http://cp.sonybmg.com/xcp/english/titles.html 52 total infected CDs.

Hmmm ... the link takes you right back to this thread. 8-)

Worked Ok for me, nice big list and thankfully I have used none of them on my PC! thefixer, poser coord.

For some strange reason the link takes me back to this thread as well. (??) Edit: copying and pasting the URL into your address bar works just fine.

Message edited on: 11/20/2005 09:12

Thanks for that. The link took me to the correct page. If you copy/paste it, I don't see where else it could take you. LOL. mac

There's an error in the link HTML, as the link is not enclosed in inverted commas and is missing the '=' symbol after the href attribute. Corrected link is:

http://cp.sonybmg.com/xcp/english/titles.html

I feel sorry for the artists that are on that list since those albums are going to suffer from the poisoning that Sony introduced on those CD's. I would think that would make it even worse that pirating for their sales since people are going to avoid them like the plague.

Attached Link: http://www.sysinternals.com/Blog/

Yeah, but... When Sony BMG isn't including the XCP rootkit, they have been including MediaMax, which is also not secure. And it has been phoning home with your CD listening details since as early as 2003! (In fact any DRM is inherently insecure unless you implicitly trust the company managing it - and as Sony BMG seems to outsource this, all bets are off.) Also note that one of the uninstallers Sony BMG first delivered for XCP leaves your PC even more vunerable than living with XCP (installs a "safe for scripting" Active X control with no checks or balances on who runs it!!!). Numbers of PCs infected with XCP (derived from DNS call statistics) is close to 0.5M. This can't be from 52 CDs!?! So there seems to be another source. Downloading Sony BMG tracks??? The link has much of the details, inclduing manual steps to turn XCP off until Sony BG or your anti-spyware vendor finally responds to this 8-month old menace.

Attached Link: http://www.renderosity.com/messages.ez?ForumID=12356&Form.ShowMessage=2475914

*Numbers of PCs infected with XCP (derived from DNS call statistics) is close to 0.5M. This can't be from 52 CDs!?!* Actually, some people are saying the number of infected computers is around 13 million! It is VERY easy to see how 52 CD's could do it. If we assume that each CD sold 1 million copies (some sold more, some sold less), that would be 52 million copies. If 1% of those people played the CD in their computers, the number of infections would be 520,000... which is the earlier estimated number. And don't forget about this earlier thread about the issue (which also mentions the sysinterals blog. :) --John

Wow ... all those artists, and I don't listen to a single one of them.

I don't know whether to be depressed or relieved.

Hmm i have just used the Contact section of their site with the following message:- "I am in England where the XCP copy protection virus seams to be being ignored, Does the UK version of Unwritten by Natasha Bedingfield UPC(S)82876 637022 contain the protection? and what about other albums, and will there be a replacement program in the UK???? Or is Sony ignoring it's customers here? I for one am Disgusted that it treats people who buy there products with such potentially harmfull software." I bet they don't even care about anyone else in the world, as we brits are not into the sue everything that moves culture, Perhaps we should be....and maybe then Sony would do something here too....hmmm

" I feel sorry for the artists that are on that list since those albums are going to suffer from the poisoning that Sony introduced on those CD's." Don't worry, for Frank Sinatra or Louis Armstrong it doesn't make any difference, also ghosts doesn't need Sony protect their copyrights. "If we assume that each CD sold 1 million..." I doubt 1 million sales, most of the artists or albums in the list are unknown, even with known artist names, nothing in the list is worth to purchase or download.

I'd seriously doubt 1 million sales too. In fact, album sales are so bad these days that Gold/Platinum categories were 're-valued' a long time ago to compensate. If an album sells a million, it's likely gone quintuple-platinum or something. mac

This can't be from 52 CDs!?! So there seems to be another source. Downloading Sony BMG tracks??? In point of fact, illegally downloading those tracks would guarantee you didn't get XCP. The DRM's on the physical media itself; as soon as someone subverts it and rips the tracks, the resulting tracks are clean. BION, the machines that got compromised were from people who received the CDs themselves, 98.99% of which were lawfully gotten. Even more ironic is the fact that the software Sony contracted for XCP appears to have cribbed code from a GPL source written by none other than DVD Jon. That's right, the man the MPAA tried to rape from abroad with the DMCA now has legal recourse against Sony -- using our own IP-obsessed legal system. I pray he goes for it and embarrasses everyone to the point that the mainstream media can't sweep this debacle under the rug any longer. The reason you're even reading this, here, is because network television is afraid to incriminate one of their own without the lawyers coming down on them. I bought a 1Gb thumbdrive this weekend on sale at Staples. I could have gotten a better price on the Sony product. There seemed to be more of them waiting on the shelves than you'd expect in a discount store. Do not piss off the nerds.

These are/were titles they didn't expect to sell well. They've obviously made a huge mistake as it is, but imagine if they'd put the rootkit on every new CD they released since they started using it. They do the same thing every time they're going to try a new copy-protection scheme, so that if there's a stink, the recall and replacement costs don't sink them. They probably thought that was the worst they'd run into this time as well, but the noob programming team they hired totally screwed the pooch.

Attached Link: http://www.theregister.co.uk/2005/11/21/gaffer_tape_trips_up_sony_drm/

duanemoody, I meant the legal downloads of Sony BMG. That has to be DRM protected if they are this paranoid about preserving their antiquated business model. Else how did 52 CD's in US only, and a subset of that in Canada get to infect PC's worldwide??? Yep, they have copied LAME which is LGPL. Ironic that it was LGPL, because if they had cared a rat's ass they could have legally used LAME code, with Lesser GPL they basically only needed to credit the author. Just all indicates that they - F4I - used a light weight to screw with the low level innards of millions, it now seems, of "customer" PC's. Re the media cover up, even the original article on CNN has disappeared! And at least 1 journalist claims that the anti-spyware vendors have deliberately ignored this threat. M$ have already demonstrated their perchance to selectively detect" spyware, and Symantec (who helped develop this rootkit) are equally dubious when it comes to helping fuel the virus/spyware business model. But all the others - except Karpinsky who blew the whistle early on - have "missed" it. A coincidence, or does it just mean that most of the industry just reverse engineer each others' products to find the bad guys? Latest news is that there is a workaround of sorts - see link.

I've read nearly one year ago that RIAA had created a fabulous and infalible method for protecting audio CDs, so problably DMR CDs are being sold for many monthes and not only by Sony, it will explain the huge number of computers contaminated all over the world. The number of infected CDs is not only due the CDs purchased, you must included all the copies burned in home and distributed. 1- The virus software allows you to make three copies, each owner of a copy can create another three copies (not in the same PC) and so on. 2- The fabulous and infalible protection doesn't work in Linux, Mac, the most used Windows 98, Windows NT and probably Windows 2000. So people were copying and distributing infected CDs without knowing about the presence of the virus. The case of DMR only exploded and come to public when some person (Sysinternals) discovered the existence of the virus and make it public.

Attached Link: http://www.groklaw.net/

EFF (Electronic Frontier Foundation) has filed suit on Sony BMG for XCP *and* MediaMax (the latter of which is on 20M CD's - Sony BMG's numbers). Also Texas Attorney General has filed suit for XCP. Details at the link provided. Per the EFF complaint, MediaMax is almost as nasty as XCP, and the uninstaller for MediaMax has same security concerns as the earlier one for XCP (see my earlier posting above). Pamela Jones - at the link provided - has a great anology for today's EULAs: (from www.grolaw.com 11/22/05) Perhaps you saw the joke on IRQ about throwing a brick through a window with a EULA attached: I will write on a huge cement block "BY ACCEPTING THIS BRICK THROUGH YOUR WINDOW, YOU ACCEPT IT AS IS AND AGREE TO MY DISCLAIMER OF ALL WARRANTIES, EXPRESS OR IMPLIED, AS WELL AS DISCLAIMERS OF ALL LIABILITY, DIRECT, INDIRECT, CONSEQUENTIAL OR INCIDENTAL, THAT MAY ARISE FROM THE INSTALLATION OF THIS BRICK INTO YOUR BUILDING." Perfect!!! :-)

Attached Link: http://www.eweek.com/article2/0,1895,1888877,00.asp

Seems their concerns for protecting their IP does not get extended to respecting the IP of other ... See link. Do what I say, not what I do?