Controversy over Sony's Rootkit software has been rife across the internet over the last week or so. Mark Russinovich, a Sysinternals employee, recently discovered that some of his music CDs had been installing Rootkit software on his PC when played through the CD-ROM. Further research showed those CDs came from none other than Sony BMG, Sony's music publishing sector.
The software is DRM (Digital Rights Management) software, and was installed under the guise of protecting Sony content. The implications however are far more serious. With no options to uninstall the software, and no notification to even indicate its presence, if and when a problem does occur most people will have no idea what to do. There have also been rumors floating around the internet of a Trojan that has sprung up since the revelation, that uses Sony's software to hack into people's systems.
Sony has since admitted it was installing the software without consumer's consent and released a patch to fix the problem. Today they announced they were discontinuing Rootkit installation on Sony BMG CDs for the moment.
The scary part about all this is the broader ramifications; how many other companies are engaging in similar covert DRM operations?