Been meaning to post this for over a week now!
http://www.eff.org/news/archives/2005_11.php#004146November 09, 2005
Are You Infected with Sony-BMG's Rootkit?
EFF Confirms Secret Software on 19 CDs
San Francisco - News that some Sony-BMG music CDs install secret rootkit software on their owners' computers has shocked and angered thousands of music fans in recent days. Among the cause for concern is Sony's refusal to publicly list which CDs contain the infectious software and to provide a way for music fans to remove it. Now, the Electronic Frontier Foundation (EFF) has confirmed that the stealth program is deployed on at least 19 CDs in a variety of genres.
The software, created by First 4 Internet and known as XCP2, ostensibly "protects" the music from illegal copying. But in fact, it blocks a number of legal uses--like listening to songs on your iPod. The software also reportedly slows down your computer and makes it more susceptible to crashes and third-party attacks. And since the program is designed to hide itself, users may have trouble diagnosing the problem.
"Entertainment companies often complain that fans refuse to respect their intellectual property rights. Yet tools like this refuse to respect our own personal property rights," said EFF staff attorney Jason Schultz. "Sony's tactics here are hypocritical, in addition to being a security threat."
If you have listened to a CD with the XCP software on your Windows PC, your computer is likely already infected. An EFF investigation confirmed XCP software on the following titles:
Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
This is not a complete list and Sony-BMG continues to refuse to make such a list available to consumers. Consumers can spot CDs with XCP by inspecting a CD closely, checking the left transparent spine on the front of the case for a label that says "CONTENT PROTECTED." The back of these CDs also mention XCP in fine print. You can find pictures of these and other telltale labeling at
http://www.eff.org/IP/DRM/Sony-BMG/"Music fans should protect themselves from this stealth attack on their computer system," said EFF Senior Staff Attorney Fred von Lohmann.
For more tips on keeping your computer uninfected:
http://www.eff.org/deeplinks/archives/004144.phpContacts:
Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org
Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org
Posted at 02:51 PM
-----------------------------------------------------------------------------------------------------------
Update:
November 14, 2005
Sony-BMG Should Recall Infected CDs, Repair Damage Done
EFF Issues Open Letter on Rootkit Controversy
San Francisco - Sony-BMG's damaging secret rootkit technology has potentially infected millions of computers around the world. Now, the Electronic Frontier Foundation (EFF) is asking Sony-BMG to publicly commit to fixing the problems it has caused for its music fans and take steps to reassure the public that its future CDs will respect its customers' ownership of their computer.
While Sony-BMG belatedly announced a decision to halt manufacturing of CDs with the rootkit software, this is only a small step in the right direction, since reports indicate that over 2.1 million infected disks have been sold already and 2.6 million remain unsold in the stream of commerce. In an open letter to Sony published Monday, EFF spells out the steps that should be taken by Sony to prevent future harm and repair the damage done to computer equipment and consumers' privacy. The letter includes discussions concerning Sony's XCP software as well as its use of SunComm MediaMax software, which has similar problems.
"Sony-BMG should treat its customers with respect and fairness; instead it acted little better than the thugs who unleash stealth computer viruses on the public," said EFF Staff Attorney Corynne McSherry. "Halting production is not enough. Sony needs to take steps to fix that damage it has already caused and ensure that nothing like this happens again in the future."
Among the make-good measures recommended by EFF: a recall of all XCP and SunnComm MediaMax-infected CDs, from both consumers and store shelves; a guarantee to repair, replace, or refund the purchase price of the CDs to anyone who bought the merchandise; and a major publicity campaign warning about the security risks of XCP and SunnComm MediaMax.
"Sony-BMG must have spent a great deal of money advertising these infected CDs to an unsuspecting public," said EFF Staff Attorney Jason Schultz. "We think that it's only fair that an equal amount of money is spent educating the public on the damage that the product could cause to consumers around the world."
EFF believes that Sony-BMG should pay all consumer costs associated with the damage caused by the XCP or SunnComm MediaMax technology. Additionally, Sony should also compensate people for the time, effort, and expense required to verify that their computer was or was not infected with the rootkit.
"Sony-BMG needs to be strongly reminded that it doesn't own your computer, you do," said EFF Senior Staff Attorney Fred von Lohmann.
For the full text of the open letter to Sony:
http://www.eff.org/IP/DRM/Sony-BMG/?f=open...2005-11-14.htmlContacts:
Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org
Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org
Fred von Lohmann
Senior Intellectual Property Attorney
Electronic Frontier Foundation
fred@eff.org