CD installs virus/spyware


Here’s a different spin on the “DRM” story: The Register discusses a very different approach taken in the new Beastie Boys CD (as compared to the Velvet Revolver DRM). When the disc is inserted into a PC, the disc, “To The 5 Boroughs” surreptitiously installs a virus to prevent ripping the disc to MP3s.

This is an unauthorized hack — an “executable file is automatically and silently installed on the user’s machine when the CD is loaded,” According to a recent thread at BugTraq.

No permissions, no disclosures, no authorization. It meets all the definitions of a virus.

The virus file is said to be a “driver that prevents users from ripping the CD (and perhaps others), and attacks both Windows boxen and Macs.” Note that under fair use doctrine, a legal purchaser of a CD has every right to back up the disc or convert it to MP3s for their own personal use on an portable player or PC.

A least the Velvet Revolver CD (discussed here) asks permission before installing such DRM measures. Apparently, the new CD from the Beastie Boys doesn’t bother with such niceties.

The great irony is that the Beastie Boys became so successful by very creatively sampling the works of other artists. Observers have noted that their 1980’s albums (including their masterwork, “Paul’s Boutique”) couldn’t even get made to day, due to all the newer copyright restrictions.

Of all people, for these guys to have drunk the DRM Kool-aid is the ultimate irony — and sell out. No wonder their fans have been so angry.

Here is the Register’s CD virus protection advice:

Autorun can be defeated quite easily — to disable autorun in Windows, hold down the Shift key when loading a CD (each time the CD is played). You can also disable the autorun “feature” on your Windows machine permanently so that this and other CDs infected with viruses won’t affect you in the future.

To do this:

go to the Start menu ==> Run, and type in the command regedit . Your registry editor will launch. Navigate to the following key, and edit as shown:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDRom and set Autorun DWORD=0

It might be necessary to create the value, thus: Data Type: DWORD Value Name: Autorun Value: 0

As usual, you must reboot your Windows box for the changes to take effect.

Ahhh, but what if you have already been infected with the CD virus? The above procedure “assumes that you haven’t previously installed a suspected Capitol Records virus, or a similar one from another fine entertainment conglomerate.”

If you have, you will need to find and uninstall the malware first. The autorun.inf file on the CD will likely indicate the name of the relevant file(s), the locations where they’re installed, and any registry changes made.

Armed with that information, go to the Windows ‘uninstall’ utility:

Start menu ==> Settings ==> Control Panel ==> Add or Remove Programs ==> Change/Remove.

Look for any program files referenced in the autorun.inf file and uninstall them. If no related programs are listed, you will need to launch the Windows Search Companion and search for any files named in the autorun.inf file and delete them manually. Be sure to activate the options in the “more advanced features” dialog allowing you to search the entire disk (search system folders, search hidden folders, and search subfolders).

Too much work to listen to a CD. My advice — return the damned thing as defective . . .

Beastie Boys CD installs virus
By Thomas C Greene
Published Wednesday 23rd June 2004 11:18 GMT

Print Friendly, PDF & Email

What's been said:

Discussions found on the web:
  1. C. Maoxian commented on Jun 25

    I recently encountered this with a Kurt Elling CD I attempted to play on my computer. It’s only playable on a PC if you use Midbar’s player which comes on the CD (and asks you if you want to install it, see screenshot). It’s neither “spyware” nor a “virus;” I’d call it effective copy-protection.

  2. M. Andrews commented on Jun 25

    If you read this, you might hae noted the part where it described how this acts just like a virus. “No permissions, no disclosures, no authorization. It meets all the definitions of a virus.” So I would say it is very much like a virus. effective copy-protection should not do anything to change my computer system without asking for my permission to make the changes first.

  3. C. Maoxian commented on Jun 25

    I noted it, but I doubt very much that’s the way it works. The Midpar player that I recently encountered on a CD prompted me to its installation (note screenshot).

    “No permissions, no disclosures, no authorization” is hardly a complete or accurate definition of a virus. Calling the copy-protection a virus or spyware is just sloppy because it’s neither.

  4. FreeMusic commented on Jun 25

    Isn’t there enough of these garbage spyware/malware programs out there for the need to put more in products that are legally purchased? How exactly do install that Midpar software on your Ipod? If this is where we are headed then I want everything word that comes out of my mouth to be copyrighted and sue anyone who repeats anything I say!

  5. Chibi commented on Jun 25

    It sounds like what you are seeing on the Kurt Elling CD is different from what’s on the Beastie Boys CD. Personally, I don’t want any software installed on my machine without is asking me to do so, first. It’s the record company saying “Truuuuuuuust me.” Sorry, no thanks. And if I can’t buy a CD and be able to put it into my mp3 player, forget it. I think I’m done buying CDs from the big labels.

  6. Nawtykitty commented on Jun 25

    See! That is what everyone gets for listening to the trash that all of these big labels put out. There is nothig finer than the great music that the independent, small labels put out. Real talent. Not that MTV corporate trash that is sponsered in part by another corporate conglomerate.

  7. jspenguin commented on Jun 25

    Just one more reason why autorun is a Bad Thing, and one more reason I use GNU/Linux.

  8. Just Say No commented on Jun 26

    According to the Beastie Boys’ site:


    1. There is NO copy controlled software on US or UK releases of Beastie Boys’ “To the 5 Boroughs.”

    2. The disk *IS* copy controlled in Europe – which is standard policy for all Capitol/EMI titles (and a policy used by ALL major labels in Europe).

    3. The copy protection system used for all EMI/Capitol releases including “To the 5 Boroughs” is Macrovision’s CDS-200, which sets up an audio player into the users RAM (not hard drive) to playback the RED book audio on the disk. It does absolutely NOT install any kind of spyware, shareware, silverware, or ladies wear onto the users system.

    You can find more information on the technology used here:

    This is what EMI has to say about it:
    Reports that “spyware” is being included on the Beastie Boy’s CD, ‘To The Five Boroughs’ are absolutely untrue.

    While the Beastie Boys CD does use copy control in some territories, there is no copy control on the Beasties Boys discs in the US or the UK. Where copy protection is used, it is Macrovision’s CDS-200 technology; the same technology being used for the past several months around the world for all of EMI’s releases in those territories. This Macrovision technology does NOT install spyware or vaporware of any kind on a users PC. In fact, CDS-200 does not install software applications of ANY KIND on a user’s PC. All the copy protection in CDS-200 is hardware based, meaning that it is dependent on the physical properties and the format of the CD. None of the copy protection in CDS-200 requires software applications to be loaded onto a computer.

    The technology does activate a proprietary Macrovision player in order to play the CD on a PC, and that player converts WMA compressed files to audio on the fly. It also temporarily installs a graphic “skin” for the player. Nothing is permanently installed on a hard drive. These details can be verified in the ‘install.log’ file in the computer’s root directory.


  9. AJ commented on Jun 29

    This story will just run & run & run…

    I bought the cd at my local Virgin store in Scotland yesterday and I’m finding it difficult who to believe.

    Apparantly there’s no DRM on the UK or US versions of the cd – this may or may not be true depending on where Virgin UK source their stock from. The CD i bought certainly has something on it which prevents it either from playing or being recognised as a disk by my laptop – full stop. The disk isn’t defective as it works in a standard DVD/CD player athough my other pc(windows) can see the disk contents but can’t play it either.

    Others have alluded to an unistaller buried on the cd to remove the DRM from windows – not on my disk?
    They have also stated checking add/remove programs and cross referencing these with the contents of the autorun.inf file on the disk. The contents of autorun is just to load beastie.exe – a Macromedia director file which is for the video extra on the cd – the rumour mill has it not all cds ship with this video – maybe this is where the DRM lies…

    Take it back to the shop – I would but the receipt’s in bin.

  10. Pete Moss commented on Sep 7

    I’ve just had the same problem with the new Kasabian album. I insterted the disk and all of a sudden it reported that software had been updated and my machine rebooted. I lost a load of work in the process.

    This system is from

    This music industry is so dumb. On one hand we have the rise of the iPod and MP3 players being the most saught after fashion accesories with everything to mobile phones and Hi-Fi stereos playing MP3s, Windows asking you if you want to copy your music to your hard drive every time you insert a CD etc. on the other hand you have these morons in the record industry trying to stop the single biggest revelotion in music delivery since the radio in increasingly childish and invasive methods.

  11. chris townley commented on Dec 11

    I have found a way to beat this bmg system found on the kasabian cd(to name but one)which will enable you to download the tracks to your hard drive. Get on the Net and load up win media player put a music cd in and let it load then take it out and put in the kasabian cd. As it autoboots the bmg software click close and win media player should load the music up enabling you to copy it. Simple! It worked for me anyway.

  12. Bug One commented on Dec 30

    I’ve found this on the Il Divo CD.

    Win Media player 9 copied it as above, however it copied the music with Copy Protection turned on, so if I move it to another device, or try to convert it to mp3, then it throws up an error.

    If I try and copy using Freerip, then all the tracks come up as data instead of audio tracks.

  13. The Dude commented on Oct 14

    To Rip Album To MP3 Use Nero.

    You can view audio & data tracks seperately.

    1. Select the audio tracks
    2. Select Recorder/Save Track

    The Dude

  14. jason commented on Nov 25

    Its damn wrong what these record companys are doing, would anyone put up with a situation where you put petrol in your car, it installs a camera and monitors your travels, and you can only use that fule to drive in that state you purchased it in, No, so why do record companies think they have any right to control how a disk is played. you buy a license to listen to tracks recorded on the media. I dont see any license rules on the back of CD’s saying that I am not allowed to play the CD in certain devices. and as far as CD ripping, and MP3’s, I never heard of anyone being charged for recording off the radio, or singing someones song when they are walking down the street. IMO counterfiting the only eligal use of any intelectual property.

Posted Under