Nov 10, 2005

Are You Infected with Sony-BMG's Rootkit?

Electronic Frontier Foundation Media Release

For Immediate Release: Wednesday, November 09, 2005

Are You Infected with Sony-BMG's Rootkit?

EFF Confirms Secret Software on 19 CDs


San Francisco - News that some Sony-BMG music CDs install secret rootkit software on their owners' computers has shocked and angered thousands of music fans in recent days.

Among the cause for concern is Sony's refusal to publicly list which CDs contain the infectious software and to provide a way for music fans to remove it. Now, the Electronic Frontier Foundation (EFF) has confirmed that the stealth program is deployed on at least 19 CDs in a variety of genres.

The software, created by First 4 Internet and known as XCP2, ostensibly "protects" the music from illegal copying. But in fact, it blocks a number of legal uses--like listening to songs on your iPod. The software also reportedly slows down your computer and makes it more susceptible to crashes and third-party attacks. And since the program is designed to hide itself, users may have trouble diagnosing the problem.

"Entertainment companies often complain that fans refuse to respect their intellectual property rights. Yet tools like this refuse to respect our own personal property rights," said EFF staff attorney Jason Schultz. "Sony's tactics here are hypocritical, in addition to being a security threat."

If you have listened to a CD with the XCP software on your Windows PC, your computer is likely already infected. An EFF investigation confirmed XCP software on the following titles:

Trey Anastasio, Shine (Columbia)

Celine Dion, On ne Change Pas (Epic)

Neil Diamond, 12 Songs (Columbia)

Our Lady Peace, Healthy in Paranoid Times (Columbia)

Chris Botti, To Love Again (Columbia)

Van Zant, Get Right with the Man (Columbia)

Switchfoot, Nothing is Sound (Columbia)

The Coral, The Invisible Invasion (Columbia)

Acceptance, Phantoms (Columbia)

Susie Suh, Susie Suh (Epic)

Amerie, Touch (Columbia)

Life of Agony, Broken Valley (Epic)

Horace Silver Quintet, Silver's Blue (Epic Legacy)

Gerry Mulligan, Jeru (Columbia Legacy)

Dexter Gordon, Manhattan Symphonie (Columbia Legacy)

The Bad Plus, Suspicious Activity (Columbia)

The Dead 60s, The Dead 60s (Epic)

Dion, The Essential Dion (Columbia Legacy)

Natasha Bedingfield, Unwritten (Epic)

This is not a complete list and Sony-BMG continues to refuse to make such a list available to consumers.

Consumers can spot CDs with XCP by inspecting a CD closely, checking the left transparent spine on the front of the case for a label that says "CONTENT PROTECTED." The back of these CDs also mention XCP in fine print. You can find pictures of these and other telltale labeling at http://www.eff.org/IP/DRM/Sony-BMG/.

"Music fans should protect themselves from this stealth attack on their computer system," said EFF Senior Staff Attorney Fred von Lohmann.

For more tips on keeping your computer uninfected:
http://www.eff.org/deeplinks/archives/004144.php

For this release:
http://www.eff.org/news/archives/2005_11.php#004146

About EFF

The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression and privacy online. EFF is a member-supported organization and maintains one of the most linked-to websites in the world at http://www.eff.org/

No comments:

Related Posts with Thumbnails