a retraction statement.
As for the domain name stuff.

I myself am not in a position to do this. I believe that if someone so chose to they could register any .com domain at Yahoo Domains service for $2.99 per year. Each of these domains could then with no extra charge be forwarded to a domain/site that was so chosen as the 'rootsite' for Sony. If there are over 10 domains pointing to this site with some relevent cool linking work achieved. A simple search on Google, Yahoo or MSN for Sony will generate on the first page only links to the 'rootsite'

Sony you 'rootkit' us. We 'rootweb' you.

If people were nice enough to add a google search term for the single word 'failure' to point to a well known autobiography then I see no reason why Sony cannot enjoy such benefits.

If there is a willing donator to put up $45 for 15 Anti Sony domains we can then discuss how we should 'rootweb' Sony with everyone's web knowledge and show Sony what we can do if we choose to fight back. Avaiable Available


If anyone can find a whois cache of the differencing records of what existed in the whois information for the domain '' before the modified date of November 9 I think we may find that VERY interesting.
I have attempted many whois sites and tried GYM cache searches but cannot find the gem of matrial that was ammended to the records.

Information such as this should be plastered every possible place on the web that you can put it.

If you so choose to purchase any form of Audio you should always look for the "Compact Disc Digital Audio' logo, this is on display of every CD that adheres to the standard.
Factors that you may come across if the audio disc does not contain this logo are:
It may infect your computer with a security threat (Sony/XCP)
It may install software on your computer without your knowledge (Sony/MediaMax)
If may not work in your vehicles stereo system
The audio quality playback maybe degraded.

Simply put if you purchase a disc without this logo you are being sold a media disc that will require you to purchase licenses to use this audio media on the device of your choice. You may also need to replace disc players in your home in order for this disc to be heard in the format that the artist originally intended. Because you purchased the disc from a retailer you still have no rights regarding the content. The artist does not have any rights for the copyright of the material contained.

Something like the last section of my post could be worded up quite well by a wordsmith and be a single page on the web. Not too much information so the user has to read heaps. 10-15 bulleted lines. Any search on the net from GYM searches (Google Yahoo MSN) the first 10 pages will all point to that simple static web site.

Sony you are asking for this. We can do more damage with a few hours work and $45 on some domain names than all of your money and lawyers can do in the courts. Simply put Sony you can be the top 10 hits on the major search engines all pointing to our page. The 'failure' search has not been removed by Google and as far as I know it will not be either as if it is it is censorship and Google need to re-write the whole searching algorithm's to eliminate all the false sites on the internet. That ain't going to happen. And if this can be done for this man's biography, Sony you do have no chance of stopping us.

If someone takes on the domain name approach. Please make it open and transparent and simple. The Web Developers of the world will unite in ensuring it carries the top 10 search results. If you are looking for personal glory this will backfire.
ps. Don't go here but someone who enjoys making money out of this who is either creative or a simple money hungry vulcher looking to defraud people setup the domain "s o n y r o o t k i t .com" with Google Ad Syndication links only... Thanks you bottom feeder foodchain addict. I added the whitespace to the name so no one links to this deception and the demise of Google being a reliable search tool with so MUCH CRAP in the search results of their own damn advertising.


12/7/2005 12:55:00 PM by Stephen
# re: Premature Victory Declaration?

I just cannot understand why the media and others want to give Sony the benefit of the doubt.

Their behavior with various protection schemes using the DRM is at the very least a criminal conspiracy and probably much more sinister.

Ever since Microsoft and other software makers started forcing people to validate the purchase of their products on the Internet, I felt my privacy was being violated and could not understand how they could get away with treating customers as thieves or crooks by forcing us to comply with a warrant less search and seizure ala “Validate Your Software”.

I always felt this was only going to be the tip of the Iceberg and they were up to something.

Anyone with a little common sense should have realized that when Intel wanted to put a serial number on your computer CPU (without your knowledge) and Microsoft had conspired behind closed doors to track everything you do on your computer.

They along with many co-conspirators intended to tell you what you could do and could not do with your computer.

It should not be any surprise that Sony just got caught doing what the Industry players have been planning to do for years.

Just step back for moment and think. What right do this companies have to tell you what you can or cannot do with a piece of hardware that you purchased with you hard earned money.

Copyright Protection and Piracy is just a smoke screen to cloud the issue.

Microsoft, Intel and other big players are using the DRM to monopolize their business models. Wait until people find out what is under the hood of Vista when it is released which explains Microsoft’s silence on what Sony has done.

12/7/2005 1:34:00 PM by ScottyDog
# re: Premature Victory Declaration?

Hey, VS2005 is no angel here too. MS has opened Pandora's Box with its intent on "networking" the world. You start small and you build on this unethical practice. It is now an OPT-OUT process to disable all its internet activity, and even then I am sure it doesn't continue to try. I know turn off my internet connection when I start up VS2005.

Talk about shooting themselves in the foot. I just found more usage for Java Studio Creator that I just downloaded for free.
And no, I wont even think of switching to C# permanently. Sorry M$, you cant win here. If you really want to track the usage of your software, you better make it transparent. We aint gonna trust your word because it is your word. We'll trust it only if you can prove so.

12/7/2005 2:00:00 PM by The Prince Of Lightning
# re: Premature Victory Declaration?

Here is a great article about what these guys are really up to with the DRM schemes and he explains it in painstaking detail much better than I did in my previous post.

The article is by David Berlind at ZDnet:


“Sony's rootkit, as bad as it was, isn't the real story. The way the entertainment cartel is applying DRM as a whole is the real story. They're applying DRM in a way that the Sony fiasco was inevitable. This wasn't the first time lack of DRM interoperability manifested itself in the end-user experience in an ugly way, and it won't be the last. Sure, the rest of the entertainment industry is rewriting its DRM playbook to keep from repeating Sony's history. But rest assured, another DRM-inspired trainwreck will come along that will light the grapevine ablaze and some other content company will end up with egg on its face when, in reality, it's Microsoft and Apple that we should really be angry with; two companies that are driving incompatible DRM technologies into the marketplace in a way that twists the royal (or should that be "royalty") screws into the world.”

12/7/2005 6:23:00 PM by ScottyDog
# re: Premature Victory Declaration?


I have been following this DRM thing for a while.

I am wondering if an uninstallation program to remove all traces of Sony's DRM can be classified as 'circumvention' of the protection mechanism under the terms of DMCA.

I can understand that if part of it is rendered inoperable to use the digital materials without the intended program is circumvention.

But total removal should be acceptable. Isn't it?

Since Sony and their incompetent cohorts F4I could not produce any uninstallation program and US agency already warned Sony that the machine is not theirs, owner of the machine should therefore has every right to use any form of technique to kick their malware off the machine, their property. Hence I believe Mark should produce such an uninstallation program to help infected users from having to reinstall the OS.

Would reinstalling an OS to rid the Sony DRM considered circumvention? Because once clean and without AutoRun enabled (second time smarter), their protection scheme is thereby defeated - isn't that circumvention? Would therefore reinstalling an OS illegal under the terms of DMCA?

BTW, does anyone know if Microsoft will eradicate all Sony's DRM Malware or just the cloaking part, which seems to be offered by all AV companies?

12/8/2005 5:27:00 AM by InfoSeeker101
# re: Premature Victory Declaration?

With respect to 'Scottydog' report on the intention of media companies pursuit of DRM, I am not sure how effective they are.

For instance, all these materials have to be able to play on standard players. So it wouldn't be too difficult for some company to produce a CD Walkman with an additional socket - USB or DVI which allow that to be connected to a computer.

To the media disk, it is being played on standard HiFi but to a user it is free from infections. The USB or DVI would then be pumping out MP3 or WMA.

So DRM is then a pipe dream!

12/8/2005 5:32:00 AM by InfoSeeker101
# re: Premature Victory Declaration?

My old fashioned way of creating a high tech DRM bypass.

$20 Cost for the fibre-optic cable to link my old DVD player to the optical input on my computer.

This is very similar to adding a cable from my old vinyl record player to my double tape-deck.

Recording software has yet to be decided but it will be in the high end professional range that is capable of digitally mastering 'Red Book' compatible discs or I can just pump the music to an iPOD, MP3 , WMP or streamed to an internal home entertainment network.

12/8/2005 9:00:00 AM by Stephen
# re: Premature Victory Declaration?

Stephen said:

"My old fashioned way of creating a high tech DRM bypass.

$20 Cost for the fibre-optic cable to link my old DVD player to the optical input on my computer

Stephen, I think you'll find that your DVD player has a thing called SCMS (Serial Copy Management System). Pioneered by Sony for use with their MiniDisc system, SCMS prevents second generation copying. In other words, just like DRM, you'll be able to copy the disc once, but if you try to copy the copy using the same digital audio channel, it will prevent you from copying.

It all depends on what kind of sound card you have whether this will affect you. If you have a consumer-type sound card it'll probably have SCMS enabled. Pro-audio cards, even entry-level ones, don't use SCMS. So check your card documentation.

12/8/2005 9:16:00 AM by ruy_lopez
# re: Premature Victory Declaration?

Even if DRM technology ultimately becomes all-pervasive (as the big companies would obviously like) then music and video could still be copied using pre-DRM equipment.

Or are they going to try to make "obsolete technology" illegal too?

The way things are shaping up now, I wouldn't put it past them.

12/8/2005 11:27:00 AM by Elwood Herring
# re: Premature Victory Declaration?

Now it's not just XCP.
Even MediaComm software shipped in 6 mil "CDs" seems to have the same problems :

12/8/2005 1:04:00 PM by The Prince Of Lightning
# re: Premature Victory Declaration?

Whether SCMS or not, these people in pursuit of a locking device are like chasing the rainbow. Any good Hi-Fi equipment can produce the duplication as good as you like these days.

Some experiments have shown degradation in the MP3 (which itself is not a perfect reproduction) is minimum.

They should heed Bruce Schneier's remarks:
"Making digital files not copyable is like making water not
wet You can't do it. DRM is a desperate attempt to
cling to their old business model. They have to figure out how to make money in
the new world."

In other words, it's 1's and 0's and anyone will enough time and incentive will break it. Better than buy an XBox game to play, isn't it?

Look at so many artists hurted by this debacle are now roaring mad. Hence the propaganda of DRM to protect the artists' creation is just a bag of hot air.

Like Stephen said, "A piece of cable is all that need" and I am sure some enterprising young man will produce such a walkman. Something akin to the mod-chip in PS2 & XBox.

12/9/2005 5:19:00 AM by InfoSeeker101
# re: Premature Victory Declaration?

The latest discovery, just announced by the EFF, is that "Certain audio compact discs distributed by Sony BMG contain a version of the SunnComm MediaMax software, which creates a serious risk of a 'privilege escalation attack.'

In other words, it DOES NOT MATTER if you do not have Administration rights, your system will still be compromised.

Full story on

12/9/2005 10:03:00 AM by Elwood Herring
# re: Premature Victory Declaration?

If you actually need to see a business model of an artist that truly works, just head over and see Ani DiFranco

What Ani has done on her independent label is just common sense. She is selling her albums, DVD’s, Posters, Books, Sheet Music, Bags and T-Shirts online.

The Cou'de Gra is her ‘Offical Bootleg’ albums that she is selling. Ani is now up to her seventh release. This is simply a real business model to support herself as an artist and really give her listeners what they want, ‘Live Recordings’ from some of her best gig’s.

This is not a shameless advertisement from a comment spamming astroturfer. I have listened and supported by purchasing Ani’s recordings for over 7 years now. I may have delusions of grandeur but back in the original day’s of Napster I would use it to search for ‘live’ copies of some of my favourite song’s, ie. ‘Bootlegs’. Ethicaly some may find this unjust, the one thing I do know is that if I didn’t use the service to do just that I would never hear some of the finest music from my favourite artist's.

So if you ever used the original Napster you would be aware that once you came across a song/title you liked you could view that user’s complete collection of music they had online for sharing. To me finding a list of over 50 concerts with 10-12 tracks from each concert was like a kid in a candy shop. How this person was able to have near ‘perfect’ recordings of so much of Ani’s music meant that it was a ‘fan’ that could be classed as a stalker or you would say it was someone very closely involved with Ani. Napster even let you chat with the user who had this music, so like a love struck fan I said hello. I was then told which tracks from what concerts were the best in the collection to download. I think I ended up with around 10-12 of these as that was the first day I truly wanted a high speed internet connection and not a 33.6 dial-up so I could download *.*.

Alas I do not know if this was Ani herself talking with me as I was able to constrain myself with some degree of composure and just chatted for an hour about many things and not the simple minded ‘I love you Ani’ mentality.

From Ani's web siteAni’s Bootleg page
When Ani DiFranco first started touring, her steadily growing audiences wanted something to take home, and they had two options: purchase a cassette tape from the back seat of a Volkswagen Beetle, or bring a tape recorder to the show.
The venues are a little bigger these days, and the albums are a little easier to find, but when it came to releasing an open-ended series of live records, The Little Folksinger is doing it the old-fashioned way. The initial wave of discs will be the first-ever solo Ani live albums. They won't be available in stores - only here at and at Ani's shows. A new performance will be released every six weeks or so, each of them hand-picked by Ani herself.
While these albums are being released in a time-honored tradition, the recordings themselves are anything but old hat. Each show was recorded onto 16-track ProTools software, isolating each signal for optimum clarity, including a separate microphone for the audience. This state-of-the-art "studio on wheels" captures the integrity of Ani's performance, from the chunkiest guitar chord to the faintest poetic whisper. Needless to say, this bootleg will not feature the coughs and conversations of the people who sat next to you.
Thanks to those early fans, Ani's tapes were circulated, dubbed, borrowed and worn out, allowing her to be a full-time singer/songwriter. These records were created in the spirit of that time, and they exist for one reason: Ani's still on her own, but when she steps onto that stage, she's never alone.

Why do I post it hear you may wonder, the fact is this is the type of music I listen to and this is what I really like about an artist. They are committed to creating music and offering the listener some extraordinary benefits.
So to any other musician, listeners, Bloggers or news service who are following the DRM, CopyControl, Sony, XCP or MediaMax story this is what works and makes me wish I had more money to purchase more music.
This is a business model for a musician and I do hope that Ani is making some respectful and serious cash out of this, I do my best to send some cash every couple of months from the other side of the world to get me some knew tunes.
Thank you Ani
To all of the ‘big’ labels out there you now know why I do not purchase your music. It is crap, not what I want, a security threat to my computer and you do not support your artists. You say you put the money into helping new artists; all it ever seems to be is the next version of TV crap like the ‘Idol’ franchise around the world. We use our mobile phones to vote for who is the winner, the last one I saw the winner got a $25,000 music contract from SonyBMG. Damn if you didn’t make a profit just on the phone calls from that series I would be very surprised. And after constantly brain washing your viewers for 12 weeks the winner has a number 1 song the following day that no body has ever heard before. This is not art , this is crap and pumped out by your own media machine with some half assed lyrical song that again is crap.

So I would urge everybody to head over to your favorite artist's website and drop them an e-mail and ask 'Why can't you do this?'. I would suggest that most artists would be extremly happy to have half of what Ani is doing here and they would increase there income and release themselves from the music industry 'pimps' that take most of there money for more crap.

12/9/2005 10:34:00 AM by Stephen
# re: Premature Victory Declaration?

The problem for Sony, and other computerized DRM proponents, is that without low level driver access there is no way to control how the data is imported. And without non-standard formats and players, there is no way to control the duplication of audio data once it has been imported.

If they use a hardware based control built-in to CD drives the best it can do is limit the generations of copies made by the CD drive.

At the moment, CD copying is not a major problem for the Recording Industry. File sharing is.

So how do they prevent file sharing? More to the point, how do they prevent audio data (that is already in standard format) from being duplicated in a standard manner with standard software?

The solution requires low-level access to the CD drive in order to limit access to the standard data to specially crafted non-standard software, using a non-standard format.

One of the formats XCP supports is secure Windows Media format, the other is ATRAC (Sony's own compression format, used on MiniDisc). Microsoft's aquiescence on the DRM matter makes sense when you consider Apple's success in attracting artists has much to do with the guarantees offered by Apple's DRM.

The difference between Apple's DRM and Sony's is that CD audio data has to be standard to be read by Hi-Fi CD players. Apple only have to make sure the audio data is playable using iTunes.

Open standards make the internet possible, make information sharing possible, and improve all our lives. When it comes to controlling access to standardised information it seems Microsoft are never far away.

12/9/2005 12:48:00 PM by ruy_lopez
# re: Premature Victory Declaration?

InfoSeeker 101,

"I am wondering if an uninstallation program to remove all traces of Sony's DRM can be classified as 'circumvention' of the protection mechanism under the terms of DMCA.

I can understand that if part of it is rendered inoperable to use the digital materials without the intended program is circumvention.

But total removal should be acceptable. Isn't it?"

IANAL, but I think it is totally acceptable. Total removal doesn't circumvent the DRM, it removes it and disables playback(When Mark first removed it, the CD drive became inoperable under Windows).

And for whether reinstalling the OS is considered circumvention, I think it is most certainly not circumvention. If the DRM wasn't such a security disaster, then only disabling Autoru(i)n would be considered circumvention after the reinstallation.

Oh, and I believe Microsoft will probably de-cloak it instead of remove it, sadly.

I hope this answers your questions, and I agree Mark should make a proper uninstaller, as I suggested in my earlier comment.

12/9/2005 1:30:00 PM by Rafterman2
# re: Premature Victory Declaration?

Mark, does Sony's new uninstaller/updater combination program correctly decloak the rootkit? Does the uninstaller remove ALL of the files installed by the rootkit?

It would be interesting to know. I'm betting that it doesn't decloak it correctly still.

12/9/2005 2:19:00 PM by Aaron
# re: Premature Victory Declaration?

This post has been removed by the author.

12/9/2005 2:20:00 PM by Aaron
# re: Premature Victory Declaration?

This post has been removed by the author.

12/9/2005 2:21:00 PM by Aaron
# re: Premature Victory Declaration?

The new uninstaller removes the rootkit and all files installed at the time the CD EULA is accepted.

12/9/2005 2:25:00 PM by Mark Russinovich
# re: Premature Victory Declaration?


Keep fighting the good fight. We need you, man.

12/9/2005 3:36:00 PM by Dennis Wortham
# re: Premature Victory Declaration?

The head of Sony BMG's global digital business, Thomas Hesse, told the BBC that the company was "re-evaluating" its current methods.

12/9/2005 6:46:00 PM by Stephen
# re: Premature Victory Declaration?

WASHINGTON - A federal appeals court late Friday upheld the music industry's $22,500 judgment against a Chicago mother caught illegally distributing songs over the Internet.

I really wonder what Sony will get away with...

12/10/2005 4:15:00 PM by Stephen
# re: Premature Victory Declaration?

I think that Sony's actions after "Victory" can be explained by the saying "Never ascribe to malice, that which can be explained by incompetence."
Initially, they didn't know what they were doing, and it cost them. Now they probably have one (or many) of their developers sitting in a corner reading books on how such things work with the goal of eventually being able to create an uninstaller that won't cost them even more.

I'd suggest somebody make them an offer, but their response would probably be to sue for extortion.

12/10/2005 4:29:00 PM by Extrarius
# re: Premature Victory Declaration?

I seem to be infected by ColdPlay's X & Y CD which seemed to install amlware on my pc when I was trying to read it on my pc. Now my CDROM doesnt work at all. I tried searching for the Sony rootkit $sys$ but couldnt find any of the teltale signs. I bought the CD in Canada where it is distributed by EMI Records. There are also references to BMG music publishing and Sony/ATV. The CD mentions copy protection, but doesnt say what kind.


12/10/2005 11:55:00 PM by Cap_Tangent
# re: Premature Victory Declaration?


The Coldplay CD you mention contains either the "Copy Control" or the "Copy Protected" format that is used on many of EMI's media discs. This format from what I have seen has no form of malware on it. I have a disc with the 'Copy Control" logo on the back cover. I can use this disc on my pc or stereo with not many issues. The only problem I have seen with the disc which is detected only as an "Audio Disc" by software such as Nero. It does not report any form of data layer on the disc. I cannot use Windows Media Player to 'rip' the disc into MP3 format though I can rip it with the WMA format with no problems. There were some statements on the web around 19th November from EMI stating that they will soon have the ability to stop it being ripped into WMA format also. The site that refers to information about these discs is here at

I find this little bit of info and name dropping worthy of just dropping here so we can see who some of the players are in this field.
Copy Protection Update
There is a large potential market for copy-protected duplicated disc media from music publishers who want to protect their work to software publishers who want their software protected. Effective copy protected recordable media opens up new markets to the duplicating industry.
Here we will have updates on recent technologies from the leading copy protection developers, including George Macdonald of First 4 Internet Ltd, Mr Graham Oakes of Ezee Studios in LA, Stuart Rosove of Activated Content Corp, Abbie Sommer of StarForce Technologies Inc, Bala Vishwanath of Smarte Solutions, Magdy Sharawy of Softlock, and others still to confirm.

And here I thought the 'industry' were just trying to protect artists from the internet piracy. This sort of statement gives me the impression that you could soon have this available...
"XYZ has now released there new album... It is in good stores now and is available for purchase on for following players. Hi-Fi, Car, Computer, Portable Music Player, XBox, PS2, PSP....... "
Just never expect it to work on multiple devices. You are only aloud to listen with your own ears where we decide if you have a license to hear.

12/11/2005 3:28:00 AM by Stephen
# re: Premature Victory Declaration?

Damn... Iknow this is off topic but WarnerChappell's cease and decist order on pearLyrics is plain evil..

All this guy was doing was putting a cool way to display lyrics as you listened to your music.

That is the end of Karaoke as far as I can tell and so as per the previous post.....

"XYZ have now added to there distribution a Karaoke version of their new album. We have released this version of the disc as we have found that many people would like to sing along while they listen to the disc. So we have been kind enough to supply you with a licensed copy to display the words to the songs."

Hmmm the Japanese market will greatly enjoy the music industry much more from no longer being able to see the 'English' words for a song......[sarcasm]

12/11/2005 4:13:00 AM by Stephen
# re: Premature Victory Declaration?

Yet another NY Times article that only reports a half truth. The article shills that record companies are purporting to loose money due to "illegal" activity but the article then fails to expose the pruposeful "illegal" activities of the record industry to tresspass onto your computer.

"Sony fixes security hole in CDs, again
John Borland, Staff Writer, CNET Published: December 8, 2005
Sony BMG is replacing a patch for its CD copy protection software after Princeton University researchers found a security flaw in the update. ... "The security space is a dynamic one, as we have learned," said Thomas Hesse, president of Sony's global digital businesses. "Our goal is to be diligent and swift, and we have gone to experts to handle this issue.""

12/12/2005 7:30:00 AM by srynas
# re: Premature Victory Declaration?

Cory Doctorow has commented on this issue in today's Financial Times.

I'm sure they'd welcome your input.

12/12/2005 11:41:00 AM by Nile H
# re: Premature Victory Declaration?

Here is the response by Mr. Borland to the issues that I have raised.
Hi, Steve. In fact we have covered both sides of this issue in great detail. Our story on the Oberholzer paper, for example, is here:

If you read consistently, you will see that we have often written about the other issues that are likely to be affecting CD sales. While the idea of "bad" music is a subjective one, and unlikely to be true across an extraordinarily diverse set of independent and major releases, it is very true that there is more competition for consumers' dollars today in the form of DVDs, video games, etc. That itself is likely to have a fairly profound effect on sales.

That said, it is just as reckless to dismiss completely the idea that the acquisition of music for free has zero effect on sales. Certainly the *perception* in the music industry, which was the focus of this story, is that people who burn CDs do not later buy that specific CD, no matter what the aggregate effect on sales. I have not seen good research to the contrary.

Thanks for the note, and please let me know if you have continued concerns.

Best regards,

John Borland
(415) 344-2055

12/12/2005 4:23:00 PM by srynas
# re: Premature Victory Declaration?

I find the debate as to whether Sony et al. lose sales to music sharing on the Internet interesting, as Judge Easterbrook of the 7th Circuit struck again (remember the ProCD shrinkwrap case?) last week in a decision that found that P2P file sharing is not Fair Use. But in getting there, he addressed just this subject in looking at Fair Use factor #4 (market effect of the copying), and found that P2P did affect the market for traded music. (Note though, this was confirming a summary judgement motion, and some have complained that this finding at this point was thus inappropriate - see case discussion at

12/13/2005 11:14:00 AM by Bruce Hayden
# re: Premature Victory Declaration?

If someone wants to have more fun with Sony..,
Download and install Star Wars Galaxies 10 day free trial.

I didn't do any real investigation on this, but did notice after installing it yesterday, that my computer was utilizing the internet connection when no active applications were running. Nor could I find any open processes running that shouldn't have been. I uninstalled SWG and there was still something on my computer accessing the internet and restarting my computer.

Next I cleaned the Prefetch folder as it did have references to SWG still in it. Then did a system restore in XP Pro from right before installing SWG. After restarting my computer, the access to the internet stopped.

So Sony or Lucas Arts was still accessing and reporting something after the program was uninstalled from the computer.

Anyone still feel like having fun with Sony and find out what's really going on?

12/14/2005 6:45:00 AM by B. Stovall
# re: Premature Victory Declaration?

It may be a bit late for me to be entering this debate, but I think that it raises some issues regarding EULAs too.
The way Sony used the EULA to try to justify their actions points out the big problem with them - very few people actually read them. Software license agreements are so varied and complex that it seems to me that it is unreasonable to make the assumption that people have read and understood them.
This issue prompted me to write an article on the subject at

12/19/2005 5:01:00 AM by Andrew Rowley
# re: Premature Victory Declaration?

I am curious if any readers of this blog know if these SONY CDs have actually been removed from the shelves yet, or if that was just a perfunctory gesture on SONY's part. In particular, I am referring to the CDs that were sold with the First4Internet Ltd. DRM malware.

12/21/2005 8:00:00 PM by webdonkey
# re: Premature Victory Declaration?

I think I've discovered a new CD not on the list given: "No roots" by Faithless (another Faithless CD is listed). I wasn't aware it was made by Sony, and inserted it without thinking. Instantly, a window appeared (no EULA or anything) saying "APlayer: System files are Updated. System will now reboot." with yes or no options (clicking No results in an error message). Having run RootkitRevealer, loads of files are present with "Hidden from Windows API", including, it seems, every file I've downloaded (not music: documents, etc.) since inserting that CD.

Is there any fix yet, or way of removing the software?

12/22/2005 1:51:00 PM by alexw
# re: Premature Victory Declaration?

By the way all this copy protection stuff going on makes no sense by these companies. You can easily copy music by using a CDRW.
You can just easily bypass any setup by cancelling. Open Windows Media Player and rip the CD.
I tried with the the Coldplay CD X&Y, and the Rolling Stones - A Bigger Bang.

12/27/2005 2:47:00 AM by mlife01
# re: Premature Victory Declaration?

Betanews says today, that Sony have settle a lawsuit which I believe it was the one where Marc was serving as a technical expert.

Short version $7.50 in cash and a free CD album download or three CD downloads, with lots of requirements for the payment and for sure activex controls from XCP creators to download your CD.

wow! what a punishment, $7.50 is what it's worth the time wasted trying to clean up your computer.

$7.50 does not speak very high about these lawyers.

12/29/2005 9:45:00 AM by NotAvailable
# re: Premature Victory Declaration?

First I want to thank you for bringing this to our attention. I came across your blog unfortunately only afterwards. By then I had to uninstall and reinstall many programs as they were inoperable in addition to the inability to use my cd drive. I didn't understand what was going on and why this was happening. I then came across this rootkit file so I contacted Dell, they were no help and tried reaching out to AOL but they had no knowledge of it. I decided to google the name which led me to your blog. At first I was surprised, as I read on I was shocked which quickly changed to anger. It took over 2 weeks to get my computer running with only minor problems. Then with the help of a good friend my cd drive is finally being recognized and working again. I cannot explain to you the countless hours spent on this. I still have this file in my system and since then my virus software continuously detects some type of trojan. With every new detection it leads me to wonder if it's because of this rootkit. I purchase all my CD's in a store so it's truly upsetting that this was installed with a legitimate CD and unbeknownst to me. I only hope that in the end they do the right thing and make it easy for non savvy tech people to uninstall without causing additional harm to their computer. Distributing a CD that basically runs and removes it is my ideal solution! Thanks again and I'll keep checking back for more updates on this story since it's pretty obvious Sony will not be contacting me with any removal procedures/notification.

12/29/2005 12:05:00 PM by newyorker
# re: Premature Victory Declaration?

Thanks to Alex Eckelberry at SunbeltBlog, apparently a tentative class action settlement.

12/29/2005 12:43:00 PM by Bruce Hayden
# re: Premature Victory Declaration?

Don't know what happened to the previous post, so will try again.

A copy of the proposed class action settlement, thanks to Alex Eckelberry at SunbeltBlog.

12/29/2005 12:48:00 PM by Bruce Hayden
# re: Premature Victory Declaration?

On the lighter side, breaking news is that Sony is using graffiti as a means of advertising. Ryan Singel of Wired News writes:

"Seeking to market its handheld game device to hip city dwellers, Sony has hired graffiti artists in major urban areas to spray-paint buildings with simple, totemic images of kids playing with the gadget. But the guerrilla marketing gambit appears to be drawing scorn from some of the street-savvy hipsters it's striving to win over.",69741-0.html?tw=wn_tophead_13

12/29/2005 6:36:00 PM by srynas
# re: Premature Victory Declaration?

Looks like the EFF is settling their class action lawsuit too. This is important since the EFF is probably the closest thing to a consumer group involved in the Sony BMG DRM mess. My original idea was that Sony was trying to short circuit all the other suits with a favorable class action settlement in the SDNY. But this looks like a concerted push on their part to put the disaster behind them. I now expect to see at least some of state actions settle quickly too.

See more details at:

12/30/2005 1:04:00 AM by Bruce Hayden
# re: Premature Victory Declaration?

I think this whole thing has been overblown. Yes, Sony has been using the tactics of common criminals (but then, what's new for an RIAA member?), and yes, the software phones home. But why is there no complaint on your blog about Windows Media Player 10 phoning home to the RIAA - after all Windows Media Player is installed on EVERY Windows XP SP2 machine so it is therefore much more dangerous than XCP privacy-wise.

1/13/2006 12:13:00 PM by David Russell
# re: Premature Victory Declaration?

Must read article from Fox News on Zacarias Moussaoui:,2933,183910,00.html

2/6/2006 8:35:00 PM by Luther
# re: Premature Victory Declaration?

Did you know MS "Defender" objects to ProcExp ? and then doesn't bother to tell you unless you look in the event log.

Windows Defender Real-Time Protection agent has detected potential malware.
For more information please see the following:
Scan ID: {830F41BA-6084-4585-B6B8-3CBB91E9BB57}
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: driver:PROCEXP90
Threat Classification: Unknown
Detection Type:

2/15/2006 5:54:00 PM by SunnySkyGuy
# re: Premature Victory Declaration?

There should be a movie called Mark Russinovich as a parody on Erin Brokovich, a Sony movie. Another thing people don't talk about is Sony sells DVD recorders. Who's the pirate here? Sony?

2/25/2006 3:48:00 PM by Anonymous
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment