Note: The F-Secure BlackLight Beta only works on 32-bit Windows 2000, Windows XP and Windows 2003 Server.
The current F-Secure BlackLight beta does not work on Windows NT, 95, 98, ME, or 64-bit Windows.

The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

If you find this rootkit from your system, we recommend you don't remove it with our products. As this DRM system is implemented as a filter driver for the CD drive, just blindly removing it might result in an inaccessible CD drive letter. Instead, we recommend you contact Sony BMG directly via this web form and ask for directions on how to remove the software from your system. We've test driven this and they will provide you with tools to do this. However, they will install additional ActiveX components to your system while they are doing this so be adviced.

While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far.

Trojan Horse Hides Using Sony Rootkit
By Nate Mook, BetaNews
November 10, 2005, 11:36 AM

What security experts have warned about Sony's DRM has come to pass, with a new trojan horse attempting to hide itself using techniques enabled by the company's anti-piracy software. Dubbed "Troj/Stinx-E" by Sophos, the application copies itself to a file called: $sys$drv.exe, which is hidden by Sony's copy protection.

Sony halts music CDs with anti-piracy scheme
Updated: 2:23 p.m. ET Nov. 11, 2005

WASHINGTON - Stung by continuing criticism, the world’s second-largest music label, Sony BMG Music Entertainment, promised Friday to temporarily suspend making music CDs with antipiracy technology that can leave computers vulnerable to hackers.

EFF is collecting stories from EFF members and supporters who
have purchased Sony-BMG CDs that contained the rootkit copy
protection software. We're considering whether the effect on
the public, or on EFF members, is sufficiently serious to
merit EFF filing a lawsuit.

If you satisfy the following criteria, we would like to hear
from you:

1. You have a Windows computer;
2. First 4 Internet's XCP copy protection has been installed
on your computer from a Sony CD (for more details, see our
blog post referenced above or the SysInternals blog,
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html;
3. You reside in either California or New York; and
4. You are willing to participate in litigation.

We have not made a final decision about filing any legal
action, but we would like to hear from music fans who have
been harmed by the Sony-BMG rootkit copy protection
technology. Please contact allison@eff.org for more
information.

We deeply regret any inconvenience this may cause our customers and we are committed to making this situation right

Mark's Sysinternals Blog
Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden (see my “Unearthing Rootkits” article from thre June issue of Windows IT Pro Magazine for more information on rootkits). The RKR results window reported a hidden directory, several hidden device drivers, and a hidden application:

To top it all off, the US Department of Homeland Security is angry at Sony because they discovered that the rootkit was installed on several computers at that agency. Someone at Sony-BMG potentially could go to federal prison over that last one.

* EFF Files Class Action Lawsuit Against Sony BMG

Company Should Repair Damage to Customers Caused by CD Software

San Francisco - The Electronic Frontier Foundation (EFF),
along with two leading national class action law firms, today
filed a lawsuit against Sony BMG, demanding that the company
repair the damage done by the First4Internet XCP and SunnComm
MediaMax software it included on over 24 million music CDs.

EFF is pleased that Sony BMG has taken steps in acknowledging
the security risks caused by the XCP CDs, including a recall
of the infected discs. However, these measures still fall
short of what the company needs to do to fix the problems
caused to customers by XCP, and Sony BMG has failed entirely
to respond to concerns about MediaMax, which affects over 20
million CDs -- ten times the number of CDs as the XCP
software.

Sony BMG is to be commended for its acknowledgment of the
serious security problems caused by its XCP software, but it
needs to go further to regain the public's trust," said
Corynne McSherry, EFF Staff Attorney. "It is unconscionable
for Sony BMG to refuse to respond to the privacy and other
problems created by the over 20 million CDs containing the
SunnComm software."

The suit, to be filed in Los Angeles County Superior court,
alleges that the XCP and SunnComm technologies have been
installed on the computers of millions of unsuspecting music
customers when they used their CDs on machines running the
Windows operating system. Researchers have shown that the XCP
technology was designed to have many of the qualities of a
"rootkit." It was written with the intent of concealing its
presence and operation from the owner of the computer, and
once installed, it degrades the performance of the machine,
opens new security vulnerabilities, and installs updates
through an Internet connection to Sony BMG's servers. The
nature of a rootkit makes it extremely difficult to remove,
often leaving reformatting the computer's hard drive as the
only solution. When Sony BMG offered a program to uninstall
the dangerous XCP software, researchers found that the
installer itself opened even more security vulnerabilities in
users' machines. Sony BMG has still refused to use its
marketing prowess to widely publicize its recall program to
reach the over 2 million XCP-infected customers, has failed
to compensate users whose computers were affected and has not
eliminated the outrageous terms found in its End User
Licensing Agreement (EULA).

The MediaMax software installed on over 20 million CDs has
different, but similarly troubling problems. It installs files
on the users' computers even if they click "no" on the EULA,
and it does not include a way to fully uninstall the program.
The software transmits data about users to SunnComm through an
Internet connection whenever purchasers listen to CDs,
allowing the company to track listening habits -- even though
the EULA states that the software will not be used to collect
personal information and SunnComm's website says "no
information is ever collected about you or your computer." If
users repeatedly requested an uninstaller for the MediaMax
software, they were eventually provided one, but they first
had to provide more personally identifying information. Worse,
security researchers recently determined that SunnComm's
uninstaller creates significant security risks for users, as
the XCP uninstaller did.

"Music fans shouldn't have to install potentially dangerous,
privacy intrusive software on their computers just to listen
to the music they've legitimately purchased," said EFF Legal
Director Cindy Cohn. "Regular CDs have a proven track record
-- no one has been exposed to viruses or spyware by playing a
regular audio CD on a computer. Why should legitimate
customers be guinea pigs for Sony BMG's experiments?"
"Consumers have a right to listen to the music they have
purchased in private, without record companies spying on their
listening habits with surreptitiously-installed programs,"
added EFF Staff Attorney Kurt Opsahl, "Between the privacy
invasions and computer security issues inherent in these
technologies, companies should consider whether the damage
done to consumer trust and their own public image is worth its
scant protection."

Both the XCP and MediaMax CDs include outrageous,
anti-consumer terms in their "clickwrap" EULAs. For example,
if purchasers declare personal bankruptcy, the EULA requires
them to delete any digital copies on their computers or
portable music players. The same is true if a customer's house
gets burglarized and his CDs stolen, since the EULA allows
purchasers to keep copies only so long as they retain physical
possession of the original CD. EFF is demanding that Sony BMG
remove these unconscionable terms from its EULAs.

The law firms of Green Welling, LLP, and Lerach, Coughlin,
Stoia, Geller, Rudman and Robbins, LLP, joined EFF in the
case. Sony BMG is also facing at least six other class action
lawsuits nationwide and an action by the Texas Attorney
General. EFF looks forward to representing the voice of
digital music fans in the resolution of these disputes between
Sony BMG and consumers.

For more on the Sony BMG litigation, see:
<http://www.eff.org/IP/DRM/Sony-BMG/>

EFF's open letter to Sony:
<http://www.eff.org/IP/DRM/Sony-BMG/?f=open-letter-2005-11-14.html>



~ Sony Crosses Wrong Man
Texas Attorney General goes after the Sony BMG rootkit.
<http://www.oag.state.tx.us/oagnews/release.php?id=1266>


Reproduction of this publication in electronic media is
encouraged. Signed articles do not necessarily represent the
views of EFF. To reproduce signed articles individually,
please contact the authors for their express permission.
Press releases and EFF announcements & articles may be
reproduced individually at will.

Oh dear
"Most people, I think, don't even know what a rootkit is, so why should they care about it?" - Thomas Hesse, President of Sony BMG's global digital business division.

The law firms of Green Welling, LLP, and Lerach, Coughlin, Stoia, Geller, Rudman and Robbins, LLP, joined EFF in the case. Sony BMG is also facing at least six other class action lawsuits nationwide and an action by the Texas Attorney General. EFF looks forward to representing the voice of digital music fans in the resolution of these disputes between Sony BMG and consumers.

New Sony CD security risk found
By John Borland
Staff Writer, CNET News.com
Published: December 6, 2005, 4:58 PM PST

Sony BMG Music Entertainment and the Electronic Frontier Foundation digital rights group jointly announced Tuesday that they had found, and fixed, a new computer security risk associated with some of the record label's CDs.

The danger is associated with copy-protection software included on some Sony discs created by a company called SunnComm Technologies. The vulnerability could allow malicious programmers to gain control of computers that have run the software, which is typically installed automatically when a disc is put in a computer's CD drive.

Oops -- New Sony DRM Patch Insecure
By Nate Mook, BetaNews
December 8, 2005, 11:40 AM

Just one day after jointly announcing a patch to correct a security flaw in the SunnComm MediaMax copy protection included on 27 CDs, Sony BMG and the Electronic Frontier Foundation are urging users not to install it. The update includes a vulnerability similar to the one it attempted to fix.