Sony Boycott continues: Sony recalls XCP-tainted music discs, offers Red Book compliant CD exchanges

A letter posted online yesterday by Sony BMG Music Entertainment reads as follows:

November 16, 2005
To Our Valued Customers:

You may be aware of the recent attention given to the XCP content protection software included on some SONY BMG CDs. This software was provided to us by a third-party vendor, First4Internet. Discussion has centered on security concerns raised about the use of CDs containing this software.

We share the concerns of consumers regarding these discs, and we are instituting a program that will allow consumers to exchange any CD with XCP software for the same CD without copy protection. We also have asked our retail partners to remove all unsold CDs with XCP software from their store shelves and inventory. We will make further details of this program available shortly.

We deeply regret any inconvenience this may cause our customers and we are committed to making this situation right. It is important to note that the issues regarding these discs exist only when they are played on computers, not on conventional, non-computer-based CD and/or DVD players.

Our new initiatives follow the measures we have already taken, including last week’s voluntary suspension of the manufacture of CDs with the XCP software. In addition, to address security concerns, we provided to major software and anti-virus companies a software update, which also may be downloaded at . We will shortly provide a simplified and secure procedure to uninstall the XCP software if it resides on your computer.

Ultimately, the experience of consumers is our primary concern, and our goal is to help bring our artists’ music to as broad an audience as possible. Going forward, we will continue to identify new ways to meet demands for flexibility in how you and other consumers listen to music.

Sony BMG Music Entertainment’s letter here:

Sony-BMG also offers a FAQ page here:

Bloomberg reports, “Sony BMG, a joint venture created last year by Sony Corp. and Bertelsmann AG, produced about 4.7 million discs of artists including Celine Dion and sold 2.1 million of them. The recall comes as record companies are entering their strongest sales period ahead of the Christmas holiday. ‘It’s a big mistake. They shouldn’t have done it,’ said Leigh, an analyst at Inside Digital Media Inc. in Tampa, Florida. ‘They were so concerned about piracy that they were not careful about how they would control it. They shot themselves in the foot.’ Installed on about 50 recordings distributed by Sony BMG, XCP was designed to prevent illegal duplication by limiting the number of copies that could be made once a title has been installed on a personal computer. However, the technology could also be used to monitor the users’ online activity and made PCs vulnerable to computer viruses… ‘The continued chasing of copyright protection technology is like chasing the white whale,’ Leigh said. ‘It’s an obsession that destroys the people obsessed by it.'”

Full article here.

Related information: Red Book audio CD standard.

Advertisements: The New iMac G5 – Built-in iSight camera and remote control with Front Row media experience. From $1299. Free shipping.
The New iPod with Video.  The ultimate music + video experience on the go.  From $299.  Free shipping.
We see Sony addressing the XCP malware-style ‘root kit’ issue for Windows users, but we see no mention of Sony’s other SunnComm-laced CDs that can install kernel extensions on Mac OS X which is what prompted our boycott of all Sony products in the first place. This is highly troubling, to put it mildly. Therefore, based on a strong consensus of our readership, MacDailyNews and iPodDailyNews are continuing to boycott all Sony products until this and other “copy-protected CD” issues are addressed appropriately by Sony and recommend that our 2.2+ million unique visitors per month from 136 countries worldwide do the same.

For some more information, Larry Loeb writes for Security IT Hub, “Sony says it will discontinue distribution of its DRM software, which could pose a “rootkit” security threat to users. But does that include the OS X version? Sony is reportedly pulling its digital rights management “rootkit” from the market. But it isn’t reporting everything. ‘The Sony copy-protection software does not install itself on Macintosh computers or ordinary CD and DVD players,’ Reuters reported today [Nov. 11]. There’s just one problem with that statement: it happens to be flat-out wrong. While the XCP version of copy protection is for Windows, there is another Mac-only version of copy protection installed by Sony/BMG CDs.”

Loeb writes that the Sony SunnComm CDs contain a Mac OS X application in the “enhanced” section of the CD called,, that presents a EULA and upon the users’ agreement, “actually installs two kernel extensions, PhoenixNub1.kext and PhoenixNub12.kext, in the OS X system files. These turn out to be part of a DRM codebase developed by SunnComm. According to the SunComm Web site, their MediaMax DRM allows for a limited amount of CD burns from the source material, and then will block further copying. The DRM also can make time-expiring (or number-of-play-expiring) copies of the tracks… So, while Sony may be backing down from its acts regarding Windows modification, it is yet to be seen whether the recent firestorms will cause it to pull the DRM installed on Macs.”

Related articles:
Sony BMG infected music CDs could be good for consumer rights – November 16, 2005
Microsoft to remove Sony BMG malware – November 15, 2005
Sony BMG infected music CDs could lead Sony into ‘big-league legal trouble’ – November 15, 2005
EFF publishes open letter to Sony-BMG calling for recall of all infected Sony-BMG CDs – November 15, 2005
Boycott Sony – November 14, 2005
Sony BMG ‘temporarily suspends’ production of music CDs with copy-protection scheme – November 11, 2005
Boycott Sony products: Sony music CDs can install kernel extensions on Mac OS X – November 10, 2005
Computer security firm: ‘Stinx’ virus hides within Sony’s copy protection scheme – November 10, 2005
Sony sued over copy-protected CDs – November 10, 2005
SonyBMG antics may well cause public to turn on them and turn many people onto Apple Macs – November 06, 2005
Report: Sony copy-protected CDs may hide Windows rootkit vulnerability – November 01, 2005
Analyst: Sony BMG’s boycott of Apple’s iTunes Music Store Australia won’t last long – October 24, 2005
Apple launches iTunes Music Store Australia – October 24, 2005
How to beat Apple iPod-incompatible Sony BMG and EMI copy-protected CDs – October 04, 2005
Japan music labels look to impose ‘iPod Tax’ while Sony, Warner still not signing with Apple iTunes – October 10, 2005
Why aren’t Sony, BMG, Warner, Victor making their artists’ music available on Apple’s iTunes Japan? – October 06, 2005
Sony and Warner holding out on Apple iTunes Music Store Australia – September 08, 2005
Musicians stage mutiny against Sony, defiantly offer music via Apple’s iTunes Music Store – August 10, 2005
Sony BMG and EMI try to force Apple to ‘open’ iPod with iPod-incompatible CDs – June 20, 2005
New Sony BMG copy-protected CDs lock out Apple iPod owners – June 01, 2005
Record company causes Apple to hit ‘pause’ on Australian iTunes Music Store – May 05, 2005



    What would happen if I came to take your house and decided to let you have half back in compensation?


    Stupid a$$ess.

  2. I agree, my boycott will continue indefinitely, this action was well planned to start the ball rolling in us accepting these root-kits as normal in anticipation of even more stringent DRM schemes.

    You’ll see when the MacTels arrive…

  3. MacDailyNews is correct to lift their boycott. You shouldn’t start adding reasons to continue a boycott when the reason for the boycott has been addressed. That said, of course, it’s up to each individual to do what they think is best.

    Remember: wait for Sony’s PlayStation 3. Vote NO on Microsoft’s Xbox!

    Microsoft makes Sony look positively angelic.

  4. SONY BlueRay DVD drives supposely has a DRM scheme so tough that it verifies your drive, DVDs and other media over the internet. If it finds a discrepency or if a error occurs a drive disable feature is enabled.

    Don’t buy SONY until they become more consumer friendly.

  5. chill out MacDude and MacDude alias MacAnimal! They took it off! This is awesome! They’re likely not to repeat a DRM move which will take away ability to put stuff on an iPod. We won.

    Sony is being rediculous with the whole iTunes Japan/Australia, but can you blame them? That was there last stronghold for online music.

    Chill out… we just won, and, ummm, Sony has some pretty sweet products. I wish Apple would come out with a sub-notebook.

  6. ‘The continued chasing of copyright protection technology is like chasing the white whale,’ Leigh said. ‘It’s an obsession that destroys the people obsessed by it.

    Now here is a guy who knows what he’s talking about. Sony did shoot themselves in the foot by trying to hard to protect there media and now they really hurt there reputation and people will be weary about buying CD’s with the Sony BMG label on it. Especially around the holidays.

  7. Consumer,

    Let me come and smack you around and then apologize five minutes later and see how you feel.

    SONY got rootkits installed on millions of machines, including Mac’s and we are supposed to just say “That’s ok Sony, we’ll let you off the hook”

    Those ba$tards knew exactly what they were doing, don’t think for a minute they weren’t.

    Microsoft has been pulling this “Stockholm Syndrome” abusive effect for years.

    Abuse > Apologize > Make Amends > Promise to make it better > Abuse Again.

    It’s a way to gain a advantage on people through abuse. The answer is if a person or corporation abuses severly like this is to never deal with them again. Either that or your the fool and the victim.

    Talk to any abusive spouse in treatment.

  8. I think MDN is lifting the boycott much too soon. Sony’s statement makes no reference to the other DRM software they employ, from SunComm which is practically just as malicious and definitely falls under the category of “spyware.”

    What few people realize is that Sony uses another copy protection program, SunnComm’s MediaMax, on other discs in their catalog, and that this system presumably is not included in the moratorium. Though MediaMax doesn’t resort to concealing itself with a rootkit, it does behave in several ways that are characteristic of spyware.

    1. MediaMax installs without meaningful consent or notification

    2. MediaMax discs include either no uninstaller or an uninstaller that fails to remove major components of the software


    3. MediaMax transmits information about you to SunnComm without notification or consen

    Viewed together, the MediaMax and XCP copy protection schemes reveal a pattern of irresponsible behavior on the parts of Sony and its pals, SunnComm and First4Internet. Hopefully Sony’s promised re-examination of its copy protection initiatives will involve a hard look at both technologies.

    Sounds like Sony is putting out a fake apology while continuing to put out malicious DRM that goes by name that isn’t “XCP.” Furthermore, they never promised they wouldn’t do something similar in the future.

    Boycott Sony!

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.