Sony BMG, a company that makes a variety of consumer electronics such as the Walkman, CD / DVD drives and burners, has released a product called XCP (eXtended Copy Protection) that prevents copying musical materials from the media onto the computer. According to investigators, XCP uses rootkit technology to run spyware applications to manage the digital rights software.

A rootkit is a software package that modifies core system files to perform an undocumented feature -- often with negative side effects. For example, you can modify the DIR command so that instead of just performing a directory listing, it will also email the contents to another user, without any trace to the operator in front of the computer. For greater details, see wikipedia about rootkits.

Researchs found that XCP features a number of Spyware like behavior, such as installing materials to your computer without a EULA (license agreement), not providing a means to get rid of the installed materials (if you un-install the software package, you cannot get rid of this subsystem without reformatting!), and it sends data about the user's habits without permission!

A system administrator named Mark Russinovich wrote up a detailed examination of Sony's features on his website:

There, you will find information how to detect the rootkit, along with a description of what he had to do to get rid of it. The tools he used, and the methodology invoked are far above and beyond your average Windows user.

It appears that Macs and Linux are immune, as the registry edits and specific kernel files on these platforms are outside of the Windows' paradigm. The article also notes that Windows systems ship (and most software instructions *expect*) with AutoPlay functional. All you need to do is slip in a CD-ROM with some code on it, and AutoPlay will go crunch through whatever instructions, and install stuff, without any decision prompting by you, the owner and user.

This is a very serious issue: the installation of behind-the-scenes software without user's knowledge. The software spys on what you have running on your machine; it uses your internet connection to contact Sony for updates, and it provides a means for other people to hook into this technology to install other hidden programs on your computer.

This really sucks, and in my professional opinion, completely unethical on Sony's part to develop such a process and bring it to market.


As I was writing this article, I found out that Sony has issued a patch to reveal the hidden files that are automatically installed to hard drives. You can find more information here:

That is all nice and good, but the copy protection software remains, along with the processes (spyware), and the drain on your system's resources.


Recommended Answers

All 5 Replies

This is hardly spyware. It's a pseudo virus if anything, but there's just nothing spyware-related about this. They're not collecting any information...

Danny, what are you talking about?! Do you know what a rootkit is?? Have you seen anything use a rootkit that wasn't in some way spyware/malware related? Mark Russinovich defines it very well when he says, "rootkits hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden." I don't care if Sony's intentions are as pure as Mother Teresa, we can NOT allow major businesses/corporations to think they can infinge on the privacy/rights of an individual by preying on users who are not technically knowledgable enough to prevent their own machines from being invaded without their own knowledge.

The possibilities for this feature to be exploited by malware creators is by itself enough reason for this kind of practice to be shunned, and believe me Sony won't be the last to try and pull something like this off. If this is "nothing serious" then why is there already one class-action lawsuit against Sony BMG Music Entertainment filed in California, and more expected to be filed soon?

Forgive the business rant, but isn't it a bit ridiculous how invasive and aggressive large corporations have become? And how we've given the abstract concept of the corporation "rights" as if it were a human being, instead of protecting the rights of the actual people who get pushed around by businesses such as Sony on a daily basis? Do some research, if you think I'm extreme. I think you'll be suprised.

Well well, look what we have here:

Just a little taste:

"In other Sony BMG news, a slew of security firms warned Thursday of the first appearance of malware that uses Sony's rootkit to hide from anti-virus programs.

Dubbed "Backdoor.Rycos" by Symantec and "Stinx.e" by Sophos, the Trojan arrives as an attachment to an e-mail purportedly from a British business publication. If the attachment is launched, the Trojan copies itself as "$sys$drv.exe" to the hard drive. Any file beginning with "$sys$" is automatically cloaked by the XCP rootkit.

As early as a week ago, hackers were already discussing ways to use the XCP rootkit, but Stinx.e is the first proof of their work.
"Sony's DRM copy protection has opened up a vulnerability which hackers and virus writers are now exploiting," said Graham Cluley, senior technology consultant for Sophos, in a statement Thursday. "We wouldn't be surprised if more malware authors try and take advantage of this."

The Trojan opens a backdoor on the compromised PC, and takes commands from its controller to, for instance, install additional files or delete data."

I'm not arguing that their rootkit is a good thing, or that it should be tolerated. (In fact, I think this matter should be taken very seriously).

My previous post was solely aimed at correcting the "spyware" label you attached to the software. It's not spyware!


I used the spyware term, because it is communicating the listing habits (personal use) of the CD-ROM's materials to Sony. It is spying on the computer by relaying the musical selection information.

It is like you looking at my phone records to see who I am calling, and how many times I made the call. Definately spying on me.


Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.