April 23, 2024

Immunize Yourself Against Sony's Dangerous Uninstaller

Jeff Dwoskin and Alex Halderman have developed a simple tool that can immunize a Windows system against the dangerous CodeSupport ActiveX control that we have written about over the past few days. The immunization tool should disable CodeSupport if it is already on your system, and it should prevent any future reinstallation or reactivation of CodeSupport.

You can test whether the vulnerable CodeSupport component is installed on your system using our CodeSupport detector web page. If you are infected, we strongly recommend that you run our immunization tool. Even if you are not infected, you can apply our patch to prevent the flawed control from being installed in the future.

To install the tool, download this file to a temporary location, then double click on the file’s icon in Windows. (Windows may ask you to confirm that you wish to add the information in the file to the system registry–choose “Yes.”) After the tool has been applied, you may delete the file. The tool will take effect as soon as you close and restart Internet Explorer.

The tool works by putting an entry into the Windows registry that tells Internet Explorer not to activate any ActiveX control that uses the unique identifier (or “classid”) associated with CodeSupport. This registry area is described in a Microsoft KnowledgeBase article.

Sony has modified their uninstaller sequence so that users who want to start the uninstallation process will not download CodeSupport. That’s good. But unfortunately the CodeSupport component is still up on the company’s web site, so users who were already partway through the uninstall process might still download CodeSupport. That’s not good; but it’s easy to fix. Let’s hope Sony fixes it.

Meanwhile, the company is reportedly working to develop a safe uninstaller. We’ll let you know when they release an uninstaller, and we’ll tell you what we think of it.


  1. […] Meanwhile, researchers at Princeton have come up with a toolkit of their own that explains how to miitgate the security vulnerabilities left behind by Sony’s “uninstaller” program (which some critics have said compounds the problem by posing serious security risks). via: Boing Boing more from CBC Indepth: Sony and the rootkit related murmurs: More than half a million computers infected in Sony CD fiasco: researcher, Sony recalling controversial CDs murmur categories: home, products, technology tags: consumers, consumer news, consumerism, Sony, rootkit, DRM, copyright posted by Tessa | 9:37 AM (ET) | Permalink […]

  2. multinational companies! not your corner grocer,hardware, ordeli. each nickel to them is millions of $$$$$$$$$$ easy to see the best bulbs are g. e.

  3. Brian Clark says

    Is there a similar approach that could be use to block the installation of the original rootkit/DRM software?

  4. Hi there,

    I’ve been in touch with the National High Tech Drime Unit in the UK and they have told me that they will not take any action against Sony or First4Internet. It will require someone who has been affected by the problem to make a complaint to their local police station and to ask for the Computer Crime Unit and report in full what has happened.

    There is no question that a crime has been committed but it seems that there will need to be more complaints made before a criminal investigation is launched in the UK.

    Would you advise anyone in the UK that is reading this and is affected to make it known to their local police station and ask that an investigation be started. The more complaints, the better!

    Below is the full transcript of the emails i sent and the responses i got.

    *****Email Chain – Read From The Bottom Up*****

    Dear Mr McGregor

    The NHTCU will not be taking this matter on as an investigation.
    You should contact your local police headquarters and ask for the Computer Crime Unit. The Computer Crime Unit will advise you accordingly.

    Desk Officer (KL)

    National Hi-Tech Crime Unit
    PO Box 10101
    E14 9NF
    0870 241 0549

    NHTCU are a proud sponsor of Get Safe Online (GSO).
    GSO provides expert advice for everyone on Internet security.
    Please go to http://www.getsafeonline.org

    —–Original Message—–
    From: McGregor, Robert
    Sent: 17 November 2005 16:24
    To: ‘Desk Officer’
    Subject: RE: NHTCU Website Contact Enquiry

    Many thanks for your swift reply,

    Can I just confirm the situation as I understand it with you?

    I am not talking about a civil matter here and so, although they are a step in the right direction, the civil actions are less important than the fact that they have breached criminal law. Is this under investigation as a potential case by the NHTCU?

    Also, there is a British company in the frame (First4Internet) as the developer of the tool and such development is similarly covered as there is intent to break the Computer Misuse Act.

    Does that make any difference in how I should report this or not?

    Many thanks again for your help and advice.


    Robert McGregor

    —–Original Message—–
    From: Desk Officer [mailto:]
    Sent: 17 November 2005 14:53
    To: Robert McGregor
    Subject: RE: NHTCU Website Contact Enquiry

    Dear Mr McGregor

    Thank you for contacting the NHTCU regarding the XCP issue.

    I think you will find that this issue has been discussed at length in a number of jurisdictions and Sony are the subject of a number of law suits.



    The XCP on the the CDs has been stopped and the CDs are subject to recall.

    Should you wish to discuss the matter you should contact your local police headquarters and ask for the Computer Crime Unit. I feel sure that they will listen to your complaint and advise you on the prospect of prosecuting the parties concerned.

    Desk Officer (KL)
    National Hi-Tech Crime Unit
    PO Box 10101
    E14 9NF
    0870 241 0549

    NHTCU are a proud sponsor of Get Safe Online (GSO).
    GSO provides expert advice for everyone on Internet security.
    Please go to http://www.getsafeonline.org

    —–Original Message—–
    From: Robert McGregor
    Sent: 17 November 2005 12:50
    To: Desk Officer
    Subject: NHTCU Website Contact Enquiry

    FNAME: Robert
    LNAME: McGregor
    EMAIL: robert@
    TEXT: Hello,

    I am trying to find out who I can speak to so that I can discuss the breaking of the law by the Sony Corporation and First4Internet with regards to their XCP copy protection software.

    Sony have used this software on many of their titles in the US but many of these CDs have made their way to the UK and install software onto any computer they are placed in. This is performed in a way that is in contravention of The Computer Misuse Act 1990 Section 18.


    3.-(1) A person is guilty of an offence if-

    (a) he does any act which causes an unauthorised modification of the contents of any computer; and

    (b) at the time when he does the act he has the requisite intent and the requisite knowledge.

    (2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing-

    (a) to impair the operation of any computer;

    (b) to prevent or hinder access to any program or data held in any computer; or

    (c) to impair the operation of any such program or the reliability of any such data.

    (3) The intent need not be directed at-

    (a) any particular computer;

    (b) any particular program or data or a program or data of any particular kind; or

    (c) any particular modification or a modification of any particular kind.

    (4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised.

    The specific software produced by First4Internet breaches this law but it also the case that a second method of copy protection called “SunnComm MediaMax” also behaves in a way that is in contravention of the Act.

    The first piece of software, XCP, also leaves a computer in a state that is open to attack from Hackers and makes the computer unsecure in ways that could lead to the copying, loss or corruption of data from any PC.

    Can you inform me who might be responsible for investigating this and deciding if charges can be levied against either company.

    To clarify, i was warned not to use these CDs so have not personally been affected as far as i am aware.

    First4Interent is a UK based company.

    Yours sincerely,

    Robert McGregor

  5. Lewis Baumstark says

    With everything else you guys have to do — meetings to keep the grad students happy, teaching and grading to the keep the other students happy, publishing to keep the department chairs happy, etc — I certainly appreciate Ed and Alex and Jeff and everyone taking the time to investigate this and develop fixes.