You've probably heard by now that in early November, PC internals expert and senior contributing editor for "Windows IT Pro" Mark Russinovich bought a copy-protected music CD from Sony. The CD wouldn't let him play the music on it without first installing a special player, so he installed the player.

Fortunately for all of us, he happened to install it on a workstation that he uses while writing his useful utilities, most of which he gives away at his site. One of those free programs is called RootkitRevealer, a program that detects malware that hides itself from the OS by "stealthing" its presence on a computer. Mark was surprised to find RootkitRevealer report what looked like a rootkit on his computer. A bit of sleuthing showed that there was indeed a piece of software trying to keep its existence secret--the Sony music player software. Worse yet, subsequent testing showed that this cloaked application gets on the Internet when you play the CD and contacts a Web site, essentially phoning home to Sony that your particular CD is being played. (Every copy of "Get Right With The Man," the CD in question, has its own ID burned into it.) No, there doesn't seem to be a way for Sony to connect each CD's fingerprint with its owner; nevertheless, I'd hate for John Cleese or Mike Judge to know how often I watch "Monty Python and the Holy Grail" or "Office Space." Mark broke the news about the malware, and Sony is in damage-control mode. But not, as I write this, in "I'm sorry, we were wrong, we'll never do it again" mode. I can't say that I'm surprised by Sony's action, but it saddens me for several reasons.

As I've said before in this column, I believe that it's not unreasonable for someone who's giving us something for free to ask something in return, as in the case of the people who want to put you on their mailing list in return for your being able to download some free doodad off the Internet. It's reasonable so long as they make very clear what data they're collecting. But I think Sony went over the line. First, this isn't a free product. It's a $19 music CD, the same list price as the new--but unprotected--Madonna CD, so imposing a cost on the listener's privacy seems inappropriate. Second, is the root kit aspect. Where did Sony get the idea that sneaking a piece of spyware on its customers' systems--and stealthing it--is acceptable?

What saddens me most is that, as regular readers know, I'm strongly--rabidly, you might say--in favor of finding and punishing people who steal copyrighted materials. It troubles me greatly that we've raised a generation of Americans who see stealing someone else's intellectual property as "illegal" in the same way that going 56mph in a 55mph zone is illegal--unlawful on the books but not in reality. But I know that merely passing laws and making arrests won't do the job of protecting intellectual property rights, although that helps. No, the job won't get done until people feel viscerally that stealing intellectual property isn't okay. (Let me, however, forestall the mountain of email that will claim that the evil recording industry is getting filthy rich off poor starving artists by observing that, according to the recording industry, the music business is about a $30 billion annual business. That isn't much, as worldwide businesses go--honest.) And although a lot of piracy still occurs, I see more and more people coming around to the point of view that heck, if Apple Computer's going to sell a tune for 49 cents, then perhaps paying for music isn't so unreasonable.

But now Sony has given copyright thieves an answer to my entreaties: "Hey, Sony doesn't follow the rules, why should we?" It's not a supportable argument. As far as I know, "He did it first!" isn't a valid principle of jurisprudence after kindergarten.

So Sony, the next time you complain about losing money to music piracy, try blaming the guy in the mirror. A huge corporation that sells me a CD, then thanks me for my support of its intellectual property rights by sneaking a piece of stealthed spyware onto my computer has behaved in a monumentally cowardly and dishonorable manner. I would guess that Sony is as decentralized as most big firms so I think it ill-considered to start saying the word "boycott," but I do hope a few Sony execs find themselves thinking another word these days: "Seppuku."