Slashdot Log In
BioShock Installs a Rootkit
Posted by
kdawson
on Fri Aug 24, 2007 08:36 PM
from the drm-even-in-the-demo dept.
from the drm-even-in-the-demo dept.
An anonymous reader writes "Sony (the owner of SecureROM copy protection) is still up to its old tricks. One would think that they would have learned their lesson after the music CD DRM fiasco, which cost them millions. However, they have now started infesting PC gaming with their invasive DRM. Facts have surfaced that show that the recently released PC game BioShock installs a rootkit, which embeds itself into Explorer, as part of its SecureROM copy-protection scheme. Not only that, but just installing the demo infects your system with the rootkit. This begs the question: Since when did demos need copy protection?"
Related Stories
Firehose:Rootkit installation hits PC gaming by Anonymous Coward
[+]
IT: Another Sony Rootkit? 317 comments
An anonymous reader writes to tell us F-Secure is reporting that the drivers for Sony Microvault USB sticks uses rootkit techniques to hide a directory from the Windows API. "This USB stick with rootkit-like behavior is closely related to the Sony BMG case. First of all, it is another case where rootkit-like cloaking is ill advisedly used in commercial software. Also, the USB sticks we ordered are products of the same company — Sony Corporation. The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:\windows\". So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place."
[+]
Bioshock's Launch Aftershocks 267 comments
It should come as no surprise that the level of hype BioShock reached in the last month has had some aftereffects. The game itself is really good; few are disputing that. There were, however, some problems. Next Gen has a few words with Ken Levine on BioShock's troubled launch looking at the broken Big Daddies, the allegations of a rootkit, and the 'widescreen issue'. There are other issues still floating around, of course: despite rumours Levine has now confirmed there will be no PS3 version of the game, and one problem may just be starting as big media finds out about the Little Sisters. 'The Boston Patriot-Ledger ... argues that BioShock is "testing the limits of the ultraviolent gaming genre with a strategy that enables players to kill characters resembling young girls." Despite the shock-inducing lead, the article goes on to give a more or less accurate description of BioShock's choice between saving and harvesting the creepy Little Sisters ... The conclusion tries to draw a link between BioShock's violence to a stabbing death allegedly inspired by Grand Theft Auto, but the connection is pretty weak.' To close on a good note check out 1up's profile of Levine's career, or download the BioShock score ... which is beautiful.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Demos and protection (Score:5, Informative)
(That doesn't mean that I endorse Sony's approach here -- far from it)
HTH, HAND
It does not (Score:5, Insightful)
Not QUITE a rootkit (Score:5, Informative)
It's not a rootkit... (Score:5, Informative)
As for why it's in the demo, modern copy protection is embedded throughout games. It's too difficult to remove the protection just for a demo that contains so much of the full game engine.
Shame on /. for linking to this (Score:5, Insightful)
Okay, I was getting myself good and riled up over this piece of news. I was even ready to return the game first thing tomorrow despite it being a lot of fun. Then I did the unthinkable - I RTFA.
Seems this is a big load of nothing. SecureROM installs a service to let those running without admin privileges run the SecureROM stuff. This is kinda bitterweet - yes, SecureROM is bad etc but running as a restricted user is good. This is assuming you trust SecureROM's website which says (from TFA):
I don't see the issue here.
Re:Shame on /. for linking to this (Score:5, Informative)
References:
http://consumerist.com/consumer/punishing--the-on
http://forum.sysinternals.com/forum_posts.asp?TID
Parent
Not a rootkit (Score:5, Informative)
Thus it is a poor way to keep stupid users from trashing their DRM, not a rootkit.
The reason it shows up in "Rootkit Revealer" is because true rootkits use the embedded null tactic to keep users from deleting keys registering malware dll's, startup settings, etc. That way, the user has no way to deregister the malware or stop its launch.
However, the Rootkit Revealer does not simply point out rootkits. It's not that simple. RR points out suspicious methods and/or hidden files, and requires the user to analyze whether those methods and files indicate an actual piece of malware.
Clearly, a key that simply warns you not to delete other keys is not malware.
It is annoying, however, and the only way to get rid of a key with embedded nulls is with DelRegNull. I didn't like that one bit.
My key was added with the install of Neverwinter Nights 2, however, which also uses SecuROM. This key has been around for a while, folks. Someone is crying "rootkit," when really all it is is a sloppy hack to keep users from eliminating their SecuROM keys.
What's really annoying about this method is that the malformed key is not removed when you uninstall the software that requires it. SecuROM also drops a few malformed files in the directory %userprofile%\Application Data\SecuROM\UserData. They won't delete either, because they are key files which the folks at Sony have deemed MUST NEVER be deleted. Great. The only way I could manage to clean out those was by mounting the partition with NTFS-3g and issuing an rm *.*. Otherwise, another hack keeps Windows from moving the key files, probably because if you could copy them, you could run a game on any machine with the keys.
This is definitely more arrogance, and completely annoying, but certainly not a rootkit. I would love to hear what the suits at Sony have to say about their crapware. I expect nothing less than a true SecuROM removal kit, since it doesn't get removed on uninstall.
--
Toro
PC gaming (Score:5, Insightful)
I got sick and tired of copy protection fucking up my machine, or refusing to run a valid copy because it didn't like my disk. (Medieval Total War and Diablo II being two games in particular that simply would not run on my hardware without a CD crack.)
Having to upgrade hardware every couple years was annoying, but it's all this crap heaped on me, who is trying to pay real money for games that pushed it over the edge. I'm sure I'm not alone. And yes, I know that Console games are protected too...but for console games, it's transparent to the user.
Note that I also paid for "Galactic Civilizations II", which was not protected, and the expansion will be the only PC game I purchase this year.
Punish your customers (Score:5, Insightful)
I used to buy a fair few more PC games. After some of the nastier games the bigger vendors started playing, I stopped buying larger commercial games and moved on to games made by smaller indies (okay, there were some other reasons to, but that's a discussion for another day). They are far less likely to install crap on your system or make you jump through hoops post-purchase.
Until recently. I purchased a game from a larger indie and then found out I had to "activate" it (after they got my money, of course). They "promise" it'll all be okay, they've got money aside in case they go out of business (which they'll never touch, of course, promise promise). But it's okay because "Windows does it too". I'd name-and-shame them but they did make an effort to make it right when I kicked up. And honestly, I don't want this fight. So let's just say it was a good indie game.
So I'll be buying less and less games over time, I guess.
So where are we now? Here I am, along with other paying customers, doing the right thing- and I get shafted as a result. I can get a better copy with less restrictions by going to the local warez-are-us. That copy won't stop working ten years later when the developer shuts down. It won't phone home and refuse to run. It won't refuse to run without a net connection sending God-knows-what to their activation server.
As a software developer I can completely understand the reason to protect your software from being casually distributed, but dammit- CD driver replacements, rootkits, web trojans, privilege elevation servers, surprise "activation". Why are you subjecting your legitimate customers to this nonsense, when the people ripping you off are just going to get it from someone who has already stripped this stuff out? Don't you realise the logical conclusion of making your product considerably worse that the warez version? Of making every software install a risk of hosing the system?
Re:Yet another game (Score:5, Informative)
So does that mean I'll have to get the cracked version from BittTorrent in order to NOT infect my machine ?
It is very sad that the underground world is nicer than the official one. It's Demolition Man [wikipedia.org] all over again.
Parent
Re:Yet another game (Score:5, Interesting)
Parent
Re:Yet another game (Score:5, Informative)
BTW, the graphics are very impressive and the atmosphere too, but from the first few levels it seemed good but not all that revolutionary as I kept hearing it was...
As others mention and the FA clearly says, it's not a rootkit, just a regular service. This is a case where I wouldn't mind someone being sued for libel - they really deserve it.
Parent
Re:Yet another game (Score:5, Insightful)
Somewhat off-topic, but if this isn't a sign of the times I don't know what is. You shelled out $50-60 of hard-earned money to buy a game immediately after it's released and what's your reward? You sit and wait for hours while the moron publisher's servers get overloaded with "activation" requests. And here in this comment, instead of showing irritation or annoyance, you just accept this as normal (not saying you weren't pissed then of course
Funny, I remember when you would buy a game and could take it home and play it right away. Of course technology has progressed since then - now companies can alienate honest customers while adding a few hours to the time it takes to crack the copy protection. Steam is one of the worst things to happen to computer gaming in a long time.
If that's not progress, I don't know what is.
Parent
Re:Yet another game (Score:5, Interesting)
I was really ready to get angry (I had pre-loaded days before and it had the gall to make me wait another 2 hours since download speeds were awful - but that isn't activation related, AFAIK), but it's hard to make much of an issue of a 30 seconds delay.
Also, I live in Brazil. Sometimes games would take months, sometimes years and on occasion, they would never be available here in a legal form. Buying from the USA is of course possible, but even then it would something like US$20+80% customs taxes. And sometimes it would be translated (poorly) - argh! Prices are about the same as the US, sometimes a bit higher, sometimes a bit lower.
So I consider being able to download major releases (instead of just indie games) and play at the same time as anyone else major progress.
Steam could improve their download client a lot, though. I get 460K/s routinely on Getright with multiple connections, but sub-100K/s is the norm on Steam.
Parent
Re:Yet another game (Score:5, Funny)
Parent
Re:Yet another game (Score:5, Interesting)
In my opinion, Steam is far worse than any regular DRM, because instead of simply installing software that checks and validates your game, you're allowing a company access via network to your game where they can outright regulate whatever you do with it.
I never installed Steam for that reason. It freaks me out. I don't want anyone on my machine other than myself, and I don't feel companies have a right to regulation on that level.
Even though this Bioshock thing turns out not to be a true Rootkit, it's a game I was going to buy, but now that I see they install this additional mess, I will be passing it up.
I will be happy if a piracy group supplies with me a DRM free version. But I truly LIKE to give my money to teams that deserve it, and I feel the inclusion of secureROM in this game may be robbing a very deserving team of it's sales.
In the end, if the publisher feels they need to install anything that is not necessary to the game itself, they will not get my money.
Parent
Re:Oh great (Score:5, Informative)
I don't care if it is one or not. My point of this article is that the SecuROM service doesn't need to be included in the demo if we don't have to activate it.
Using "rootkit" brings the traffic. It's all about the SEO, and is why this article is on top in Google.
Parent
Actually, these rootkits are good... (Score:5, Insightful)
Good for certain uses anyway. I've participated in Iowa State University's Cyber Defense competitions as a red team hacker, and I've found they really help to take out the defending teams. Every team is required to run a regular Windows desktop that any user can access (the teams often play the part of universities or other facilities trying to secure a public lab), and it's fun to just walk up like a normal user, put in a "normal" music CD or game (courtesy of Sony), and then BOOM, rootkited. From there on, of course, things get easier... it's hard to remove malicious files when the OS won't let you know they are there :D.
Parent
Re:Oh great (Score:5, Insightful)
Parent
Re:Oh great (Score:5, Funny)
You'll buy what we fucking TELL you to buy. If it crashes your system, then your system requires more RAM.
It's situation fucking normal for a game.
If you don't like it, then millions of idiots will just buy it and install it on their parents' computer anyway. After all, kids are the only ones who play games.
(Not previewing after 5 on a Friday.)
Parent
Re:Oh great (Score:5, Funny)
games aren't just for kids. The fact games are a multi billion dollar industry shows this clearly.
no one can make me part with my money if i don't want to. get a clue.
Parent
Re:But why do they need to install spyware/rootkit (Score:5, Informative)
Parent
Re:This is why fucking capitialism needs to be (Score:5, Insightful)
Parent
Re:True Story... (Score:5, Informative)
No, it just installs a tool that's specifically intended to subvert an OS security mechanism (non-Admin user accounts). That's not a root kit, but it has a lot of the same security issues.
Parent
Re:True Story... (Score:5, Informative)
Given the internets and what they are -- with their tubes and all -- I want to sort of talk about the concerns people have. We take the concerns people have very seriously. There's been some concern like, "What happens if it's three years from now, or ten years from now, when I want to play this game. And, you know, Irrational Games has been hit by a meteor?" We will unset the online activation at some point in the future -- we're not talking about when. If people have concern about that they shouldn't be worried about that. This activation is for the early period of the game when it's really hot and there are people really trying to find ways to play the game without buying it. Of course, there are a lot of people who are legitimately trying to play it. We're not trying to be Draconian, we're trying to find a balance.
Well, perhaps I will buy the game.. After I see this activation thing being disabled...
Parent