Two days ago I went to a store named Best Buy and bought Angie Stone - Stone Love on CD for $14. The album has been out for several months, but when I first saw it at Virgin Records it was going for $19. Another thing that made me reluctant to buy it earlier was that it had a warning sticker on the front cover that it was a copy-protected CD. I was both curious to see how the thing would work, but also turned off to the idea of not being able to rip the CD to wav files or mp3 files. This is what the label on the front cover said:

This CD is protected against unauthorized duplication. It is designed to play on standard playback devices and an appropriately configured computer (see system requirements on back). If you have questions or concerns visit www.sunncomm.com/support/bmg
NECPSTK-COM

When I got home I put the CD in the computer and opened up the CDex program. I selected all 17 audio tracks and saved them to the hard drive as wav files. CDex also showed a track 18, which was a data track. I quickly listened to a few of the tracks on the hard drive and they didn't sound corrupted. I looked at the CD medium info in Nero and it showed it to be an Enhanced-CD with two sessions. The first contained the 17 audio tracks, and the second had data listed as track 18 which was 64 MB in size.

The reason the copy protection didn't work for me is because I have disabled Autorun in Windows (http://www.3-3-3.org/forum/showthread.php?t=564). So their software never loaded and took control of my computer. I didn't test Sunncomm's software but I think it would have to work by loading every time with Windows and spying to make sure I couldn't use a program like CDex to extract non-DRM audio files from the CD. Such a program would take up computer resources and in my opinion would act as malicious spyware. There is a detailed article on how Media Max CD3 copy protection works here (http://www.cs.princeton.edu/~jhalderm/cd3/).

I was thinking of how some unfortunate people who are not as computer literate as I am may have installed the malicious Sunncomm spyware and were therefore unable to get the full usage of their CDs. And I thought about how this copy protected CD was hurting customers and fans who had actually bought the CD. It's certainly a bad business strategy because they are punishing the wrong people. They should be grateful for the sale of their product, and make it worthwhile for their customers. Putting copy protection on a CD reduces its quality and turns people off from the prospect of buying CDs. I saved my receipt in case I were to have problems, but it was so easy for me to get around the copy protection that I felt the CD really wasn't copy protected, and that they were just trying to scare people with the warning label.

I'll tell you what I would have done if the CD were really copy protected and I couldn't extract free digital files from it. I would have either downloaded the whole album off of a p2p network, or if I couldn't find one from a filesharing network I would have made my own by hooking up the CD player with audio cables and recording into my computer sound card as one large wav file, and then manually breaking it into pieces and converting them to mp3 files. For me as a music fan, it would be a labor of love, like the monks who once copied Bibles by hand. I would return the CD to the store I bought it from and I would share the entire album on a filesharing network.

In the letters section of 2600 magazine (Fall 2004 volume 21 number 3), there was a person who wrote to them on the subject of filesharing. And the response of the magazine staff, which I paraphrase, was that if the record companies have a problem with people uploading and downloading digital files then the solution is very simple for them: all they have to do is restrict their releases to non-digital formats. The record companies should only sell vinyl records or tapes if they are worried about digital piracy.

I refuse to buy CDs and DVDs as a matter of principle. the whole point is to bankrupt the evil RIAA and MPAA. if there is content that I feel I MUST have, i download it illegally. Remember, this is a JIHAD!

This thread turned out to be prophetic, in light of the recent news about Sony BMG's DRM CDs. The problem first came to light on Sony BMG's Black Monday October 31st, when Mark Russinovich of Sysinternals disclosed in his blog posting here (http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html) about the existence of a rootkit in the DRM CDs, that would cause security vulnerabilities and problems for a computer. More problems related to other types of DRM CDs were subsequently found in other labels, and the patch released by Sony BMG and Sunncomm just yesterday turned out to continue leaving a computer vulnerable, as reported today here (http://www.freedom-to-tinker.com/?p=942).

Fortunately the issue received great publicity and much scrutiny of the security vulnerabilities, and a backlash which included lawsuits by some State Attorney Generals and other parties, including a lawsuit by the EFF. I was so impressed with how the EFF handled this issue that I decided to donate to them, and ended up signing up as an EFF Pioneer, which means donating $10 a month. They have a whole section on their website here (http://www.eff.org/IP/DRM/Sony-BMG/mediamaxfaq.php) that provides a lot of information on the topic of the Sony BMG DRM CDs. I checked the list (http://www.sunncomm.com/support/faq/releases.asp) provided by Sony and found that my CD by Angie Stone was on it.

In light of the malicious software that was on my Angie Stone CD, I have a duty to rip all the files on the dangerous CD to a safer mp3 format and share them on a filesharing network. Because of this issue and others, the argument of the record companies against filesharing has been destroyed, as pointed out in this Slyck thread here (http://www.slyck.com/forums/viewtopic.php?t=16430).

I was surprised at first by the level of maliciousness that was found in the Sony BMG CDs. But there should have been no surprise at this behavior by Sony BMG in light of their past corruption on other issues, such as the payola settlement with New York state (http://www.oag.state.ny.us/press/2005/jul/jul25a_05.html) and their lawsuits against thousands of filesharers. We should expect the worst from the record companies and realize that they have no credibility or moral authority on any issue.

i'd go here and downlod the freebie >rootkit revealer (http://www.sysinternals.com/)

i found one that wasn't cd related, it had been there for months

I often use another free software made by Sysinternals called TCPView (http://www.sysinternals.com/utilities/tcpview.html). I ran the RootkitRevealer (http://www.sysinternals.com/Utilities/rootkitrevealer.html) program with its default settings and it didn't find anything. I wonder what it is that you had on your computer slx, and where it came from. According to my understanding, rootkits are not that common on a computer. Maybe what you had would have also been picked up by an antivirus scan and an adware/spyware scan.

http://www.jimcromwell.com/landfill/sonybmgwee.jpg

This picture I found online says it all.