The U.S. Department of Homeland Security has warned software distributors they may be submitted to regulation if they continue selling products using rootkit-like technologies. At the RSA Conference 2006 in San Jose, California, Department of Homeland Security official Jonathan Frenkel warned that if software distributors continue to distribute rootkit-like software designed to circumvent or defeat computer security measures, legislation or regulation may be necessary to control their practices.

Frankel was discussing the 2005 incident where XCP copy protection software embedded on selected Sony BMG music titles was found to compromise the security of Windows computers, and was later exploited by Windows malware. Sony was forced to withdraw its products and is currently working to settle private, state, and class action lawsuits.

"We need to think about how that situation could have been avoided in the first place," said Frenkel. "Legislation or regulation may not be appropriate in all cases, but it may be warranted in some circumstances." DHS officials had reportedly met with Sony after news of rootkit broke to express strong concerns over the product, but no formal action was taken.