Sony has officially recalled the affected CD's:

http://www.tgdaily.com/2...s_xcp_recall/index.html

Sony is going down the drain faster than AOL, man... The question now is, will there be a PS3?

HAHAHAHAHAHAHA

SONY is sucking it hard.

keep it up Sony......LOL

I think SONY et al should put protection on all promo CD's to try and prevent the pre-release mp3's that hit the P2P straight away but on consumer CD's there should not be any protection. Basically you are a customer and have purchased the CD, that in itself is saying you prefer to buy music in CD form rather than download mp3's...

Having your personal computer trashed by hackers and viruses is a small price to pay for ultimate victory in the War Against Copyright Infringement !

As Sony has said themselves: Most people don't even know what a "rootkit" is, why should they worry about one on their computer ?

The PC Rodent

ARE YOU AN IDIOT PC Rat?

For you to beleive that "Most people don't even know what a "rootkit" is, why should they worry about one on their computer?" this is a good comment!!!!?!?!?!??!

If you've been keeping up with recent news about this, you should have seen Sony's president make that comment. I believe PC Rat was being sarcastic.

That's what Sony's CEO said, before this thing blew up hard. Relax.

Boycott Sony.

in case you missed it, im about 99.9% sure he was using sarcasm to prove a point.

i think youre the idiot terayon...

Let's see, you pay good money and buy a Sony CD. Sony, assuming you are a thief, prevents
you from ilegally copying the CDs by secretly installing malware onto your computer. You now know about it, try to clean the malware on the Sony website and Sony now makes your computer completely open for viruses, spyware, worms and whatever that is bad to infest your computer.

And all you wanted was to pay money, as a good customer, for a legal Sony CD that you wanted to listen to.

It sounds to me like we should stop buying CDs, particularly Sony CDs, and get our music some other way (digital downloads? Or P2P, bootlegs, etc ...?). Hey, even if it is not legal, at least it should be safer.

You know, as a consumer who actually pays for products, im getting sick & tired of being bullied by companies like sony. Im tired of having so much crap being secretly installed onto my computers. No company I don't care if your microsoft, sony, coolwebsearch, mcafee, norton, or hell the US government has any right to install anyting on my computer without my consent. Last time I checked people who accessed other people computers & changed files, or installed programs in the background were considered virus writers, crackers or hackers whatever you want to call them. I feel its about time that we the consumers stand up and say we are sick of this Bull$h*t. Has anyone checked into what we can do legally? Im a computer tech/ network admin by trade & nothing makes my job more fustrating than buggy code & people who figure they can install anything they want on my networks. F*ck sony someone should file a class action lawsuit.

Unfortunately for you, things are fast changing. I don't want to be a doomsayer or a harbinger of doom but you're in trouble. I have no doubt that within a few years the government will be in control of what's on your PCs and this is just the start. It starts small and gets bigger....P2P programs for instance; they've been shut down by the court for facilitating illegal downloads, but we have bars selling alcohol and shops selling guns....2 items which in the wrong hands do lots of harm. I imagine that the future holds less privacy for us, this is just the beginning. As for what we can do legally with things we BUY? Very vague nowadays. You can buy a DVD for 15 but you can't back it up - if it gets scratched or cracked or otherwise destroyed, you'll have to buy another copy. Same thing with music and video games. Some may say, OK - if your TV/Printer/etc breaks you can't get another one for free - granted, but you can't back them up either. There are many things that could save the consumer a great deal of money; the market model however doesn't allow that because here, we live to make a dollar, the more of it the better. So no, you won't be allowed backups, and no you won't get to replace the item if it's broken (for free). As for the privacy issue, hopefully society can really tackle that together should it become a problem.

Good lord, will someone please kill this joke of a company "First 4 Internet", what the hell are these guys smoking.

Maybe next SONY will hire CoolWebSearch to do the DRM on their next release.

That and 180solutions and ABetterInternet...

amen, i love you people

Why has there been no product recall?

I am still able to purchase the new SANTANA at my local music outlet.

I'm still wondering what people who bought the CD's did to have this terrible burden placed on them. Does Sony have proof that the people who put this trash on their computer stole from them? The only thing there is proof of is that the customers paid money for discs. For this, their punishment is malware. It's like buying a CrownVic -- you can drive it around, but if someone bumps you, you might explode.

Or as StrongBad might say, "Your Head Asplode."

They MUST be deliberately trying to shrink their market share, what with this, the string of poor movies they released this year, heck even their Fontopia earbuds wires melt into goo in about one month...LOL
Sony...reality check please!

I think the term "lame idiots" is fitting.

ROFLMFAO!!!

Those idiots can't do ANYTHING right. "Intellectual property"? They should be sterilized to protect the gene pool!

The result of all this will be: First, check to see if the CD is from Sony/BMG. If it is, go grab the MP3s instead of buying the disk just to be safe. Sony is doing more damage to themselves than anyone else could have.

I'm going to try digging a hole like Sony and First4Internet

\^^^^^^^^^^^^^/
o\^^^^^^^^^^/o
oo\^^^^^^^/oo
ooo\^^^^/ooo
oooo\^/oooo

I think I need more practice...

Is it possible to dig an infinite ASCII art hole?

Good try though!

I could make it longer. :P

|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
|||```````````````|||
**\`````````````/**
***\``````````/***
****\```````/****
*****\````/*****
******\`/******

Still not close though is it?

Poor bustards can't do anything right.

On the other hand, anyone buying CDs from the likes of Sony deserves to be had.

www.opera.com
www.mozilla.com

Who would use IE when you have these? :P

it forces you to use IE

is Sony declaring war on windows/microsoft here?

Me - at least the IE engine in a better host (Maxthon). I don't do overhyped mediocrity which rules out ZillaLand. ;P

Opera however is very nice.

If you read the article you would see that it uses ActiveX.

Need I say more?

"then the evil program will be downloaded"

LOL! Evil program! Anyway, I just saw an article stating that Sony's software may have infected over 3 million PC's: http://www.tgdaily.com/2...drm-kaminsky/index.html

How do they know? Not a clue...

Another interesting issue: how come none of these security guys bring up the fact that most major PC vendors have spyware included on their PC? (WildTangent specifically) Really, the fact that Sony has had this since the Summer and we just now found out--how many other companies are doing this? Kinda scary...

Why do you think I build my own? Why on EARTH would I buy the junk that vendors like Dell, Gateway and HP sell? You're paying for the service - and their overpriced upgrades.

The guy did a simple DNS lookup. Which ever DNS responded saying that they had the connected.sonybmg.com or whatever the call home site is on their cache it got added to a list. A DNS is were for example a computer on a ISP goes and asks what www.google.com translates to in IP form. So he came back with a result of roughly 936,000 DSNs that had the site in their cache. He also mentioned he probably wasnt able to reach a bunch of DNS. So he was trying to be humble and cut off 400k just to give some benefit of a doubt. So bring the number down to 500kish. So if only 3-6ppl behind each of those DNS are contaminated, you can multiply that number times it and get a much more serious and scary number.

dear Lord please make it stop

Man, those genuises at First4Internet just keep digging a bigger hole for Sony to fall into.
This would have never happened under Walter Yetnikof!

So, just to see if I have this correct:

Sony puts rootkit on CDs to hide DRM.

Rootkit contains vulnerability and is easily exploitable, aside from the fact that it is installed silently, without notice or permission.

Sony puts removal instruction site up. Said site contains ActiveX that installs itself on your PC and opens up new vulnerabilities.

That about sum it up?

Does ANYONE here still question Sony BMG's lack if ethics or Anti-Consumer Rights motives?

This is abso****inglutely ridiculous.

All those responsible for the debacle need to be sacked.

And for good measure, sack those responsible for the sacking.

More innocent people getting nailed because of Sony and First4Internet's incredible stupidity, naivety and complete disregard for their customers computer safety / privacy.
First4Internet are completely useless and shouldn't be in business.

I feel sorry for the music artists that are gonna lose out because of Sony.
It'll be interesting to find out what effect this has on P2P usage and overall music piracy.

Maybe Sony (and others) will think twice about this kind of copyright protection.

Music companies shouldn't put their own greed over innocent people's security and freedom. Especially when most music customers don't pirate music anyway.

What happened to being presumed innocent?
Now everyone's guilty and should be treated as such... huh?

Bah, sony's getting what it deserves. I just feel sorry for all the people with their stuff installed.

well this what sony does deserve however as far as the poset whos says most music customers don't pirate cd's i know tons of people who do download whole albums then after listening to it go out and buy it caus ethey like it. This was brought up when the RIAA sued napster and after napster wa shut down music sales dropped. the RIAA shot themselves in the foot once again on the account of sony BMG.

"i know tons of people who do download whole albums then after listening to it go out and buy it caus ethey like it."

Hi.

That would be me.

That WAS my philosophy before all the music rental services. Now I pay like 8 bux a month and I get all my music legally. Conscience is clean, and I get all the music to my hearts desire.
I feel bad for the people who've had these CDs install stuff. Especially those who are doing it to support their fave artists and stuff.
And I'm starting to feel a little (liiiiittttle) bad for Sony because I honestly don't think they thought it was going to be this horrible. Granted, I DO think they knew it was 'rootkittish', but I don't think they knew about all the really bad things that would result from it's installation. I think they were trying to protect their investment, and catch thieves.

The fact that people (me) download music has very little to do with the issue we are discussing here.

Certainly the issues are linked as they relate to each other...but the MAIN issue is SONY/BGM installing software onto your computer without your knowledge. The fact that the software has been proved to be a security risk simply adds to the outrage.

The discussion concerning whether or not the Industry as a whole have a 'right' to impose 'copyright protection' on their product is an interesting one...and although I may not like it (the same way I do not like going in and paying for a pair of shoes) in the end I concede that as they are the ones manufacturing the 'product' they have the right to protect it against something they perceive as causing 'lost revenue'.

We on the other hand have the right not to purchase it...which brings me right back to my computer connected to the net. And so it goes.

What SONY/BMG were attempting to do was not 'wrong'...how they went about implementing their 'right' is illegal...and for that reason there should be consequences.

There has been an ocean of discussion about the entire p2p music issue...does anybody know of a working solution which will satisfy both sides...or are the p2p side so used to the concept of 'free' that there can be no discussion?

OK, letter to Sony. I was an honest consumer. I bought your DRM crap because I wanted to support the artists. I was willing to look past some inconvenience because I believe that musical expression is one of the most treasured human endeavors.

And you treat me like this. OK, so maybe you didn't know how bad it could be. But, as soon as the story broke, you should have:

1) Pulled the CDs - immediately!
2) Provided a /safe/ uninstall - not just for the rootkit, but for the entire DRM thing
3) Put a letter of appology on your web site, signed by your CEO
4) Given every single person who bought one of the DRM crap a free voucher for a DRM-less version of the CD (yes, you have Spyware, so you know who we are)
5) Ran a one-time half-price sale for your entire music library as a way of saying sorry to the few people left who believe that, if we play by the rules, we're not going to be attacked by the RIAA.

If that crap isn't done, I have no sympathy for Sony. And, since none of it was done, I'll smile as soon as criminal indictments are handed out.

see the problem with this...these people PAID for the CD what thieves are they trying to catch? this protection should be on the cds sent out before the release not on the people that actually pay for it...because obviousily it wasnt on the promos because its all over the p2p networks...so basically if you think about it their thinking is the consumer is the thief

Actually, according to my reading, Sony has been distributing this XCP rootkit DRM since March of this year, according to an article on CNET on June 1, 2005. And some folks at Castlecops were questioning what this stuff was on their computers, and actually posted about it back in August.

I wonder how many folks since March 2005 have had their computers *owned* because of this rootkit and had to pay someone to fix it or just reformatted and lost everything? Just to likely put it back on the computer because they didn't know what caused it in the first place? And the cycle continued. How many spambots did they create? How many botnets did they help to proliferate?

Sheesh...3 Million computers! They claim they only made 4 Million, I think. They thought they had only sold about 2 Million, which was bad enough.

http://www.bambismusings.com/

I had been struggling with the Rootkit since Early september...

http://www.mboxcommunity.com/SONY.html

The initial count of 20 CDs that bundled Sony BMG's now infamous XCP copy-protection software has grown. The label has issued a list detailing 52 CDs dating back to early 2005 that include the controversial rootkit. 2.1 million copies of the discs made their way to consumers.