When computer programmer Mark Russinovich bought a CD from Amazon.com, he didn't expect it to be terribly important.

He played the CD on his Windows computer and forgot about it.

Some days later, during a routine security check on his machine, he found something odd: a bunch of files he identified as a "rootkit".

Unscrupulous people who make malware - software that does only nasty, unwanted things to your computer - use rootkits to hide all traces of their activity.

Usually it's dodgy web sites, or possibly email viruses, that might contain and infect your machine with a rootkit.

But Mark Russinovich is an experienced and worldly-wise computer user. He was certain he'd not been the victim of some simple email virus. So he started to investigate.

Using a series of specialist diagnostic tools that only an advanced Windows programmer would know, he was able to skirt round the rootkit's cloaking system, which it used to hide itself. And buried deep within the rootkit's code was a reference to a company called "First 4 Internet".

A few quick Google searches later, and Mark had found the source of the rootkit. It was the music he'd bought from Amazon, a CD on Sony's record label. Unaware that it contained Digital Rights Management (DRM) software designed to prevent the music being illegally copied, he'd played it on his computer without realising what could happen.

Angry but determined, Mark tried to remove the offending code. There was no official uninstaller, so he did it manually.

And then things started to escalate.

It turned out that by removing the unwanted, uninvited software, he'd disabled his own computer. Not only would it no longer play the CD he'd bought, it wouldn't play any CDs at all. Only with another session of hi-tech hacking was he able to bring his computer's CD player back to life.

As is natural for many disgruntled geeks these days, Mark posted a lengthy article about the whole thing on his weblog (sysinternals.com/blog), concluding with the statement: "While I believe in the media industry's right to use copy protection mechanisms to prevent illegal copying, I don't think that we've found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far."

Now things started to go a bit crazy. Within hours, his article has become one of the most talked-about on the web. It was linked from hundreds of other sites and sparked a massive online conversation about DRM in general and Sony's use of it in particular.

In no time at all, Sony had a major public relations disaster on its hands. At first, it denied there was any problem at all. Then it admitted the use of the rootkit, and offered customers an uninstaller program to remove it. This uninstaller only left computers that ran it open to more security problems.

From the USA came grumblings of wider discontent, and then a lawsuit - a class action, on behalf of every affected American computer user.

Finally, on December 30, Sony agreed to settle the lawsuit out of court, and offered customers a chance to exchange any affected CDs for freshly-made, non-protected ones.

The whole point of DRM software is to control how music is distributed. Record companies are terrified that standard CDs are too easy to copy.

But Sony's efforts to control what their customers did with their music went into uncharted territory, and created nothing but problems for the company. If the music industry wants DRM to work, it needs to be more open about what it is doing, and end attempts to hide security measures from customers. ..SUPL: