Moonbase

I’m sure by now that many folks have heard that Sony has been caught putting software on their music CDs which secretly installs itself on your computer in order to implement their Digital Rights Management regime, but if you haven’t, this article has a fairly decent summary for the layman.

Worse, soon after suspending production (what, no recall?) of CDs with this “XCP rootkit” (malware advisories: Computer Associates, F-Secure), Sony was caught yet again, this time using their music CDs to install SunComm’s MediaMax software.

Not every Sony release contains XCP, but at least 45 of them are known to. Geoffery McCaleb has published a list of them. If you have played any of these on your computer, chances are you have been infected. I don’t know if there are any lists of CDs containing MediaMax yet.

Since the infected CDs are still being identified, it is probably best to avoid using a Windows or Macintosh computer to play any Sony-label CDs released in the past eight months. You might remember to turn off autorun (per the CA advisory) on your own machine, but that doesn’t preclude accidents when you’re (for example) using the PC of a friend who has neglected to do so. When buying new CDs, avoid especially those with stickers indicating “copy protection” or similar.

Sony BMG labels include:

• Columbia Records
• Epic Records
• Legacy Recordings
• Odyssey
• Sony {Classical,Jazz,Music,Nashville,Wonder,etc…}

Update: Sony did announce a belated recall/exchange (I missed it somehow) not long before the MediaMax thing was discovered. Hopefully the replacement CDs would be free of both XCP and MediaMax.