Digital Rights Management as a RootKit?

I was reading Mark Russinovich's column on the SysInternals blog at http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

Let me start by saying that in this case Sony's DRM definitely crossed the line, by modifying the system to hide itself from the users. They need to be stomped upon. End of story.

But it got me to thinking about a basic premise of Rootkits, or more precisely about the premise of detecting Rootkits.

First a little background. For those or you who are security neophytes a Rootkit is (To use Mark's own words)"

"Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden."

So what this basically (or maybe not so basic) means is that Rootkits utilize capabilities which exist on a system to modify the system to subvert the normal capabilities of the system in order to hide stuff (files, executables, back doors, etc) that the installer of the RootKit doesn't want people to find and/or remove.

The assumption behind RootKit detection software such as chkrootkit, or RootKitRevealer is that even though the capabilities utilized by the RootKit could be utilized by legitimate applications, that there is no legitimate reason why legitimate applications would want to or need to utilize these capabilities.

Forgetting about the ethics of DRM utilizing these capabilities, it does shake this premise. DRM is a legitimate application, and it is utilizing capabilities that were considered to have no legitimate use. Does this mean that applications should avoid utilizing these capabilities, or does the security world have to reconsider whether those capabilities have a legitimate use?

For reference, F-Secure has waded into this debate and decided that Sony's DRM stuff this is malware.
http://www.f-secure.com/v-descs/xcp_drm.shtml

Myself, I have to agree!

Rick