I just had a chance to catch up with the tech news from the past week or so, and I almost couldn’t believe what I read about Sony’s trojan-horse rootkit that was shipped on over 50 CD albums. Apparently this malware searches your computer for illegally downloaded music and reports this to Sony. And not only does the actual rootkit compromise your PC, but the removal application that Sony later issued under pressure from the public leaves your PC in a highly insecure state. I suppose that’s what you get for doing the right thing and purchasing a Sony CD rather than illegally downloading it…

BoingBoing has posted two great roundups on the issue: Part 1, Part 2.

The EFF (Electronic Frontier Foundation) also stepped up and issued this Open Letter to Sony-BMG.

The sad thing is that being the huge media corporation that it is, Sony is probably going to get away with this…

Even though I only listen to MP3s at this point, I generally prefer purchasing audio CDs and ripping them to MP3 myself, as I refuse to pay a premium price (about $10 per CD on iTunes, for example) for DRM-crippled tracks when I can buy a physical CD for $13. But with practices like this, that may not be the best approach for major label CDs any more. I for one am not going to buy Sony CDs any more.

Luckily, most of the music I listen to is released by smaller independent labels. I really hope that musicians will start selling (non DRM-crippled) downloadable music on their websites, bypassing the record labels entirely. Some independent artists (such as Project Pitchfork) have already started doing this, and hopefully many others will follow.