This page only discusses the XCP copy protection software. I've been told that the Suncomm copy protection software is also bad, but that is covered elsewhere.
Here is a list of the Sony and EMI CD that contain the XCP software. If you have played one of these CD on your PC then you are infected. http://cp.sonybmg.com/xcp/english/titles.html
Aurora also sells a version of the XCP software to prevent DVD copying. There is at least one report that the DVD version of XCP disables both CD and DVD writing on computers that play the DVD. The Madagascar DVD is reputed to do this.
The "XCP" copy protection on certain Sony music CD installs rootkit software to hide the copy protection software from the computer owner.
This problem only affects Microsoft Windows computers. Apple Mac users are safe from this particular flaw.
That Sony rootkit is now being used by virus authors to hide their viruses from antivirus software. There is a background article on it at http://www.theregister.co.uk/2005/11/01/sony_rootkit_drm/
Un-installing the XCP software by simply deleting the files will cause your CD drive to stop working. There is a very technical explanation at http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
Sony provides an un-install utility. However, the un-install has a bug in it (as of 17 November 2005) that causes it to install another security flaw (in ActiveX) that has already been exploited by malicious hackers. See info at http://www.theregister.co.uk/2005/11/17/sony_drm_uninstaller_peril/
Information on XCP hiding viruses is at http://news.yahoo.com/s/nm/20051110/wr_nm/sony_hack_dc
Symantec now provides a free XCP removal tool at http://securityresponse.symantec.com/avcenter/venc/data/securityrisk.aries.html but I haven't tried it to see if it works.
There are complicated manual removal procedures at http://club.cdfreaks.com/showthread.php?t=151461 and http://www.boycott-riaa.com/article/18565 but I haven't tried removing XCP and I don't know if they will work. You may need the Rootkit Revealer software from the nice people at Sysinternals just to find the files so you can delete them. http://www.sysinternals.com/utilities/rootkitrevealer.html
There are instructions for patching the security hole that the Sony un-installer creates at http://www.f-secure.com/weblog/archives/archive-112005.html#00000709 and http://www.freedom-to-tinker.com/?p=927
If you are infected then you can visit the website
http://www.sonysuit.com/
or else go to Google.com
and search for the words
xcp class action lawsuit
You can avoid being infected by not buying music CD from Sony and EMI. To be doubly sure, don't buy anything else from Sony either. Sony got into the music business by purchasing CBS Records, which is infamous for creating the evil CBS Copycode copy protection system. So the next copy protection scheme from Sony will be even worse.
Note: Information on this page was last updated on 2 December 2005.