[Dixielandjazz] Sony's Rootkit CDs -- And What It Means for You

[BillSargentDrums at aol.com]

Sony's Rootkit CDs -- And What It Means for You  
<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>
 
Note: This article on the Sony rootkit and why it's important was  
challenging to write. Although there is an enormous amount of info about the  Sony 
rootkit, most of it is written in geek speak. Making this info easy to  understand 
has taken a bit of doing...
 
Earlier this month, it was discovered that Sony BMG, the world's second  
largest music label, had secretly embedded antipiracy technology, called XCP and  
included something called a rootkit, on some of their music CDs.
 
Expert security researchers have described Sony's technology as "spyware"  
because it is hidden, difficult to remove, and transmits information back to  
Sony without users knowing. This antipiracy technology cloaks itself so that it  
appears invisible to users. (Sony executives have denied that their 
technology  is a form of spyware.)
 
Even worse, it opens up computers who have the rootkit installed to other  
more malicious programs that can then get installed and remain undetected -- and 
 leave computers vulnerable to hackers.
 
Last Thursday, it was discovered that virus writers had already taken  
advantage of this security hole created by the installation of the Sony rootkit,  by 
modifying an old Trojan that now takes advantage of the shielding that the  
Sony technology provides.
 
Most experts agree that Sony's action is ethically wrong. And now, a  
California class action suit against Sony BMG claims it is illegal as well.  Other 
lawsuits are also being considered.
 
How do you know if you've been infected? Sony has used this XCP technology  
on a number of its titles, which include different labels and musical  genres.
 
The Electronic Frontier Foundation (EFF) has a list of CDs with this XPC  
technology on their website, as well as other excellent info on this  topic:
 
==} _http://www.eff.org/deeplinks/archives/004144.php_ 
(http://www.eff.org/deeplinks/archives/004144.php) 
 
Fortunately, some of the leading antivirus companies have already created  
updates to detect Sony's antipiracy program, disable it, and prevent it from  
reinstalling itself.
 
Sony has finally responded to the furor by announcing it will temporarily  
suspend production of CDs that contain this antipiracy technology and stated  
that they will review their digital rights management strategy.
 
Sony has said that about 4.7 million CD's containing XCP have been shipped,  
and of these, about 2.1 million have been sold.
 
What to do: We recommend that you do not buy or install Sony BMG CDs that  
have the XCP technology on your computer.
 
First, check the list on the EFF site mentioned above to see if you own any  
of the CDs.
 
Unfortunately, this is not a complete list. EFF recommends two other steps  
to take:
 
- You can check the left front edge to see if the words "CONTENT PROTECTED"  
are included there.
 
- You can check the back of the CD on the bottom or right side to see if  
there is a disclosure box that says "Compatible with." It will also have a URL  
that includes: cp.sonybmg.com/xcp. This URL is a giveaway that XCP is installed 
 on the CD.
 
EFF also recommends that you protect yourself from XCP if
you aren't  already infected by disabling "autorun" on your Windows PC -- you 
can find  instructions to do this here:
 
==} _http://www3.ca.com/securityadvisor/pest/collateral.aspx?cid=76351_ 
(http://www3.ca.com/securityadvisor/pest/collateral.aspx?cid=76351) 
 
Finally, update and run your antivirus software. Check to see if it  includes 
the patches to delete, disable and prevent reinstallation of the Sony  XCP 
technology.
 
We know this Snippet on the Sony rootkit was more technical than usual, but  
we felt it was very important information that you really need to know about  
since we didn't want you to unknowingly open your computer to malicious 
spyware,  viruses and other security threats.