This is the best article I have been able to find that describes the world of hurt Sony is about to be in...
So Sony BMG has been getting a lot of flack lately for, well, for a bunch of things. First it installed Trojan horse software on users' computers, then claimed it wasn't a problem, then released a "removal" tool that was actually spyware….It's enough to make you turn to pirated music.
In an NPR interview, Thomas Hesse, president of Sony BMG's global digital business said, "Most people I think don't even know what a rootkit is, so why should they care about it?"
Besides installing a player for the CD and copy-protection software, Sony also hid other code that contacted the company every time a user played a song.
Get this: In order to get the patch, you have to provide your name, e-mail address, and other personal information to Sony. When you finally download the thing, it does the patch thing, and then it installs all sorts of new stuff that Sony doesn't tell you about. And it continues to send your listening habits to Sony and its partners, but now it has a bunch of your personal information too.
The patch itself, it turns out, opens another big security hole....if you go to a bad guy's site after installing the Sony patch, a hidden program on that site could look for CodeSupport, and could do all sorts of nasty things to your.
Other CDs from [Sony] are "protected" with SunnComm's MediaMax software, which installs things on your computer whether or not you accept the license agreement. It, too, sends information about your activities, this time to SunnComm.