Sony : Digital Rights Management

In October 2005, it was revealed by Mark Russinovich of Sysinternals that Sony BMG Music Entertainment's music CDs had installed a rootkit on the user's computer as a DRM measure (called Extended Copy Protection by its creator, British company First 4 Internet), which was difficult to detect or remove. This constitutes a crime in many countries, and poses a major security risk to affected users. The uninstaller Sony initially provided removed the rootkit, but in turn installed a dial-home program that posed an even greater security risk. Sony eventually provided an actual uninstaller that removed all of Sony's DRM program from the user's computer. Sony BMG is facing several class action lawsuits regarding this matter. On January 31, 2007, the U. S. Federal Trade Commission issued a news release announcing that Sony BMG agreed to settle Federal Trade Commission charges that Sony BMG committed several offenses against United States federal law. This settlement requires that Sony BMG allow consumers to exchange the CDs through June 31, 2007, and to reimburse consumers for up to $150 for the repair of damage to their computers that they may have incurred while removing the software.

In 2006 Sony started using ARccOS Protection on some of their film DVDs, which caused compatibility problems with some DVD players—including models manufactured by Sony. After complaints, Sony was forced to issue a recall.

In August 2007, security firm F-Secure reported that the MicroVault USB thumb drive installs a rootkit in a hidden directory without consent on user computers. The directory is intended to protect fingerprint data, however it can be used for malicious means as most virus scanners will not search for the directory or its contents. Sony advised it was conducting an investigation on the third-party product, and would offer a fix by mid-September.