BioShock Installs a Rootkit 529
An anonymous reader writes "Sony (the owner of SecureROM copy protection) is still up to its old tricks. One would think that they would have learned their lesson after the music CD DRM fiasco, which cost them millions. However, they have now started infesting PC gaming with their invasive DRM. Facts have surfaced that show that the recently released PC game BioShock installs a rootkit, which embeds itself into Explorer, as part of its SecureROM copy-protection scheme. Not only that, but just installing the demo infects your system with the rootkit. This begs the question: Since when did demos need copy protection?"
Demos and protection (Score:5, Informative)
(That doesn't mean that I endorse Sony's approach here -- far from it)
HTH, HAND
Not QUITE a rootkit (Score:5, Informative)
Re:Yet another game (Score:5, Informative)
So does that mean I'll have to get the cracked version from BittTorrent in order to NOT infect my machine ?
It is very sad that the underground world is nicer than the official one. It's Demolition Man [wikipedia.org] all over again.
Re:Oh great (Score:5, Informative)
I don't care if it is one or not. My point of this article is that the SecuROM service doesn't need to be included in the demo if we don't have to activate it.
Using "rootkit" brings the traffic. It's all about the SEO, and is why this article is on top in Google.
It's not a rootkit... (Score:5, Informative)
As for why it's in the demo, modern copy protection is embedded throughout games. It's too difficult to remove the protection just for a demo that contains so much of the full game engine.
Re:raising vs begging the question (Score:2, Informative)
Not a real rootkit (Score:3, Informative)
From the comments:
"Using "rootkit" brings the traffic. It's all about the SEO, and is why this article is on top in Google."
Although I believe this is nastyware.. It surely does not meet the definition or rootkit [wikipedia.org].
Not a rootkit (Score:5, Informative)
Thus it is a poor way to keep stupid users from trashing their DRM, not a rootkit.
The reason it shows up in "Rootkit Revealer" is because true rootkits use the embedded null tactic to keep users from deleting keys registering malware dll's, startup settings, etc. That way, the user has no way to deregister the malware or stop its launch.
However, the Rootkit Revealer does not simply point out rootkits. It's not that simple. RR points out suspicious methods and/or hidden files, and requires the user to analyze whether those methods and files indicate an actual piece of malware.
Clearly, a key that simply warns you not to delete other keys is not malware.
It is annoying, however, and the only way to get rid of a key with embedded nulls is with DelRegNull. I didn't like that one bit.
My key was added with the install of Neverwinter Nights 2, however, which also uses SecuROM. This key has been around for a while, folks. Someone is crying "rootkit," when really all it is is a sloppy hack to keep users from eliminating their SecuROM keys.
What's really annoying about this method is that the malformed key is not removed when you uninstall the software that requires it. SecuROM also drops a few malformed files in the directory %userprofile%\Application Data\SecuROM\UserData. They won't delete either, because they are key files which the folks at Sony have deemed MUST NEVER be deleted. Great. The only way I could manage to clean out those was by mounting the partition with NTFS-3g and issuing an rm *.*. Otherwise, another hack keeps Windows from moving the key files, probably because if you could copy them, you could run a game on any machine with the keys.
This is definitely more arrogance, and completely annoying, but certainly not a rootkit. I would love to hear what the suits at Sony have to say about their crapware. I expect nothing less than a true SecuROM removal kit, since it doesn't get removed on uninstall.
--
Toro
Re:Yet another game (Score:5, Informative)
BTW, the graphics are very impressive and the atmosphere too, but from the first few levels it seemed good but not all that revolutionary as I kept hearing it was...
As others mention and the FA clearly says, it's not a rootkit, just a regular service. This is a case where I wouldn't mind someone being sued for libel - they really deserve it.
UAService7 not on my system thank god (Score:4, Informative)
By the way, there's an easier way to delete the files under appdata.
Type "at
While we're on the subject of grammar... (Score:1, Informative)
Re:True Story... (Score:2, Informative)
Thats not my only reason your forgetting the limit on installs, every time you install the game it sends a message to a server after 2 of these notices the game doesn't run unless you uninstall it a computer you had it installed in (This is also in the Steam version). Now that doesn't seem bad at all except, lets say your hard drive crashes, laptop gets stolen or you just say eh screw it I'm reformatting my computer. Now that is one install (out of 2) completely gone. People are already posting responses from both of the companies handling it. 2k tells you to contact Securom, and Securom tells you to contact 2k. The fact that if I get another computer or my hard drive crashes I have to put up this is ridiculous. Now what happens if 2k games goes under and the server is no longer there to activate it, they haven't made a comment yet about that either.
Re:raising vs begging the question (Score:1, Informative)
We, the people, control the future of our language; not a bunch of nerds who thought English was an easy degree to take in college. I caution Slashdotters not to go down that slippery slope of rote book fascism.
Its a damned shame, than, that these people get their panties in such a not over phrases that everyone understands.
Re:Oh great (Score:4, Informative)
You guys do realize that Bioshock is NOT a Sony game, right? It's been stated that it won't appear on the PS3 (some
If it's not a Sony game, and it's not even going to be AVAILABLE for the PS3, then who do you think decided to use a rootkit-ish (even if it's not a rootkit) technology? Hint: it wouldn't have been Sony.
If Sony came up with the technology, and then the other guys decided to license it and use it, does this mean Sony had much to do with it? Nope.
I am still laughing at how easily the anti-Sony-fanboy types disengage their brains when reading articles, on totally non-Sony, not-even-Sony-friendly titles. At the very most, if Sony's the one that the technology was licensed from, one could complain that Sony is still providing it. But the folks who decided to USE it, i.e. the Bioshock publishers, are the folks you ought to be mad at.
Re:UAService7 not on my system thank god (Score:3, Informative)
--
Toro
Re:Shame on /. for linking to this (Score:5, Informative)
References:
http://consumerist.com/consumer/punishing--the-on
http://forum.sysinternals.com/forum_posts.asp?TID
Re:raising vs begging the question (Score:3, Informative)
The word "begs" has a definition of "to make a humble or urgent plea." If one is to make a humble or urgent plea for a question, they are begging a question - no matter what other definition people try to claim "begging the question" has.
If I were to claim "going to the store" had a definition relatively unrelated to that combination of words, it might be acceptable to use that definition, but it's absurd to suggest that people should stop using the phrase "going to the store" in relation to running over to the supermarket.
Re:True Story... (Score:5, Informative)
No, it just installs a tool that's specifically intended to subvert an OS security mechanism (non-Admin user accounts). That's not a root kit, but it has a lot of the same security issues.
Re:True Story... (Score:5, Informative)
Given the internets and what they are -- with their tubes and all -- I want to sort of talk about the concerns people have. We take the concerns people have very seriously. There's been some concern like, "What happens if it's three years from now, or ten years from now, when I want to play this game. And, you know, Irrational Games has been hit by a meteor?" We will unset the online activation at some point in the future -- we're not talking about when. If people have concern about that they shouldn't be worried about that. This activation is for the early period of the game when it's really hot and there are people really trying to find ways to play the game without buying it. Of course, there are a lot of people who are legitimately trying to play it. We're not trying to be Draconian, we're trying to find a balance.
Well, perhaps I will buy the game.. After I see this activation thing being disabled...
Re:But why do they need to install spyware/rootkit (Score:5, Informative)
Re:Shame on /. for linking to this (Score:3, Informative)
Just because you don't have access to the SecuROM source code doesn't mean it necessarily contains any exploitable bugs. It just means you can't be sure. It might very well be as safe as passwd and man.
Re:Demos and protection (Score:5, Informative)
Once you get to the point where you can modify the exe, the hard part of the crack is over. Whatever the protection checks, whether it's some data on the CD or a registry key or some more complex signature of your machine, it's just a branch instruction somewhere and can be NOPed out. Finding the branch is easy too, since you can just run the game with and without whatever it checks for, and see where the execution paths diverge.
The (marginally) effective part of a copy protection scheme like SecuROM is use of encryption, compression, and self-modifying code, which make it hard to examine or modify the exe. If you have an unprotected demo exe and a protected retail exe, you can't even compare them until after breaking the protection.
Sure there's the extreme case where the demo and the final version are exactly the same code and differ only in data files, then dropping the whole demo exe into the retail installation would crack it. But as the sibling posters explained, that's rare.
Re:It's not a rootkit... (Score:2, Informative)
As far as not being able to delete stuff without going into the registry, that's not strictly true. The registry contains pointers and configuration information, not executable code. The trick to removing something is that in addition to deleting the physical files, you also want to remove the associated registry stuff. That's because if something is running, it may not be possible to kill the process it runs in or delete the code. If something is configured in the registry, it can start at boot time before the user gets control (including in safe mode). So, malware can protect itself from removal by making the registry key impossible to delete under normal circumstances.
Re:Oh great (Score:1, Informative)
Anyway, if you even bothered to read the first seven words of the summary, you'd notice that Sony owns SecuROM, the copy protection software that Bioshock uses.
Re:Yet another game (Score:0, Informative)
As for data collection, the only data steam collects is the hardware installed and the games you've purchase which I am just fine with them having, I figure that the worst that could happen is that companies realize that not everyone has $1000 graphic cards in their system and the latest quad-core hyper nano zeon processor and therefore stop making games that rely solely on graphics to sell themselves. The same goes for the purcahse information, if it helps them make games that I'm more interested in I'm all for it.
More bad news (Score:3, Informative)
Re:Yet another game (Score:3, Informative)
Clears that problem right up
Re:Yet another game (Score:3, Informative)
Good for you. Since that's the reason that you do it, and your ethics keep you from ever downloading something that you didn't purchase first that must be how everyone does it, and no one downloads a game as an alternative to paying.
Re:Oh great (Score:2, Informative)
Some crackers would take the executables from a DEMO and the content from a game CD and thus would have nothing to crack.
While the protection is anyway removed in less than a week from the game it is released, it is often pushed by the people in distribution chain and by people that finance the development of the game.
It's just too slow down the piracy of the game in the few days the game is released in retail stores, when the hype is at the maximum.
Combined with the online activation I believe it has, it's good enough.
Another inconsistency... (Score:3, Informative)
(from above post...)
A 2K Games forums administrator, "2K Elizabeth," posted this message [2kgames.com] when a brouhaha started erupting:
This is patently false, as pointed out by several users' follow-up posts. One even took a nice screenshot [trickingq3.com] that shows that this is at best a pretty hideous example of an administrator not knowing what the hell she's talking about, at worst another outright lie that attempts to appease people who don't know better and can't actually check the veracity of what's being said.
Re:But why do they need to install spyware/rootkit (Score:1, Informative)
Re:Oh great (Score:4, Informative)
The plumber installs one toilet. The bathroom is now only authorized for use by one person. If anyone other than that one person asks to use the bathroom, it requires reauthorization. If your toilet ever leaks, you can only repair it once, unless you've de-authorized the toilet before the leak started. Otherwise, you're required to purchase a new toilet before using it in that bathroom again.
If you move, the next person to use your house has to pay for authorization to use that toilet.
In the end, it all winds up a steaming pile of crap in one way or another.
"Reasonable" my ass. (Score:4, Informative)
Expecting to be paid for your software is reasonable.
Taking tactics which can actually damage your customers' computers is not.
In fact, copy protection is entirely unnecessary to be paid for your work. Just look at record sales -- people do, in fact, still buy CDs, even though most have no copy protection at all. They even buy DVDs, even though the protection there has been so thoroughly cracked that there are one-click programs to rip a DVD and put it on your video iPod. Plenty of people still subscribe to Cable TV, even though most shows are available within a few hours on BitTorrent.
Oh, and by the way, before you mention it -- a pirated copy is not a lost sale. A pirated copy is not a lost sale. A pirated copy is not a lost sale. Repeat this until you understand it, and then take another look at the statistics -- the RIAA/MPAA are still insanely rich, as are the better artists, musicians, directors, and so on. There is simply not significant evidence, anywhere, that they have lost money due to piracy.
I know it's comforting when you can believe the world is black and white, but it isn't.