Sony is suing the software developer that allegedly caused the DRM rootkit fiasco of last year. It follows the news earlier this year that Sony BMG agreed to pay compensation to users who experienced problems with their PCs after installing software designed to enforce Digital Rights Management (DRM) to prevent illegal copying of music.

The software limited the kind of devices the music could be played on, how many times the music could be played and how many times it could be copied. But the software also opened up user's PCs to malicious attacks by third parties and proved very difficult to uninstall.

Sony BMG has filed a suit in New York state against the group behind the XCP copy-protection tech claiming negligence and a breach of its licensing agreement. The papers seek damages of $12 million.

The software developer is now owned by The Amergence Group. It has released a statement saying it will fight the 'unwarranted' allegations.

However, Sony BMG could find the case an uphill struggle. McAfee malware expert Allysa Myers says that Sony BMG may be "stretching things a bit". In a post on McAfee's Avert Labs blog , she asks: "What exactly were they negligent of? Did they fail to keep abreast of the fine line between being malware and merely annoying?

DRM software

"DRM software effectively exists to limit people's access to or use of files on the CD or computer. It seems that they succeeded admirably in that regard.

"I guess the moral of the story is that more companies than just those directly related to software should be paying attention to the definitions of 'Potentially Unwanted Technologies'."

We reported in January that Sony BMG had agreed to pay $150 (£77) for every PC infected in 2005 with its rootkit software. The agreement came following a US Federal Trade Commission (FTC) ruling that Sony had acted improperly and illegally by surreptitiously adding the rootkit to music CDs it sold in the US last year.

At the time, FTC Chairman Deborah Platt Majoras said: "Installations of secret software that create security risks are intrusive and unlawful. Consumers' computers belong to them, and companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content."