Network News

X My Profile
View More Activity

Sony Raids Hacker Playbook

New research from Mark Russinovich over at Sysinternals (the company I've blogged about before as the source a ton of excellent and free software utilities) indicates that Sony BMG has configured some of its music CDs to install antipiracy software that uses techniques typically employed by hackers and virus writers to hide the program from users and to prevent them from ever uninstalling it.

The CDs in question make use of a technique employed by software programs known in security circles as "rootkits," a set of tools attackers can use to maintain control over a computer system once they have broken in.

People may differ over what exactly a rootkit is, but the most basic ones are designed to ensure that regular PC monitoring commands and tools cannot see whatever has been planted on the victim's machine. Because rootkits generally get their hooks into the most basic level of an operating system, it is sometimes easier (and safer) to reformat the affected computer's hard drive than to surgically remove the intruder.


Photo courtesy F-Secure Corp.

Sony's anti-piracy program installer pops up when you drop one of these content-protected CDs into your drive. If you agree to install it, there is no "uninstall" feature. Russinovich was able to use his knowledge of rootkits and the Windows operating system to zero in on the offending driver files needed to run the software. Unfortunately, he found that removing the program also erased the system files that power his CD-ROM drive, rendering it useless.

Russinovich also discovered that the Sony program drivers are configured to load themselves in "Safe Mode" (a diagnostic mode of Windows that is useful for fixing problems with the operating system), which he said could make system recovery extremely difficult if any of the program drivers has a bug that prevents the system from booting.

The folks over at Finnish anti-virus company F-Secure also spent several weeks trying to unravel the mysteries posed by a user of the company's anti-rootkit software -- Blacklight -- who found suspicious files that were later determined to be installed by the Sony antipiracy program (their detailed analysis of the rootkit program is here.)

Mikko Hypponen, F-Secure's director of antivirus research, said hackers could easily take advantage of Sony's software to hide their own files, even from antivirus software. An attacker would only have to make sure that their file starts with "$sys$", the convention the antipiracy program uses to hide its own files.

"As long as the attacker's file begins with that prefix, it will go undetected by most antivirus programs out there," Hypponen said. He added that installing the Sony program on a machine running Windows Vista -- the beta version of Windows' next iteration -- "breaks the operating system spectacularly."

Russinovich and F-Secure both tracked the rootkit files back to Sony by following text strings buried in the hidden files that pointed to a company called First4Internet, which they later confirmed was the company that produced the software used on the protected Sony CDs.

Hypponen said the only way to uninstall the program in the conventional sense (without running the risk of hosing your system or CD-ROM drive) is to contact Sony BMG directly via a Web form and request removal.

At that point, a real, live person will call you back and ask for all kinds of information about your system, and your reason for wanting to remove the software. You're then directed to a Web page that downloads an ActiveX program (yes, you must be using Microsoft's Internet Explorer to do this), which determines what version is installed and reports that back to First4Internet. Then you get an e-mail containing a link to another site that downloads something that finally uninstalls the Sony program.

I understand Sony's desire to protect its intellectual property, and piracy certainly is a problem. But installing software that opens people up to further security risks and potentially destabilizes the user's computer can't be the best way to address that problem.

In truth, most antipiracy programs created thus far (and this one is no exception) place limits on legitimate users, but usually do little to prevent determined users from getting around the copy protection altogether.

Case in point: Hypponen said he was installing the Sony program on a test computer and decided to do nothing when prompted to click "yes" or "no" for the license agreement (a legal disclaimer that absolves Sony or First4Internet from any liability should something bad happen to your PC from using the software).

Instead, Hypponen decided to fire up an obscure Finnish CD-ripping shareware program (CDDAX) already installed on his machine. To his surprise, the license-agreement text was replaced by a warning that CDDAX had to be closed before the installation of Sony's program could continue.

Ten seconds later, the installer ejected the Sony disc from his disc drive. Still, Hypponen said, he was able to copy all of the songs off the Sony player using the CD-ripping program.

It's unclear what percentage of Sony BMG CDs have this technology on them. Sony says any CDs that contain the software are labeled "Content enhanced & protected" on the front and back of the product packaging. A quick advanced search on Google of Amazon's site turns up more than 24,000 hits for "CONTENT/COPY-PROTECTED CD."

UPDATE, NOV. 3, 4:15 p.m. ET: A couple of people have written to ask whether Security Fix knew that Sony had issued a software patch to unhide the stealth files that its software installs. Near as I can tell, Washingtonpost.com ran the first new story last night to report this information.

By Brian Krebs  |  November 1, 2005; 3:08 PM ET
Categories:  From the Bunker , Piracy  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Cheerio Kerio
Next: Microsoft Calls for National Privacy Law

Comments

Funny that it's a Windows rootkit. Boot up with a Linux live CD and you can rip the songs off the music CD without a problem. Same is probably true with a Mac.

This also prevents *legitimate* copying as permitted by the 1976 Bern Copyright convention.

This isn't an anti-piracy issue, it's just plain ridiculous. How about we all decide to buy just one *LESS* Sony CD? Maybe, just maybe, the lost reveune will change their minds?

Posted by: David | November 1, 2005 4:11 PM | Report abuse

Try this. Copy protection system that lets the music play, but prevents stopping it.

http://www.hurjathipit.com/

Posted by: Gonzales | November 1, 2005 4:23 PM | Report abuse

So this is how Sony thanks its customers for being honest. By installing malware on their PCs.

I've read Mr. Russinovich's article--Sony's DRM software constantly monitors all running processes in the system, saps your computer's performance even when you're not playing a protected CD, and interferes with the low-level operation of your PC to try to evade detection. If that's not malware, I don't know what is.

And the funny thing is, people who pirate MP3s--not that I condone such action--don't have to deal with this garbage. Way to combat piracy, Sony.

Posted by: Jeremy | November 1, 2005 4:28 PM | Report abuse

I will not be buying Sony "CONTENT/COPY-PROTECTED" CDs because I don't want to install malware on my computer. I'm falling in love with foreign music anyway, so I'll buy my music from overseas.

Posted by: Annie | November 1, 2005 4:39 PM | Report abuse

Do not buy any cd's that are copy protected.

Posted by: Metripetteri | November 1, 2005 4:41 PM | Report abuse

I know I will not be buying any more Sony/BMG CD's. This is an outrage.

Posted by: Music Consumer | November 1, 2005 4:43 PM | Report abuse

Forget about buying one *LESS* Sony CD -- I'm buying *NO* Sony CDs until I hear this unethical tampering with peoples' PCs is stopped.

Posted by: Laurie | November 1, 2005 4:43 PM | Report abuse

I'm shocked by this story, and glad you wrote about it. Talk about public-service journalism - and it's not even in the paper!

My question: will this affect downloading Sony music legally through iTunes or other software programs? Good lord, does Sony do this if you download its own music software, Sony Connect?

Posted by: Susan W. | November 1, 2005 4:45 PM | Report abuse

You could always download the music from Itunes or Napster...

Posted by: Truman | November 1, 2005 4:45 PM | Report abuse

It is a simple decision I can now make, do not buy any CD's made by Sony. The small dent I can make to their bottom line may not be felt, but I once heard a wonderful afforism, "No one raindrop thinks it is responsible for the flood."

Posted by: Pete | November 1, 2005 4:56 PM | Report abuse

This is

1) patently offensive, and, more importantly,

2) completely ineffective.

If you're intent on being a pirate, you need only re-record the audio into WAV files and then re-record those files to your heart's content.

Thus, there is literally NO WAY to discourage a professional pirate besides catching them and putting them in jail.

All this does is make life difficult for everyone else who wants to rip into MP3s for their own use on portable players (which is a RIGHT of the music purchaser under fair use of copyrighted material.) It solves NOTHING for Sony.

I'll be damned if I'm EVER putting a Sony CD into my PC that will hose my computer and require me to BEG them to fix it for me.

SELL YOUR SONY STOCK BECAUSE ONCE THIS BECOMES WIDELY KNOWN, SALES ARE GOING TO PLUMMET LIKE A ROCK.

Posted by: Skydog | November 1, 2005 4:59 PM | Report abuse

It is a simple decision I can now make, do not buy any CD's made by Sony. The small dent I can make to their bottom line may not be felt, but I once heard a wonderful afforism, "No one raindrop thinks it is responsible for the flood."

Posted by: Pete | November 1, 2005 4:59 PM | Report abuse

Worse and worse. How can doing that even *with* agreement to a click-through license be legal? There should be tons of precedent along the lines of 'unauthorized access to' and 'intentional damage of' computers. I'm sure they fall fould of some anti-terror law, too :-P

At least now one sees who employs all these &%+*! virus writers and l33t h4x0rs once they have left puberty behind and are looking for a job.

Posted by: El Tonno | November 1, 2005 5:01 PM | Report abuse

Most of Sony's catalog is not available on iTunes as they remain one of Apples largest competitors in the portable digital music player market. Many have assumed this is the main reason for Sony's doing this.

Whatever the reason, it is completely beatable and only punishes those who would likely only use their music in a completely legal manner, even if it isn't what the record label wished.

Rootkit Revealer and Blacklight are both great, free programs that will alert you if any Rootkits likely to be on your system.

Posted by: Jason C | November 1, 2005 5:32 PM | Report abuse

I want to see the term 'rootkit' in the EULA instead of some obfuscated terminology. If Sony is doing this others will soon follow. Do we have to use rootkit detectors after each software installation? Do we need to start using VMWare to host the operating system we use to do our work so we can roll back our OS in the event these rootkits get installed? Sounds like a big problem ahead.

Posted by: David Taylor | November 1, 2005 5:34 PM | Report abuse

I'm surprised SONY would do this. Placing software on a PC in this clandestine [I consider this so since, based on the story, a user is not given any real notice of the programs installed or their impact on your system] manner is a trespass. Since it is also know these programs cause damage to a PC either by their presence on a system or when an owner tries to remove them, SONY would be liable for the owner's tort claims for cost of repair or replacing systems damaged by their clandestine program installation.

Posted by: Finnegen | November 1, 2005 5:48 PM | Report abuse

I will not be buying any sony discs until I hear this has changed. I will tell all my friends and family. This is the last straw. I've made up my mind to go to itunes or napster, sony will not get any more of my money. No dvd players, no tv's, no stereos. I use my computer to make my living, and will not deal with anyone who uses malware. I should be able to sue Sony if they cause my computer to become unusable.
I've never heard of a company getting sued for software that crashed systems. I know the justice department goes after virus writers, but what about things that arent exactly a virus. Would it be legal for me to attach malware to software that I distribute for free, that would slow down a users computer, and send back critical info to me about the user, and occaisonally crash the system? I think it would be if I gave the user the option to install the program or not... whether they knew what they were doing or not.

Posted by: chris | November 1, 2005 5:49 PM | Report abuse

I wonder if this is class action suit worthy. I dont like this at all.

Posted by: L | November 1, 2005 5:50 PM | Report abuse

This is amazing argument to pirate music. The person who bought the cd already paid, loyally to Sony. They are the ones who will be screwed. The people who put CD's on music share system would have the knowledge to go around such devices. This story only promotes music sharing through downloads, and discourages CD purchasers, like myself who want to patronize our favorite artist. I would not like someone taking my work without paying but I do not want to endanger my computer either. It is my bread butter.

Posted by: Kris | November 1, 2005 5:52 PM | Report abuse

This is amazing argument to pirate music. The person who bought the cd already paid, loyally to Sony. They are the ones who will be screwed. The people who put CD's on music share system would have the knowledge to go around such devices. This story only promotes music sharing through downloads, and discourages CD purchasers, like myself who want to patronize our favorite artist. I would not like someone taking my work without paying but I do not want to endanger my computer either. It is my bread butter.

Posted by: Kris | November 1, 2005 5:52 PM | Report abuse

Finnegen - There is some notice given, as I noted in the blog post - it's included in the text of the End User License Agreement (EULA) that you are present with before installing the software. EULAs are typically very lengthy and full of legalese (this one is no different) and hence nobody really reads them. Besides, they are an all or nothing deal: if you do not accept the terms of the EULA, you don't get to use the software, period. However, in this case, that may not be such a bad thing :)

Posted by: Bk | November 1, 2005 5:58 PM | Report abuse

I will NEVER buy another Sony/ BMG CD again. What a bunch of bullsh$#!! I can only hope a large class action suit will be filed. Good story!

Posted by: Anonymous | November 1, 2005 6:00 PM | Report abuse

I stopped buying any item with the name "SONY" a long time ago and this is just another add-on to the "Reasons why" list. Their consumer products already are of poor quality, their customer support could care less even if you were poor and homeless, and their warranty service never does anything but ask you for money. That's all they do; Sony is simply a bunch of robbers who steal your money. And this is more like them hacking into one's computer to continue their stealing. Thanks for this article; it's just another reason to stay away from "Sony the robber".

Oh, and ironically I'm typing this on a 4 yr old Sony Vaio laptop that I'm replacing with a Dell I ordered a few days ago.

Posted by: Drew | November 1, 2005 6:20 PM | Report abuse

Oh, and I might add that this is another reason for me to stick to iTunes.

Posted by: Drew | November 1, 2005 6:25 PM | Report abuse

Does anyone have links to pirate sites? I'm to afraid of buying original Sony CD's now.
M

Posted by: Marty | November 1, 2005 7:09 PM | Report abuse

Great article, kind of a shame it's not on the mainstream media anywhere. This makes things really simple for me and my family. We will never buy a Sony product ever again. Remember - Once a dog fighter always a dog fighter. They will wiggle out of this one I'm sure and just be more careful the next time. There will be no next time at my house EVER for any Sony products.

Posted by: Wilycat | November 1, 2005 7:13 PM | Report abuse

"I understand Sony's desire to protect its intellectual property,"

Please stop this ridiculous charade.

A copyright is not "property", intellectual or otherwise. There is no property to protect.

The whole reason we have silly laws like DMCA and silly copy protections like this is because people like Sony have convinced people that songs are "property".

Once they do that, they get to "balance" their "property rights" versus yours.

For example, Sony will justify this as "regrettable, but we must balance the right to protect our property versus your property rights to your computers. We feel the balance is fair with this software".

That sounds a lot better than "Sony hacked my computer so I couldn't play one of their crappy songs".

Please. Spread this article far and wide. Don't buy these CD's and let Sony know why.

Posted by: Tom K | November 1, 2005 7:16 PM | Report abuse

I just want to point out the Posting by Tom K | Nov 1, 2005 7:16:55 PM is well, wrong. Copyright is a property right. It's the ability to control to some extent the distribution of a product to ensure an ecomonic return for one creative efforts. intellectual property is a common law property. In short it is the use of one's own labor to create or convert materialin to something new. Stealing copyrighted songs or other protected material is the same as Wal-Mart refusing to pay it's hourly employees for their work.

Posted by: Finnegen | November 1, 2005 7:32 PM | Report abuse

Thanks Bk for your Nov 1, 2005 5:58:22 PM reply. I was not sure just how much notice is given. If you have or can make a link it would be interesting to see if the notice does notify a user of in an understandable and precise manner,am I asking too much?, what programs it will install and the impact and risk these programs carry.

Posted by: Finnegen | November 1, 2005 7:39 PM | Report abuse

Great article, thanks for all the work and thanks to Sysinternals!
I for one am not buying another CD from Sony and will be telling my friends about this as well. This corporate mentality to DRM has to stop! It's killing the users rights...Thanks again, Dan.

Posted by: danh | November 1, 2005 8:04 PM | Report abuse

Absolutely Super article Mr. K, any chance you can convert the blog to an RSS feed, too lazy to click on "Bookmarks" to get to your page...

Posted by: Tekhelper | November 1, 2005 8:13 PM | Report abuse

This SONY stuff is scary. Free Culture @ NYU just demonstrated in front of the Virgin Megastore in New York City. Check out www.freeculturenyu.org/DRM/ for more information about our campus activism.

Posted by: Fred | November 1, 2005 8:58 PM | Report abuse


Excellent article --

I'm not buying ANYTHING Sony until this invasion of my personal property is ended.

Posted by: Tab Kin-Khan | November 1, 2005 9:11 PM | Report abuse

I have already written to http://www.first4internet.com/ and let them know that I will do my best to never purchase one of their clients' content. Hit'em in the wallet. That's the only language these fools speak.

Posted by: Charles | November 1, 2005 9:12 PM | Report abuse

How about this idea - a "sacrificial" computer to use for ripping purposes. Comments?

Posted by: Greg | November 1, 2005 9:29 PM | Report abuse

Tekhelper -- I believe you can syndicate the blog by feeding the following link into your RSS reader:

http://blogs.washingtonpost.com/securityfix/index.rdf

If that fails, most readers you can now just cut and paste the main URL of the blog and put it into the reader and click "subscribe."

Let me know if neither of those work. I need to get better about reminding people that they can syndicate this blog through RSS.

Posted by: Bk | November 1, 2005 9:33 PM | Report abuse

I'm sure Sony's lawyers signed off on this, but it sounds mighty risky. I wouldn't lean very heavily on a click-through consent screen, unless the key language is very prominent and virtually inescapable for an ordinary user. I gather that's not the case here.

A few lawsuits will be filed within weeks, I suspect, and Sony will find out how good it's legal counsel has been.

If the story is true, Sony has been really stupid, on several levels: legal liability, public relations generally, customer distrust specifically. I'd hate to be the genius who got Sony into this mess.

Posted by: tom | November 1, 2005 9:36 PM | Report abuse

I just wanted to say, thanks a lot sony. Thank you for caring so much about me for buying your products.... oh wait, you mean, I lawfully bought items from you and yet you're going to punish me by installing junk on my PC... well F you Sony, F you real hard!

Posted by: FSony | November 1, 2005 9:51 PM | Report abuse

This may not be the right spot to complain, but let them know that your business is going elsewhere: http://www.sonymusic.com/about/feedback.cgi

We can't support companies that install applications like this. I hope they lose any lawsuits that this may have brought upon themselves.

Congress / Senate: This should be their wake up call that consumers want fair use applied universally to our purchases.

Posted by: Webber | November 1, 2005 9:52 PM | Report abuse

************************************
****FIX FOR THE PROBLEM!!***********
************************************

I'm posting this via a proxy just in case Sony doesn't like what I post...
After reading this news story I decided to go after this software and defeat it, and I did.

The following is how you kill this hidden install. I did this in Windows XP Pro, so attempt on another OS at your discretion. This will require Administrator rights. Please read through the entire instruction set, and if you don't feel comfortable attempting this, then don't. The rest of you, follow me ;)
1. hit windowsKey+R to open the RUN command. Type services.msc to run the services dialog. Find 'Plug and Play Device Manager' in the list, right click and choose Properties. Under the General tab of the box that comes up, in the middle there should be the "startup type" of the service. Set this value to "disabled" and click OK. Next find the service named 'XCP CD Proxy' and set its startup type to disabled as well. You won't be able to stop these services, only disable them from starting next time Windows starts.
2. Download and run the latest Blacklight beta from http://www.f-secure.com/blacklight/ This program will find the 'super hidden' CD proxy files we're trying to get rid of. When it finishes searching click next until you reach the screen that shows you all the hidden files it found. Select all these files and click the "rename" button to the right. Windows will restart once you click OK, and the files will be renamed.
3. Once Windows restarts you will have lost any and all CD/DVD drives. DON'T PANIC! Hit windowsKey+Pause/Break to open up your System dialog. Click on the Hardware tab, then on the "Device Manager" button. Your system will not list any CD/DVD drives, but you should see IDE slot(s) that have little yellow circles with exclamation points over them indicating a device with a problem. In order to restore the drivers to their un-sony-altered state you must right click on the affected device and choose "uninstall driver". Do this for each device with a problem.
4. Now that you have uninstalled the affected drivers, simply navigate to your Control Panel via the Start Menu and choose "Add Hardware". The add hardware wizard will run and find your previously disabled devices. Your drives are now restored and functional, and this potentially dangerous menace vanquished.
5. Advanced users may now go and clean up the mess, but this step is not necessary. Delete renamed files, and dare I say it, registry keys that pertain to Sony's program. Use this list for reference: http://www.europe.f-secure.com/v-descs/xcp_drm.shtml but nothing really beats searching.
--------------------------------

As an added note, once I got my drives back up and running, I popped in the CD that put this program on my computer. I was able to use a multi-session aware program (Roxio) to access the audio portion of the disk and rip MP3s to my hard drive where they will now be listened to in my preferred player the way God intended it to be. Oh, and the only illegal thing that went on here was what Sony did!

CONSUMER 1 - SONY 0
--------------------------------
P.S. Once you rip MP3s from your Sony disc, burn it the old fashioned way, with gasoline and a match!

Posted by: StoneCypher | November 1, 2005 10:46 PM | Report abuse

What will this do to all cd sales? The bad chicken scare by Tyson made all chicken meat sales drop. The old (by now) Tylenol cyanide contamination scare lowered their pill sales even though only about three bottles had it in them.

Posted by: Dickrichard | November 1, 2005 11:03 PM | Report abuse

I use many sony products... man am i stupid... i can't believe this crap is happening... i can get a lawsuit put against me for spyware, but sony can just put their's in almost every computer and its "OK"... F THAT!!! Sony crossed the line on this one!
BOYCOTT SONY... I GOT ENOUGH SPYWARE COMIN AT ME AS IT IS!!!!!!

Posted by: JOHN | November 2, 2005 12:00 AM | Report abuse

After reading this, its for certin that I will not buy or purchase any sony products again, I deal with enough spyware and so do my customers, sony doing this is a mistake they have gone to a whole new low. my play stating and all games have been sold just today mind you and I got my self and Xbox lol. funny

Posted by: Mick | November 2, 2005 1:55 AM | Report abuse

anyone know how we can email them?

Posted by: Mick | November 2, 2005 1:56 AM | Report abuse

anyone know how we can email them?

Posted by: Mick | November 2, 2005 2:11 AM | Report abuse

How long will it take for the AV vendors to detect and erase that rootkit?

They *will* have to detect/erase it, as pretty soon malware will adapt to hide itself using the name patterns cloaked by the SONY rootkit.

I think that the planting of rootkits as part of DRM is unethical to say the least. I hope there is going to be lgeal actions against any companies that used this. I believe that over time other companies besides SONY will be found that did this.

Needless to say I won't be buying any products from them anytime soon.

I am mad.

Posted by: Stefan | November 2, 2005 5:09 AM | Report abuse

I'm totally insulted at the fact that all sorts of record labels have been able to throw their weight around like this. According to the original Copyright Act of 1976, we have the right to make copies of media for archival purposes. The very idea of a 'copy-protection' feature is illegal by the Copyright Act's very wording. The DMCA, which supports the record label's actions, is itself illegal. Ultimately, Sony's action of installing a rootkit is even MORE illegal, as it causes damage to another person's property!

This needs to be stopped.

Posted by: Travis | November 2, 2005 6:28 AM | Report abuse

Sony should change their attitude all together. First there should be an option NOT to install their anti piracy software. Then all who that agree and install their anti piracy software should be rewarded for once by entering regular big prize draws for example.

Posted by: Paul | November 2, 2005 6:59 AM | Report abuse

I have emailed Sony, telling them that I will no longer purchase there products.
Up till now I have paid for CD & DVD`s since I am in the industry... and being a tech I have all the software to rip almost anything out there, I just havn`t used it.... I WILL NOW.
Maybe I should rip my entire DVD collection ( all 520 DVD`s), then I can re-sell the originals. Sony screws us, we screw them, seems only fair.

Posted by: Daniel | November 2, 2005 7:32 AM | Report abuse

I'm going to send a request that the Justice Department investigate the intrusion software being destributed by Sony as a DRM measure. Using a RootKit open the potential for cyber terrorism and cyber crime. This is outragious.

Posted by: David2 | November 2, 2005 7:53 AM | Report abuse

No Sony for me, either.

I liked the aphorism about "no one raindrop thinks it is responsible for the flood" - so I will be one raindrop who will *try* to cause a drought - right on Sony's bottom line.

My business is going elsewhere.

Posted by: Mike | November 2, 2005 9:05 AM | Report abuse

Can we sue sony for trespass to chattel when they screw up our machine? Seems like a shrinkwrap EULA is a mighty thin piece of paper to stand behind when they could quite easily be taking out someone's vital business records with this crap.

I hate to say it, but Sony's best days are behind them. This is disappointing.

Posted by: Tim | November 2, 2005 9:40 AM | Report abuse

I'll promise not to steal music, if the record companies promise to stop bribing radio stations and djs.

Posted by: just some guy | November 2, 2005 10:02 AM | Report abuse

Yeah, Sony just lost my $4000 or so planned spending on a new flatscreen TV next year. Sony's TVs are very good picturewise and look good but there's more choices nowadays so no problem.

Posted by: A "consumer" | November 2, 2005 10:10 AM | Report abuse

You never know how low a company will go...

As is always said "two wrongs don't make a right." You cannot expect to enforce one law through the circumvention of another... I see one big class-action in the works....

If I were to couple my tech powers with a lw degree, mmuahahahaha....

Posted by: lozeerose | November 2, 2005 10:15 AM | Report abuse

I've writen sony, and told them that I am not going to buy another one of their products, CDs especially, until they stop using this abrasive DRM system. I encourage you to do the same and actually follow through with it. If enough people get upset about this, they'll have no choice but to ditch it or have massive sales drops.

Its almost to the point now where I'd say its better just to pirate music and send the author of the CD a $10 bill or something. I can't stand these stupid record labels.. go indie artists!

Josh

Posted by: Josh | November 2, 2005 10:24 AM | Report abuse

I have been unhappy with Sony's so-called customer support and unwillingness to 'fess up' to faulty products in the past but this has pushed me over the edge.

Bye bye Sony. I will never again recommend or purchase one of your products.

Posted by: Chris | November 2, 2005 10:29 AM | Report abuse

Bye bye Sony sale for that Flat screen i was going to purchase!!!

Posted by: Tina | November 2, 2005 10:39 AM | Report abuse

I wonder if it would be possible to just decline the software install and use Isobuster to get the .wav files. Ever since CDs with DRM have started coming out, I never put one in my Windows box unless I am sure that it is a standard CD.

Posted by: ebob | November 2, 2005 10:44 AM | Report abuse

Sounds like what they're doing is illegal. Guess I just won't buy another Sony product ever again.

Posted by: John | November 2, 2005 10:45 AM | Report abuse

Here's what I just mailed in to Sony:

Hello.

I have just learned about the malware that Sony has started to add to "compact disks" (in quotes, because Sony breaks the CD standard) via poorly-written DRM software from First4Internet. It is simply unconscionable that Sony would resort to such unethical lengths to prevent the pirating of a software. In fact, criminal trespass comes to mind, given that the software differs from what is described in the EULA and non-removable.

I'm outraged at this behavior demonstrated by Sony, and I can assure you that I am no longer a Sony customer. In short, although I am a computer enthusiast/technologist who builds his own systems and enjoys gaming, and although I am a scientist who uses high-end computing resources on a daily basis, I won't be purchasing any of the following from Sony in the next few years:

1) Stereos and portable audio equipment
2) Flat screen televisions, plasma TV's, etc
3) High-end computer LCD monitors
4) Laptop computers
5) Computer CD and DVD drives
6) Sony-branded CD, DVD, and floppy disk media
7) PlayStation 2 or 3
8) PlayStation Games
9) PlayStation Portable

and needless to say,

10) Sony and BMG music.

If you break standards on DVD equipment, add Sony and Columbia TriStar movies to that list.

Thank you for making my future purchase decisions so much easier.

Sincerely,

Paul Macklin

Posted by: Paul Macklin | November 2, 2005 10:46 AM | Report abuse

With my general anti-Microsoft slant and now my general anti-Sony slant, I guess I'll be buying a Nintendo game console.

Posted by: Robert | November 2, 2005 10:47 AM | Report abuse

Besides telling Sony that you will not be purchasing from their label anymore, it might be a good idea to send something to the musicians who are on that label and whose music you *would* have purchased that about your boycott as well. If Sony starts hemmoraging artists, that will hurt them pretty badly as well.

Posted by: Ed T | November 2, 2005 10:47 AM | Report abuse

The issue is the approach of the media industry as a whole to our rights: their true goal is to charge us for everything we intend to do with our legally purchased media.
Think about iTunes or the other microsoft playsforsure based services: you can play what you buy on so many devices and burn it so many times. And pray they don't deed to update their DRM, or you could find your media collection has become useless overnight.
The future is even worse, just think of Blueray/HDDVD and the approach to backup of the majors.

Posted by: Albert | November 2, 2005 10:48 AM | Report abuse

This just shows us our security standards need to be higher. This should have been detected earlier! Luckly for the sysinternals for stumbling along this issue.

F-secure's conclusion is lame, "The DRM software does not self-replicate and doesn't contain malicious features and should thus be considered a false positive" anything that is installed without our knowledge and adds to my system resources and then ruins my cdrom once I try to remove it, isn't a false positive.

Sony & corporate suckup F-SECURE both lost my vote. However, F-secure was never a worthy product anyways.

Posted by: Jorden | November 2, 2005 10:55 AM | Report abuse

What government agency has jurisdiction to investigate this clearly unacceptable practice?
The Federal Trade Commission?
The New York Attorney General's Office?
Exactly what law does this software violate?

Posted by: randall | November 2, 2005 11:03 AM | Report abuse

They should pay for it, suckers.

Posted by: marian | November 2, 2005 11:17 AM | Report abuse

As has been stated before:
- I will not buy any Sony Crap in the future
- I will copy "copy-protected" CDs and use the copy instead of the original, keeping the original on the CD shelf as "decorartion". Up to now this worked fine with cdparanoia and linux every time I tried.
- Should at some day the root-kit called "copy protection" really prevent copying, I will digitize the output from the amplifier. I know that this will cause a reduction of quality, but that is ok...

Posted by: NoName | November 2, 2005 11:23 AM | Report abuse

It is bad enough that music is being tied to one operating system. Move off Windows, lose access to your music! I can see Microsoft loving this - hence the push to make Windows Media Format ubiquitous - but it's not good for consumers.

Even worse, these things tie the music to a particular version of the operating system. Upgrade Windows - risk losing access to your music. It's not just this program, but the various other music players you find on CDs that may not be runnable on future Windows.

The comment that the program "breaks Vista spectacularly" shows this to the extreme. A Music CD that destroys the buyer's computer?

Fortunately for now programs like Grip on Linux are completely oblivious to the copy protection, but what of the future should new better "protected" formats become common? What kind of world are we walking into?

Posted by: Richard Corfield | November 2, 2005 11:23 AM | Report abuse

I've noticed that several posters in this thread are threatening to get their music from iTunes or Napster. If you do this you would still be giving money to Sony. All the legitimate download sites pay royalties to the record company that produced the song one is downloading.

As for me, I stopped buying any Sony electronics a long time ago. Their stuff is sub-standard to the extreme. I guess I'll add CDs and DVDs to the list.

Posted by: DT | November 2, 2005 11:23 AM | Report abuse

Sony should be punished financially for doing this individually and group wise. I will be away from any SONY product for years to come.

Posted by: leapon | November 2, 2005 11:27 AM | Report abuse

Another way to prevent the problem? Turn off AutoPlay on your CD drive... No auto-installer, nuthin' gets installed.

The rootkit only gets installed when the SONY Media Player gets installed - and the SONY Media Player will only get installed if you allow the CD to spin-up with AutoPlay enabled (otherwise, you'd have to click on the installer deliberately).

Posted by: protected static | November 2, 2005 11:29 AM | Report abuse

Heres my letter to sony
=======================
I know this email will make no difference, just be read by someone in admin (hello admin :o)) who will just delete it :( but hey.
I have been a loyal sony customer for years (PS, PS2, Stereo, TV, VAIO Laptops) and am now refusing to purchase any more products. Shame cos I wanted a PSP :(
If you got this far you may be asking why!

"CONTENT/COPY-PROTECTED CD." is why. All this DRM is getting stupid. You can get away with it on the PS and Minidisc because they only play on the relavent hardware.
You cannot get away with being so arrogant, and joining the stupid paranoia of the music industry, when its audio.
If things keep going this way I feel the big music producers may shoot themselves in the foot as un-encoded bands starts to release MP3s via smaller sites.
Thanks for the years we spent together, I'm getting too old for consoles I suppose so I won't be switching to the other evil the XBox.

Please let the men upstairs know they are solutions everyone can be happy with, You, us , the bands and the accountants. If you want to know, just ask ;)

Posted by: The bat | November 2, 2005 11:57 AM | Report abuse

Quit goofing around with all this chat. Here's the email address of Sony's president, Nobuyuki Idei, Chairman and Chief Executive: nobuyuki.idei@jp.sony.com Let's just ask him what he's going to do about it.

Posted by: XB-70 | November 2, 2005 12:01 PM | Report abuse

I bought a sony HD projection screen and it gave me THE worst consumer experience of my life dealing with it's stupid recall regarding defective projection tubes. And this was after Consumer reports gave them almost the highest rating for HD projection TV's for reliability. With the whole batch of junky sony products and endeavors and now this hacker crap they pull on it's consumer products puts sony on my "do-not-do-business-with" list with McDonalds, Walmart, Pepsi, and others.

The bitches can go bankrupt for all I care.

Posted by: d | November 2, 2005 12:24 PM | Report abuse

Buying CDs is soooo 1990s :)
I dont remember last time I bought a CD

Posted by: Khalid | November 2, 2005 12:27 PM | Report abuse

This is a deliberate and systematic
practice of criminal trespass,
perpetrated many millions of times
(this activity has been going on
since March 2005). Sony as a corporation--and all
of its executives and employes
responsible--should be prosecuted to the extent of the law on this. Frankly, I think the prison sentences need to be *consecutive*
(not concurrent). Maybe a few million years in the slammer will
make the rest of the media publishers think twice...

Posted by: Carlie Coats | November 2, 2005 12:31 PM | Report abuse

I am primarily responding to Stefan and others to educate them about what a rootkit is, and what it is not.

1. Rootkits are not viruses. They do not replicate and spread on their own (yet). They can be injected in browse-by methods using primarily Active-X, but Java can also be used. I have not heard of them using JavaScript yet to do their dastardly deed of infecting a machine. AFAIK, Sony is the first that has installed a rootkit via a hidden CD program. I assume there are probably others who have done it or are planning to do it this way. If software can hide itself so that the operating system itself does not know it is there, you have a rootkit. Rootkits originally were a problem with Unix systems and have spread to Windows. By that I mean the idea. A rootkit that affects a Unix / Linux / Mac OS X system has no effect on an MS Windows system or vice-versa. Frequently, a rootkit that affects one kind of Unix system will not do anything to the other Unix systems either.

2. AV companies can NOT detect a rootkit. Rootkits are in essence completely hidden. How can the AV program remove a file that it can't even see? Even the operating system itself can't see the files the rootkit uses or the processes that the rootkit runs. There are only two means for detecting and removing rootkits:

One method for removing a rootkit is a back door approach like the one that Sony is employing.

The other method for removing a rootkit is to boot from a rootkit removing CD ROM. It works by comparing checksums of files it knows about and revealing files that were hidden and that can now be seen. You can remove the rootkit only if it knows all of the patterns (additional files, altered check sums on existing system files, etc.) in advance to look for. If it doesn't know about the specific rootkit you have it isn't a complete loss. It may not have a name for the rootkit you have, but the rootkit remover can frequently detect the presence of a rootkit on the system IF it alters any of the existing system files (one of the checksums is off). You almost HAVE to alter one of the system files to hide yourself. If the rootkit remover doesn't know exactly which rootkit you have, all you can do is wipe the disk and start over. The problem with that is that it is not all that hard to modify an existing rootkit so that the rootkit remover can't identify the new rootkit you have on your system. Ergo, if you get a rootkit - you usually have to wipe the disk and reinstall the operating system.

I don't think a EULA will save Sony this time around. Their software is actually altering the OS in a dangerous manner that leaves you vulnerable to even more infections, and thus at least for the Etas Unis, comes under their anti hacker laws. Whether or not anybody will enforce those laws is another matter. I suspect that since they (Sony) are big and powerful that nothing will be done. Sony is the big bad bully, and will probably get away with it EXCEPT with consumers voting with their pocket books.

The work-around is simple enough. Just install Linux or buy a Macintosh and you will be totally safe in using the diseased CDs. Either that or just play them in a normal CD player. On the other hand, most people using Linux don't spend much time ripping CDs either. I don't even know if there are programs to do that on Linux. There probably are, but I don't rip CDs. Generally speaking once I boot up to Linux I turn the speakers and the printer off altogether. It sure is nice working in that nice quiet peaceful working environment. No viruses, worms, trojans or other things unless I go out and find them to study (in complete safety). Yes, I do study them! I am a Computer and Network Security Analyst.

The rant against F-Secure is totally uncalled for. Kudos for their admirable work and courage to go public with their findings rather than cave in to what is understandably considerable pressure to not make their findings known. No, I don't use their products and other than looking at what they have, there is no affiliation between us.

Remember, find out what AV product your ISP is using, and use something else other than what they are using. That way if one AV vendor misses it, maybe the other one will stop it. Then again you could use Linux or a Macintosh OS X and not worry about it at all any more.

Posted by: Henry Hertz Hobbit | November 2, 2005 12:33 PM | Report abuse

Sony is on my Sh*t list now, too. I never buy cds that are marked DRM but I'm not buying any new Sony computers, tvs, etc.

Posted by: Tyler | November 2, 2005 12:35 PM | Report abuse

Class action lawsuit by windows users for the damage caused to their 'puters. Sony has pretty deep pockets. As a linux user I can't join the suit, but hey, at least I can copy all the cd's I want!!

Posted by: anonymous coward | November 2, 2005 12:51 PM | Report abuse

Sony has taken a suicide pill.

Remember the Betamax system ? You don't even need to push the repeat button.

I wonder what the link will be with the New Blu-Ray DVD format ? The machines will certainly play CD's as well as DVD's. There will be a killer app (literaly and figuratively) in the combo. When buying the Blu-ray burner there will be driver software which will probably have something hidden (not really hidden as there will be something buried in the EULA) in which will be able to migrate or inspect the rest of your PC.

In considering the concept of copyright, what about GOOGLE scanning 100,000's of documents for public access? Though altrusic and deemed to be serving the public, it does cause pause for reflection.

Posted by: Where's the beef ? | November 2, 2005 12:54 PM | Report abuse

Sony seems to have gotten the message, a little late...

http://cp.sonybmg.com/xcp/english/updates.html


SOFTWARE UPDATES/ PLUG-INS

November 2, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers.

http://updates.xcp-aurora.com/

Posted by: Dave H | November 2, 2005 12:59 PM | Report abuse

When will the music industry open its eyes and actually ask people who don't live in ivory towers how to get round the problem! Heres my questions and opinion, which also apply to software:-

I think most people are under the impression that when you purchase a cd you are buying the right to listen to that music how you please. Therefore, it would seem that you actually buying the [i]'right'[/i] to listen to the songs on the album.

This would be a eutopian ideal and truely fair. Unfortunately it would seem you are only buying the right to listen to THAT cd. Otherwise when vinyl was replaced by cd, we'd have got an upgrade for the cost of the cd production ;) I personally bought a particular album once on vinyl and 3 times on cd because its one of those albums that gets 'borrowed'. I would never buy it again (4 times is enough) but I do have mp3's of it. Is that justified?

The problem with all DRM approaches so far, is that they are draconian! Yes you can buy an mp3 from itunes as long as you don't transfer it to an mp3 player, off your ipod, to a different machine, to an audio cd, to an mp3 cd.
So what have you bought? A time lease to listen to the track? Another format version (think vinyl, tape, cd)?

All in all its a bit confusing and stupid! The music industry needs to define clearly what you are purchasing. At the moment it just seems that if you legitimately download music, you are just buying another format that will expire when you get a new player, pc or hard drive.

[b]What I want[/b]
I want to buy a track/album and do WHAT I WANT WITH IT. I want to put it on my mp3 player, I want to put it on an MP3 cd for my car player and put it on my fileserver so I can listen to it anywhere in my house. Is that too much to ask? How much does the music industry actually think music is worth?
Taking that album I bought too many times cost me the equivalent of £84.95 is good ole pounds sterling. Isn't that enough for one god damn album!

[b]Lets be sensible[/b]
At present you will never stop your music being pirated. Until you change every single piece of audio hardware out there (they are trying, trust me) you cannot stop people copying audio. Its been going on since tape was invented and its never killed the music industry yet.

You want us to buy our tracks, then get real.

1. When we buy it, we own it.
2. We want to listen to it how, on what and where we like!
3. You want us to pay, rather than go pirate. Encourage us.
4. Let us see what difference it makes to the bands.
5. Give us points to be redeemed on other tracks.
6. Accept that a CD is not worth £16.99 and an mp3 track is not worth £1, revise your pricing
7. Stop prosecuting 12 years old girls, hoping we will all run away and start shooting cats instead!

Posted by: The Bat | November 2, 2005 1:12 PM | Report abuse

Can't edit to get rid of iTunes below. argghhhh. My mistake, I have never used iTunes so couldn't comment on their service.

Posted by: The Bat | November 2, 2005 1:21 PM | Report abuse

This is despicable. And it's not even particularly effective, if I am correct that without Sony's malware installed, it looks like a normal music CD. If you hold the shift key down while inserting the CD (wait for the CD light to flash), it will prevent autorun from starting the rootkit installer. I assume the CD then look like a normal music CD that can be played, ripped, etc.

Posted by: Gregg | November 2, 2005 1:30 PM | Report abuse

It's like discovering that your cough medicine actually changes your DNA in irreversible ways... and nothing on the label says so. Then you find out that the reason for the DNA change was just to make you allergic to knock-off cough medicines, not to make you any healthier. In fact it could kill you.

Posted by: jackco | November 2, 2005 1:33 PM | Report abuse

I just sent my comments to Sony's Sony Music feedback. If they start doing this, what else are they going to invade? Thank goodness the only Sony thing I own is a cordless phone. I'm telling all my friends about this. Maybe the DOJ can get involved because I can't believe what Sony is doing can really fly legally. We've all said yes at one time or another to EULA, but that software we could always uninstall if we changed our mind. We have no such option without going through hoops (for those with more geek savvy). The average user is uninformed, will click yes and never have a clue. Yes, others posted 'dont run autoplay'. Average users won't know that.

Posted by: Evita | November 2, 2005 1:37 PM | Report abuse

Hmmm, To put this in secret-service-ese, we've basically got foreign nationals selling cds that install rootkits onto our computers.

What happens if one gets onto a govt. computer, as it inevitably will?

That might be a spot of bother.

Has anyone reported this to homeland security/ their local secret service (if not in us)?

Posted by: kimb | November 2, 2005 1:44 PM | Report abuse

Why is no one angry at MSFT over this? Certainly, Sony's actions are reprehensible, and if not strictly illegal, *should* be illegal. Still, here is a security hole large enough to pass a Mack truck, and that security hole is Microsoft's responsibility. This world of "surf-by installs" and "auto-run rootkits" is Microsoft's doing, and needs to be stopped.

Posted by: dbc | November 2, 2005 1:52 PM | Report abuse

Here's a scary thought, SONY just released on millions of CDs, a copy of a rootkit that anyone with admin access can install on any machine and use to hide any other software or files they want to install simply by naming it $sys$. That means if someone wants to hide kiddyporn on a machine, simply rename *.* $sys*.*, or maybe hide keyloggers, etc. Since the directories are still accesible, the files can still be used by someone in the know!!!

Posted by: Dave H | November 2, 2005 2:07 PM | Report abuse

Don't forget any AIWA products as well these are made by Sony. I am glad that others are now finding out what I have known for a few years about Sony. I have not purchased anything from Sony or partners for years now.
You feeling it now Sony... Layoffs, restructuring, they have started fighting for crumbs, the current music industry is a dieing business model, you are now dieing Sony wakeup.

Posted by: Brad | November 2, 2005 2:38 PM | Report abuse

Well, there's one more reason never to purchase a commercial disk. Way to go Sony!

Posted by: p2p fiend | November 2, 2005 2:52 PM | Report abuse

The "update" Sony has released that removes the system-damaging effects of their malware requires you to be using MSIE in order to run the ActiveX application on their site to install the update. Since I use Mozilla, the update site is useless to me and similarly situated people.

Posted by: Dan | November 2, 2005 2:57 PM | Report abuse

This is a follow up to my "FIX FOR THE PROBLEM" post below, where I showed how to disable and remove the program.
I saw that someone posted a Sony 'solution' to uninstalling this thing. I don't think I'd trust them as far as I could throw them to uninstall it for me... Might end up with a true fix, might end up with another rootkit.
The real reason I'm writing this is because it appears that by leaving the registry keys intact you won't see another install screen come up if you insert another Sony copy protected CD. This means the CD will come up, and autoplay the silly flash player, but without the CD proxy running you can rip the content off the way you normally would :) So the presence of the registry keys makes the CD think everything's still installed, but the program's not actually running--Brilliant!
So, if you're intending on deleting the registry keys then you might want to rip all your Sony CDs first. Then delete the registry keys, and set fire to all your Sony CDs... I'd like to see someone post pics of the melted glob of their Sony discs. I'd post mine if I thought of it before setting the fire ;)

Posted by: StoneCypher | November 2, 2005 3:00 PM | Report abuse

IMHO this is criminal, if its true that it is not easily removable and degrades the performance. IF I find more evidence about it that is conclusive I WILL NEVER BUY A SINGLE SONY CD AGAIN. And I mean it. A dishonest but for me convenient Airline company hasen't seen me for 15 years on one of their planes. Decisions are only valid if they are KEPT.

Posted by: Peter | November 2, 2005 3:39 PM | Report abuse

What about a class-action suit? This is criminal.

Posted by: Astralis | November 2, 2005 5:11 PM | Report abuse

We would be interested in speaking to any California residents that have experienced this problem before the EULA was changed. We have looked at many DRM cases and Sony went too far with this particular scheme. You can contact us at gw@classcounsel.com or by visiting our web site at http://www.classcounsel.com.

Posted by: Green Welling | November 2, 2005 6:34 PM | Report abuse

Infected by DRM...
Infected by DRM...
Infected by DRM...

thanks sony!

Posted by: ac | November 2, 2005 6:37 PM | Report abuse

Oh well. Instead of inserting the CD into my computer, I'll insert it into my CD player - making a direct and acceptably-good analog copy of the CD simply by plugging the player's RCA outputs into my soundcard inputs. End of problem. As Scotty once said to Dr. McCoy in STAR TREK III, 'The more they overtake the plumbing, the easier it is to stop up the drain.'

Posted by: Ruth | November 2, 2005 6:52 PM | Report abuse

this is a non-issue since rootkit technology was overcome before it was invented - http://www.cdfreaks.com/news/12624

Posted by: rootkid | November 2, 2005 7:00 PM | Report abuse

The Whole notion of 'copyright' controlling what people do with products they've purchased in the privacy of their own homes and on their own equipment gives rise to the 'thought police'. It isn't just Sony, either. Get a load of Bill Gates and the direction his company is headed with respect to 'authentication'! Essentially, your PC will no longer be your own or under your control since it's useless without software and an operating system. Since the companies that make the software are bent on absolute control of that software, your PC (and options) will necessarily follow suit. You may have the modern equivalent of a Gutenburg press in your possession, but if the CONTENTS it can print are under the control of others, it's just a toy, not a tool.

Posted by: pinbalwyz | November 2, 2005 7:19 PM | Report abuse

If I understand this correctly this Sony software will not install on my PC if it thinks its already installed.

So it must be easy to build a ghost that makes this Sony First4Internet stuff not install.

This is like getting a DRM flu jab.

Fakes the fact that the Sony crapware is installed but leaves every CD unprotected by this stupid First4Internet software

Posted by: Dave B | November 2, 2005 7:31 PM | Report abuse

I don't think Sony legal truly understands the state to state variations in computer anti-hacking laws here in the U.S.

Some are truly draconian.

This unremovable software violates the anti-hacking statutes for my state.

While, unlike other posters, I don't think it would mean actual criminal charges, the economic damage could be enormous.

For example, the state attorney general's office could easily ban the sale of any discs containing this software in our state.

Conceivably, the AG's office could also order refunds for all those who purchased such affected discs (that might require court action)

Posted by: Bill | November 2, 2005 8:47 PM | Report abuse

Nice one Sony. This company used to have my highest regard for their innovation and quality but since they have become a "media" company, they have slipped. And how...

I was seriously thinking of upgrading some of my video-editing equipment, including replacing an aging Betacam deck with an DigiBeta or SX unit ($40K) , not to mention replacing a few CRT broadcast monitors with flat-panel displays. But now...

This signals the end for a once-great company, clutching at straws and trying to wring the last dollar out of an increasingly media-savvy public.

Game over, Sony. Mr. A. Morita would be ashamed at what you've sunk to.

Posted by: Monsieur Aardvark | November 2, 2005 8:53 PM | Report abuse

RIAA sued my 90 year old Grandma for downloading MegaDeth. WTF? Now Sony wants to RootKit Grandma's Dell. FWTF?

Bastards !

Posted by: john s | November 2, 2005 9:11 PM | Report abuse

Would copying a CD for fair use with a dual-tray CD copy machine beat the code? I have a Phillips dual-tray CD recorder that allows you to copy CDs. It does not seem to be bothered by all this DRM rootkit malware... Go buy a CD recorder time? Buy them before the SONYs of the world outlaw them too...

Posted by: J C | November 2, 2005 11:13 PM | Report abuse

Sony, in over 30 years of purchasing for Universities, Television Stations and other big media outlets, I've bought hundreds of thousands of dollars worth of video, audio and other electronic gear from you; never again...

Take this company down; especially the greedy bastards in Hollywood -- they suck the most.

Posted by: kinohead | November 2, 2005 11:28 PM | Report abuse

2 years ago, at Defcon, one of the attendies publicly disclosed that he had been working on such code.

Posted by: SimonSaz | November 3, 2005 8:20 AM | Report abuse

Corporations claim that DRM is necessary to protect their sales (profits). Two economists have done research that shows that filesharing does NOT have an effect on CD sales. "The Effect of File Sharing on Record Sales An Empirical Analysis" March 2004 by Felix Oberholzer and Koleman Strumpf.

Posted by: Steve | November 3, 2005 9:08 AM | Report abuse

> Unfortunately, he found that removing the program also erased the system files that power his CD-ROM drive, rendering it useless.

Actually, it doesn't erase these files - it just leaves your computer's configuraton in a state where it doesn't see the drive. This can be repaired with a modification to the registry.

Granted, most people wouldn't know how to do this, and as far as they're concerned, the cdrom driver may as well have been erased.

Posted by: PinkFreud | November 3, 2005 9:37 AM | Report abuse

Brian,

You are one really cool guy. Your commentary on this whole sad affair has been some of the best I've seen. I hadn't known about your column before this, but I'm subscribed to it in my RSS reader now.

Cheers!

Posted by: Mike | November 3, 2005 9:46 AM | Report abuse

After reading this article yesterday I contacted Sony and received this reply. Apparently, if you want to completely uninstall this software you still need to go through a step beyond running the "uninstall" update they released yesterday.

This is from the email I received:

Sony BMG and First 4 Internet have just released an update that will completely
remove the rootkit based DRM content protection software and replace it with a
non-rootkit DRM technology that is compatible with all current security
protocols. To ensure the security of your system, please visit their software
update website to obtain and install Service Pack 2 at:

http://updates.xcp-aurora.com

If after this update, you still wish to uninstall our software, please visit the
form below using the computer where the software is currently installed and you
will be emailed an uninstall link within 1 business day (M-F).

http://cp.sonybmg.com/xcp/english/form9.html

Your "Case ID" is: ---------.

TIP: Our uninstall request form will require a small ActiveX plug-in (from First 4 Internet). Be sure to also temporarily turn off any pop-up blocker software. Although a non-ActiveX process is in development, currently, our online process is the only option.
Should you prefer to wait for the next uninstallation version, one is due to be released later this month at:
http://cp.sonybmg.com/xcp/english/updates.html

Posted by: Mark | November 3, 2005 9:58 AM | Report abuse

Sony is now the equivalent of Real Player. Sony you are now DEAD to me. I will never buy another Sony CD or software product again.

Posted by: Bye Sony | November 3, 2005 9:59 AM | Report abuse

Thanks for the kind words, Mike. And thanks to everyone who has posted their thoughts in response to this story.

Early last night, I filed a full-fledged story about this whole dust-up, including breaking the news that Sony had decided to release a patch to make their hidden files not so hidden.
http://www.washingtonpost.com/wp-dyn/content/article/2005/11/02/AR2005110202362.html

Posted by: Brian Krebs | November 3, 2005 10:10 AM | Report abuse

I will never again buy Sony products or BMG music PERIOD.

Posted by: A FORMER CUSTOMER | November 3, 2005 12:25 PM | Report abuse

Great story, I certainly hope these latest findings help bury this most recent attempt at copyprotecting CDs. I bought my first "content protected" CD, The Dead 60's, by accident because I wasn't paying attention to the labeling. Needless to say I can't listen to it at work.

More recently I left a store with two CDs that I was eager to hear, The Coral and Black Rebel Motorcycle Club, and was completely dishearted to findout they too were protected. I should have walked back in the store and returned then, because I don't like being automatically treated as a criminal. In the end wanting to support the artist and hearing the music won over trying to send a message to Sony.

If it were not for the fact of having a MAC at home on which you can easily rip these CDs for an iPod, I'd be more miffed.

One of the ways touted for getting around this software is by turning off autorun or holding down shift keys when loading the CD. Is this in fact the case? Because when I tried that method on my work Windows PC, it didn't prevent the CD from trying to load the software.

As a side note, I was suprised that a recent DualDisc was easily ripped on a MAC, but unreadable in a PC.

Posted by: kosmo vinyl | November 3, 2005 12:26 PM | Report abuse


Other than turning off "autorun" for CDs, and just not using a Sony CD in your computer, what can be done to prevent this Sony DRM rootkit from installing itself? Is it enough to restrict ordinary users to Read/Execute priveleges on the Windoze directory?

Posted by: te | November 3, 2005 12:47 PM | Report abuse

Some commenters on the systeminternals web site have done some research and come up with the following:

"Sony is huge. According this Wikipedia article, http://en.wikipedia.org/wiki/Sony_BMG_Music_Entertainment, they own Arista Records, Columbia Records, Epic Records, J Records, RCA Victor, RCA Records and many more."

"...this Wired article http://www.wired.com/news/digiwood/0,1412,67696,00.html from May reported that First 4 Internet's clients include Universal Music Group, Warner Music Group and EMI, in addition to Sony/BMG."

If Jeff Bezos, head of Amazon.com and one of the recording industry's largest customers is not reading this, he should be. This has huge potential for lost business, refunds and returns, ill will, and -- maybe -- liability suits naming retaillers like Amazon as co-defendants.

If there is to be a boycott of the DRM-crazed members of the RIAA, it seems that the retailler community is where it should begin. They might lose a little business up front, but they would benefit greatly in the end.

Posted by: JamesB | November 3, 2005 12:56 PM | Report abuse

"Is it enough to restrict ordinary users to Read/Execute priveleges on the Windoze directory?"

Sounds like it, te:

"The DRM software requires administrative privileges to be installed successfully"

See:

http://www.europe.f-secure.com/v-descs/xcp_drm.shtml

Posted by: Michael | November 3, 2005 1:47 PM | Report abuse

Michael -- Sure, but what percentage of Windows users run their systems in limited user mode? My guess is less than 20 percent.

Posted by: Bk | November 3, 2005 2:01 PM | Report abuse

We are a nation of sheep, we typicaly will complain about many things that seem to us to be unfair but that is where it will end, we will ultimatly accept and follow whatever path Sony or whoever sets for us. look at big oil, they have billions of dollars of profits, we, the citizens, complain about gas prices, the Government says "We are going to start an investigation", the prices stay up and no one ever hears about the result of the "Investigation", we just accept it and move on and Sony knows it, A Nation of Sheep.

Posted by: Ben | November 3, 2005 2:30 PM | Report abuse

I was in the process of choosing a new Hi-def flat screen. I couldn't make up my mind. Sony was an option. Now I have one less to rule out. Never again will I buy Sony!

Posted by: kevin | November 3, 2005 2:36 PM | Report abuse

Folks, it's time to boycott Sony. They aren't punishing anyone with this other than people who actually bought their products. I'm not buying Sony products ever again.

Posted by: Octothorp | November 3, 2005 2:37 PM | Report abuse

This is unfair and illegal (to Windoze users)! Linux RULES!

Posted by: someone | November 3, 2005 2:38 PM | Report abuse

Folks, it's time to boycott Sony. They aren't punishing anyone with this other than people who actually bought their products. I'm not buying Sony products ever again.

Posted by: Octothorp | November 3, 2005 2:38 PM | Report abuse


Michael -

Thanks for the clarification about needing Admin priveleges to install this rootkit.

Bk -

Thanks for this article. About the <20%: Another reason to stress that people need to set their everyday account to limited priveleges, and use the Admin account only when needed.

About a class-action suit and the DMCA: It seems to me that if anything, Sony could bring legal action against the person who exposed this - don't forget, under the DMCA it is ILLEGAL not only to break copy protection, but arguably to even discuss HOW to break copy protection, the 1st Amendment be damned.

See, e.g.:http://www.cs.cmu.edu/~dst/DMCA/Gallery/

Orwellian indeed.

Posted by: te | November 3, 2005 5:18 PM | Report abuse

Really angry about this one. Have emailed a long-winded complaint to Sony feedback address (for want of better-as suggested by a poster).Counselling my teenage musician kids to watch this one. Sony just lost three consumers in one fell-swoop. Oops! Now I'm really going to fast track setting up that old Mac G3 I just bought.

Posted by: Paul (Australia) | November 3, 2005 5:45 PM | Report abuse

Really angry about this one. Have emailed a long-winded complaint to Sony feedback address (for want of better-as suggested by a poster).Counselling my teenage musician kids to watch this one. Sony just lost three consumers in one fell-swoop. Oops! Now I'm really going to fast track setting up that old Mac G3 I just bought.

Posted by: Paul (Australia) | November 3, 2005 5:50 PM | Report abuse

Real protection!!! You are allowed to make 3 copies and then go to another machine and make three more copies.

Can you copy the copies???

Posted by: Robert | November 3, 2005 5:54 PM | Report abuse

Brian - great story but it slightly misses the point: the only one that get's hurt are the legimate customers purchasing a SonyBMG disc with DRM. The digi-pirates are not in any way hampered by this so called technology. The real story: Sony executives are so incompetant and out of touch with technology they believe this mal-ware produced by a 3rd rate company will stop piracy when it fact it will do nothing but stop customers when they discover that Sony has polluted their personal computer with a piece of crud.

Posted by: Mark | November 3, 2005 7:09 PM | Report abuse

Mark,

Thanks for reading and for sharing your comments. I have to ask, though: Did you read the entire blog post? You say I missed the point, the point being that Sony's actions disadvantage legit users while doing nothing to stop the determined pirates?

What about this graph from the blog post?

"In truth, most antipiracy programs created thus far (and this one is no exception) place limits on legitimate users, but usually do little to prevent determined users from getting around the copy protection altogether."

Posted by: Brian Krebs | November 3, 2005 7:41 PM | Report abuse

Buy one less Sony CD? How bout never buy another one or another overpriced Sony product if I can help it. X-box 360 coming, sorry PS3.

Posted by: Bye Sony | November 3, 2005 11:18 PM | Report abuse

I am glad I never installed Santana Shaman on my PC, I was mad enough that it would ask me to load something. I just did the analog copy method of the new Santana & guests CD and will be burning copies of that to give out to keep people from buying it.

Posted by: Same to you Sony... | November 3, 2005 11:25 PM | Report abuse

I downloaded some songs and then later bought the cds because mp3's are lame on a high end stereo. I would have never bought those cds without listening to some tracks first, I rarely listen to music radio because it the same crap over and over.

Posted by: Downloading sells CDs | November 3, 2005 11:28 PM | Report abuse

I'll be damned... a website I was just on looking for mp3 downloads just tried to copy a file called $sys$0wn3r.dll to my system32 directory! Watch out people - here come the script kiddies.

Posted by: aqqamarine | November 4, 2005 1:40 AM | Report abuse

Since these things are not CDs can the shops store them in their "CD department" and can they legally put "CD" on the recept if they sell one?

Aren't they obliged to put them in a separate "Protected audio disc department" or at least stick some red warning labels on them.

As one user posted "These things are 5" optical audio discs, not CDs". CD is a trademark owned by Philips and the audio format is defined in the "Red Book Standard"

Perhaps the shops could be attacked too?

Posted by: Hans | November 4, 2005 9:41 AM | Report abuse

Thanks for the link to a place I could leave feedback to Sony. Here is the feedback I left:

"I have been reading the news stories about how purchasing a music CD from you and playing it on my computer can cause my computer to have a "rootkit" installed on it.

I am not a real technical person, but this whole thing is very scary to me. When I buy a music CD, I don't expect it to install software on my computer.

I have been looking at buying a new TV, and you can be sure I will NOT be buying a Sony.

In addition, this has scared me from buying music CD's at all. I still remember the days of vinyl LP's and I sure long for those days. No chance of malicious software on one of those!

You have lost me as a customer forever.

Sincerely,
Pat Doyle"

Posted by: Pat Doyle | November 4, 2005 10:25 AM | Report abuse

The thought occured to me that what may cause Sony the biggest headache over this, will be if in fact someone does go out and try to exploit the hole created by these files , it will be all the companies which have employees which have let this software get installed on their pcs. Which will result in major headaches for IT departments and security people.

Posted by: kosmo vinyl | November 4, 2005 2:35 PM | Report abuse

This is a class-action suit waiting to happen. I hope it does, because it's just irresponsible in neglect, and damaging people's property and wasting people's time. Lawsuits were made for these kinds of stupidity, some are even less insidious as this Sony DRM fiasco.

One day, when these security breaches affect enough people that the negligent parties can no longer offer a settlement, they will find that they will lose a lot of money and affect their and other industries. The lawyers will be salivating. People will be outraged. Politicians will be spouting rhetoric. This would be good; maybe security responsibilities will be taken. Sometimes change need to be forced.

I say sue them.

Posted by: Litigious State | November 4, 2005 4:48 PM | Report abuse

Sony's offer to let you download a patch to their "rootkit" really is totally unacceptable. Those CDs are still out there and still virulent.

Years or decades from now (I've got lots of CDs over 10 years old) your grandchild is going to pop one of these carriers of the "Sony Flu" into their new computer running a still-to-come version of Windows and what do you think is going to happen?

Well, Mikko Hypponen of F-Secure found out when he popped it into a machine running Windows Vista that the Sony CD "breaks the operating system spectacularly." Who's going to know how to fix it in 2020? Already most of the "weblinks" on my so-called "Enhanced CDs" (provided by these same recording studios) get "404 Not Found" errors only a year or two after release.

Keeping these still-infectious CDs around on your shelf is like keeping a live hand-grenade as a WW2 souvenir. Just hope your kids don't play with it.

The only acceptable solution would be for Sony to recall every one of these virulent CDs out there and take them out of circulation.

Posted by: Jasper Jones | November 5, 2005 7:11 PM | Report abuse

This trend will continue until some politicians begin losing their jobs over it.

Posted by: Ken | November 6, 2005 6:26 AM | Report abuse

I haven't found a single Sony BMG I cannot live without. The best ways to get the message to a company is to 1)not buy their product, 2)send a letter to the artist you won't buy their music and why, and 3) if you do install it, file a lawsuit for unauthorized access to your machine.

Several years ago, a company (I think it was Sony) had copy protection that caused issues with PCs. All you had to do was play the disk. A local family had problems with their computer which were traced back to the copy protection. Their attorney was able to get a 6 figure settlement from the company for damages and to buy their silence. The suit was filed in local court and the attorney had contacted the media at the same time he contacted the company. The company didn't want the publicity and settled within 3 weeks.

Posted by: Rural Reader | November 6, 2005 11:08 AM | Report abuse

Another somewhat obvious solution.... get a mac or go Linux.

Kinda neat how at the end of the Sony instructions, they try to pin this on Apple.

"Please note an easier and more acceptable solution requires cooperation from Apple, who we have already reached out to in hopes of addressing this issue. To help speed this effort, we ask that you use the following link to contact Apple and ask them to provide a solution that would easily allow you to move content from protected CDs into iTunes or onto your iPod rather than having to go through the additional steps above:

http://www.apple.com/feedback/ipod.html

Thank you for the opportunity to be of assistance."

good stuff.

Posted by: dbcoyle | November 6, 2005 3:34 PM | Report abuse

Installing Spyware and using my storage space, internet connection, CPU, and power is stealing - just as much as copy right theft is.

I don't think one crime committed justifies another - even if it's in the name of 'intellectual property'.

Posted by: Robert | November 8, 2005 8:20 PM | Report abuse

My law firm is investigating the situation surrounding "rootkits" on Sony-label CDs. In connection with our investigation, we are interested in learning more about the experiences consumers have had with those CDs. I can be contacted at (212) 239-4340 or, by e-mail, at tciarlone@lawssb.com.

Posted by: Tom Ciarlone | November 11, 2005 1:03 PM | Report abuse

The executives at Sony BMG must either be blind, dumb, insensitive to their customer's needs, or all of the above.

I can't wait to see how much $$$ they are going to have to PAY for their arrogance and stupidity. Hopefully it is in the BILLIONS!

Posted by: Alex | November 13, 2005 8:25 PM | Report abuse

I wonder if due to the intentionally reckless and destructive nature of Sony's actions; if One could resonaball argue that they were forced to DOWNLOAD tracks of CDs that they had purchased in order to protect themselves from destructive MALWARE.

I feel really bad about SONY products being unstustworthy and in this case DESTRUCTIVE. It is with sadness that, I must say goodby to all SONY digital products.

PLEASE stay clear of the "SONY FLU" (present and future) and don't spread them to me.

BTW would one be liable for selling or re-selling "infected" SONY media to others? I think so. WOW!, watch out reatailers!

Posted by: snafix | November 14, 2005 6:27 PM | Report abuse

Sony has done an egregious and despicable thing by putting hidden software on the computers of users of Sony music CDs. When I first heard about this a month ago I was incensed. Sony needs to make amends.

1) Sony shluld publicly apologize to its customers (I bought 2 Sony Plasma TVs this year alone, I am (was) a major consumer customer.

2) Sony must be responsible and reimburse the customers who have had their computers damaged by this software. It is not good enough to offer a poor patch to fix it they must be contrite and pay the price of their actions.

3) Until I am satisfied that Sony is repentant I recommend that Sony be punished economically by a Sony Products BOYCOTT. I also recommend you let Sony know that you are boycotting them. Call their customer support at 1-800-222-7669, 1-866-456-7669, 1-800-222-7669. Let their employees know you are boycotting Sony, tell them (if) you have been a good previous customer. They won't act if they don't hear the message loudly and clearly.

4) Any Sony executive reading this ought to be worried as their business might drop off the charts this major consumer buying season.

Words are a good start but a boycott and a message to Sony are far more powerful.

Thanks for listening to my message

jjm

Posted by: jjm | November 16, 2005 3:19 PM | Report abuse

I have to use Quicktime to gain access to an online college class. I went to download Quicktime and it comes packaged with itunes. I thought, ok, I would like to check itunes out anyway (not that I had and choice since I had to have Quicktime for school). After installation, I had quicktime until I actually opened up itunes and checked it out. After doing this, my CD Rom / DVD burner went missing from my computer. For some strange reason, the touchpad mouse on my keyboard went out also. After researching the internet for three days I found out how to go into the registry and fix the problem with the drives. This worked and mysteriously my keyboard touchpad now works too. For anyone with this problem, go to the Microsoft knowledge support site and type in Code 41. And for goodness sake, uninstall that piece of junk called itunes!!!!!

Posted by: Stacy Mitchell | November 16, 2005 4:02 PM | Report abuse

I am joining the list of people who are boycotting Sony and all of their products and companies. This is invasion of my privacy, potential loss of my computer - which I need to finish school and make an income, not to mention downright low and mean spirited on Sony's part. I have ALWAYS bought my cd's because I felt the artists deserved their fair share of the money. I'm done. I have an extensive music collection and love it but I will buy no more potentially harmful cd's. The terrorism aspect of this is frightening and the Homeland Security ought to take a good hard look at this mess. I hope enough people decide they are done with Sony. If enough consumers say enough, the bigwigs in the industry MIGHT realize this was a stupid move!

Posted by: Alissa | November 17, 2005 10:01 AM | Report abuse

thank you sir for respon me...............

Posted by: kirubakaran | November 21, 2005 7:41 AM | Report abuse

Posted by: soma effects | December 8, 2005 3:09 AM | Report abuse

Posted by: cheapest cialis online | December 8, 2005 6:36 AM | Report abuse

BONANZA!!! BONANZA!!! BONANZA!!!

BUY TWO GET ONE FREE.

ZENITH MOBILE PHONE PLC.


Email: zenith_mobilephoneplc@yahoo.com

: zenithmobilephoneplc@gmail.com



NEW GSM PHONES/PDA - UNBEATABLE PRICES WE ARE CERTIFIED WHOLESALERS OF
VARIOUS GSM MOBILE PHONES AT VERY AFFORDABLE PRICES ATTACH IS OUR VERY
CURRENT PRICE LIST OF GSM PHONES FOR YOUR REFERENCE ALL PHONES/PDA ARE
BRAND NEW SIM FREE/OPEN LINES/UNLOCK.

We are mobile phones wholesalers and we do sale in pieces to enhance
our sales.We deals on all brands and models of mobile phones such as
Nokia,Motorola,Samsung,Sony Ericsson,Sagem, Nextel,Sidekick
II,Sprint,Ipods, Laptops, Mp3 players etc at very cheap prices.Also, this is to reach
our customers globally that its the season of BUY TWO GET ONE FREE.
We are using
this medium to reach interested buyers of mobile phones.Do kindly reply
back if you are interested. THE KINDS OF MOBILE PHONES ARE LISTED BELOW:
MOTOROLA RAZOR V3 for........$150usd, MOTORLA RAZOR V6 FOR........$170usd, MOTOROLA A1000 For $160, NEXTEL i930 For........ $130usd, NEXTEL i860
For........ $110usd, SONY ERICSSON W800i For
........$160usd, MOTOROLA MPX 220 For........ $135usd, MOTOROLA MPX 300 For........ $155usd,
SONY ERICSSON K700i For........ $150usd SONY ERICSSON k750i For........ $160usd NOKIA 9500
For........ $150usd, NOKIA 9300 For........ $130usd, NOKIA 6260 For........$140usd, NOKIA 8800 For $150usd, NOKIA N90 For........ $180usd NOKIA N91
For........ $190usd, NOKIA N92 For..........$200usd,SAMSUNG D500 For........ $120usd, SAMSUNG D600 FOR........$130usd, SAMSUNG Z500 For........$160usd, SAMSUNG D415 For........ $110usd SIDEKICK
II For........ $130usd, Sharp Builds 3-megapixel
Cameraphone Bits........$110, Nokia 6820 for ..........$130, Sony Ericsson K500i For......... $130, Sony Ericsson
S700i For........ $140, SONY ERICSSON P900........ For$165, Sony Ericsson P910 For just $170usd, Sony Ericsson: Z1010 For...........$175, NOKIA 7610 For...........$150, NOKIA 6682 For............145, SENDO X For..........$140, SIEMENS SX1 For..........$140,
SAMSUNG SGH-T500...For....... $120 SAMSUNG SGH-T200...For....... $100, SAMSUNG SGH-E600...For $130 SAMSUNG
33SGH-D410 For........$135, SAMSUNG SGH-P100 For........$100, SAMSUNG E330C...For.........$120, SAMSUNG E800C For............$150, SAMSUNG D720 For .............$150, SAMSUNG D730 For .............$155, NOKIA 6682 For..........$160, NOKIA 7650 For ..........$165,NOKIA E60
for.......... $160,Nokia 6230 for.........$130, Nokia 6230i for ..........$140,NOKIA E61 for.......... $165.NOKIA E70 for......... $170, AND MANY MORE OF YOUR CHOICE.

WE PROVIDE A GOOD AND FAST SERVICES, OUR SHIPPMENT IS WITHIN
48HRS.

WE ARE GIVING OUR BUYERS A BONANZA OF WHICH IF YOU PURCHASE ANY TWO (2) MOBILE PHONES FROM OUR COMPANY, YOU WILL GET ONE (1) FOR FREE.

THANKS,
REGARD,
MANAGEMENT.

Posted by: micheal | December 19, 2005 8:27 PM | Report abuse

JAMES JEWELL LAPTOP STORE LIMITED.

EMAIL : jj_laptopstore@yahoo.com

We are laptops wholesalers and we do sale in pieces to enhance our sales. We deals on all brands and models of laptops such as sony, sharp, toshiba, dell, Panasonic, IBM, Fujitsu, ipods, sprint, mp3 players, etc at very cheap prices, also this is to reach all our interested buyers to kindly reply back if you are really interested, The kinds of laptops are listed below :

Sony VAIO SR17 - PIII 700 MHz - 10.4" TFT
Specs: Intel Pentium III (700 MHz), 128 MB SDRAM, 3.1 lbs, 10.4 in TFT active matrix, Microsoft Windows Millennium Edition for $330usd.

Sony VAIO R505TE - PIII 750 MHz - 12.1" TFT
Specs: Intel Pentium III (750 MHz), 64 MB SDRAM, 3.7 lbs, 12.1 in TFT active matrix, Microsoft Windows Millennium Edition for $335usd.

Sony VAIO K14 - P4 2.8 GHz - 15" TFT
Specs: Intel Pentium 4 (2.8 GHz), 512 MB DDR SDRAM, 7.3 lbs, 15 in TFT active matrix, Microsoft Windows XP Home Edition for $430usd.

Sony VAIO FRV35 - P4 2.66 GHz - 15" TFT
Specs: Intel Pentium 4 (2.66 GHz), 512 MB DDR SDRAM, 7.7 lbs, 15 in TFT active matrix, Microsoft Windows XP Home Edition for $440usd.

Sony VAIO A140 - Pentium M 1.5 GHz - 15.4" TFT
Specs: Intel Pentium M (1.5 GHz), 512 MB DDR SDRAM, 7.3 lbs, 15.4 in TFT active matrix, Microsoft Windows XP Professional for $450usd

Sony VAIO A230B - Pentium M 725 1.6 GHz - 15" TFT
Specs: Intel Pentium M (1.6 GHz), 256 MB DDR SDRAM, 7.1 lbs, 15 in TFT active matrix, Microsoft Windows XP Professional for $540usd.

Sony VAIO A130P - Pentium M 1.5 GHz - 15" TFT
Specs: Intel Pentium M (1.5 GHz), 512 MB DDR SDRAM, 7.1 lbs, 15 in TFT active matrix, Microsoft Windows XP Professional for $560usd.

Sony VAIO A230B - Pentium M 715 1.5 GHz - 15" TFT
Specs: Intel Pentium M (1.5 GHz), 256 MB DDR SDRAM, 7.1 lbs 15 in TFT active matrix, Microsoft Windows XP Professional for $460usd.

Sony VAIO PCG-V505EC5 Centrino 1.5GHz 512MB for $470usd.

Sony VAIO A130P - Pentium M 715 1.5 GHz - 15" TFT
Specs: Intel Pentium M (1.5 GHz), 512 MB DDR SDRAM, 7.1 lbs, 15 in TFT active matrix, Microsoft Windows XP Professional for $530usd.

Sony VAIO A240P - Pentium M 725 1.6 GHz - 15.4" TFT
Specs: Intel Pentium M (1.6 GHz), 512 MB DDR SDRAM, 7.3 lbs, 15.4 in TFT active matrix, Microsoft Windows XP Professional for $470usd.

Sony VAIO B100B - Pentium M 715 1.5 GHz - 14.1" TFT
Specs: Intel Pentium M (1.5 GHz), 256 MB DDR SDRAM, 5.1 lbs, 14.1 in TFT active matrix, Microsoft Windows XP Professional for $480usd.

Sony VAIO A130P - Pentium M 715 1.5 GHz - 15" TFT
Specs: Intel Pentium M (1.5 GHz), 256 MB DDR SDRAM, 7.1 lbs, 15 in TFT active matrix, Microsoft Windows XP Professional for $4650usd.

Sony VAIO FS690 Notebook
The Sony VAIO VGN-FS series offers an adequate array of features; however, the models we tested didn't deliver enough performance to justify their premium price. (03/31/2005). Specs: Intel Celeron M (1.4 GHz), 256 MB DDR SDRAM, 15.4 in TFT active matrix, Microsoft Windows XP Home Edition for $495usd,

Sony VAIO FS625B/W Notebook
The Sony VAIO VGN-FS series offers an adequate array of features; however, the models we tested didn't deliver enough performance to justify their premium price. (03/31/2005). Specs: Intel Pentium M (1.6 GHz), 256 MB DDR SDRAM, 6.2 lbs, 15.4 in TFT active matrix, Microsoft Windows XP Professional for $520usd.

Sony VAIO A230B - Pentium M 735 1.7 GHz - 15" TFT
Specs: Intel Pentium M (1.7 GHz), 512 MB DDR SDRAM, 7.1 lbs, 15 in TFT active matrix, Microsoft Windows XP Professional for $510usd.

Sony VAIO VGN-B100B02
The Sony VAIO VGN-B100B02 offers all the features and performance a business user needs, but it lags on battery life, and it isn't the cheapest option available. (02/01/2005). Specs: Intel Pentium M (1.5 GHz), 512 MB DDR SDRAM, 5.1 lbs, 14.1 in TFT active matrix, Microsoft Windows XP Professional for $500usd.

Sony VAIO FS730/W Notebook - VGN-FS730/W
The Sony VAIO VGN-FS series offers an adequate array of features; however, the models we tested didn't deliver enough performance to justify their premium price. (03/31/2005). Specs: Intel Pentium M (1.73 GHz), 512 MB DDR II SDRAM, 6.2 lbs, 15.4 in TFT active matrix, Microsoft Windows XP Home Edition for $510usd,

Sony VAIO FS790 - Pentium M 740 1.73 GHz - 15.4" TFT
Specs: Intel Pentium M (1.73 GHz), 512 MB DDR SDRAM, 15.4 in TFT active matrix, Microsoft Windows XP Professional for $520usd.

Sony VAIO GRT390ZP - P4-M 2.2 GHz - 16.1" TFT
Specs: Intel Pentium 4-M (2.2 GHz), 512 MB DDR SDRAM, 16.1 in TFT active matrix, Microsoft Windows XP Professional for $530usd.

Sony VAIO GRT250 - P4 2.66 GHz - 15" TFT
Specs: Intel Pentium 4 (2.66 GHz), 256 MB DDR SDRAM, 7.9 lbs, 15 in TFT active matrix, Microsoft Windows XP Home Edition for $510usd.

Sony VAIO FS635B/W Notebook
The Sony VAIO VGN-FS series offers an adequate array of features; however, the models we tested didn't deliver enough performance to justify their premium price. (03/31/2005). Specs: Intel Pentium M (1.6 GHz), 512 MB DDR SDRAM, 6.2 lbs, 15.4 in TFT active matrix, Microsoft Windows XP Professional for $530usd.

Sony VAIO V505ECP - Pentium M 1.5 GHz - 12.1" TFT
Specs: Intel Pentium M (1.5 GHz), 256 MB DDR SDRAM, 4.4 lbs, 12.1 in TFT active matrix, Microsoft Windows XP Professional for $500usd.

Sony VAIO A230 - Pentium M 725 1.6 GHz - 15" TFT
Specs: Intel Pentium M (1.6 GHz), 256 MB DDR SDRAM, 7.1 lbs, 15 in TFT active matrix, Microsoft Windows XP Home Edition for $540usd.

Sharp PC-MM20 1 GHz Efficeon TM8600 Laptop
Windows XP Home - 20 GB Hard Drive - 512 MB RAM - CD-ROM Drive - 10.4 in Screen - Battery Life: 3 Hrs - 2 lbs for $515usd.

Sharp Actius AL27 (PCAL27) PC Notebook
AMD Athlon 64 Mobile 1.6 GHz, 512 MB RAM, 60 GB hard drive, 15 in. XGA TFT LCD, DVD±RW/CD-RW, Microsoft Windows XP Home Edition,for $490usd.

Sharp WideNote M4000 (PC-M4000) PC Notebook for $700usd.

Sharp Actius MC24 (PCMC24) PC Notebook
AMD Athlon XP-M 1.8 GHz, 512 MB RAM, 60 GB hard drive, 12.1 in. XGA TFT LCD, CD-RW/DVD-ROM, Microsoft Windows XP Home Edition, 5.0, for 400usd.

Sharp Actius MM20P (PC-MM20P) PC Notebook
Transmeta Efficeon TM8600 1 GHz, 512 MB RAM, 20 GB hard drive, 10.4 in. XGA TFT LCD, Microsoft Windows XP Professional, 2 lb., 1 x. for $600usd.

Sharp Actius MP30 PC Notebook
Transmeta 1.6 GHz, 512 MB RAM, 40 GB hard drive, 10.4 in. XGA TFT LCD, CD-RW/DVD-ROM, Microsoft Windows XP Home Edition, 2.8 lb. for $680usd.

Sharp Actius MP30 (PCMP30P) PC Notebook
Read 3 Epinions reviews
Transmeta Efficeon TM8800 1.6 GHz, 512 MB RAM, 40 GB hard drive, 10.4 in. XGA TFT LCD, CD-RW/DVD-ROM, Microsoft Windows XP Home for $720usd.

Sharp Mebius PC-CV50F - TM8600 1 GHz - RAM 256 MB - HD 20 GB - LAN 802.11b - Win XP Home - 7.2" TFT ... PC Notebook for $800usd.

Hewlett Packard Compaq nx6110 (PZ376UA) PC Notebook
Intel Pentium M 1.6 GHz, 512 MB RAM, 40 GB hard drive, 15 in. XGA TFT LCD, DVD±RW, Microsoft Windows XP Professional, 6.06 lb., 1. for $600usd.

Toshiba Qosmio G25-AV513 (PQG20U10K00E) PC Notebook
Intel Pentium M 2 GHz, 1 GB RAM, 120 GB hard drive, 17 in. WXGA TFT Active Matrix, DVD±RW/DVD-RAM, Microsoft Windows XP Media Cen. for $895usd.

Toshiba Satellite M65-S909 (PSM60U02W021) PC Notebook
Intel Pentium M 2 GHz, 1 GB RAM, 100 GB hard drive, 17 in. WXGA+ TFT Active Matrix, Dual Layer DVD±RW, Microsoft Windows XP Home for $720usd.

Toshiba Satellite P35-S609 (PSP30U-01Q001) PC Notebook
Intel Pentium 4 3.2 GHz, 512 MB RAM, 80 GB hard drive, 17 in. WXGA TFT Active Matrix, DVD±RW/CD-RW, Microsoft Windows XP Home Edition for $570usd.

Toshiba Satellite M35X-S163 (PSA72U-2KS00U) PC Notebook
Intel Celeron M 1.4 GHz, 512 MB RAM, 60 GB hard drive, 15.4 in. WXGA TFT Active Matrix, CD-RW/DVD-ROM, Microsoft Windows XP Professional for $345usd.

Toshiba Satellite M55-S135 (PSM50U02L01C) PC Notebook
Intel Celeron M 1.5 GHz, 512 MB RAM, 80 GB hard drive, 14 in. WXGA TFT Active Matrix, DVD±RW, Microsoft Windows XP Home Edition, for $380usd.

Toshiba Qosmio G15 (PQG10U00Y00L) PC Notebook
Intel Pentium M 1.8 GHz, 512 MB RAM, 100 GB hard drive, 17 in. WXGA+ TFT Active Matrix, DVD±RW, Microsoft Windows XP Media Center for $710usd.

Toshiba Portege R200-S234 (PPR20U01S00Q) PC Notebook
Intel Pentium M 2 GHz, 512 MB RAM, 60 GB hard drive, 12.1 in. XGA TFT LCD, Microsoft Windows XP Professional, 2.68 lb., 1 x Type I for $770usd.

Toshiba Satellite M55-S329 (PSM50U05X01V) PC Notebook
Intel Pentium M 1.86 GHz, 512 MB RAM, 100 GB hard drive, 14 in. WXGA TFT Active Matrix, Dual Layer DVD±RW, Microsoft Windows XP H for $560usd.

Toshiba Satellite M45-S265 (PSM40U07V001) PC Notebook
Intel Pentium M 1.6 GHz, 512 MB RAM, 100 GB hard drive, 15.4 in. WXGA TFT Active Matrix, DVD±RW, Microsoft Windows XP Home Edition for $480usd.

Toshiba Qosmio F25-AV205 (PQF20U015009) PC Notebook
Intel Pentium M 1.86 GHz, 1 GB RAM, 100 GB hard drive, 15.4 in. WXGA TFT Active Matrix, DVD±RW/CD-RW, Microsoft Windows XP Media for $800usd.

Toshiba Satellite M55-S139 (PSM53U00K008) PC Notebook
Intel Celeron M 1.6 GHz, 512 MB RAM, 80 GB hard drive, 14 in. WXGA TFT Active Matrix, Dual Layer DVD±RW, Microsoft Windows XP Home for $450usd.

Toshiba Portege S100-S113TD (PPS10U01K00X) PC Notebook
Intel Pentium M 1.73 GHz, 256 MB RAM, 40 GB hard drive, 14.1 in. XGA TFT LCD, CD-RW/DVD-ROM, Microsoft Windows XP Professional, 4 for $540usd.

Toshiba Satellite M55-S325 (PSM50U01Z00W) PC Notebook
Intel Pentium M 1.73 GHz, 512 MB RAM, 100 GB hard drive, 14 in. WXGA TFT Active Matrix, DVD±RW, Microsoft Windows XP Professional for $460usd.

Toshiba Libretto U100 (PLU10U00901J) PC Notebook
Intel Pentium M 1.2 GHz, 512 MB RAM, 60 GB hard drive, 7.2 in. WXGA TFT Active Matrix, DVD±RW, Microsoft Windows XP Professional for $810usd.

Panasonic Toughbook W4 (CFW4GWCZZBM) PC Notebook
Intel Pentium M 1.2 GHz, 512 MB RAM, 40 GB hard drive, 12.1 in. XGA TFT Active Matrix With Touchscreen, CD-RW/DVD-ROM, Microsoft for $820usd.

Panasonic Toughbook Y2 (CFY2FWPZZBM) PC Notebook
Intel Pentium M 1.5 GHz, 256 MB RAM, 60 GB hard drive, 14.1 in. SXGA TFT Active Matrix, CD-RW/DVD-ROM, Microsoft Windows XP Professional for $800usd.

Panasonic Toughbook 29 (CF29L3LGZBM) PC Notebook
Intel Pentium M 1.6 GHz, 256 MB RAM, 60 GB hard drive, 13.3 in. XGA TFT LCD, Microsoft Windows XP Professional, 7.9 lb., 2 x Type for $1010usd.
Panasonic Toughbook T4 (CFT4GWCTZBM) PC Notebook for $890usd.

Panasonic Toughbook 29 (CF-29ETPGZKM) PC Notebook
Intel Pentium M 1.3 GHz, 512 MB RAM, 60 GB hard drive, 13.3 in. XGA TFT Active Matrix With Touchscreen, Microsoft Windows XP Professional for $1550usd.

Panasonic Toughbook T2 (CFT2FWATZBM) PC Notebook
Intel Pentium M 1.2 GHz, 256 MB RAM, 40 GB hard drive, 12.1 in. XGA TFT LCD, Microsoft Windows XP Professional, 2.7 lb., 1 x Type for $810usd.

Panasonic Toughbook 51 (CF51JFVDCBM) PC Notebook
Intel Pentium M 2 GHz, 512 MB RAM, 80 GB hard drive, 15 in. TFT Active Matrix, CD-RW/DVD-ROM, Microsoft Windows XP Professional for $950usd.

Panasonic Toughbook CF-73 (CF73XCVTSBM) PC Notebook
Intel Pentium M 2 GHz, 512 MB RAM, 80 GB hard drive, 13.3 in. XGA TFT LCD, CD-RW/DVD-ROM, Microsoft Windows XP Professional, for $1080usd.

Panasonic Toughbook Y2 (CF-Y2DWAZZKM) PC Notebook
Intel Pentium M 1.3 GHz, 256 MB RAM, 40 GB hard drive, 14.1 in. SXGA TFT Active Matrix, CD-RW/DVD-ROM, Microsoft Windows XP Professional for $990usd.

Panasonic Toughbook 51 (CF51JFDDCBM) PC Notebook
Intel Pentium M 2 GHz, 1 GB RAM, 80 GB hard drive, 15 in. TFT Active Matrix LCD, CD-RW/DVD-ROM, Microsoft Windows XP Professional for $1000usd.

Panasonic Toughbook 51 (CF51LCCDDBM) PC Notebook
Intel Pentium M 1.73 GHz, 256 MB RAM, 40 GB hard drive, 15 in. TFT Active Matrix, CD-RW/DVD-ROM, Microsoft Windows XP Professional for $610usd.

Panasonic Toughbook 51 (CF51ECMDBBM) PC Notebook
Intel Pentium M 1.6 GHz, 256 MB RAM, 40 GB hard drive, 15 in. XGA TFT LCD, CD-RW/DVD-ROM, Microsoft Windows XP Professional, for $690usd.

WE MAKE SHIPPMENT THROUGH FEDEX SHIPPING COMPANY AND ITS WITHIN 48HOURS,

THANKS,
REGARDS,
MANAGEMENT.

Posted by: James | December 19, 2005 8:33 PM | Report abuse

sony sucks

Posted by: burnt | April 17, 2006 1:02 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company