Don't Use Sony DRM Uninstall Kit

By Jon Newton 11/16/05

Don’t use Sony BMG’s deb-based CD DRM uninstaller, warn Princeton's Alex Halderman and professor Ed Felten.

Sony BMG’s First 4 Internet XCP uninstallation utility "exposes users to serious security risk," they say on Felton's Freedom to Tinker blog.

"Under at least some circumstances, running Sony’s Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit.

Jon Newton

"We are working furiously to nail down the details and will report our results here as soon as we can.

"In the meantime, we recommend strongly against downloading or running Sony’s Web-based XCP uninstaller.

"Kudos to Muzzy for first suggesting that such a hole might exist.

"UPDATE: If you’re technically sophisticated, and you have run the XCP uninstaller on your computer, you may be able to help us in our investigations. It won’t take long. Please contact Alex to volunteer. Thanks."

Bill and the Boyz have already decided to include the Sony BMG rootkit DRM on the December Microsoft Malicious Software Removal Tool update for detection and removal.


Jon Newton is the editor of and is a regular contributer to MP3 Newswire. Jon's site is devoted to the politics of digital music and his insights as well as those of his co-writers can be read there. We urge you to explore it.

Other MP3 stories:
Can iTunes Resurrect Old Time TV?
Notes on the iPod Video and selling TV Shows on iTunes

The 30GB iPod Video is available on Amazon


Back to