June 13, 2024

Sony Shipping Spyware from SunnComm, Too

Now that virus writers have started exploiting the rootkit built into Sony-BMG albums that utilize First4Internet’s XCP DRM (as I warned they would last week), Sony has at last agreed to temporarily stop shipping CDs containing the defective software:

We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists. Nonetheless, as a precautionary measure, SONY BMG is temporarily suspending the manufacture of CDs containing XCP technology. We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use.

What few people realize is that Sony uses another copy protection program, SunnComm‘s MediaMax, on other discs in their catalog, and that this system presumably is not included in the moratorium. Though MediaMax doesn’t resort to concealing itself with a rootkit, it does behave in several ways that are characteristic of spyware.

I originally wrote about MediaMax back in 2003. It was the first copy restricting technology that installed software in an attempt to block ripping and copying. SunnComm has continued to develop its anti-copying tools, and today MediaMax is distributed on albums from Sony-BMG and several smaller labels. Sony titles that use MediaMax include Grown and Sexy by Babyface and Z by My Morning Jacket. These discs aren’t hard to spot; the back album covers usually contain a label that includes a sunncomm.com URL.

Like XCP, recent versions of MediaMax engage in spyware-style behavior. They install software without meaningful consent or notification, they include either no means of uninstalling the software or an uninstaller that claims to remove the entire program but doesn’t, and they transmit information about user activities to SunnComm despite statements to the contrary in the end user license agreement and on SunnComm’s web site. I’ll describe each of these problems in detail below.

1. MediaMax installs without meaningful consent or notification

When a MediaMax-protected CD is inserted into a computer running Windows, the Windows Autorun feature launches a program from the CD called PlayDisc.exe. Like most installers, this program displays a license agreement, which you may accept or decline. But before the agreement appears, MediaMax installs around a dozen files that consume more than 12 MB on the hard disk. Most are copied to the folder c:Program FilesCommon FilesSunnComm Shared, shown below:

These files remain installed even if you decline the agreement. One of them, a kernel-level driver with the cryptic name “sbcphid”, is both installed and launched. This component is the heart of the copy protection system. When it is running, it attempts to block CD ripping and copying applications from reading the audio tracks on SunnComm-protected discs. MediaMax refrains from making one final change until after you accept the license—it doesn’t set the driver to automatically run again every time Windows starts. Nevertheless, the code keeps running until the computer is restarted and remains on the hard disk indefinitely, even if the agreement is declined. [Update 11/28: In several common scenarios, MediaMax goes a step further and sets the driver to automatically run again every time Windows starts, even if the user has never agreed to the license.]

To see if SunnComm’s driver is present on a Windows XP system, open the start menu and select Run. In the box that pops up, type

cmd /k sc query sbcphid

and click OK. If the response includes “STATE: 1 STOPPED”, the driver is installed; if it includes “STATE: 4 RUNNING”, the driver is installed and actively restricting access to music. Alternately, you can look for the driver’s file, sbcphid.sys, which will be located in the c:windowssystem32drivers folder if it is installed.

(Newer version of SunnComm’s software can also block copying on Mac systems, as reported by MacInTouch. However, since Mac OS X does not automatically run software from CDs, Mac users will only be affected if they manually launch the installer.)

Is there any meaningful notice before the program is installed? On the contrary, the Sony license agreement (which happens to be identical to the agreement on XCP discs, despite significant differences between XCP and MediaMax) states that the software will not be installed until after you accept the terms:

As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the “SOFTWARE”) onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted.

Notice too that while the agreement partially describes the protection software, it fails to disclose important details about what the software does. Yes, the MediaMax driver tries to “protect the audio files embodied on the CD,” but it also attempts to restrict access to any other CD that use SunnComm’s technology. You only need to agree to installation on one album for the software to affect your ability to use many other titles.

2. MediaMax discs include either no uninstaller or an uninstaller that fails to remove major components of the software

None of the MediaMax albums I’ve seen from Sony-BMG include any option to uninstall the software. However, some titles from other labels do include an uninstall program. For instance, the album You Just Gotta Love Christmas by Peter Cetera (Viastar Records) adds MediaMax to the Windows Add/Remove Programs control panel, the standard interface for removing programs. If you elect to remove the software, it displays the following prompt:

Clicking “Yes” does cause parts of MediaMax to be deleted, including nearly all the files in the SunnComm shared folder. However, the protection driver remains installed and active despite the suggestion that “MediaMax and all of its components” would be removed. That means iTunes and other programs still cannot access music for any SunnComm-protected CD.

[Update: Apparently SunnComm was providing an uninstaller to users who persistently demanded one, but the uninstaller opened a severe security hole in users’ systems.]

3. MediaMax transmits information about you to SunnComm without notification or consent

Sony and SunnComm seem to go out of their way to suggest that MediaMax doesn’t collect information about you. From the EULA:

[T]he SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.

SunnComm’s customer care web page is equally explicit:

Is any personal information collected from my computer while using this CD?:
No information is ever collected about you or your computer without you consenting.

Yet like XCP, the MediaMax software “phones home” to SunnComm every time you play a protected CD. Using standard network monitoring tools, you can observe MediaMax connecting to the web server license.sunncomm2.com and sending the following request headers:

POST /perfectplacement/retrieveassets.asp?id=
   7F63A4FD-9FBD-486B-B473-D18CC92D05C0 HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: license.sunncomm2.com
Content-Length: 39
Connection: Keep-Alive
Cache-Control: no-cache

This shows that MediaMax opens a web page from a SunnComm server and sends a 32-character identifier (highlighted)—apparently a unique code that tells SunnComm what album you’re listening to. The request also contains standard HTTP headers from which the company can learn what operating system you are running (in the above example, NT 5.1, a.k.a. Windows XP) and what version of Internet Explorer you use (here, IE 6).

SunnComm also gets to observe your computer’s IP address, which is transmitted to every Internet server you connect to. You are assigned an IP address by your Internet service provider or system administrator. Many users are issued frequently changing “dynamic” IP addresses that make it difficult to track them individually, but others have fixed, “static” addresses. If you have a fixed address, SunnComm can piece together the messages from your computer to find out all the protected discs you listen to and how often you play them. In some cases, such as if you are a Princeton student, knowing the address is enough to let SunnComm track down your name, address, and phone number.

So why does MediaMax contact a SunnComm server in the first place? The server’s response to the above request isn’t very informative:

Microsoft VBScript runtime

error ‘800a000d’

Type mismatch: ‘ubound’

/perfectplacement/retrieveassets.asp, line 26

Apparently a bug in the server software prevents it from returning any useful information. However, the name “Perfect Placement” in the URL provides a valuable clue about the server’s purpose. A SunnComm web page describes “Perfect Placement” as a MediaMax feature that allows record labels to “[g]enerate revenue or added value through the placement of 3rd party dynamic, interactive ads that can be changed at any time by the content owner.” Presumably the broken site is supposed to return a list of ads to display based on the disc ID.

Just because the server software is buggy doesn’t mean it isn’t collecting data. If SunnComm’s web site is configured like most web servers, it logs the information described above for every request. We can’t know for certain what, if anything, SunnComm does with the data, but that’s why transmitting it at all raises privacy concerns.

To summarize, MediaMax software:

  • Is installed onto the computer without meaningful notification or consent, and remains installed even if the license agreement is declined;
  • Includes either no uninstall mechanism or an uninstaller that fails to completely remove the program like it claims;
  • Sends information to SunnComm about the user’s activities contrary to SunnComm and Sony statements and without any option to disable the transmissions.

Does MediaMax also create security problems as serious as the Sony rootkit’s? Finding out for sure may be difficult, since the license agreement specifically prohibits disassembling the software. However, it certainly causes unnecessary risk. Playing a regular audio CD doesn’t require you to install any new software, so it involves minimal danger. Playing First4Internet or SunnComm discs means not only installing new software but trusting that software with full control of your computer. After last week’s revelations about the Sony rootkit, such trust does not seem well deserved.

Viewed together, the MediaMax and XCP copy protection schemes reveal a pattern of irresponsible behavior on the parts of Sony and its pals, SunnComm and First4Internet. Hopefully Sony’s promised re-examination of its copy protection initiatives will involve a hard look at both technologies.


  1. As I understand it, Sony BMG is not pulling the Mediamax CD’s from the retailers even though they’ve made a class action settlement. By doing that, I feel they admit their guilt in this matter. So why are they being allowed to let the bad CD’s be sold?

    Another point is that I frequently play audio CD’s at a low volume on my computer at work. This software can infect more than your home PC. Since there is a security risk that someone could hack into a computer, does this possibly leave thousands of business computers (and government) at risk?

    Anyway, Mr. Halderman, keep up the good work.


  2. they already have two lawsuits against them for this shit. Ok yall this is what im gonna say. First Thank you John Alex for sharing the info that mediamax cannot install when u hold the shit button down while inserting a CD, bc I was just able to successfully rip my Babyface CD(Grown and Sexy) to iTunes. But about the copy protection deal? Well I understand that they dont want people stealing their music. Yes you are allowed to have a back up copy of a CD for personal use. HOWEVER, that is not what most ppl do. They wind up making copies and givin them to all their friends or sometimes they will sell them. When people do that kind of stuff it takes away from the profit of the producer. So i understand the copy protection part BUT what I DO NOT LIKE is that theyhave to have the extra software with them. That is selfish but we really shouldnt just be blaming sony. Sure they have no clue how to treat their loyal customers BUT thats only because of those ASSHOLES that go making bunches of copies of a particular album and selling it. THAT is who we should REALLY be blaming. The good have to suffer for the bad. Because of those people, sony records is treating all their consumers like criminals. If they keepp up what they are doing they will wind up loosing money. It’s sad that sony has gone so low i agree. They not only get to the point where they tryin to keep sales from tanking(which is understandable bc thats how they make a living, they make their profit from ppl buying their music or downloading it legally) but THEY CARE MORE ABOUT THE PRODUCT THAN THE CONSUMER. Software forced to be installed on ones computer EVEN AFTER DECLINING THE EULA(End Users Liscense Agreement) is not protection, it’s a VIRUS. This not only disables you from playing that particular album but IT COMPLETELY DISABLES YOUR COMPUTER ALL TOGETHER AND IT PISSES ME OFF AS MUCH AS IT PISSES YALL OFF. But for the virus matter, i hope sony gets the hell sued out of them for this. I get the copy protection itself but they need to evaluate the software

  3. With these devious so-called “copy protection” schemes, these blasted corporate idiots and their infinite greed are actually promoting piracy. They deserve what’s coming to them.

  4. […] For more information on the MediaMax aspect of the Sony saga, see http://www.freedom-to-tinker.com/?p=925. […]

  5. It’s amazing how much time and money these companies waste on creating so-called anti-piracy security that are easily worked around and only royal piss off customers.

    If you haven’t popped a Sony SunnComm CD in your PC yet, turn off Auto-run and leave it off to play/backup songs and to save future headaches.

    If you’ve already played a Sony SunnComm CD in your PC, go to Control Panel / System / Device Manager / CD-ROM Drive / Properites and uncheck ‘Enable Digital CD Audio for this CD-ROM device’. Then when you pop in the Sony SunnComm CD the auto-run kicks off the MediaMax software which will not fail with and error. Now you can play the songs on the CD as normal. Seems the software needs to access the CD as digital audio or it freaks.

  6. i am a new mediamax shareholder. having been a long time dubber of video movies as a nonpirate, i have been impressed with macrovisions mission so much that i will no longer be dubbing any videos but buying originals. its simply not worth the hassle. thats why i think mediamax will stay in business. they have made mistakes in their history but so have alot of companies including microsoft. i wish i had bought microsoft in 1982 for twenty cents.

    i think mediamax needs to make it much easier for customers to uninstall any software they load to any computer with or without explicit permissions.

    they should have a 911 hotmail address for fast support for anyone whose pc is disabled by mediamax software.

    they should have a hot tab on their homepage that goes directly to a troubleshooter page.

    mediamax has to provide what their customers want. right now that is primarily sony bmg. if they tell mediamax or first4internet to stop providing something, or otherwise make changes, they will.

  7. georgewbushphd says

    Yes. that is sony’s own no-copy technology. Which disc was it? I have not figured out exactly how it works yet but would welcome anyone’s input. Also, you may find it amusing that Sony-the company that relentlessly snivels about anuathorized copying-actually get paid a royalty for all digital media and recording devices to cover that cost. sont doesn’t put that on its FAQ.

  8. What about the Sony program/spyware/malware/etc called….

    secuROM produced by Sony DADC Austria AG. Mine is located in my C:WindowsSystem32CmdLineExt.dll folder.

    File name is SecuROM Context-Menu for Explorer….There isn’t any information out there about this. I question it was the highest rated possible ‘threat’ from Security Task Manager program. However, no additional information about this name/dll file is out there.

    I did find this little snippet of information


    Anyone have any ideas? Is this something similar to the other Sony spyware?

  9. >>> But this hiding of spyware on computers without informing the buyers, and not allowing me to play a sony song on my personal mp3 player, and especially opening up my computer to hackers, while trying to hide their files and call them ‘essential windows software’, is it. Sony has gone too far, to far to forgive, and too far to forget. My suggestion to every honest person who deserves privacy and deserves to get what they pay for, is to not buy anything from this brand name again! Stop paying dues to the devil!

    You said it best. I will never, NEVER, buy any Sony product every again! No media, no electronics, no attendting SonyPictures movies, no music…NOTHING!!! EVER!!!! NO EXCEPTIONS!!!!

    Jason, why are you trying to pit Alex (the shift trick) against Mark? They are both trying to help you. I don’t care if Alex spent 5 minutes and Mark spent 5 years. Thank them each for their respective time, and do it graciously. I know you’re really not a bad guy…you just got a little carried away, there.

    Latner, good riddance, you are a laughingstock of…well, people everywhere!

    Alex, Mark, everyone else with useful information, thank you for your investigations and all your information. For any anyone who does not understand techno-babble, let’s make the issue simple (too bad we can’t do the same for the fix):

    * It is illegal in the U.S. to install software on a user’s computer without their permission (which Sony has done on several occassions).

    * It is illegal to fail to provide a working means to uninstall ANY software, whether the user agreed to install it or not (which Sony has done on at least 2 occassions).

    * Software is considered “spyware” if it sends any user’s information to anybody else without consent (which Sony has done several times, so if Anti-Virus vendors refuse to label this DRM software “spyware”, they are blatantly lying, too).

    * Laws in the U.S. require that software must disclose whenever it will collect and send user’s information to someone else (and not just 3rd parties).

    * It is FRAUD to claim that software can be removed when it can’t, to “offer” people to accept or decline an agreement to install software and then install it anyway, and to claim you don’t collect any personal information without the user’s consent, and then proceed to do exactly that.

    * It is FRAUD for Sony to install software on your computer labelled as “essential Windows software” (even if Windows consented to it, because this misrepresents the product to the user…I doubt Windows consented).

    * Any company, store, manufacturer or whatever, who claims they are immune to liability just because they say so, are LYING. They are subject to any liability laws in the country or state where they sell (and in some cases where they produce) their goods and services. This is only meant to make you THINK you have no rights. They are covering their buts IN CASE there are any lack of laws, but where there are laws, they are CERTAINLY LIABLE FOR DAMAGES IF THE LAW SAYS SO.

    * In most cases, a company cannot even require that you conciously “give up” your right to filing damage suits, and if they say they can do this, they are quite often LYING and any such agreement by you is invalid.

    * The person who posted that U.S. laws allow software liscences to prohibit you from making copies, but that this is not the case for music, etc., is entirely correct. That’s because in software the value is, and has been considered from day one, in its USE on any particular computer or computers…whereas media has ALWAYS BEEN INTENDED TO BE PORTABLE.

    * The person who posted that copying media for personal use is not illegal, but that CIRUMVENTING ANTI-COPY TECHNOLOGY IS ILLEGAL, is completely correct….except if you did not consent for such software to be permanently installed on your computer and for it to be unremovable, guess what? The manuafacturer’s installation on your computer of this technology was done totally illegally, so you have the right to get around it anyway you want. You have a right to circumvent/get rid of something you did not consent to be installed or that you installed due to fraudulent information by the manufacturer. Just like if someone throws something on your lawn, you have the right to throw it in the trash (it’s now your property). So now you get back to the copying only being illegal if you distribute or intend to distribute your copies of the copyrighted work.

    Thank you so much, those of you who have posted the littlest to the most complicated explanations and help.

  10. To remove the sony spyware, use system restore and go back to a date before you first used the CD. This seemed to work for me.

  11. Gerry is very Unhappy says

    I suspect the real problems for Sony will occur when purchasers of their spyware infected products file civil suits alleging damages to personal property (computer system) and claim recovery for all the time spent in producing documents that no longer run properly on an infected computer system. The fact that SunnComm’s software is partially installed even though a user does not agree to the license being offered, poses a very serious problem for both SunnComm and Sony. When Party A makes an offer to do business with Party B, and the latter does not accept the offer, any action that Party A takes under the assumption that Party B was going to accept the offer, is legally limited to withdrawing from the negotiation. Since no contract then exists between Party A and Party B, any software left on Party B’s computer by Party A is a violation of law. Anybody who has remnants of SunnComm’s software on their computer even though they did not agree to the offered license would seem to have a solid basis for a claim against SunnComm and any other party who made the SunnComm software an integral part of their product, i.e., the hapless Sony Corporation. Now, does my new Sony LCD television have a secret camera installed that sends my private activities with my wife back to Sony? Hmmm, what about my new Sony LCD computer monitor? Or am I just paranoid because my computer crashed two weeks ago because of spyware and I lost years of college-generated work. Sounds like Microsoft and Sony should get together and exchange damage control software.

  12. I'm Not Advanced says

    I installed mediamax before i read this woould-have-been helpful article, so i need to know, what is the best/easiest way to get rid of this shit?

  13. IT’S a SONY !!!! FUCK THEM with their aggresive XPc and DRM…. SUNCOMM also must go to hell for BINARIES….

  14. Just wanted to correct Mr. “Legal Expert”….the “Betamax Decision” only applies to disks/tapes/VHS/etc that do not have a copyright protection built into them, such as CDs (until recently obviously). So before, it was legit to burn backups of your CDs because their was no copyright protection on them, but it is illegal to burn backups of your DVDs due to their built in copyright protection. So basically if you have to circumvent any protection in order to copy your disks, it is illegal. Just thought I would clear that up.

  15. How does the copyright protection implemented by Panasonic compare with the Sony controls? Details are at: http://www2.panasonic.com/webapp/wcs/stores/servlet/SDTechExplained?storeId=15001&catalogId=13401&langId=-1


  16. I’m crying buckets for Mr. Latner! NOT!

    I am so done with Sony! All I want is to be able to listen to my cd in any player I choose, and their stupid little Media Max Piece of Shite has made it nearly impossible. I own a one-year-old car with an excellent sound system, but I cannot listen to my Black Rebel Motorcycle Club or my David Gray in it! I won’t waste money on their crap anymore! I guess I’ll just have to download from iTunes, burn it to a cd right away, and listen that way, if I even decide I need to hear anything from Sony’s artists at all. Too bad, since they have some fine artists attached to the label.

  17. Ah. Now I see. Sony has truly done it. All products with the Sony name (including the plasma TV and laptop we were considering for christmas presents) will not be purchased. Hello, Dell.
    I have to spend hours reinstalling Windows on my computer because these creeps install software without telling me, they in fact lie about their data collection and surveillance. I am doing nothing wrong, but if I wanted Big Brother, I would have pushed for the Patriot Act.
    Seriously, Sony will get no more of my money. I can live without buying more of their artists’ music, and other companies produce electronics.
    I am thoroughly disgusted.

  18. Legal Expert says

    Anonymous, you are a complete and total asshole; not to mention that you have your head so far up your ass that you have yet to see the real world. In the US you DO HAVE THE LEGAL RIGHT to copy your dvd’s and software for a “backup”…it is called the “Betamax Decision” and was made by the US Supreme Court back in the 70’s. That decision gives you the legal right to make as many backup copies of ANY dvd-software-cd’s that you own, the only exception is that you have to have a store purchased version for this to apply. It does not apply to stuff that you downloaded off the internet.

    What this means numbnuts, is that ANYONE with a legal store purchased copy of any dvd-software-cd, can make as many backup copies as they want…they just cannot sell-or give them to other people. This does NOT include anyone that is living in the same household as the person making the copies as it is implied that this would be done anyway (placing a store purchased OS on three or more computers in your home-making three or more copies of the dvd so they can be watched on your childrens TV’s as well as your own without having to swap the dvd on a constant basis-and the same goes for music cd’s) It is only when you start passing them out to friends and such that you cross the line.

    As it stands, your whines are a complete and total waste of skin and air, as are you. Please go to that rather large building in your community called a “Library” and actually spend a few months there doing research so that the next time you open your mouth you will at least have the intelligence of a 5th grade student so you can sound a lot more intelligent then you have in your early posts. If you are still in school, then STAY AWAKE during your classes fool! If you are not in school any longer, then your former teachers should be fired for being incompetent.

    Either way, with the intelligence that you have shown here, I can see your future job will be standing on a corner with a sign saying “I will work for food.”

    Now crawl back under the rock you slipped from and leave the rest of us in peace.

  19. Sony DRM: first rootkit, now spyware?

    An article of the Gripe Line Weblog reports that Princeton University computer scientist J. Alex Halderman has found clues that another Sony DRM software, Sunncomm’s “MediaMax”, shares common traits with spyware: it “phones home…

  20. …hmmm…. isn’t an XBox just basically a pc in a box?
    Wonder what happens in those things when you run a Sony CD in them while hooked to a broadband connection?
    I’m just guessing that when the autoplay executes, they load up the files to the harddrive in one of those too since they’re supposedly just a pumped-up-video pc…

    Anybody got one and want to check it out? >…

  21. I was one of those poor 8@$+@RD$ that got caught by one of Sony/SunComm’s earlier efforts… and don’t think it’s coincidence that my ultra-redundant machine was fatally disk-corrupted shortly thereafter. Accepted or not, the “protected” CD would not play on my hardware (that met/exceeded their minimum standards). Neither Sony nor SunComm responded to multiple requests for assistance in resolving those problems. At this point, my reading of the DMCA says that I have “self help” rights to do anything I want, including disassembly of their code.

    Some place out there is an attorney patiently assembling a class action against Sony/BMG/SunComm, and anybody else that has deprived me of ANY use of the CD I paid for. Sign me up!

  22. I Trust Sony (NOT) says

    Yeah – I trust Sony. And I’m trusting them with developing the new BluRay technology! I’m sure they (Sony) won’t put any DRM protection firmware in the drive, nor will they have any “phone home” capability that they don’t tell us about. YEAH, Right! I for one will not be an early adoptor of any new BluRay drives. I can only hope that the industry learns something from this Sont DRM fiasco.

    I for one will not be buying any product with those ceratin 4 letters (SONY) on the box!

    Sony – you blew it this time. I hope you (corporately) choke on your greed and stupidity. I’m only glad that I have software that decrypts and rips anything that I put in the drive. While I am neither a pirate nor a “file-sharer” I do resent any media company from restricting my legal rights to back-up and make legitimate copies of software / music / movies that I have purchased.

    Die SONY Die!

  23. Gee, all of a sudden, I don’t feel bad about downloading songs. They wanna make rules as to how you can use a PRODUCT YOU OWN. Screw that. I’ve given them thousands of dollars in the past, but that ENDS NOW!

    I was looking as a PS2 for christmas, but an X-Box seems SO much better all of a sudden

  24. Charles From Texas says

    That’s the last straw for me when it comes to Sony. Not only will I never again buy another CD from them, but I will have to think long and hard before I buy another Sony product. I spent untold thousands on Sony products of all kinds, and that may all stop now. Watching grandparents get sued for a kid downloading some song without their knowledge was one thing, and I didn’t take it too personally because I’ve never downloaded songs. But this hiding of spyware on computers without informing the buyers, and not allowing me to play a sony song on my personal mp3 player, and especially opening up my computer to hackers, while trying to hide their files and call them ‘essential windows software’, is it. Sony has gone too far, to far to forgive, and too far to forget. My suggestion to every honest person who deserves privacy and deserves to get what they pay for, is to not buy anything from this brand name again! Stop paying dues to the devil!

  25. I am a UK resident and like Armagon (our Canadian friend, many posts above) I am ENTITLED BY LAW to keep a backup copy of any media I have purchased. This is handy to me as I don’t use a CD player – I use a PC to store and playback my music. This is used to transfer tracks to my SONY NetMD and NetWalkman devices.

    The many DRM implimentations that Sony have used have interfered with my legal use of the music I buy, even thouth I’m trying to use Sony discs on Sony devices. This is NOT a good way to give customer satisfaction.

    I took this issue up with Sony/BMG and they offered me versions of the discs WITHOUT the copy protection, even before all this rootkit/MediaMAX ‘revelation’ hit the fan.

    My gripe isn’t that they’re trying to protect the music – that’s fine. My gripe (like many others here) is with the WAY THEY ARE DOING IT!


  26. greenarrow1 says

    I have been following the Sony debunk a lot lately since I help customers with infected computers. One area I am investigating is the possiblity of Sony or their 3d party companies dealing with Sony Players (CD/DVD)firmwares and exactly what is in the firmwares. Seeing what they did with trying to try protect the copying of their CD’s I would not put it past Sony to add something malicious to their firmware updates or original firmware that comes with their players. Has anyone else been looking at the firmwares from Sony?
    Also, if the complaints are valid against SummComm/MediaMax Tech why havent I seen any post where a complaint has been filed with the SEC?? I have read all the posts and if they are fact this indeed is a violation of the SEC. If I had the time I would investigate every link and search for more to see if the facts presented are indeed true and then report a possible violation of the SEC. This is one way to solve the issues presented on the posts here.
    Remember we can all rant and rave here but if no action is taken it is actually useless. I am totally against what Sony and their 3d party companies did as we own our computers not Media Makers and I feel legal actions should be taken against them to show that us as consumers will not tolerate intrusions on our personal properties (computers) and our privacy. Class action lawsuits only cost money but legal criminal actions, if can be proven, stop this type of malicious actions by companies.

  27. I have been monitoring the progress of the Sony fiasco and was not only mildly annoyed by it until I actually got one the CDs. The one I got was protected by SunnComm and I emailed Sony demanding a proper CD or my money back. The response I got was:

    “The CD specified in your email was not manufactured using the First4Internet XCP content protection technology. The content protection on that CD (MediaMax) was developed and is supported through Sunncomm Int’l. Please contact SunnComm for all support and requests”

    At this stage I was pist. So I set about circumventing this crap. In case this is not already common knowledge (and apologies if it is), here is how I got a proper CD from a protected one.

    1. Make sure autorun is disabled (http://www3.ca.com/securityadvisor/pest/collateral.aspx?cid=76351)
    2. Use a program like CloneCD (version worked but it may not be available because it copies in raw mode and they had to stop it due to industry pressure or something).
    3. Set CloneCD to read the CD as an Audio CD image (CloneCD will only copy the audio session from the disc, the data – SunComm spyware – is located on the second session).
    4. Copy your image to a writable CD and this copy will contain the audio album only.

    If any of you find this useful or have a better way of doing this, please disseminate this or your own procedure around the web.

    If I didn’t find this way around I would have resorted to downloading the album I bought illegally, which is something I wouldn’t normally do because I prefer to have the CD. This is a point companies like Sony should take into account; behaving like this only encourages users to engage in subversive means to access the content they want.

  28. I think in addition to the issues mentioned above I experienced a different problem. The sound appears to be getting stuck (2 to 5 seconds) almost like stuttering. I first noticed when I tried loading Santana’s latest cd into iTunes and I thought the cd was defective. It plays fine on my home cd and car. After 2 to 3 weeks of frustration I finally found the problem. It was related to MediaMax. It came on the Santana cd (all that I am). The interesting thing is that no where on my pc I can see this software installed not even trough control panel. After I re-installed the sound drivers from the original cd and try playing the Santana cd it came up with a MediaMax error saying it could not validate license. After that I found th MediaMax website (www.sunncomm.com) and through there I found an un-install link and that fixed my problem.
    It should be illegal to install defective software that affects performance of my computer that it could potentially cost a lot of money to correct.

    Sony needs to spent more time improving quality of their products instead of worrying of illegal cd copying.

  29. Well, I notice Mr. Latner’s replies have stopped, as the tide of information has swelled to epic proportions. I really DO feel sorry for him that his investments in SunnComm have not worked well. But caveat emptor, and don’t invest in companies that trade in deciept and other people’s pain.

    Sony corporation got their first American Chairman and CEO this year, and I hope he gets the message loud and clear from that market that his company is alienating their customers, and will turn fully against the company if it continues this adversarial relationship with it’s customers.

    I’ll leave you all with this tidbit: in the consumer electronics industry, many Sony dealers say that Sony’s company motto is: “Sony: We’re Not Happy Until You’re Not Happy!” Never more true than now.

  30. Re: “In contrast, the XCP system includes a second layer of protection that works even if no special software gets installed. That’s why programs like iTunes and Windows Media Player still have trouble ripping XCP discs even when autorun is turned off. (Though this second layer doesn’t involve installing software, it seems to only work on Windows systems, so iTunes can rip XCP CDs just fine on Macs.)”

    Mr. Halderman, can you elaborate on this? From a technical standpoint, I’d sure like to understand how a CD that will play on a plane jane CD player can defeat ripper software on a PC if NO SOFTWARE IS INSTALLED. Can you provide more technical details about the functioning of this “second layer”??

  31. Given the quality of their software, the security problems could be worst than the rootkit if an attacker finds a way to take advantage of bugs in the web application at license.sunncomm2.com and the client software that communicates with it.

  32. Has anybody tried to rip a Sony musc CD under a Linux environment running from a “live CD” such as Knoppix, and allowing a mounted harddisk permission for read and write only, but not for running.

    I suppose this could be a way to fool all malware installs from Sony.

  33. I uninstalled the Mediamax software and looked at the CD for the CDA files. What I found instead were WMA files encoded at 128 kbps. If I wanted my music in this format I would have downloaded it.

    What a ripoff!

  34. MikeyLikesIt says

    With all this gobbety-gook now involved with a legitimate purchase of a music CD I have now found an alternative: Winamp and ReplayMusic. My money is now well-spent on good software than crappy music.

  35. asdfoguasdf says

    some of the problems people report here are the result of STARFORCE game copy protection.

    just as bad as xcp or mediamax any day. maybe even worse since it fucks up your drives.

  36. I guess we’ll all just have to treat music CD’s the way many of my customers treat Microsoft software: Buy a legal copy, and leave it on the shelf, shrinkwrapped. Then actually USE a nice, safe, cracked copy from the internet.

  37. Well, to remove the viruslike DRM that killed my DVD drive I decided to reinstalled XP. After 6 hours I got a base system up to date with AV&FW. Next I’m starting to install Office and other applications.
    Perhaps this is the way of the future, buy a 19EUR CD and spend a couple of days to make your systems stable again, this just shows how stupid I am. I should have used bitttorrent or eMule to download the album and would have had no new problems with my computers.
    I find it funny that AV manufacurers are veeery careful, when they comment on Sony rootkit “It is not malware”, right, they just fear that mighty Sony will sue them if they tell the truth.

  38. How sure are you that the 36-byte id 7F63A4FD-9FBD-486B-B473-D18CC92D05C0 depends solely on the inserted CD? It’s long enough to include extra information about the system that the “phone home” software is running on.

    Also, when I send the POST given above to license.sunncomm2.com port 80, it sends back

    HTTP/1.1 100 Continue
    Server: Microsoft-IIS/5.0
    Date: Thu, 17 Nov 2005 18:01:44 GMT
    X-Powered-By: ASP.NET

    rather than any VBScript error, and then, when I send nothing more, disconnects after 15 minutes. Same results when I used an altered 36-byte id.

    –Mike A.

  39. i was able to not only listen to my cd afterward, but i ripped it last night! so i think i’ve finally got rid of it! yay!

  40. Digital Prostitute says

    If you’re having any problems with your computer because of Mediamax please call Eric Vandewater, SunnComm’s chief technology officer. I’m sure he will be more than happy to help:

    602-267-7500 and ask for Eric

  41. BackToVinyl says

    MediaMax broke my computer. I unknowingly put a MediaMax protected CD in my computer’s drive. The EULA came up behind WMP and I couldn’t figure out why the cd wouldn’t play… looked at the label… saw the DRM notice… saw the EULA… said “NO”… Now my computer won’t play ANY music CD without garble.

    This is why SunnComm should be closed down and anyone who invested deserves what they got. You can’t invade my computer, break it then expect to be rewarded??

    How do I fix my computer??

  42. is it legal for me to post how to remove the sbcphid? if so, i can post it for everyone. i had the same problem when i loaded my copy of a foo fighters cd. i declined the installation, but i couldn’t listen to my cd on the pc until i removed the sbcphid file…

  43. Djinni Arimental says

    From what I read, this only affects Mac and Windows users. I take it they don’t have any copy protection that works on Linux boxes? So the saying, “Stupid things happen to stupid people,” applies here. I’d like to see Sony develop a CD that will play in my car CD player and thwart “dd -if /dev/cd0 -of=/home/dja/music/cd01.img”

    Sony Sucks! Boycott Sony!

    (an unhappy owner of a Sony MD recorder; the last $ Sony will ever get from me)

  44. here’s something interesting on the spyware side of this. a friend of mine sent me this link:


    while they may not be coming out and saying that SunnComm’s version is malware, it’s nice to see SOMEONE saying that the rootkits are!

  45. Does anybody have a clue what f#%king DRM I’m having, symptom is that all audio CDs inserted cause my DVD writer to stop working, for a while it is doing something, but doesn’t return any data to a ripper like EAC. I can’t even eject the disk (other than by rebooting the machine). This happens in XP Pro. As a sidenote CD/DVD burning works fine.
    However, when I boot to KUbuntu Linux the drive works perfectly, I’m able to rip any audio disk.
    I didn’t find any signs of the Sony rootkit or MediaMax.

    Another thing what pisses me off is that I bought a new DVD writer because I thought that the other one was broken, I tried Linux after the second drive had exactly the same problem.

    I think it will take some time before I visit a record store again, copies from the Internet are much safer. I used to buy about 1-3 CDs a month earlier.

  46. Thanks for letting us know. This is sad new indeed. Publishers used to blame their customers of doing illegal things. Now it turns out they do it themselves (messing with OTHER PEOPLE’s property, that is). Now the trust is gone both ways. There’re no good guys around anymore, probably never were.

  47. Oh FOOLS They ArE says

    If there EULA says 1 thing and does another there contract “EULA” is null and void… because THEY breached it… Meaning you own the music and the app on it lock stock and barrel… Now you can disasemble the app, “junk that it is” and find a way around it… They f***ed themselfs… ha ha ha….

    Lets see what happends now…
    I better go buy some of these CD’s so I can make some money at there expense..

  48. I put the new Neil Diamond CD in the drive and refused the EULA which required that I use task manager to get it to go away, but still can’t play the disk in Windows Media Player, and my memory usage has increased substantially. Is it installing an additional driver before you accept the EULA that changes your CD players driver? Why is my computers CD player unable to recognize the CD while an ordinary CD player can if I accepted no software from the CD? Have they destroyed some of the functionality of my CD player?

  49. A lot of virtual ink. Still a crucial dilemma in our present society regarding copyrights. Democracy has now invaded the corporations as they live in a feudal system. Our ability to propagate information and de-engineer the propaganda is powerful. Artists rely on distribution networks. These networks are now shifting away for the old paternal record comany which owns everything, to a fragmented array of pollenizers. In the end, how do we make sure we reward the creators? By revealing the truth. This initial article, although very damaging to the overall industry, is a necessary medication to a pervasive cancerous attitude. As usual, we should expect major lawsuits with the slap on the wrist results. Hackers go to jail, corporations dissolve!
    Have a great musical day, humming is free, infectious and impenetrable.

  50. I bought the new Santana CD, inserted it into my Windows 2000 CD drive (with autorun enabled, I’m sorry to say), and declined the EULA. How do I get rid of the Sunncomm MediaMax stuff that was installed without my knowledge or permission from my machine? I’ve been able to find quite a bit on Sony’s XCP rootkit mess but no one seems to be addressing how to get rid of the Sunncomm detritus. Mr. Halderman addresses how to disable the MediaMax driver in his 10/2003 paper but I really want to get this stuff off my machine safely. Is my only option to reformat my harddrive and start over? Any guidance would be greatly appreciated.

  51. John Altermoede – The information you’ve provided about SunnComm is very useful; however the fact that the information appears hear and in every other public forum that discusses SunnComm discredits you and the our-street.com website that you stand for. You are against brokerage houses hyping news and misleading investors yet you purposefully hype bad news about SunnComm at every chance you get.

  52. Dirk Wessels says

    I just found something else in my “common files” directory.
    Full path=
    “C:Program FilesCommon FilesSony SharedStopMusicServer”
    It’s called “StopMusicServer.exe”..
    No idea where it comes from.. but it says “Sony” doesn’t it?
    At least now I think I know why my DVD player does not work anymore on normal CD’s..

  53. Would the SunComm astroturfers who are hiding behind aliases please unmask themselves?

  54. Cor-pirations can and will do any thing they want!! and the cor-pirates control many puppet goverments. and rootkiting your computers and spyware install are perfectly ok to moraless pricks!!


  55. Why is Alex limited to MediaMax and now XCP, why not see what MacroVision is doing?

    Time is not unlimited. We spend time on what we have the time for. Examining these two pieces of software just means that this is what he’s had the time/energy/inclination for. If you’re so hot to have Macromedia examined, then feel free to do it yourself (or pay good money for his time).

  56. If you refuse the EULA, the software (That you paid for is installed — whether you want it or not.

    You now have the software installed, unbound by any EULA.

    Knock yourself out!

    Even if the software wasn’t installed, you’ve still purchased it. You don’t need to accept the EULA to pay the cachier for the CD.

  57. In reply to Mr. Latner’s post(s)… I have no real problems with the music companies protecting their intellectual property (sp?). What I DO have problems with is someone installing software on my system WITHOUT MY APPROVAL! I got into this because my Granddaughter asked me to see why she couldn’t play a CD she’d purchased. When I looked @ the cd I discoverd it had the CD3 version of SunnComm’s DRM. It installs the driver that “scrambles” the audio tracks WHETHER you Accept OR Reject the EULA (and, by the way, there’s not an easy method to reject the EULA… there’s not a button that says “no thanks, I don’t want to do this!”… if you do NOT accept the EULA, then the ONLY way to “reject” it is to “X” out of the EULA window… Sorry, but VERY POOR User Interface Design!). She had NOT accepted the EULA (I tought her well! ;->) and was unable to get the CD to play at all… She tried the “hold down the shift key” but had already inserted the CD BEFORE trying this option… that’s when she discoverd the sound was “scrambled”.

    While I don’t personally LIKE DRM (I read every CD cover BEFORE I purchase and if it mentions DRM, directly or indirectly, then I just don’t purchase it…) I don’t have an issue with a company utilizing GOOD DRM (good is defined as something that DOES NOT Affect anything BUT the playing/ripping/etc of the SPECIFIC CD in question, and does NOT INSTALL a driver or ANY software if the user declines the EULA). For years I used Sony ATRACS systems (MD Drives, ATRACS CD burners, etc) but finally decided that I just didn’t want to deal with the DRM involved in the system(s)… I DO NOT “share” or “give away” ANY IP that I’ve purchased (or have a license for) UNLESS the license EXPLICTLY allows for this. The ONLY way I will do so, is by transferring ALL legal copies that I have (i.e. I have a CD that I no longer wish to listen to, I delete the MP3’s that I’ve generated, and remove any copies of the CD I may have made [legally] and then transfer the original CD to the new owner).

    Now, back to the original issue… the issue IS the fact that the SunnComm DRM package installs a piece of software WITHOUT THE EXPLICIT APPROVAL of the End-User and does NOT UN-INSTALL the software if the End-User declines the EULA. THAT, in my opinion, makes the SunnComm DRM (CD3 or otherwise) MALWARE… It may or may not make it “Spyware”, but it DEFINATELY makes it MALWARE. I do NOT allow software that I’ve not approved of to be installed on my system(s)… the SunnComm system does NOT give me that ability…

    You can rest assured that I will not be purchasing any Sony Hardware or Software in the near future.. and I’ve been a Long-Time Sony customer (bought my first Sony Rell-to-Reel Tape Deck in 1965 and have owned multiple pieces of Sony equipment ever since….)

  58. Oh dear.

    Jason’s rant clearly shows that he has been affected by the exposure of SunnComm at this site.

    Now, I’m sure that MacroVision is selling snakeoil and all that, but what one can clearly see from this discussion is that SunnComm is actually not just selling snakeoil, but they are also lying to the stock market in order to illegally inflate their stock price.

    I have yet to see anything like that from MacroVision.

    And why shouldn’t Alex focus on SunnComm, since this is after all what people are interested in hearing about today. It is indeed incredible that Sony is getting away with secretly installing the SunnComm malware on customers’ computers.

  59. Jason Is An Idiot says

    Looks like Jason was caught with his pants down, and will now have to sell his stock.


  60. Silly insults just show that you are being personally offended by the statment, attcking me personally is futile & irelevant.

    My point was if Alex is truly a researcher why is he limited to MediaMax? Why hasn’t he reviewed CDS-300? I never hear him even mention MacroVision.

    As for SunnComm I could care less what type of company or people they are, my point was simply asking if Alex was bias or not. When I crack game protection I don’t avoid SafeDisc or CDcops or Hexalock, I play with them all. Why is Alex limited to MediaMax and now XCP, why not see what MacroVision is doing?

  61. John Altermoede says

    “What about MacroVision’s CDS-300? Why not tear that apart? What’s with the obession with SunnComm? Maybe it’s because “Thomas Wertheimer” a board member of MacroVision is a princeton guy!? Could that be it?”

    Is that guy a moron or what. Macrovision I think has about 500+ people working for them. Chances are good that every company in the US with 500+ people have at least 1 “Princeton guy”. So does that mean every Princeton student shies away from criticizing any product from all these companies. That is one of the most infantile arguments I have ever heard.

    Why don’t the SunnComm people address the issues Alex has raised. If he is wrong, show where he is wrong. If not, shut up and accept it. But all they can do is try to attack his integrity. That speaks volumes for what type of company SunnComm is.

  62. What I find disturbing is this.

    You have the likes of First4Internet, SunnComm and Macrovision peddling snake oil, that won’t stop anyone who knows which end of a soldering iron gets hot from exercising their “fair dealing” rights over a CD they rightfully own; but which potentially will cause civil trespass to chattels, criminal misuse of a computer and criminal damage. {Of course, if you run a proper operating system and not Microsoft Windows, you’re immune. Unfortunately, there are many people out there who do not realise that there exist superior alternatives to Windows. To these people I can only say: Get informed! You are being shafted while you sleep!}

    Now, these companies probably aren’t giving their snake oil away gratis. I think it’s reasonable to suppose that they will be demanding some sort of royalties for the use of their obnoxious and unwanted invention — probably a fixed amount of money per disc sold.

    So the record companies are paying for this flawed technology, and we the customers have to foot the bill for something that does not work. Some portion of the price you pay for a CD is being peed up the wall.

    Something else to think about: Walkman cassettes cost about three times more to manufacture than CDs while giving a poorer quality sound reproduction. So, how come the record companies sell them cheaper than CDs?

    We are obviously being ripped off somewhere ….. If the record companies are making a profit selling cassettes {to which DRM is utterly inapplicable ….. it’s an analogue medium with barely enough bandwidth for audio, never mind any metadata}, they could make a profit selling CDs for what they sell cassettes for.

    The record companies complain that it is too easy to copy their products. Well, have you ever walked into a newsagent’s shop recently? Chances are that, right next to the stacks of magazines, newspapers and books is ….. a photocopier! And the printing industry don’t use any special technology to prevent photocopying {although they could: blue ink. Really! The right shade of blue shows up white. Try it if you don’t believe me}. Still, there’s a very compelling reason why most people pay for the “real” daily newspaper, Sudoku puzzle special, Woman’s Monthly or the latest Harry Potter novel rather than photocopying it right there in the store.

    My proposal to the record companies is this. Ditch the DRM snake oil, which annoys paying customers whilst doing nothing to combat “piracy”. Stop selling Walkman cassettes altogether {what excuse have you for still selling these awful things anyway? Hasn’t everyone a CD player nowadays?}, and cut the price of CDs. In fact, cut the price of CDs really drastically, say to £5 a time — below the point where people have to think twice about whether or not they really want to buy it. CD sales will increase more than enough to offset the reduced returns on each unit sold, and CD “piracy” will cease to be economically viable.

  63. Alex is just upset that he didn’t discover the Rootkit technology like Mark has. Looks like you will remain the “Shift” key guy and not the “Rootkit” one.

    What about MacroVision’s CDS-300? Why not tear that apart? What’s with the obession with SunnComm? Maybe it’s because “Thomas Wertheimer” a board member of MacroVision is a princeton guy!? Could that be it?

  64. It´s maybe a little bit off topic; we shoot use this rootkits to our advantage > defeat them with there own weapons.
    I guess with i.e. daemon – tools hidden with a rootkit: none of the current ” do not run this game if virtual drive is installed” could be circumvented.

    Ethan aka batzabaer

    PS maybe someone could pass this do the right groups

  65. The best thing we can do is stop buying originals. You will be punished when you buy an original. We are living in a wrong world.

  66. John Hainsworth says

    A legal side note for researchers: if Sony installs a bunch of files on your computer even if you DECLINE to agree to the EULA, then I think you could make a legal case that you DO have the right to disassemble and reverse engineer those files. You may even have the right to redistribute them!

  67. Great Article! Really shows how big the rabbit hole goes. More of a hussle to buy a cd nowadays,

  68. Good post. I remember hearing about this before, mainly the advice to hold the shift key to prevent audio CDs from installing stuff, but this certainly foreshadows what happened with the XCP rootkit fiasco. Now the question is will MediaMax get the same negative reaction?

  69. J.B. Nicholson-Owens says

    I’m shocked, *shocked*, that a proprietary software program would do something other than what the user wanted.

  70. Well that would explain why my system goes into crash mode when I try to copy a DVD produced by Sony, although when I borrow from the library I am actually paying a fee for the rights to make a copy for home use (this money does not go to the local library but to Sony)

  71. John Altermoede says

    “I’m hearing the argument that Sunncomm clearly states, on the label affixed to the outside of the CD wrapper, that the disk does install software on any computer that it is inserted into. Can anyone confirm this?”

    Even if it does say that, that is insufficient for the purchaser to make an informed decision. If the software is installed just to play the disk, then the user would expect it to be removed once the disk is removed (unless the user agrees to it being installed permanently).

    Also, just saying it will install some software does not mean it is acceptable to install any software. Installing software that then spies on your CD usage and reports back to the vendor is out of bounds.

  72. From the poorly designed SunComm site:

    “When you have happy artists, happy labels, and happy consumers, you have MediaMax!”

    However, the reality seems to be: “Where you once had happy consumers, now you have MediaMax!”

    Henry Latner complains of SunComm shareholders being hurt, but I’d rather that than many more customers being hurt.

  73. the above given link for all the german readers was wrong. it should be http://poerner.wordpress.com/2005/11/

  74. Whoops! Sorry, too quick on the draw there! It’s the root kit that’s being targeted.

  75. Henry Latner said: ” Mediamax is also certified by Microsoft and their anti-spyware application also does not target Mediamax as spyware.”

    It does now: http://news.bbc.co.uk/1/hi/technology/4434852.stm

  76. I’m hearing the argument that Sunncomm clearly states, on the label affixed to the outside of the CD wrapper, that the disk does install software on any computer that it is inserted into. Can anyone confirm this?


  77. Some Disassembly Required says

    Anything that installs despite rejection of the license agreement is fair game for disassembly and analysis. There never was an agreement not to disassemble the code. The installer offered a contract, which the user rejected.

    The installer calimed to have delivered nothing, and therefore nothing of value. Anything later discovered on the user’s hard drive ought to be considered ‘found property’ or a free gift. There was no agreement not to analyze, modify and re-release it.

    Any party that suspects the author of this kit has used their work without authorization should pick through their code and bring them to court for violating copyright.

  78. imagine every fuckin’ company installs it’s own root kit or spyware or whatever on your sys. i wonder who long it takes until the system gets unusable.

    and i underline what GODSON says

  79. I want to know if these root kits have been installed by other manufacturers and software sellers.

    It is my understanding that Sony didn’t develop this thing by itself. It hired an outside company to create this malware / spyware. Who else was hired by this consulting / software company to do the same thing with other products?

    These consultants should also be sued.

  80. If the licence/license agreement precludes disassembly then the obvious answer is, don’t agree! If the s/w is installed anyway then it must be yours to do with as you like, governed merely by local laws and not any voluntary agreement. Go to!



  82. hey latner, go bitch somewhere else.
    i want to thank J. Alex Halderman for this excellent article. keep up the great work!

  83. Henry Latner, what rubblish man.
    everybody hates DRM, get a clue before you post such crap.
    and stop trying to divert the attention from the REAL isse, DRM crap, to somewhere else, because its NOT going to work.

    and lastly dude, i hope the stocks never rise again. ever.

  84. mr. henry latner, with due respect, please stop being so selfish and look at this rationally for one second, will you?

    when mr Halderman is enlightening us , telling us how to protect our own pc’s so they dont crash because of this drm bullshit, which Sony should have done so in the first placve….when he is doing good out here on the internet, for the benefit of us consumers,you have the nerve to call his enlightening post as ‘attacks’ ? shame on you.

  85. Cornelius J Rat says

    Henry Latner said:
    > Your (sic) now saying that Mediamax is spyware. I believe that your
    > investigation must be flawed at best. None of the anti-spyware
    > has targeted Mediamax as spyware. Mediamax is also certified
    > by Microsoft and their anti-spyware application also does not
    > target Mediamax as spyware.
    > You seem to be the only one that’s calling it spyware. Why is that?
    I would guess he’s calling it spyware because it contacts a Suncomm server with details of what you’re doing. That sounds like a reasonable definition of spyware to me. As to why no-one else is calling it spyware – well, I suspect that like Symantec with the XCP rootkit, they had not had it pointed out to them. Now we know, I’m sure someone will let them know.

  86. This is an interesting comment from Kevin McAleavey of BOClean.


    There are actually several different SONY rootkits, all ya need to do is look over the list of covered nasties:


    But yes, if you insert an infected CD, it goes byebye.

    And the rootkit actually installs BEFORE you click on the agreement. While AUTORUN.EXE is showing you the agreement, GO.EXE is busy installing the rootkit long before you even start reading.

  87. John Altermoede says

    The SunnComm paranoia is just unbelievable.

    Apparently the reason Alex is supposed to be acting as an agent for Macrovision is – wait for it – because one of MVSN’s directors is an alumni of princeton.

    Can you imagine it. Halderman, a Princeton student, is going to all this effort to discredit SunnComm, because one of Macrovision’s directors is an alumni of Princeton.

    What’s more, they claim that Alex has never analyzed Macrovision’s copy protection. Yet the document that Alex first produced on MediaMax CD3:

    “Analysis of the MediaMax CD3 Copy-Prevention System”


    clearly references and links to another document of his

    “To understand why, we can compare MediaMax to prior anti-copy systems like the ones I studied in my earlier report, “Evaluating New Copy-Prevention Techniques for Audio CDs” [9]. ”

    This referenced document analyzes SunnComm’s earlier copy protection, Sony’s Key2Audio and Midbar’s Cactus Data Shield. But Macrovision bought Midbar a few years ago, and their technology is that Cactus Data Shield CDS – so that puts paid to the conspiracy theory.


  88. John Altermoede says

    What a strange and very uninformed post by Henry Latner.

    To blame Alex for the drastic drop in SunnComm’s share price is just unbelievable.

    Has he forgotton that SunnComm is where it is today because of SunnComm management.

    Has he forgotton that the current CEO issued this press release in 2000 –

    “SunnComm signs $20M deal with Taiwanese CD producer”


    The $20M deal was a fabrication. There is no company called Will-Shown Technology.

    Has he forgotton that in 2001, SunnComm anounced this deal with Dstage

    “SunnComm Receives $4 Million for Digital Content Security License”


    But the reality was that they did not receive $4M from Dstage. Just 2 million restricted shares in the penny stock, later revised down to 500K shares, that trade today at $0.07 cents each.

    Has he forgotton that SunnComm made this announcement in 2002, but never paid the dividends to its shareholders (and didn’t ever announce that they were not going to pay the dividends)

    “SunnComm plans stock dividend”


    Has he forgotton that later in 2002, SunnComm announced this dividend in Fan Energy shares to be paid to SunnComm stock holders, but they too were never paid (and they didn’t announce they were not going to pay them)

    “SunnComm Shareholders to Receive Property Dividend”


    Has he forgotton that SunnComm announced in 2004 that it would pay 96M shares in Quiet Tiger to SunnComm shareholders and then suspended the dividends after just 24M shares were distributed.

    “SunnComm Receives Notice that its 96,290,414 QuietTiger Common Shares have been Registered”


    This is the reason they gave for suspending further distributions.

    “1 for 1 – a shareholder friendly deal for our long term shareholders, I understand that you believe you deserve the dividend too however the 1 for 1 fair valuation is a better deal than the former remaining dividend distributions could have possibly been. We replaced your bread with CAKE and in order to bake your cake we need to spend the bread. If you are unaware of how WELL you have been taken care of here, please call me and I will discuss it with you. Managements position is that the former dividend will either be retired into the treasury or used to pay off debt.”


    Has he forgotton that SunnComm made this announcement also in 2004

    “SunnComm Forms 11 Global Subsidiaries; Shareholders to Receive Share Dividend”


    A year later we find out that these global subsidiaries are just a set of $2 companies set up in the US and (most) later allowed to disolve. Do I need to mention that no dividends have been paid either?

    Has he forgotton that SunnComm announced this acquisition of DarkNoise Technology through its partner Quiet Tiger –

    “QuietTiger Announces Acquisition of DarkNoise Technologies Limited”


    DarkNoise was just bogus software, unheard of by any label, even though DarkNoise claimed all the labels were testing it. What’s more, in that PR they stated: “Additionally, DarkNoise will continue to operate out of their West London office acting as QuietTiger’s European sales and R&D satellite branch.”

    But research done by UK online site “The Register” discovered that DarkNoise was not located at the London address claimed, but just a small village in Yorkshire.

    “In a statement announcing the buy, SunnComm presented Dark Noise as a proven player in the DRM market that was currently awaiting the approval of two patents for the analog hole technology. The Register, however, searched UK government filings and found that Dark Noise is a very small firm that has moved from office to office and is currently headquartered in Whitby, Yorkshire well outside of the London address claimed in the press release. We also searched three different patent databases in the Europe and the US and could fine no record of an application or approved patent for Dark Noise.”


    And what about all the shenanigans with MediaMax Technology Corporation, fka Quiet Tiger Inc, fka Fan Energy.

    Even though Quiet Tiger (a failed energy company when known as Fan Energy, later to become a floppy disk manufacturer – producing no floppy disks) was located in the same building as SunnComm and shared the same CFO, it was presented as the following when SunnComm signed a marketing agreement with it in early 2004.

    “Quiet Tiger, Inc., a fully reporting public company that currently trades on the OTC Bulletin Board under the symbol “QTIG”, is an international sales and marketing group representing the implementation and delivery of digital content security products for the music and entertainment industry. Our team of sales and marketing professionals, with over 50 years of experience in the music, movie and entertainment industry, has established relationships around the world that will enable the penetration of our product lines into each targeted market segment.”


    Why did SunnComm try to make it look like Quiet Tiger was some independent organization when it was just a corporate shell located in the same offices as SunnComm? Yet at the time it had no staff (except for SunnComm’s CFO who acted as part time CFO). SunnComm’s Bill Whitmore moved over to become CEO there when that agreement came into effect and a few weeks later they made their first hire.

    After “moving” marketing across to Quiet Tiger (an empty shell), what happens? Quiet Tiger changes its name to MediaMax Technology Corporation and then announces its intent to merge with SunnComm.

    “MediaMax Technology Corporation Signs Letter of Intent to Merge with SunnComm International, Inc.”


    So what was all that about – move marketing to an empty shell and then merging it back in again.

    The rational is exposed on this article on P2PNET

    “SunnComm to MediaMax Technology Corporation: A rose by any other name?”


    And after announcing its intent to merge, nearly 8 months later it still hasn’t files the S-4. Two companies in the same building, sharing staff, in the same industry, tied together by the one product and they are having difficulty merging. Could that be due to the auditors not signing off on the audits, something that was to be done 2 or 3 months ago? What might they have found? Lots I would imagine.

    Then there is all the bogus products they have announced that no one in the industry have heard of (even months after the announcement). Here are just a few:



    The reason why the share price is where it is today is not because of Halderman, but because of the actions of SunnComm management.

    But also don’t forget the fundamentals…..

    What revenue has their marketing arm, MediaMax Technology Corporation, brought in selling MediaMax. Look at their SEC filings:

    To June 30th 2005, just $99.5K. For all of 2004, Just $106K.

  89. I remember the first time I tried to copy a SunnComm CD.
    I messed around for a couple of hours, trying everything I could think of, and I wound up with several garbled copies of the disc.
    I finally gave up trying to defeat the software, deciding to just do a quick Google search the next day (as I did not have internet access in my house at the time).
    Still, I was determined to have something to listen to in the car the next day…
    SO, I pulled out my SONY portable CD player and an inexpensive audio patch cable *.
    I plugged from the Line Out on the CD player to the Line In on my computer. I had a program at the time which I set to record from the Line In. This program also had a few other features [automatically splitting tracks when there is silence, and setting a maximum recording length], but you can get all the basic Line In recording features you need using a free program called ‘Audacity’.
    Since I had set a maximum record time, and since the CD player turns off automatically when the disc is done, I left it going and went to bed. The next morning, I burned the files onto a CD.
    When I compared my digital-to-analog-to-digital copy of the CD to the original, I was really surprised that I hadn’t lost as much quality as I had expected to.
    Later that day, I got online, read about the ‘problem’ with the disc, and I did a system restore [which removed the symptoms of the disease] and disabled AutoRun.
    No problems since.

    *(6-Ft. Shielded Cable, 1/8″ Stereo Plug to 1/8″ Stereo Plug; Radio Shack part number: 42-2387; $4.99)


  90. Henry Latner says

    Sorry about the double posting. I didn’t think it took the first time.

    Henry Latner

  91. Henry Latner says

    Dear Mr. Halderman,

    I am a long shareholder in both Sunncomm and Mediamax Technologies.

    I really have to question you as to your motivation for these attacks on our DRM product. To put it bluntly, your reports have cost me alot of money. They have hurt the stocks to the point that they are unable to recover despite the fact that Mediamax is now the most successfull, problem free, and accepted DRM method available today.

    Mediamax is so well regarded that Kevin Clement is leaving his comfortable position as the Senior Director, New Technology, for BMG Music, to take a position as CEO of Mediamax technologies. This guy is one of the worlds formost experts on audio DRM and it’s usage by record companies and he’s jumping in the Mediamax boat. That tells me that he sees the future being very bright for Mediamax.

    Your now saying that Mediamax is spyware. I believe that your investigation must be flawed at best. None of the anti-spyware has targeted Mediamax as spyware. Mediamax is also certified by Microsoft and their anti-spyware application also does not target Mediamax as spyware. You seem to be the only one that’s calling it spyware. Why is that?

    Back to questioning your motivation to attack Mediamax and Sunncomm. It has now being disclosed on the company chat board that you might be acting as an agent for Macrovision, Sunncomm’s only real competitor, { http://www.investorshub.com/boards/read_msg.asp?message_id=8483292 }. Can you please address your seeming obsession Mediamax and the absence of commentary on Macrovision DRM methods.

    Henry Latner

  92. Got this from Amerie’s Touch, I think. That record was incorrectly listed as having the rootkit software; it’s got this one instead.

  93. Henry Latner says

    Mr. Halderman,

    There are things I’d like your comment on:

    1: Mediamax Technologies recently announced that Kevin Clement will be leaving his post as Senior Director, New Technology, for BMG Music, to take a position at MMXT as CEO. Wouldn’t it seem that since the the main person in the US, who knows all there is to know about the technology and it’s use by the record companies, is jumping ship to ride with Mediamax, that it’s a proven and successfull DRM method?

    2: I’m a long shareholder of both Sunncomm and Mediamax and I really have to wonder what your real agenda is with your attacks on Mediamax. Your first paper on the shift key only restated a fact that was already well known by everybody involved. In doing that though you hurt every shareholder of the companies because of the way it was released to the public and used by bashers. The stock still hasn’t recovered from your attack even though it is the most successfull, problem free, and widely accepted DRM in the business today. Now it’s being reported that you maybe some kind of agent for Macrovision, { http://www.investorshub.com/boards/read_msg.asp?message_id=8483292 } , at the company chat board. I would like to know what is your prime motivation for the regular negative reports on Mediamax?

    3: In this report, your claim is that Mediamax contains spyware. Wouldn’t the anti-spyware companies have it targeted if it was? Mediamax is Microsoft certified and they also are not targeting it as spyware. Many of the industry experts on the company chat board { http://www.investorshub.com/boards/read_msg.asp?message_id=8483292 } also say that it contains no spyware. Are you certain that your testing was accurate because it seems that nobody else but you is getting these results.

    Henry Latner

  94. Mike wrote:

    “Question, does any of this apply to Macintosh computers what so ever?”

    Yes and No, apparently…

    Not the Windows tech stuff, but according to the Macintouch site the DRM package provided by Sunncomm for Sony CD’s also comes with Macintosh malware, but that stuff has to ask for admin privileges first

    So apparently the crap can’t autoinstall like the Windows malware in the same Sunncomm DRM package.

    *If* given permission then it messes with the Mac kernel extensions.

  95. Question, does any of this apply to Macintosh computers what so ever?

  96. Well, Anonymous, I expect that our conversation will be pointless, and that I should probably just stop now. Nevertheless …

    While I do own a legal copy of MS Office, and legal copies of some MS operating systems, I do not use them, as I prefer to use software that potentially allows me to improve upon it (ie. open source software). As I said, I am not a pirate.

    I understand your point — if it is OK for me to copy music, then do I also copy software? As you also know, the two things are different. For one thing, there has been no comparable court decisions — such as, IIANM, the one allowing you to copy a CD to tape to listen to in your automobile — allowing you to make copies of your software.

    So, no, it is not my right to make copies of proprietary software.

    Having said all that (and not being a lawyer), I have no qualms making a backup of my original Office CD, or running Office under WINE from Linux, or running old games I own under an emulator (like Dosbox) — these are things that were not forseen by the original authors, but they make it so that their product continues to be useful to me.

    I do understand that I have no right to give anyone else a copy of software (or music, or other works), without either giving them all my other copies or destroying all my other copies, unless of course the license permits me to.


  97. Adam Mastromarino says

    To me it is very simple, the day of the record label is slowly coming to an end, the day is coming where bands and artists will no longer need these middlemen to get their songs sold. Bands can release their music for sale directly from their own webpages without DRM. Of course copying will still cause loss of sales but the band will surly still make more money than currently due to the extorsionate ammounts of cash record label already keep for themselves.


  98. brian:

    This might not be clear from my post, but only newer “MM5” versions of MediaMax install software into the SunnComm Shared folder. Older “CD3” versions just install the sbcphid driver (before the EULA, as described above). It was probably one of these discs that placed the file on your system.

  99. I found the sbcphid process in the run state on my system, but none of the suncom shared folders/files. The sbcphid file I found in my drivers folder has a creation/modified date of 8/23/01 11:00 AM.

  100. There is a specific case where Mac OS X will automatically run software on a CD. If Classic is running (Mac OS X’s Mac OS 9 compatibility environment) and Quicktime is configured to auto launch a start-up program on a CD (this is the default configuration) then the CDs startup program will run.

  101. Armagon, How many copies of your OS do you make as your right (as a Canadian) and how many copies of Microsoft word, excel or Symantec’s software do you have or any other software for that matter? Is that your right as well?

  102. Anonymous said,
    > How do you get a job at just sitting in front of a computer and looking for ways to beat the artists out of their just due.

    That’s easy. You find a record company to hire you.

    Like a restaurant inspector — who verifies that the contents from a reputable source will not make humans sick, Alex Halderman is verifying that the contents from a reputable company will not make your computer sick.

    I am not a pirate. It is my right (as a Canadian) to make a copy of all my CDs, and I have them all of my computer where they are so much more useful to me. I would like to applaud Alex for his efforts in keeping us safe from corporate malware.

    Now, going slightly off topic, companies like Sunncomm should not need to exist, and nor should we need defenders against them. In this age of moral relativism, where people do not discriminate between right and right, and it is so easy to “game the system” instead of acting honourably and uprightly, what Sony is doing further erodes the trust that should be between buyer and vendor, and exacerbates the problem. As I said, I am not a pirate, but if I can’t be treated with respect, then why should I return it? [And I think it would be so bittersweet if Sony could be tried against the DMCA for bypassing technological protection measures on a personal computer system!]


  103. FuckyouTroll says

    “Seem as though anyone seeking free music or the ability to steal content should continue to follow Halderman. How do you get a job at just sitting in front of a computer and looking for ways to beat the artists out of their
    just due.

    I wonder how halderman would make it in the real world. He is protectd under the veil of science because this is new to most. He is saying exactly
    what aboput Sunncomm? Should it exist or not? Is itdoing anything illegal?”

    Fuck you, troll.

  104. Where, in all of this analyzing, of technologies, is there some reference to macrovisions technology? Interestingly I’ve seen none as of yet. Why is that?

  105. Seem as though anyone seeking free music or the ability to steal content should continue to follow Halderman. How do you get a job at just sitting in front of a computer and looking for ways to beat the artists out of their
    just due.

    I wonder how halderman would make it in the real world. He is protectd under the veil of science because this is new to most. He is saying exactly
    what aboput Sunncomm? Should it exist or not? Is itdoing anything illegal?

  106. It seems that Sony’s XCP-uninstaller is the “same quality” as the rest of the products; from Muzzy: Uninstaller

    he uninstaller requires you to install an ActiveX control to your system before you can even request for an uninstall url. Turns out, the uninstaller activex marks itself safe for scripting, and has plenty of interesting methods available for everyone to use. Although I have not analyzed them in depth, I have tested one of them to confirm it really does what I think it does. It’s called “RebootMachine”. If you have installed Sony’s ActiveX control, follow the link to invoke the RebootMachine method….

  107. John Altermoede says

    After reading your article I started doing some checking on SunnComm. I was startled to find out that not only is their software dispicable, but the company itself is dispicable.

    Some of the things I found out…..

    They issued a press release on a $20M deal. The customer is ficticious and the deal was just a fabrication.

    The issued a press release to say they had a $4M cash deal. This turned out to be a stock only deal in a worthless penny stock.

    On 3 separate occassions they issued press releases on issuing shares that they owned in other companies as dividends to SunnComm shareholders. For two of the announcements, they never followed through. For the third, they only issued 25% of what they promised and then stopped issuing more.

    The company that does their marketing, MediaMax Technology, is just a sham. The announcement on the agreement to make MediaMax Technology their marketing arm made it look like MediaMax Technology was some international company in the entertainment field. It turns out that MediaMax Technology was just a shell company with no employees and the only purpose of the marketing deal was to strip SunnComm shareholders of a large portion of their ownership in SunnComm’s copy protection products and give it to the chronies behind both SunnComm and MediaMax Technology. In fact MediaMax Technology (called Quiet Tiger when the deal was first made) was located in the same building as SunnComm, shared the same staff and fax number. SunnComm are now making a big deal about merging with MediaMax Technology (which just returns everything to the status quo, but with SunnComm shareholders owning a lot less of the technology that what they began with).

    Just check out these links….



  108. I was actually listening to “Z” on iTunes when I found this article on boingboing, and almost had a heart attack. But, as with Alex D., I don’t have autoplay enabled, and I ripped the CD to iTunes with no problems, no software installation, and also ported it to my nanopod without any issues.

    F#$k I hate Sony.

    Never again will I buy anything from them.

  109. Joe:

    That’s an excellent question. I haven’t been able to tell whether the disc ID is unique per title or per copy because I only have one sample of each CD. The ID highlighted in the post is from a copy of Babyface’s “Grown & Sexy.” Can anyone with that album report whether they observe the same ID?

  110. Alex D:

    What you’re seeing is correct. SunnComm’s protection works entirely through software. If autorun is turned off, or if you hold the shift key (which temporarily suspends autorun) every time you insert the disc, then MediaMax won’t be able to install. You’ll then be able to use the disc like a normal, unprotected CD.

    In contrast, the XCP system includes a second layer of protection that works even if no special software gets installed. That’s why programs like iTunes and Windows Media Player still have trouble ripping XCP discs even when autorun is turned off. (Though this second layer doesn’t involve installing software, it seems to only work on Windows systems, so iTunes can rip XCP CDs just fine on Macs.)

  111. I’ve been reading about the DRM software included with the ablum Z by My Morning Jacket on several blogs and websites. My computer didn’t autoplay the CD and I successfully ripped it to MP3s with iTunes. I was never confronted with an EULA, and I can’t find any of the traces of the software described here on my computer. Does this sound right? To get around it just don’t autoplay the CD?

  112. I wouldn’t expect any less from Sony.

  113. Well, since it gets installed even if you don’t accept the license agreement, you can go ahead and reverse engineer it!

  114. “Does MediaMax also create security problems as serious as the Sony rootkit’s? Finding out for sure may be difficult, since the license agreement specifically prohibits disassembling the software.”

    Well, if you insert the CD, (have the files copied), then deny the licence agreement, you are well within your rights to dissassemble the product that has already been installed to the computer, right? 😉

  115. this was a big deal in the summer when DMB put the virus on my computer.

    DMB sent out thousands of copies of Stand Up pre-orders and not one customer knew ahead of time that this horrible crap was going to infect their computers.

  116. It’s worth noting that installing software on a PC in the UK without consent (which, if the CD doesn’t have any explicit warning on the cover will be the case) breaks UK law (the Computer Misuse Act – http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_2.htm). The good news is that they can be extradited for this (that means we can drag them over here and try them).

  117. Any indication if the 32-character number is release-specific or specific to each CD? best, Joe

  118. What the hell?!?^!#%

    Why are the execs at sony who authorized the use of this software, and the employees of suncom and xcp being arrested, and dragged away in HANDCUFFS??

    They CONSPIRED to damage MILLIONS of personal computers, by defrauding thier customers.

    If these criminals are not sent to jail, we need to go after them with pitchforks and shotguns.

  119. I’d consider getting in touch with whoever is managing the Sony case in California – this sounds like good evidence.

  120. A few months ago I communicated with Sunncomm, the company that developed this software for Sony, about their program. I specifically wanted to find out how to remove it from my computer. In the end I learned that in order to partially remove it I would need ActiveX and Internet Explorer since their uninstall utility is web based. It’s interesting to note that ActiveX was NOT listed in the minimum system requirements on the back of the CD I purchased. Additionally, as you described, this does not fully remove the software from your computer. On my web site I describe that the only way to fully remove Sony’s DRM software is to format your hard drive.

  121. “Does MediaMax also create security problems as serious as the Sony rootkit’s? Finding out for sure may be difficult, since the license agreement specifically prohibits disassembling the software.”

    1. Seeing as the software is installed first, you can simply decline the EULA and then reverse-engineer the software.

    2. What the EULA says is generally irrelevant anyway. There is no basis in law for EULAs.


  122. Very interesting… certainly puts me off buying CDs.

    One thing though, even if the licence prohibits decompilation does the fact that the software will install when you disagree mean you can decline the licence but still have access to the software? No legal agreement has been entered in to if you decline…

  123. Removing the Sony DRM rootkit

    Detailed information from BleepingComputer.com  on how to remove the Sony DRM rootkit.
    At the same time, Ed Felten of Freedon to Tinker  reminds us that Sony uses SunnComm DRM technology as well as XCP.

    It’s MY PC!
    Second variant…