As more music is available on the Web, much of it illegally through file-sharing networks, record companies have become more aggressive in finding technology to protect their property. Indeed, Sony BMG was unapologetic in its mission to use anti-piracy technology.
"(It) is an important tool to protect our intellectual property rights and those of our artists," the company said Friday.
In the case of the latest technology, however, the tool was misused.
"They aimed at the pirates, and in the process managed to shoot themselves in the foot," Cluley said.
F-Secure Corp. spoke with Sony in October to try to dissuade the company from using the rootkit, Travis Witteveen, vice president of the security vendor's North American operations, said. The result was a patch Sony BMG recently offered to remove the technology's cloaking ability.
"We worked together with Sony to have them change their methodology," Witteveen said.
Unlike Apple Computer Inc., which protects music downloads by only allowing them to be played in its own iTunes software, Sony is dealing with protecting music played on devices that are out of its control.
"They were trying a different way to solve the same problem (copy-protection)," Witteveen said. "But (the methodology) was not being relayed to the security industry, and they didn't understand the consequences of their action."
The anger toward Sony was probably the result of people being taken off guard by a security threat coming from a record company, a security expert said.
"People didn't really expect a large, legitimate -- not questionable -- company like Sony to use something that hid itself from the computer user," Jon Orbeton, senior security analyst for Zone Labs LLC, said. "Given the press, (record) companies will take a good look at Sony. They'll learn from this incident that if you're going to install copy-protection, than you need to do it in a way that's upfront."