Sony Music and the XCP Fiasco

[MusicManiac]

Pirate Crackdown

Sony Music and the XCP Fiasco

 

 

Sony-BMG has been using copy-protection technology called XCP in its recent CDs. You insert your CD into your Windows PC, click "agree" in the pop up window, and the CD automatically installs software that uses rootkit techniques to cloak itself from you. Sony-BMG has released a "patch" that supposedly "uncloaks" the XCP software, but it creates new problems.

 

But how do you know whether you've been infected? It turns out Sony-BMG has deployed XCP on a number of titles, in variety of musical genres, on several of its wholly-owned labels.

 

 

 

*** So my fellow Hondonians... Just how in the hell do they get away with something like this?

 

Is this true!?

 

If you don't follow the technical stuff on the Internet, you might not have heard about this during the last few weeks. - Basically, if you buy a CD that comes from Sony's music label, and put that CD in your machine (Windows or Macintosh) it will infect your machine with software that can disable your CD burner, and hide files on your machine you can't see. This software also leaves your machine very vunerable to attack by hackers. A couple of exploits have already been released.

 

Sony has provided software to remove this crap from your machine, but does such a poor job, it actually further weakens your machine if you run it.

 

 

* Sony also uses open source software (LAME mp3 encoder) as part of this exploit, and doesn't follow the license of that software. They don't like it when you steal their product, but have no qualms about stealing others.

 

* Sony has just recently offered a recall for these CDs yet. They aren't admitting any wrong doing and have no initiative to adequately fix the machines they've comprimised.

 

on the back of the CD, on the bottom or right side, there will be a "Compatible with" disclosure box. Along with compatibility information, the box also includes a URL where you can get help. The URL has a telltale admission buried in it: cp.sonybmg.com/xcp. That lets you know that XCP is on this disc (discs protected with SunnComm have a different URL that includes "sunncomm").

 

 

 

 

 

What can you do?

 

Legally speaking, it's legit. When you put the disc in your machine, it pops up an "End User License Agreement" (EULA) that permits this, and even states that if you somehow lose the original disc, you agree to remove the files from your machine. That's only the tip of the iceberg too, the EULA contains a lot of nasty surprises in it.

 

Here is a partial list of infected discs

 

http://www.eff.org/deeplinks/archives/004144.php

 

Disable AUTORUN on your Windows computer to prevent this type of crap.

 

Many are avoiding buying/using in your computer any and everything that has the Sony name. That means Playstations, CD players, TVs, etc.

______________________________________________

 

* Failsafe- provided you didn't let the CD run when placed in your machine. You don't install their software, it's in a file called "autorun.inf" which will run as soon as the CD is placed in your computer. You have to turn off autorun on your machine, or hold down the shift key when putting a CD in your computer (hold it when the CD goes in the drive until it stops spinning).

 

http://www.boycottsony.us/ a blog with the day to day news about Sony's continued attack on their customers

 

 

 

 

 

__________________________________________

 

 

Sony recalls copy-protected CDs

Sony Recalls XCP Discs News

 

Sony recalls XCP protected discs

November 16th, 2005

 

Finally. Sony announced yesterday that it will be withdrawing XCP-protected audio discs from stores and offering exchanges to any customer who purchased the discs. Details are still forthcoming, but it appears that customers will be safe from purchasing infected discs. The recall does not apply to audio discs that are protected by the Sunncomm provided MediaMax software.

 

The recall comes on the heels of an open letter to Sony from the EFF, urging them to:

 

recall the infected products (including Sunncomm protected discs)

publicize the security risks

address misstatements in marketing materials (which claim that the DRM “is not malicious and does not compromise security”)

offer refunds

compensate customers for damage caused by the infected products

thoroughly test any future DRM software for security risks

certify in the packaging for every DRM’d disc that the product does not contain concealed software, does not phone home, does not initiate downloads without consent, provides an uninstaller, does not provide security risks, and will not damage the customer’s computer or data.

The letter closes, “We look forward to hearing that you are in the process of implementingthese measures by 9:00am PST on Friday, November 18, 2005.” This suggests that the EFF is in fact contemplating that lawsuit that was rumored last week. (thanks, Boing Boing)

 

Not a bad list, all in all, and my hat’s off to the EFF for spelling it out. One thing was not requested, which I would have liked to have seen: that Sony stop crippling its products with DRM altogether.

[bunnyfoofoo]

so i had no frickin clue about this... :( i'd run home to check my cd's... but considering the last few cd's i've bought were coldplay, the black eyed peas, and the soundtrack to rent, i luckily don't have anything to worry about. ;)

 

but man... i sure as hell would be pissed.

 

sony can bite me.

[Jont]

The funny thing is if you want to listen to sony music without getting shit like this on your machine, the safest way is to get online and it.

 

The only people being punished here are those who actually bought the CD.

[bunnyfoofoo]

i find that rather amusing... :P

[The NZA]

Jont's absolutely right: only the consumers get fucked. Same with PC games....you get all kinds of disc verifications on some (some, ive read, even casue crashes), whereas the patched/pirated copy runs smooth. This does nothing but harm in both directions.

MM, how would you disable autorun?

[MusicManiac]

Jont's absolutely right: only the consumers get fucked.  Same with PC games....you get all kinds of disc verifications on some (some, ive read, even casue crashes), whereas the patched/pirated copy runs smooth.  This does nothing but harm in both directions.

MM, how would you disable autorun?

 

 

hold down the shift key when putting a CD in your computer (hold it when the CD goes in the drive until it stops spinning).

 

or

 

Link for Aurorun disable command

[Jont]

Jont's absolutely right: only the consumers get fucked.  Same with PC games....you get all kinds of disc verifications on some (some, ive read, even casue crashes), whereas the patched/pirated copy runs smooth.  This does nothing but harm in both directions.

MM, how would you disable autorun?

 

And also a few times I've downloaded NoCD cracks for games I own because it was easier than finding the disk. That pisses me off, the average PC these days game takes a gig of hard drive, at least. It needs approximately nothing from that disk other than to check if I'm being a good boy.

 

Half Life 2 has the most restrictive method of verifying ownership, one that I wouldn't sit through for any other game. You buy the game on DVD, you put it in and it spends around an hour downloading and decrypting files. It uses a system called steam to keep it updated, along with it's mods like Counter Strike updated. That part I kind of like, it's a lot better than my previous experience where when you boot up an online game it wont start for some mysterious reason, and you have to go down chase down a patch. It's a good system, for multiplayer games, but the fact is even for single player games you need and internet connection, and it better be broadband or don't even bother.

 

If manufacturers were a little less paranoid and maybe kept there prices down then more people wouldn't see the need to go online and