The irony is that Sony attacked its legitimate customers and zero pirates in doing so.

Horror story to share. At the time, I was doing customer support for AVID editing systems. Some customers who wanted to import some music from commercial CD's in their projects, discovered that ALL the Media Bins were deleted, both the current versions and the backups that the software kept in another folder. We were at a real loss as to why the Bins kept disappearing, until some nerdy editor discovered the cause. Seems like they were specifically targeted by this malware. Sony was trying to establish their own professional video editing systems at the time (not Vegas, can't remember the name) From then on, my recommendation to all customers that I happened to visit was "Never use original Audio CD's. Only copies from people selling them in the street." Good Job, SONY

What I "love" about this occurrence is that had an individual done this, it'd have been called hacking and resulted in jail time. But because it was a big corporation that did it...

This, more than anything else, hastened the end of record stores. People wanted mp3's of their songs, and this made it SAFER to download the mp3's then to simply buy a CD and rip for yourself. I know, because customers specifically said this.

Sony: "We won't lose that revenue stream, no matter what." Customers: "Wrong. You will lose it, and in a humiliating fashion."

The tax on blank CD's was always hilarious to me, it basically made piracy morally justified, because you already paid tax for pirating when you purchased the CD, regardless if you did pirate anything. The recording companies got to keep their cake and eat it, stealing from users while persecuting those who pirated, despite the piracy being already financially settled.

Most people I know who used Napster did so for 2 reasons: 1: To get songs you could not buy even if you went to the music store with actual money. 2: People got tired of paying full price for an entire album just to get 1 or 2 songs from it. The good thing is that today's digital music stores have mostly resolved the 2nd problem.

The auto start function was a blight on all computers in my university. Hundred of file replacers/Trojans fought their way from every PC to any USB drive that was plugged in and then fought their way back, usually through autorun to the next PC. This made most PCs unusable for bringing your data with you as it will destroy anything on your USB drive

Microsoft should have prevented ALL Sony products from running on Windows machines as a reply to that. Once a corporation starts to install malware, EVERYTHING by them should be treated as malware.

I was affected by one of those rootkits. the results were simple: I ripped the CD using linux and never bought anything with a Sony logo on it since then and never will. And no, Sony did not learn from it, they still phone home a lot, even if the device is "off". One of the benefits of working in a network security company heading the network analytics department, was the overwhelming network sniffers all around the network, including conference rooms with sony devices in it. So no rumors, I saw the traffic.Nothing with a Sony logo should be granted to access the internet.

The irony of Sony including open source software in a way that violated the GPL while at the same time protecting its own copyrighted music. . . this is hilarious. I remember using Linux to rip CDs to get around DRM schemes, and for the most part it worked flawlessly. Sad to say, though, Sony hasn't learned anything from that. Last year it was filing DMCA requests and managed to get many videos of a certain PS4 game taken down from KZbin after leaks about the game were made public. Content creators for a while couldn't even talk about the leak without their videos getting a DMCA strike, even if their videos contained none of the "offending" content (which was still protected under fair use). . . and eventually Sony lawyers issued a DMCA strike against its own videos twice - once in May 2020 (I think) and again this past August. I haven't bought Sony products for more than a year because of its zealotry.

I rememeber when this happened. When it got exposed they denied and denied until proven and then just said "my bad". Even the "patch" to remove it from them was a security nightmare. I have never purchased anything Sony since then!

One thing that drove early 2000s music piracy was album stuffing, where a big hit was mixed with fluff to charge people album prices for a single song. The music industry even fought with apple over their sales of singular songs instead of full albums.

I was working as a design engineer at the time, and my automatic response was to design-out sony semiconductors where possible. I know others in the field who did the same thing.

In the late 90s and early 2000s I remember I purchased a large amount of music CDs over time. Eventually started purchasing digital music and that's when I decided to rip my CD collection to hard drive. Shortly after doing so my computer was Kilt and I lost the license files for the digital music I purchased as well. I'm fairly certain now that this was caused by the Sony rootkit, although this would have been before any public information was known about it. In any case, I strongly suspected there was something going on to buy music CDs because as I would rip one CD after another it would make my computer act really weird. This eventually pushed me to download the music that I already purchased since I couldn't seem to rip it properly. I could no longer trust music CDs so I stopped buying them and I couldn't Trust music I purchased online because the license files break. It wasn't until a few years ago that I actually purchased any music whatsoever and that was only because Amazon was selling drm-free music that would just work. My point is that I was the kind of customer Sony should love. I spent a lot of money on their music regularly. Regardless, their antics pushed me away from being their customer and I didn't even know that they were the ones who did it at the time. Meanwhile, the people who would actually steal their music wouldn't encounter the rootkit because it's on the CD, not a downloaded music file. And the kind of person who would be pirating has no intention of buying their CDs so the only really hurt their customers. And the piracy was it really hurting their bottom line because if they weren't going to buy it anyway it's not like they would have gotten money out of them. Some years later I had an ironic experience with a Sony dvd-rw drive. I installed a game called Spore and my computer couldn't handle the included DRM which was actually made by Sony. It crippled the functionality of the Sony DVD drive and the game that I paid for would no longer work properly. A game that I pre-ordered a year ahead of time could not be played while the Pirates got to enjoy it the day before release without any restrictions whatsoever. The Sony software only worked to hurt the paying customers and did absolutely nothing to the pirates. Once again soon taught me a valuable lesson. Don't purchase their products. Of course, I didn't learn it very well because I later purchased the Xperia Z tablet and then afterwards the Xperia Z1 tablet. I actually love that device. 7 years later and I'm still using it. However, recently it started to automatically download Sony software that Sony doesn't even support anymore which I can't uninstall. It also started to turn the audio down on my Bluetooth speaker thinking that it's a headphone. And it would turn off the Wi-Fi on its own in the middle of watching a video as part of some weird power saving thing. There is a clear pattern of Sony acting like it should have control over my device and that makes me very uncomfortable. So, it's going to make me think twice before purchasing a Sony phone or tablet again. Sony should be taking note here. The kind of people that steal from them are not customers, the statistics on piracy do not represent a realistic assessment and how much money you were actually losing, and attacking your customers is the single best way to cause a loss of Revenue. I would go so far as to say that would cost companies like Sony Revenue over the years had nothing to do with piracy and everything to do with their stance against it.

I remember this whole Rootkit debacle as I was doing server tech support for Dell back then. It all boils down to the sentiment that media/software piracy is more of a service problem than a social/moral problem. Music piracy is very nearly nonexistent (in western countries as least) thanks to the abundance of legitimate, inexpensive and easy to access online music services.

You're a more forgiving man than me Dave. I have not allowed any SONY products into my home since the Rootkit fiasco. They didn't attack pirates, they attacked people who BOUGHT the music CD, so their faithful customers. I just can't get past that level corporate evil.

This happened to me up in the great white north. Purchased the cd, ripped it, clicked no on a pop up. Little did I know, to Sony, no means yes. A very frustrating two days later, after a complete fresh install, I made a serious decision: never purchase another Sony product ever again. I was working in the film industry back then, and I could get very deep discounts on Sony products, so over years, I had a house and studio full of their products. To this day, I have not personally purchased a single Sony product since then... right down to the movies they produce. Unfortunately, in the professional realm, it is next to impossible to not use Sony gear.

Thanks Dave - fascinating background story. Did you know Ron Radko? He told me he co-created Autorun back in the Win95 days. He wasn't in the Windows team by the mid-90s though, he'd moved on to Windows CE where I met him.

Whats frustrating about this is that anyone else like you or I would do something like this we would be charged for computer crimes even back then there was laws and people were arrested for passing viruses and hacking even way before then.

You haven't heard of Sony's persecution of GeoHot or their removal of Linux from PS3? They haven't changed a bit.

I remember this very well... in fact, to this day, I refuse to use Sony products because of their abysmal attitude towards consumers back then. The rootkit removal not only failed to remove the rootkit, not only did they make you agree to all those awful promotions, but they buried the thing under so much tiny print and various clicks that you were hard pressed to even find it, even if you explicitly sought it. I wish, so badly, they had collapsed as a company for this behavior as a warning to others.

There is another common reason for piracy: a lack of availability. This one has happened a lot with software in particular, as several games have been constrained to certain regions.

Speaking of bugs in Windows' calculator: In some early international versions, the unit conversion feature in the calculator translated 'Volume' (liters, gallons, pints, etc.) to the local language word for audio volume, not physical volume.

In the end, those who paid the price were the people who bought the CD and wanted to play it on their computer, not those who were making a business out of piracy (i.e. making copies and selling them).

They'd replace the CD/DVD driver with a crippled one that preventing burning. It also made other scumbag DRM systems fail. So, when a co-worker played a Celie Dion CD she couldn't do her taxes because Turbo Tax DRM was disable by the sabotaged DVD driver the rootkit installed. Some corporate software had similar problems. The best part is that repairing Windows is a felony, even reformatting for a re-install is as that removes a content control device. But... installing deliberately destructive and persistent software without permission? A-OK. :/

This is just amazing journalism. I'm so happy youtube recommended this to me. Your editing is awesome and you're a great story teller. There was a perfect amount of technical detail.

AT&T was going to use a 2600 Hz notch filter to prevent phreakers from hacking their phone system in the 80s. But, like the DAT story you mentioned it was abandoned due to the impact on audio quality.

Oh, now it makes sense. Dave has always taken a "The OS should never lie to the user" approach, no wonder he took 16 years to cool down 😁🤣

This video only touched on the fact that the recording industry was mandating nerfs on recording hardware of all kinds rather than trying... you know... some forward progress. It is a wonder we ever made it out of that era.

On a general note: Your narration is FLAWLESS Despite being interested in whatever your videos are about (it was cooking amirite?), it in particular stands out. Proceed!

I remember this quite well. I was a Sony fanboy at the time (I had Sony everything), and this burned me for good. Afterwards got rid of all of my Sony devices (phone, receiver, speakers, TV, alarm clocks, etc) and haven’t bought a single Sony product since.

I remember disabling autorun because it was a bad idea from the start, auto installing viruses was a heavy price to pay for a touch of convenience. Yeah, now you get prompted but that should have been in the initial implementation though I'm afraid that's more hindsight than foresight as we spent too long just assuming most people would be nice.

This is the kind of anti consumer behavior that I still see companies do today and it almost always leads to negative outcomes, or only ever benefits the companies that practice them.

Your stories and ability to tell them are so well done! I come for the story, stay for the story teller. 10/10, Dave!

Thank you for this very detailed coverage of an event I remember but was troubled they got off the hook. Thanks for the insider view, it's appreciated.

Sony promised that at least ONE digital copy could be made from CD to MiniDisc using the optical connection. Bought a Sony audio CD, inserted it into a Sony CD player, got a Sony MiniDisc recorder ready to record, started playing the CD and recording synchroneously, and after less than 10 seconds the MD player reported "directory full". The whole MD was filled with one second long empty tracks. Thanks, Sony. That was the day I stopped buying and using ANY Sony things. For good.

This DRM fiasco was the reason I actively avoided buying Sony anything until very recently. I relented and bought a Blu-Ray player. It still makes me feel dirty.

Thank you so much for this, Dave! I remember the Sony DRM rootkit scandal. I didn't remember exactly when it happened, and by the mid 2000s, most of the CDs I was buying were Old Time Radio CDs for my parents, so I was blissfully unaffected by it. I used to wonder exactly how it worked, and now you have satisfied my curiosity.

Great episode, really glad I found your channel Dave.

Autoplay was always the first thing you disabled after a fresh install of Windows back then. There was a crapload of root kits, malware, buggy drivers and simple infected software out there on CDs. DVDs also got similar root kit like "protection" malwares installed, usually bundled in with "enhanced experience" bloatware. But atleast you were warned by a single line of misleading text somewhere in some 50 page EULA and could usually uninstall it.

I remember reading an article about piracy a few years ago. It was written at the start of the online music stores. It was about a study that was trying to work out how much money the record industry was losing to piracy. They came to the conclusion that there was a loss due to piracy but the main loss was caused by the fact that people who just wanted one or two tracks from a given album only had to purchase those tracks, whereas previously, they'd need to purchase the entire album. Why spent £9.99 (or $9,99) on an album when you could spend £1.58 or $1.58 for the two tracks you want?

First video of this channel’s I’ve ever seen, and this was just an unbelievably interesting piece o’ content - hope the rest is like this!!

Stumbled on your channel and now im a fan. Love the narration and your calm voice. All the best for you, blessings from Mexico.

Personally I believe people in general want to be honest. I believe that the widespread sharing of music was cased by the demise of the single, now you had to pay $17 for 1 song people liked off a cd instead of $1 for the single. People rebeled against the music industry. Proof is now you can buy a song for $1 dollar, streaming paid services are successful, and music sharing is dramatically reduced. The music industry created the problem themselves, buy being overly greedy. Greed is good, until somebody wakes up.

As my video about "copy-protected" CDs showed, there were other systems used by record companies on CDs from the early to mid 2000s which also tried their best to make playing and ripping CDs on your PC or Mac impossible or at least a frustrating experience -- although at least they didn't install a rootkit on your machine! And if you do still have any of the Sony CDs with XCP on it, the best thing to do is to hold down the Shift key when the computer is loading the disc, or better yet disable Autoplay entirely, to prevent it from attempting to install any software on your computer.

Hey Dave, great video. I heard about this but not as much detail as you gave out. Oh those good old days of KDB. I started as a OS dev in 1986-2007. I think I recall hearing your name back in those days.

Loved this flash back in time from the inside view point. As an aged user/client/hacker type I so see me in your references of collecting; a thing were only now shedding...!! Thanks Dave.

So let me get this straight... it's taboo if one makes a copy of an audio file for archival purposes based on the premise that they could potentially one day make mass copies for profit... yet it's okay for a large corporations to infiltrate and take over your system via rootkits or "spyware"?

Great video. I remember this all too well. Few things served as such a wide eye opener as this event. It was a massive breach of public trust, and it really showed how far companies were willing to go, and also showed how paying customers were ending up getting a worse over all experience from the pirates, something that was known since the 80s with game manuals and decoder trinkets (all while pirates happily traded cracked versions on BBSs and and such.) It really changed how DRM was viewed, given how we realized that campanies would utterly violate personal computers with what was effectively commercially-sanctioned malware (e.g., Secu-ROM, SafeDisc, Star Force, etc.) Even product activation was more often viewed what it was. I remember downloading simple tools that completely gutted out WPA on legitimate paid copies of Windows XP just so one wouldn't have to deal with it during hardware upgrades, etc. The scandle effected all media related industries. To this day a lot of people just do not trust the RIAA, MPAA, and related firms, and to be honest, any massive corporation in geneneral. Sony BGM seriously harmed much more than just themselves.

Windows users caring about rootkits? Precious.

Fascinating story, very well told. Thanks man! Subbed!

I remember one could use a marker and cover the outside track of the Sony CD to disable the copy protection. Millions of dollars of copy protection defeated by a Sharpie. That’s why copy protection is such a scam and benefits no one.

I always found autoplay to be intrusive and unhelpful. The first thing I always did when setting up a new system was to disable it.

Always love your videos. Thanks for your effort.

absolutely amazing episode. Thanks for sharing!

​the thing can be bypassed by disabling autorun, open the disk, and do piracy. actually just commit piracy in the first place and you can avoid the whole shenanigans without changing settings

“The easiest way to stop piracy is not by putting antipiracy technology to work. ... It's by giving those people a service that's better than what they're receiving from the pirates.” Words of wisdom from Gabe Newell, and one that helped Valve dominate and continue to dominate the game space. And one that I feel a lot of companies keep forgetting. That is the reason, in my opinion, why those streaming services provide such a good revenue stream.

Most public announcements of Exploits are hugely technical in nature and provide even fairly knowledgeable individuals little useful actionable steps to take. More importantly they give little or no insight into how the exploit was "pulled off". THIS VIDEO WAS GREAT. You learn a bit of "computer science", coding etc. I'm a subscriber!

Since the DRM software was Windows-only, if you put the disc in a non-Windows computer (Linux, BSD, Solaris, etc), you could copy it just fine. Even on a Windows machine, you could just disable autorun or hold down the shift key.

I own ~2,500 music CDs. Hardly any of the Sony titles were purchased new after Sony infected my computer with their rootkit. No idea how many Sony customers were sufficiently pissed off as I was to effectively boycott them. It didn’t help that my Sony 19 inch monitor took five months to be repaired under warranty. Needless to say I never purchased a Sony TV or other equipment since.

At the time I worked for a small company as their IT guy while in college. The owner of the company would give me CD's to copy so he could have a copy at home and in the office. He handed me one of Santana's greatest hits CD's and had me make a copy. A few days later I saw an article on Slashdot about the rootkit, and checked my work PC. At the time I was in a long term relationship with trying to run my Windows XP machines as a "limited" account. Which was frustrating in those days because many programs needed read/write access to the Program Files directory. (Or at least requested the permissions) I was probably one of the few people what were happy to see when Vista added the UAC dialog. Anyway, my PC did not have the rootkit, but my boss' PC did. Told him never to put CD in a PC ever, and wrote that on the label. He probably forgot and ignored that warning, but that is another story...

The Google/KZbin algorithm suggested one of your videos and now I’ve gone down the rabbit hole but in a good way. Subbed, belled, and liked all of the videos I’m now binge-watching. A very small bit of trivia about me. I worked on the original IBM PC power supply back in the day, redesigning the circuit board of the prototype to make it UL/ever other agency’s standards.compliant. My tiny contribution.

Thanks for sharing this Dave, really interesting!

I had a list of things to do with a new install of Windows before I did anything else. Things such as setting all folder views to details with only date, size and file name columns, turning off hiding of known file extensions, setting the background to just a solid color etc.. One of those things was to disable autorun. The list has expended over the years and now includes (b ut not limited to): never combining taskbar items (Windows 11 made this trickier), installing and defaulting a decent browser, debloating & pruning, disabling telemetry (admittedly this is mostly done by OpenWrt on my router but there is some blocking on the OS), installing Visual Studio (Solves so many potential problems later on), turning hibernation off and setting up a RAM drive for the temp folders and browser caching (I want my SSD to last).

Gotta love anti-user digital restrictions management. Why treat some people like criminals when you can go the route of equality and treat everyone like one?

Dave love your channel and really appreciate your insight. Please keep these videos coming. Thanks!

One thing that got overlooked in the video when talking about "why" people pirated stuff...is the in my opinion most obvious one: they wanna have it but they either don't have the money or don't wanna spend the money. I am gonna paint a completely hypothetical picture here now. There was a 13-year-old who grew up in the 90s and was hooked on music from the moment he bought his first CD, "Americana" by Offspring in ~1998 that was suggested by a friend of his. This love for music only got worse when basic cable in his home country in EU started showing Mtv. This 13-year-old then wanted to listen to music whenever possible and so one day he got a Sharp Minidisc player as a present for his birthday. Being the 13-year-old that he was his funds to buy all the music he wanted were very limited, but Internet connections got a big boost with ADSL at the time and that opened up a whole new world to him. Back then there was no KZbin, there was no Spotify, there was no flat-rate streaming (or probably any streaming), but there was a certain software that was mentioned in this video that could download music files and he could then record them onto his Minidisc player - and they both lived happily ever after! btw, Mark Russinovich is a genius, I have been using his Sys Internals tools for ages :).

The funny thing was that you could quite easily rawdump the discs anyway. I never even had to fiddle around - it just worked. Maybe I had a weird CD reader...

A story I’ve heard thousands of times and yet this video from you revealed to me a whole other side to it. Super great stuff Dave! I’m only a 20 something year old and I’m glad because it means all the stuff I heard as a kid and young teen now gets fully explained to me by software devs from Microsoft who’ve since retired (;

Dave I absolutely love your videos. Amazingly authoritative and so lucidly delivered it makes my brain feel good! I have to slow you down to.75 though, but that's ok, LOL. Keep em coming bro.

What a great channel! Glad I found your stuff

Given I have a special needs little sister, and my older brother tended to treat CDs like coasters? Everyone got a folder on my computer where their CDs got ripped to and the original CDs put in a flipbook folder nice and safe. So when 'oh hey my cd broke!' 'ya which one?' ___ 'alright' and i'd have the replacement burned, sharpie'd, and everyone's happy. Gets really fun when you consider game systems. My sister has a wii (and had one since the thing launched.) She Loves it. She also has never gotten any better about handling discs. Fortunately homebrew exists to rip wii games to a hard drive, and the wii has a USB port in the back. So, same thing applies. All her games are nice and safe, and she gets to sing her little heart out (much to everyone else's annoyance because the girl Can Not sing...) Win/Win. As for sony's 'most people don't know about it so why should they care?'' Is literally like me going 'well most people don't know that I have a key to their house why should they care? The amount of arrogance on display there....

One of the things I remember hearing about Sony XCP was that security researchers had learned about this and refused to publish it, owing to the aggressive overprosecution the Adobe and the US did to Elcomsoft over tools that decrypted ebooks for screen reader use. DMCA 1201, the law that gives DRM legal force, *does* have exceptions for security research that would have protected them from Sony litigation. However, not a lot of people actually knew this. They just knew that this new and annoying law that had been policy-laundered through the WTO meant that anything DRM-shaped was radioactive. And this was not an irrational fear: even third-party printer cartridge and garage door opener companies have been legally dogged for *decades* over misinterpretations of 1201 that SCOTUS had to fix, at the aforementioned companies' expense. Even if Congress did not intend it to be as such; most companies still believe 1201 is a blank check to sue people for contempt of business model, and it needs to be dramatically limited to stop these nuisance lawsuits.

Thank you for this. Very interesting. I saw this coming many years ago. My wife was a pianist and accountant and so I am sensitive to this issue. What I did was always (yes always) buy the CD and rip it. I then stored it on a HDD and kept the CD. I still do this, and it is a pain. I "took advantage" of Google's music service and uploaded my 60+ GB of music to them so that I could stream my music at any time. They transferred this to KZbin. Now I can only get parts of my collection AND when I listen to some of my favorites, or try to they present me with their music first, or predominately, or after mine plays and I end up paying a premium for it anyway. To me it is evil. I have over 400 CDs and will eventually go back to putting it on my entertainment system and listening to it that way. Very frustrating. Thank you so much for sharing, you are amazing. God bless. BTW. I have never shared my library with anyone.

Thank you very much for covering this.

I used to disable autoplay and hold down for data CDs, but the PC was shared and somehow the Sony BMG Dido disc managed to pop up a window... I had to re-install everything (including a battle with SCSI drivers) to get full functionality back. I was in a bad mood that day, and ironically that's what made me decide to improve my defences, and then rip every CD to an open standard (.flac) :-)

I realize auto-run was to reduce calls from people that can't find the "any" key. However, I wish that if you bought the "pro" version of the OS that it came defaulted with all the consumer protection crap turned off: no auto-run, let me decide how I want to handle the new IP address, etc. If you buy "home" version then you are treated as the untrusted end user that you are, buy "pro" and you are responsible for your own actions. So tired of the OS thinking it knows more than I do, and not trustable with all the unnecessary telemetry reporting, edge firewalls FTW. Switching everything to Linux and maybe a Mac for the wife.

Thanks for a very albeit older rootkit story. It was very informative and enjoyable to listen to. Take care care.

Very much looking forward to watching this one. Thanks!

"Collector instinct" that's a good one Dave. I call it "digital hoarding" and personally I'm a big one. I never let Sony slow me down even for a millisecond. And I like to play open world role playing games like now Microsoft owned IP Skyrim. And in those games I hoard, pick up and collect every object I encounter to the point of a compulsory neurosis.

Really cool and interesting Dave! Love this kind of stories and your story telling is excellent. Thank you!

I remember buying a Rolling Stones cd that was also 'multimedia' so you could hear it normally on a cd player, but if inserted on a Windows PC, it would let you hear and at the same time have a fancy graphic of the group. It was nothing special, but at the time (late '90 if I remember well) this type of CDs with additional content were all the rage. I did check one or two times the so called multimedia content, and later found out that it had installed some kind of rootkit. The computer began to work odd , and so searching on forums and so I found out that it was this thing that got installed. Never again I installed anything coming from a music cd.

Speaking from the radio side, I've heard, that Napster made obscure tracks available, so if you needed something not easily obtained, there it was. I thought at the time, that if the record companies fought Napster by going online, and even charging something per track, ala iTunes, they could have made bank. Along with opening up their back catalogs, but they were too stuck in the old ways of doing things, they had to be dragged screaming and kicking into the 20th century.

I remember this happening and at the time people would put small music collections on their laptops for when they were working away. Work was fine with that so long as they could prove they owned the CD and that none of this music would end up on the corporate servers. But when the weaknesses on Sony’s DRM were exploited, the problems this caused the IT department ended up with the consultancy department I was in being diverted to fixing the issues rather than generating revenue for the company… Last I heard, the MD was contacting Sony for compensation for the lost revenue, no idea what happened after that as I went to work elsewhere not long after

Thank you Dave. I really had forgotten this happened. I actually got the root kit on my computer back in the day and had to reinstall XP from scratch. After that i disabled CD autrun forever.

I have to say that while I'm no fan of MS, due to its past malign behaviour involving customer lock-in attempts, the ISO 29500 debacle, license agreements with OEMs that preclude them from selling machines without an OS installed etc. etc., I really love your content - and I in no way blame you for any of MS's aforementioned unethical behaviour. Subscribed.

Moral of the story: don't use windoze, use linux systems

Boy does this bring back memories...was a student at that time and a friend of a friend asked about why he was having issues with some of his CDs...the story of the rootkit was making rounds at that time and i had to use the rootkit revealer of Mark. I think i did test it several times, that is clean the rootkit, use Sony CD again, test with another, and back to clean to also show that friend about the issue. Don't remember if i disabled autorun to his computer at that time (i do it on my own even today), but i did tell him that if he wants to hear the Sony CDs better to use a proper CD player (portable or high end stuff) rather than use it on the PC.

"This doesn't paint a flattering picture of Sony in the early 2000's" - sorry... but anybody alive at the time wouldn't exactly be expecting sunshine and roses - early 2k Sony was a horror for everyone, most of all, consumers.

I witnessed the "collector instinct" way back in the early 90s. A friend who had an Amiga had over a thousand floppy disks, nearly every program known to that system. The weird thing was he only played a couple of games, the rest just sat on his shelves. He HAD to have anything and everything that came out. BTW, were Linux users effected by this root kit?

I was a Sony fan until I purchased one of the very first CD players back in the early 80s. CD players were running $600-$1000 at that time. I had a coupon from them for $100 off the purchase, which needed to be mailed in. Sony wrote back saying I wasn't eligible because this was for US addresses only. Well, my mailing address was APO NY (a US military address), and the coupon was marketed in a military periodical. So, they were basically refusing to honor the coupon to the audience they marketed it to. So, to this day I still say at every opportunity...FUCK SONY.

Napster, when it was created, was inline with German law. BMG Sony (Pretty much a German company owned by Sony) bought themselves some new laws and judges to change that! In Germany it was legal to have security copies as much as you want and you could share copies of your music with your family and friends up to 5 copies. This law was from a time when a copy allways came with a loss of quality. It also kept working as intended when double speed CD-Burners costed about 1200DM(Deutsche Mark) the SCSI-card that was needed not included. And an empty CD costed about 5DM to 10DM depending on the quality "Verbatim" was a the best quaility brand. Also every CD-Burner, MC-recorder or VHS recorder or printer and every empty medium had a tax on it that was payd to the creative industry in Germany. So BMG Sony made money on every recording device that other companies sold. When the Frauenhofer Institut developped MP3 they asked BMG Sony if they had any problems with it or if some form of DRM should be included and the Music industry in Germany didn't even answer this request! So this Frauenhofer Institut released MP3 as GPL or MIT in the open wild and it made Napster in Germany possible. The music industry was just stupidly ignorant abou the possibilities of the internet or psychoaccustic music compression. MP3 + German copy laws + Napster was a problem for the Music industry.

Dave, you're such a good storyteller, I don't know how you make these videos so engaging but it seems to come so naturally to you!

Dave, I dealt with a lot of music companies during the early part of the digital music transition (late 1990s) and they were ALL in a blind panic that their role as sole gatekeepers between the talent and the public was being 100% subverted and they were all thrashing about looking for protection solutions that would work. There were a lot of people making a lot of money pitching and selling protection systems to them . I used to advise them that they were all wilfully ignoring ignoring a simple reality, which is that if music can be played it can be copied and what is the point of recorded music that nobody can play? We did a demo where we played a high quality CD on a player to whose speakers we had hooked up a PC audio input and showed what a good quality copy could be got that way - far better than any cassette to cassette copy. We then showed how quickly we could replicate the digital copy we made from HDD to HDD. A lot of these music company guys were very non-technical and were visibly shocked at this demo - and we usually concluded by advising them that we - as consultants - were advising them to look for ways to adapt their business model to suit this new state of affairs. Almost all of them said that no, they could not allow the gravy train which the record company business had been in the 20th Century to be derailed and they would continue looking for a foolproof protection system - and thus they went to war with their customers. Ironically, when the explosion of hard drive capacities made video collections possible about a decade later, the movie companies went through the same cycle and were forced to the same realisations as the music companies had been before them. I guess nobody wants to be told that what made them fat and happy is going away.

As always a really interesting video. Thanks for sharing.

Steve Gibson loves to point out the inherent security flaws in Windows that caused many troubles back in the day and continues to today - that tradeoff between convenience and security.

Heh, you mention the pucker factor on modifying something like Calculator... I worked on a system with similar issues. One where the only time the system went down for a grand total of 15 minutes, it was on CNN in the cafeteria within 5. (Not software! A test on switching between the two separate utilities providing electricity to the site (which also had its own power generation facility) resulted in (I was told) a giant busbar welding itself in place, destroying the main power delivery apparatus entirely AND removing the ability to switch to the on-site power generation). That and working on specific components that oversaw the handling of tens of millions of dollars worth of transactions per customer, with both internal and external auditors regularly doing their thing being anal about every penny... there were times it could be stressful. But that's a good kind of stress. Where as long as your code is solid, you'll be OK. The only stress that really bothered me was the 'office politics' kind which was thankfully fairly rare. You are actually incorrect about the 'personal backup' aspect of copyright law. There is no such justification which can be used unless the copyright holder specifically permits it. Copyright law is interesting and has always fascinated me, how the legal system approaches what is essentially just a large number (any file) and pretends like it is as distinct and immutable as a physical thing like a painting or analog record.... without ever actually dealing with that core issue at all. The definition of what qualifies as a "copy" to a court often surprises 'computer people' (anyone who understands how data works). There is a landmark precedent-setting case which establishes that a copy of data in RAM? That is a separate copy than the copy of the work on disk. And even if you have rights to have the copy on disk, you probably do not have any right to the copy in RAM (and with software, that copy is very likely a derivative work since it is likely not an identical sequential copy of the sectors on disk, to say nothing of paging and the vagaries of memory management). A company was running a system, and the OS was loaded into RAM. They did not have a copy of it on any disk or tape or anything. They were still judged to have violated the copyright and made to pay damages. I know what you're thinking - data copies have to be created in RAM just to move data around. Those are exempt. The copies which exist only ephemerally in things like network switches as it transits the network ARE copies covered by copyright law, but are specifically exempt under precedent. There is no definite amount of time which defines when a copy is 'ephemeral' but it is routinely assumed that for something like playing a song, as long as the data is unloaded from RAM after playback, it is presumed an 'implied license' exists to have the copy during the playback. If it persists after that, you are almost certainly breaking federal law and violating international treaties. Canada does have a 'personal copy' law, and they also give a kickback to media industry people that adds a few cents to the purchase of blank media, making personal 'piracy' lawful (not exactly piracy then). The Internet always guaranteed the death of record labels... but piracy has nothing to do with it. The service that record labels provided which created value was primarily (to the degree that it was very nearly the only thing of value they ever provided) distribution. The Internet makes them providing that service even worse than worthless. In fact, their own distribution networks, which operate through retail distribution agreements, are restrictive (requiring the publisher not make the works available through any other means sooner or at a lower price or as a more attractive package, ie iTunes)- making the service they provide to artists and consumers even WORSE than something any clever 12 year old can (and do) do in their spare time for free. You can't build an empire on a service that children can outperform you at as a hobby. Whether people continued buying the stuff labels distributed or not, artists were guaranteed to abandon them in favor of Internet-centric options which give them a direct relationship and instant release windows without scalping 99%+ of the sales money. Sure they could limp along providing marketing and other services - but that's only if they were willing to radically (and I mean radically) slash the cut they take. And have you seen how American businesses handle it when growth simply slows? The idea of actually shrinking isn't even in the nomenclature! To cope, those companies turned to attacking their own customers. Which worked about as well as can be expected. Now today if you're an artist, do you sign with BMG and agree to give them 99% of the sales (and they will even lie about your sales numbers, since they control what they report to you)? Or do you just put it on iTunes or elsewhere and get a radically larger amount? It's not even a question. Only artists manufactured by record labels go with record labels. Anything else is financial suicide in most cases.

So.. if these albums got put into a computer running a Linux OS or Unix OS, this rootkit will do noting and you couldn't play the audio cd?

First off, very nice cause, approved. Second, for me as an "archiver" it was literally just that. Part of my going to digital was hard copies have a tendency to well break (I spent £120 approx, twice replacing my damaged copy of FFVIII and unfortunately not every CD was good the first time around). Where piracy still has a place however is the shark like practices companies exhibit with regards to "your" purchase, they view it as not a purchase but a lease, one they can revoke at their leisure, be it shutting down the servers or throttling your media by region locking it. Now granted when I was a wee lad I couldn't afford all the music, movies and PC games I really wanted to experience so, sadly pirated, which I got bit hard quite a few times (but I did vow that once I earned I would buy everything in either digital or hard copy, and best to my knowledge I have, go me).