Started: 22 November 2005, 11:50 UTC
Finished: 26 September 2006, 13:47 UTC

Sony BMG - malware feature comparison

Keywords: DRM, with Italian translation, with 日本語 translation

This chart is based on various press and blog reports. The and marks where features apply ( for a negative feature, for a positive one).

I also note where a feature may have been inadvertent (that is, a bug rather than a feature), since some press reports and industry comments concentrate on inadvertence as an excuse. As can be seen from the chart, most of the features do not fall into this category.

I hope I got everything right - please let me know if you notice any errors or omissions...

malware name XCP MediaMax
manufacturer First4Internet SunnComm
distributed by Sony BMG
CDs titles 52 267
units sold ~2 million ~20 million
affects MS Windows
Mac -
(note: Linux is not affected by either piece of malware)
rootkit cloaks files belonging to the malware -
inadvertently(?) cloaks other files (including worms and cheats) -
uses misleading filenames and other descriptions -
DRM consumes resources (disk space, memory, CPU) even while CD is not playing
interferes with normal operation of the CD drive
can reduce stability and reliability of the whole computer
prevents fair use
ineffectual against pirates
piracy itself infringes copyright ?
includes DRM-circumvention code ?
spyware "phones home" with Internet (IP) address
"phones home" with CD identifier
Sony, the manufacturer and/or the EULA denied the "phone home" behaviour
nominally intended to download artwork, lyrics advertising
EULA unconscionable terms
inadvertently(?) installs the malware even if user clicks "no" -
difficult to obtain
Sony required personal details
inadvertently(?) grossly insecure
either didn't notice or ignored the malware for many months
ignored the malware for many days after it's been reported
still do not remove the malware very limited
recall Sony BMG has recalled the CDs and is offering replacement CDs and MP3 files -
the CDs are still on shop shelves N/A
litigation Texas
EFF class action (California)
NY class action -
Italy -
Californian class action -
District of Columbia suit
Oklahoma class action

(previous entries: mistakes vs intentions, the recall, I heart rootkit, who do they serve and who can we trust?, bloggers vs Sony, EULA, my Sony link collection and DRM of adhesion)
(later entries: on the copyright infringement, extinguishing fair use, boycott Sony this Christmas and Sony BMG malware summary)

Sony BMG - mistakes and intentions
Summer-friendly, vegetarian/vegan turkey option

日本語 translation
Italian translation