SONY BMG can take two lessons from its recent wayward attempt to fend off digital piracy: One, in a world of technology-astute bloggers, it's not easy to get away with secretly infecting your customers' computers with potentially malicious code. And two, as many a politician has learned, explaining your own screw-up badly is often worse than the screw-up itself.

Or as Wired News put it, "The Cover-Up Is the Crime."

It all started on Halloween, when Mark Russinovich, a computer security researcher, discovered that the antipiracy software that a Sony BMG CD had installed on his machine was based on a "rootkit." Rootkits are often used by malicious hackers to disguise spyware, malware and other nasty stuff. Removing one can do damage, even destroying an operating system. Mr. Russinovich posted his tale on his blog, sysinternals.com/blog, and the pile-on commenced.

Sony BMG responded by offering a piece of software it said would remove the rootkit, but at the same time said the rootkit was "not malicious and does not compromise security." Thomas Hesse, president of Sony BMG's Global Digital Business, went on National Public Radio to say that "most people, I think, don't even know what a rootkit is, so why should they care about it?"

Cory Doctorow on boingboing.net wrote: "What petulant jerks. Look, Sony, you got caught sleazing your customers' computers. Telling us that it wasn't so bad is just infuriating and insulting. An apology would have been better received."