Sony to pull Rootkit XCP CDs from shelves, offer swap


For once, the little guy wins. USA Today is reporting that Sony has finally relented to the massive backlash from the Internet. With all the complaints from end users, software companies and even security experts, Sony decided to pull the plug on these nasties. Now, let’s keep the pressure up on SunnComms MediaMax technology. It violates our rights as well!


Could have to do with them being afraid of this coming

Senate committee passes spyware bill
Spyblock Act would also outlaw installation of adware without a user’s permission

By Grant Gross, IDG News Service
November 18, 2005

WASHINGTON - A U.S. Senate committee has approved a bill that would outlaw the practice of remotely installing software that collects a computer users’ personal information without consent.

In addition to prohibiting spyware, the Spyblock (Software Principles Yielding Better Levels of Consumer Knowledge) Act would also outlaw the installation of adware programs without a computer user’s permission. The Senate Commerce, Science and Transportation Committee approved the bill Thursday.

Spyblock, sponsored by Senator Conrad Burns, a Montana Republican, would prohibit hackers from remotely taking over a computer and prohibit programs that hijack Web browsers. The bill would protect antispyware software vendors from being sued by companies whose software they block.

“I am pleased that a majority of the committee agrees with me that Congress must act to protect the right of consumers to know when potentially dangerous Spyware is being downloaded onto their computers,” Burns said in a statement. “As the Spyblock Act moves forward to the Senate floor, I hope we can continue making it a stronger bill by making sure the private sector has all the right tools it needs to successfully slow the spread of malicious spyware.”

The Spyblock Act now moves to the full Senate for consideration. The U.S. House of Representatives passed two antispyware bills in October 2004 and again in May, but the Senate has so far failed to act on spyware legislation.

The Spyblock Act would allow the U.S. Federal Trade Commission and state attorneys general to seek civil penalties against spyware and adware distributors.

This is great news for end users and also a good point you make about Sony. Thanks for the heads up we have just submitted a similar story on the main page due to your post. :clap:

After reading Russinvich’s first blog about Sony’s RootKit, I decided to buy the CD he mentioned… (ok, ok, I am weird. :stuck_out_tongue: )

Last day I received this letter from I have put in boldface some passages… :wink:

Hello from

We’re writing about your order for the following CD(s):

Get Right with the Man

The Sony CD(s) listed above contain XCP digital rights management
(DRM) software. Due to security concerns raised about the use of CDs
containing this software on PCs, Sony has recalled these CDs and has
asked to remove all unsold CDs with XCP software from our

Since you purchased this CD from, you may return it to us
for a full refund regardless of whether the CD is opened or unopened.
Just visit and indicate that the CD is
as the reason for return.

Thank you for your understanding. We hope to see your again soon at

Customer Service

Regards, :slight_smile:


Since Dan Kaminsky, internet user snapshot showed, that approximately 568,000 infected machines showing SONY’s unique virus/DRM signature, and with the Japanese internet users, having the lion’s share with 200,000 or so. I find it strange, no mention of what is happening on the Japanese front in this matter? So it seems SONY has yet to give full disclosure as always! I hope APPLE’s Ipod continues to clean up on SONY in it’s own home backyard, now that would be ironic, to say the least

It looks like Sony is now getting really desperate to make up for all the harm they have caused with these discs. Originally it started off with uncloaking the software, followed by a risky uninstallation, then followed by recalling their discs and now offering unprotected MP3s and CDs as replacements: :wink:
<img src=“” align=“right” hspace=“18”>

Then again, I see DRM as a pest and the more worse the DRM gets, the bigger and meaner the pest it resembles. In another way to think of it, I would think of a regular copy protected CD as a disc coming with a fly and putting it in a PC is the equivalent to setting it loose. In this case I would grab the nearest fly swatter, swat it dead and feed it to the fish. :stuck_out_tongue: However, with this rootkit DRM, I would think of it as a big hornet, waiting to be set free. :eek:

Sony made the recall to destroy all evidents. IF the recall is 100% complete (meaning that everyone with the rootkit returning the CDs), then no one will ever have the vital evidence - the disc itself, to make a claim.

Guys, if you want the genuine music, go and make a swap. If you want to fight real hard against Sony’s rookit act, keep the disc.

Personally I don’t like companies pressing hard on their “customer”. They should do something against illegal sharings, not to the customers. It’s like cheating the honest people but letting the bad guys away.

For those using Nod32 Antivirus software (I am) it prevents and removes the rootkit entries. I’m don’t know if other AV software has this capability, but according to Eset who makes Nod32, it does.

Read about it here:

Wish i woulda bought it just to have it for conversation piece :wink:

I doubt that because it is a small and relatively insignificant win … Sony Music will easily sit it out (after all, the average customer with his/her sheep-like attitude will easily forget what happened before) and come up with something even nastier.

Keeping the pressure up is indeed the only way to prevent customers from forgetting …

[QUOTE=JeanLuc]I doubt that because it is a small and relatively insignificant win … Sony Music will easily sit it out (after all, the average customer with his/her sheep-like attitude will easily forget what happened before) and come up with something even nastier.QUOTE]

I don’t consider it insignificant, hit em in the pocketbook where it hurts the most. From what I’ve read it will cost Sony 10 million dollars for this error in judgement. There were 5 million CD’s manufactured, of that 2 million were sold to the public. They will recall the 3 million unsold and replace the 2 million sold with identical ones without the rootkit. I think out of the two million sold only a small percentage will bother to exchange them, consumers for the most part won’t take the time.

I do hope they get the crap sued out of them by individuals who had their computers compromised, I don’t think that was calculated in the 10 million figure.