Report: Sony copy-protected CDs may hide Windows rootkit vulnerability

“A security analyst alleged Monday that playing a Sony copy-protected CD on his PC actually installed a rootkit into his computer from a third-party rights-management package,” Mark Hachman reports for ExtremeDRM. “According to Mark Russinovich’s security blog on, the Van Zant CD Get Right With The Man contains a rootkit that was installed when the CD’s on-disc player software was installed. That software, which Russinovich traced to U.K. vendor First 4 Internet, modified the Windows registry and was configured to hide system files encoded with a ‘$sys$’ prefix.”

Hachman reports, “The CD used a version of First 4’s rights management software, called “XCP” to protect the CD from unauthorized copying. Sony configured the software to allow two legal backups of the entire CD. Over 2 million CDs encoded with the First 4 Internet files have been shipped by Sony, according to MSNBC. Users had begun complaining about the First 4 Internet software in June, when the software allegedly prevented songs from being copied onto an Apple iPod.”

Full article here.

[UPDATE: 3:50pm ET: Fixed article summary.]

Advertisement: The New iPod with Video.  The ultimate music + video experience on the go.  From $299.  Free shipping.

Related articles:
How to beat Apple iPod-incompatible Sony BMG and EMI copy-protected CDs – October 04, 2005
Sony BMG and EMI try to force Apple to ‘open’ iPod with iPod-incompatible CDs – June 20, 2005
New Song BMG copy-protected CDs lock out Apple iPod owners – June 01, 2005


  1. It’s not rocket science, hold down the shift key when inserting a Sony CD onto a Windows PC. This will bypass the AutoPlay. You can also manually disable AutoPlay.

    Once you’ve taken this simple step you can treat said Sony CD like any other audio CD and rip everything into iTunes.

    This all assumes that the above mentioned piece of spyware hasn’t been installed on your Windows PC from a previous insertion of a Sony disk.

  2. Why does it say this
    “Last week consumers filed a nationwide class-action lawsuit against Apple Computer, Inc., claiming the world’s largest producer of portable music players..”
    under your headline on your main page? It’s got nothing to do with the article.

  3. When will some Windows PC owner going to sue Sony and Microsoft for installing software on his or her PC without his or her permission? Would you allow someone to install a part on your car without your prior approval? Why put up with this on your computer?

    MW: next. Next thing you know, they’ll install software to activate attached mikes and cameras and spy on you in your own home. (Sorry, getting a little paranoid there.)

  4. Does anyone have experience with these Sony so-called CDs on a Mac?

    Do they play on the Mac (presumably in iTunes, if you used another player, which one?) Can they be loaded into iTunes? If so, what version of iTunes did you use?

    If you have any experience here, please share it!

    This is something of interest to the Mac community!

  5. Tommy Boy, that’s not the big issue here (holding the shift key), the issue is that it’s installing a rootkit. For those of us who are unfamiliar with this, which is basically anyone that’s been using Macs, rootkits are basically the same thing that spyware, malware, adware, virus’, etc have been using to turn a Window’s machine into zombie machines. This guy realized that they installed this thing and then it was hoggin his CPU. He details his steps of trying to remove this thing and it was basically a nightmare. When it installed, it actually would boot up in “Safe Mode” as well. Plus the guy realized how crappy it was written. He also wondered if this thing was “calling home” to let Sony know what was installed on his computer.

    It’s a pretty scary thing to have a legitimate company install something on your computer, that basically amounts to a virus, without you giving permission for that company to do so.

    Also, there was no alert message saying anything, like click “I agree” or anything like that. It just installs it.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.