BioShock Installs a Rootkit

An anonymous reader writes "Sony (the owner of SecureROM copy protection) is still up to its old tricks. One would think that they would have learned their lesson after the music CD DRM fiasco, which cost them millions. However, they have now started infesting PC gaming with their invasive DRM. Facts have surfaced that show that the recently released PC game BioShock installs a rootkit, which embeds itself into Explorer, as part of its SecureROM copy-protection scheme. Not only that, but just installing the demo infects your system with the rootkit. This begs the question: Since when did demos need copy protection?"

Yet another game

[PhrostyMcByte]

I won't be buying. I was looking forward to this one, too.

Re:Yet another game

[Anonymous Coward]

Me either. And they wonder why people download games, its because they've been stripped of this invasive drm.

It does not

[Anonymous Coward]

The author even admits that he's just trying to get search engine traffic in the comments. It uses SecureROM, which regardless of your feelings on it, is mis-detected by Microsoft's Rootkit detection program. He even says in the main article it's not malware.

Shame on /. for linking to this

[BertieBaggio]

Okay, I was getting myself good and riled up over this piece of news. I was even ready to return the game first thing tomorrow despite it being a lot of fun. Then I did the unthinkable - I RTFA.

Seems this is a big load of nothing. SecureROM installs a service to let those running without admin privileges run the SecureROM stuff. This is kinda bitterweet - yes, SecureROM is bad etc but running as a restricted user is good. This is assuming you trust SecureROM's website which says (from TFA):

SecuROM(TM) will install a Windows(TM) service module called "User Access Service" (UAService) on your system. This is a standard interface commonly used by several other applications as well. It is no spyware or rootkit at all. This module has been developed to enable users without Windows(TM) administrator rights the ability to access all SecuROM(TM) features. Please be assured that this service is installed only for security and convenience purposes. Since it is a standard Windows(TM) service, you can stop and delete this service, like any other Windows(TM) service. If deleted, the access for non-administrator users to SecuROM(TM) protected applications will be affected.

As opposed to TFA which makes it sound something sinister. However, I don't trust GamingBOB due to his own admission:

Using "rootkit" brings the traffic. It's all about the SEO, and is why this article is on top in Google.

I would add my own emphasis, but I don't think it needs it. Someone finds out a service is installed along with a game and demo and calls it a rootkit to gain traffic / links / ad revenue. Slashdot should not link to crap like this. It would be newsworthy if it were true: I think many people here - myself included - would return the game if it had a true rootkit installed along with it. But this...?

I don't see the issue here.

Re:Not QUITE a rootkit

[Anonymous Coward]

This is pure FUD. The twat who wrote it even admits it in the comments:

Using "rootkit" brings the traffic. It's all about the SEO, and is why this article is on top in Google.

Re:But why do they need to install spyware/rootkit

[deftcoder]

No.

It would probably be an unwise business decision to automatically exclude over half of your potential customers at this juncture.

SEO bait

[agendi]

Whether it is a rootkit or not, I'll let others more knowledgeable than me decide that but the comments in the article basically has the author admit that he ties the word rootkit and the game together to get better SEO. Not only is the article light on actual technical detail it declares fire where there may be a hint of smoke for the purpose of driving traffic. I know I must be new here..

Re:Not QUITE a rootkit

[Robotech_Master]

Thing is, that if statement is false. As one of the other commenters put it more eloquently than I, the fellow's just claiming it's a "rootkit" to bring in traffic. There's no evidence it demonstrates any rootkitlike behavior, other than being detected by a detector that also detects rootkits.

Inaccurate.

[Ahnteis]

Although this "protection" scheme is horrible, crappy, the spawn of Satan himself, etc -- I don't believe it qualifies as a rootkit since it is not hidden. It IS resistant to removal, which warrants complaint, but accuracy is important in making such a complaint / discussion.

I *really* wish we could force (through consumer pressure rather than legislation if possible) publishers to acknowledge copy protection on the OUTSIDE of boxes (or other appropriate pre-purchase manner).

It's hard to boycott something that you don't hear about until AFTER purchase. (Especially since it's very difficult to return an opened game.)

Re:This is why fucking capitialism needs to be

[OrangeTide]

Yea because the communists are known for their vibrant game publishing industry.

Vote with your dollar and don't buy this shit!

PC gaming

[ucblockhead]

This is why, after being a PC gamer for 20 years, I recently bought a console.

I got sick and tired of copy protection fucking up my machine, or refusing to run a valid copy because it didn't like my disk. (Medieval Total War and Diablo II being two games in particular that simply would not run on my hardware without a CD crack.)

Having to upgrade hardware every couple years was annoying, but it's all this crap heaped on me, who is trying to pay real money for games that pushed it over the edge. I'm sure I'm not alone. And yes, I know that Console games are protected too...but for console games, it's transparent to the user.

Note that I also paid for "Galactic Civilizations II", which was not protected, and the expansion will be the only PC game I purchase this year.

Re:Yet another game

[nmb3000]

The first time I tried it failed (for obvious reasons - the server should be overloaded as it was 2-3 hours after the release), but after that it worked fine.

Somewhat off-topic, but if this isn't a sign of the times I don't know what is. You shelled out $50-60 of hard-earned money to buy a game immediately after it's released and what's your reward? You sit and wait for hours while the moron publisher's servers get overloaded with "activation" requests. And here in this comment, instead of showing irritation or annoyance, you just accept this as normal (not saying you weren't pissed then of course :)

Funny, I remember when you would buy a game and could take it home and play it right away. Of course technology has progressed since then - now companies can alienate honest customers while adding a few hours to the time it takes to crack the copy protection. Steam is one of the worst things to happen to computer gaming in a long time.

If that's not progress, I don't know what is.

Re:This is why fucking capitialism needs to be

[fred fleenblat]

One word: TETRIS!

Actually, these rootkits are good...

[Crazy Taco]

Good for certain uses anyway. I've participated in Iowa State University's Cyber Defense competitions as a red team hacker, and I've found they really help to take out the defending teams. Every team is required to run a regular Windows desktop that any user can access (the teams often play the part of universities or other facilities trying to secure a public lab), and it's fun to just walk up like a normal user, put in a "normal" music CD or game (courtesy of Sony), and then BOOM, rootkited. From there on, of course, things get easier... it's hard to remove malicious files when the OS won't let you know they are there :D.

Re:raising vs begging the question

[DeeKayWon]

I get tired of people using phrases they don't understand.

Considering that the meaning of "begs the question" that you say is wrong may very well be the more common understanding, I'd say they understand it perfectly well. Common understanding of words and phrases are what define a language.

Honestly, I think people keep using the phrase "begs the question" in their summaries for the express purpose of annoying people like you.

Mod Slashdot -1 Troll

[Azure Khan]

Posting articles like this, which barely qualify as news and are INTENTIONALLY sensationalized, only serve to damage Slashdot's thin journalistic credibility. The author even admits that he injected the "rootkit" description in order to drive site/SEO traffic. I understand that it's a slow news day, but this is pure FUD. There's too much out there to post crap like this without doing legwork. The editor should have at least clarified the article in the summary so that we were aware of the content.

Re:Yet another game

[moo083]

I think your forgetting the time it took to get the game shipped to stores, find a store that has it, and then buy it, and drive home. Thats measured in days, not hours, like steam.

Re:Shame on /. for linking to this

[Anonymous Coward]

Then I heard a roomer

Oh the pain, the pain of it all!

Re:Oh great

[CastrTroy]

I'm not sure of the specifics of how these rootkits work, but if every piece of software we buy starts installing a rootkit, What is the probably they will conflict with each other and make the system less stable, and/or break the system completely? What kind of support or compensation is available once this starts happening. I find it very disturbing that they will install rootkits, or use non-standard CDs that don't work in a lot of CD drives (which used to happen a lot), making a terrible experience for the end users, while the pirates just modify the machine code, so it doesn't do any checks, and use the software without paying.

Re:raising vs begging the question

[Anonymous Coward]

I was wondering why /. had so many annoying people posting spelling, grammar, and dictionary definition nitpicks, like anyone really gives a fuck.

Then I realized that it's actually probably a much smaller percentage of /. than it seems. They just share the same common idea, a "lowest common denominator", quite literally. So when they see others posting their nitpicks they get the brilliant idea to post their own, and /. degenerates from tech discussion to some freakin elementary school class, but more annoying.

Anyway, before I get too carried away with the rant, I'll just say that normal people don't focus on such mundane, trivial things, and there are more normal people on /. than it would seem. They just know when to shut the fuck up and don't bother the grammar and spelling nazis as bad as they bother us.

Re:Yet another game

[silverkniveshotmail.]

Me either. And they wonder why people download games, its because they've been stripped of this invasive drm.

Whoa, slow down there buddy, that's not why people download games. Certainly is a plus though.

Re:I know it really isn't a rootkit, but...

[sqrt(2)]

Devs like to hide things there because they know average users wont be able to easily change or find the information, which is why it's used to store CD keys and in the case of Bioshock, this "rootkit" nonsense. It's all a very windows-centric way of doing things too; having a central repository for virtually EVERY little configuration and customization. After spending some time in the Linux/BSD side the method of using individual config files still seems like the more logical, and technically superior way of handling configurations and settings. When I work with the registry I can't help but feel that things are intentionally obfuscated and muddled to discourage me from messing with anything. There are a few good examples of games that do it right, all the UT games use plaintext config files for the game settings. It still uses the registry for your CD key, but they are much better at keeping everything in the install directory than most other games.

Re:But why do they need to install spyware/rootkit

[Praedon]

The article title on the blog has just changed replacing the word Rootkit to SecuROM. I believe Slashdot has done the internet a great justice today. We just made a blogger correct himself and prevent future FUD.

(Remember, we are not your personal army.)

Punish your customers

[OverflowingBitBucket]

I used to buy a fair few more music CDs until the funny games they started playing to stop me playing my entirely-legitimately-purchased CDs on my PC. It was a gradual thing- I just started getting sick of half of my purchased music CDs not working when I got them home to listen to whilst I worked. Over time I just stopped buying them so often.

I used to buy a fair few more PC games. After some of the nastier games the bigger vendors started playing, I stopped buying larger commercial games and moved on to games made by smaller indies (okay, there were some other reasons to, but that's a discussion for another day). They are far less likely to install crap on your system or make you jump through hoops post-purchase.

Until recently. I purchased a game from a larger indie and then found out I had to "activate" it (after they got my money, of course). They "promise" it'll all be okay, they've got money aside in case they go out of business (which they'll never touch, of course, promise promise). But it's okay because "Windows does it too". I'd name-and-shame them but they did make an effort to make it right when I kicked up. And honestly, I don't want this fight. So let's just say it was a good indie game.

So I'll be buying less and less games over time, I guess.

So where are we now? Here I am, along with other paying customers, doing the right thing- and I get shafted as a result. I can get a better copy with less restrictions by going to the local warez-are-us. That copy won't stop working ten years later when the developer shuts down. It won't phone home and refuse to run. It won't refuse to run without a net connection sending God-knows-what to their activation server.

As a software developer I can completely understand the reason to protect your software from being casually distributed, but dammit- CD driver replacements, rootkits, web trojans, privilege elevation servers, surprise "activation". Why are you subjecting your legitimate customers to this nonsense, when the people ripping you off are just going to get it from someone who has already stripped this stuff out? Don't you realise the logical conclusion of making your product considerably worse that the warez version? Of making every software install a risk of hosing the system?

Not a Sony Game

[CcntMnky]

Why is Sony being blamed again? This isn't published by Sony. It's not on a Sony system. In fact, it's a direct competitor with no indication of cross-platform coming in the future. The article doesn't mention Sony until the comments. Does no one on /. play games?

Excuse me - this IS a bad thing

[unity100]

Be rootkit or not, this thing which is a GAME does install something on your computer without you knowing or consenting to it, and even if it did with your consent, it is NOT being removed when you remove anything related to it.

this is a textbook case of violation. violation of many individual rights that a pc user holds over their pc. and no surprise, its again sony - nobody else.

Troll my ass

[BillGatesLoveChild]

Things aren't a troll just because you disagree with it. If you don't agree, say why.

Read the Moderator Guidelines.

Re:PC gaming

[Lothsahn]

As a sidenote, I just toured the Stardock facility, and those guys/girls are really nice. They're very reasonable and kind people--and I think they're small enough that they haven't jumped on the DRM bandwagon because some higher-ups thought it would get them more sales.

Gal Civ II rocks--it's an awesome game.

Re:But why do they need to install spyware/rootkit

[jahudabudy]

(Remember, we are not your personal army.)

I think you make an important point that is seldom stressed: /. wields quite a bit of power in terms of internet outcry. That's why we see so many troll articles; interested parties know that submitting their spin to /. will give their viewpoint a wide audience. That's why its important that we, as a community, take the time to investigate claims and discuss them based on fact (yeah yeah, I know). If we behaved more responsibly as a community, rather than jumping on every rabid bandwagon that comes our way, I think we would see a marked decrease in the amount of crap press releases being posted as "news for nerds". If people with an ax to grind needed to be sure that posting to /. wouldn't expose their lies, instead of just taking for granted the blog will be a group masturbation fest over FUD that affirms our deepest fears, they would think twice (maybe) before posting the more paranoid delusions that we see here.

It really is our internet; we have no one to blame for what it is other than ourselves.

Re:Maybe Sony is doing this on purpose?

[sanosuke76]

Eh, I think a better thing to contemplate would be, what involvement or say would Sony have, at all, in the DRM used on this title?

It's not their title, it's not even coming to their platform. The only way the publisher would end up with Sony DRM on this title (which Sony definitely doesn't have a stake in), is if the PUBLISHER sought it out.

In short, if folks are looking for an angle where Sony somehow masterminded this, I think they're going to be quite disappointed IF they think about it logically. On the other hand, if their thought process goes: "Rootkit=SONY!", then I think they're a bit too dense for logical thought in the first place.

Re:raising vs begging the question

[sqrt(2)]

I used to do all those thing, yes. People actually get more annoyed at me when I try and correct them though, so I find I can do my job better if I just smile and nod :)

Most of them are beyond help anyway. I'd also say that those are examples where one would be justified in correcting improper use. I see no problem using begs the question to mean raises the question, it's perfectly acceptable English. Use circular logic or reasoning to refer to the logical fallacy, because these days no one is going to know what you're talking about, or care. And don't bring the law into this, that's another can of worms entirely. Legal jargon is intentionally difficult with numerous minefields to navigate, you'll probably need a lawyer to make sen...oh damn, they're good.

Re:Oh great

[sanosuke76]

If you read many gaming sites, you'll see that the Wii/360 fanboys tend to bash anything Sony, whether it's PS3 related or not. Joystiq is particularly well infested with 'em.

That's not to say that Sony doesn't have fanboys, but that Sony has a lot of anti-fanboys amongst the Wii and 360 folks. I personally am an admitted MS anti-fanboy, although it has to do with grudges dating back to Windows 3.1 vs the Amiga, and hasn't been added to much by the X360. :)

Personally, I do prefer the PS3, but don't object to folks preferring the 360 or even bashing the PS3's legitimate issues (i.e. overpricing, etc). I simply take annoyance with folks who bash the PS3 simply because they're anti-Sony in general (you'll find that a lot on Joystiq).

Re:Yet another game

[spearway]

Actually yes it is. I have a library of well over 100 games all legaly purchased out of which less than 20% still run on my current hardware mostly becuase of silly DRMs. Yes now I download and I have downloaded games I have purchased that run on currnet systems when my "legal" copy does not.

Re:Yet another game

[Walpurgiss]

SecuROM behaved this way well before sony acquired it. It also tends to dislike users using daemontools, poweriso, alcohol... anything that allows you to mount cd images in virtual drives, or is able to emulate subchannel data, SecuROM, etc. Lots of games' boxes have a message to that effect: like this software contains copy protection that is incompatible with certain hardware and/or software. Splinter Cell for example. And that's why they invented gamecopyworld, nocd .exes, fixed isos, and the like.

Re:Oh great

[Anonymous Coward]

Jesus H. Christ, you are a fuckwit.

Re:But why do they need to install spyware/rootkit

[Anonymous Coward]

> It's SUPPOSEDLY, if you listen to the party line, to prevent "hackers" from using the demo executable to figure out how to bypass the protection on the retail.

It's more like if the demo is the same exe, and you don't put the copy protection on it, you've just provided a "no cd fixed exe" patch to anyone who wants it.

(my captcha is "goatees". you probably already know what i thought it was on the first read)

Re:Shame on /. for linking to this

[Cee]

Whether or not this is a rootkit, the fact that the game won't run unless a user completely disables or uninstalls legitimate utilities such as antivirus programs or process monitors is enough to make a security conscious user worry.

True, I'm surprised no one has really mentioned it here, but my biggest issue is that Bioshock refuses to start if it detects Process Explorer running. And since Process Explorer starts its own device driver (or whatever it is) upon first start which isn't later unloaded, I have to reboot Windows every time I want to play Bioshock.

That is a showstopper right there for me. I'm never buying any game Securom protected game again. This was the first and last time I did that mistake.

Re:Oh great

[heinousjay]

Seems reasonable, really. Otherwise people who feel all entitled will start distributing the game on their own. All 2k wants to do is slow that down long enough to make a few bucks. I support them in this endeavor, although I realize I'm nearly alone on this site in believing people should be paid for making software.

Re:Oh great

[BorgDrone]

although I realize I'm nearly alone on this site in believing people should be paid for making software.

I agree that programmers should be paid for making software, just like musicians should be paid for making music.

But only for making the software/music, not for the copies. So if an artist/programmer spends 100 hours making a song or programming an application, he/she should get paid for the 100 hours they spent, according to their hourly rate. Why do people think it's fair to get paid for work they actually haven't done ?

If you have a plumber install a toilet in your house, you don't have to pay a license fee for every person who wants to take a shit on it, you just pay him for the amount of time he's spent installing it. I don't see how music or software is any different.

This sucks bad, and I won't be buying it now

[KingSkippus]

First of all, your link to the forums goes to a thread about achievement points on the Xbox version of the game. This thread [2kgames.com] is much more relevant; it's about the rootkit.

Second of all, I, like many other people, was looking forward to Bioshock's release. I, like I hope many other people will do, refuse to buy it now.

Whether people thing of this as FUD or not, the simple matter of the fact is that:

• Bioshock installs software that allows the administrative privilege system of your computer to be subverted. They claim that it's a benefit and they have only good intentions. Maybe, but we all know what the road to hell is paved with. Just because 2K doesn't use their installed software for evil purposes doesn't mean that another hacker's software can't use it to take over a system using privileges that it shouldn't have. When Sony's rootkit distributed on CDs got out into the wild, it didn't take long for other more dangerous software to take advantage of the security hole it created.
• The aforementioned software hides itself from detection and cannot be removed via normal means. This is a massive breach of trust for a software company to a user.

2K Games has A FAQ about SecuROM [2kgames.com] that is, at best, contradictory in several places. They say:

A "rootkit" can be described as software or a set of software tools intended to conceal running processes, files or system data from the operating system and which can open ports to allow remote access to the system...

SecuROM DOES NOT USE any root kit technology in its implementation. [Their emphasis, not mine.]

However, Sysinternals' RootkitRevealer software [photobucket.com] begs to differ. Who am I going to trust, a game company that is practicing Defective by Design [wikipedia.org] tactics, or Mark Russinovich [wikipedia.org], a software engineer who's proven time and again that he is the guru of this stuff, the guy who discovered the infamous Sony rootkit, the guy who knew Windows better than even the Windows people knew Windows, so well that Microsoft bought his company and hired him? I'll gladly cast my lot with Mark any day, even if he does work for Microsoft now.

2K Games also says in its FAQ:

SecuROM does not fingerprint the hardware [of the computer running Bioshock].

They then go on to say:

The only data collected is the serial being used for activation, the IP address used for activation, an identifier for the software being activated, and the hash of the machine ID...

You won't have to reactivate unless you change several pieces of hardware and this will count as one of your 5 allowed computers, if reactivation is required.

Um... If SecuROM doesn't fingerprint my hardware, what is the "machine ID" that a hash is taken of and sent to their servers? And how the hell is it possible that changing several pieces of hardware might result in a required reactivation? The simple answer is, of course, that SecuROM does fingerprint your hardware, and 2K Games lied to our faces in the hopes that computer users who aren't as savvy as us won't get bogged down with the technical details and just read the part where they say that it doesn't fingerprint the hardware.

This is totally inexcusable, and I won't have anything to do with this company. Will the game be cool? Maybe, but nothing is cool enough to install this crap on my computer for. As far as I'm concerned, 2K Games has destroyed its credibility, and they can go to hell for it.

If I steal your credit card numbers...

[KingSkippus]

How the HELL did this get modded informative!!?

The summary never says that Bioshock is a Sony game. In fact, Bioshock isn't even mentioned until well into the summary, and it's clear that they licensed the software from Sony. The summary makes it crystal clear that Sony is the owner of SecuROM copy protection, the copy protection that Bioshock installs.

If Sony came up with the technology, and then the other guys decided to license it and use it, does this mean Sony had much to do with it? Nope.

Are you on drugs? I mean, seriously, are you on drugs!? That's the only way I can think of to explain how stupid that sentence is. If Sony came up with the technology, and then the other guys decided to license it and use it, does this mean Sony had much to do with it? Hell yes, because they wrote it!!! Plus, there's also the little fact that they've done this exact same thing before that you're totally ignoring. Once is a lapse in judgement. Twice is a pattern. I wasn't what you call and anti-Sony-fanboy before all of this rootkit fiasco, but I sure as hell am now. If not wanting rootkits installed on my computer makes me a anti-Sony-fanboy, then I suppose I'm proud to call myself one, and for the mere sake of computer security, I highly recommend to everyone I know that they immediately become anti-Sony-fanboys too.

If I steal your credit card numbers, and then other guys decided to buy them and use them, does this mean that I had much to do with it?

Damn, there's dense, and then there's dense. You, sir, are the latter kind. By all means, feel free to riddle your computer with rootkits for the sake of playing a stupid game, and be happy that at least you know that you're selling your soul to the devil, unlike most of the non-computer-savvy users who will probably buy and play this game that are none the wiser.

Re:It does not

[NickFortune]

The author even admits that he's just trying to get search engine traffic in the comments.

At the time of writing, there's only one comment from the author that mentions "search engines". So I assume your are refering to this paragraph:

I installed RootkitRevealer, and discovered it on my computer after installing the demo. I then found a fix to remove it on the 2K forums. In order for others to learn about this I used the word "rootkit", because it is what would naturally be typed in to search engines.

Now you may disagree, but that doesn't sound to me as if he means "I'm deliberately sensationalising the issue because I want to pimp my blog on Google". It sounds more like "I'm using the term 'rootkit' so that anyone who is searching for rootkit related stories can find this one", which seems reasonable enough to me. After all, as he pointed out in the previous paragraph, the issue was flagged by the Microsoft Rootkit Revealer, so it's not an entirely unreasonable use of the term.

He goes on to say:

The point of the article is to let people know that the SecuROM service was installed with the demo,and I have provided a way to remove it. This is a benefit for anyone who searches for "bioshock rootkit" or "SecuROM rootkit". I am not using it just for "traffic and ad revenue".

Now, I appreciate that you didn't say that he did use the term to boost "traffic and ad revenue", but I'm guessing that a lot of people will have read it like that. So I thought it worth pointing out that the comment in question explicitly states the opposite.

Re:Oh great

[TrancePhreak]

If a plumber installs a toilet, you get one toilet. If you buy a copy of Bioshock, you get one copy of Bioshock. Only one person can use the toilet at a time, much the same with the copy of Bioshock.

Re:If I steal your credit card numbers...

[ghostcorps]

I'm sorry, but your point, as full-of-bluster as it was, is moot. Sony owns the product, Sony sells the product. Thats the entire breadth, width and depth of their involvement in this issue as far as we know.

Just because they were dumb enough to do it in the first place, and compound the issue by selling it, does not automatically make them responsible for every vendor who decides to buy it.

You think there was any kind of board meeting when they sold the license? You think an exec even knew about it? no... A rep called another rep, and the deal was done. No, men in black suits. No, conspiracy, just a dumb move.

You still don't get it.

[KingSkippus]

You're not buying a THING, you're buying a SERVICE, with all the benefits and limitations you're pointing out.

Not exactly, you're buying a LICENSE to play their game. SecuROM is NOT required to play their game, therefore it is NOT a requirement of the license. As such, it has no place in the game.

Worse, SecuROM actually PREVENTS you from using your computer in other commonly used, non-infringing ways. So by buying the game, you're actually buying the crippling of your system along with it.

But, then, I have a separate Windows partition used for ONLY GAMES, and I'm not worried about much that might be required to facilitate this.

You need to read again what SecuROM does. Where you have it installed is irrelevant. It actually alters your operating system in a manner that allows non-privileged applications to run as an administrative user. That means that at the very least, it can affect your entire Windows installation. And before you go with your "I've used Linux..." rationale, you should realize that it can also affect your Linux installation.

Here's how it could work. I write a piece of software that uses the elevated privileges that SecuROM grants to normal users without your knowledge or consent that goes in and wipes all non-recognized partitions on your hard drive. Voila, your system has been compromised because playing a stupid game whose publishers willingly opened up a security hole on your system. That's what I mean when I keep saying that even if 2K Games didn't have evil intentions, what they're unleashing on people can most certainly be used for evil purposes.

The thought that you are paying them for the privilege of having a rootkit installed on your computer and that you're okay with it quite disconcerting to me, but by all means, if the service of having your system compromised is worth $50 to you, go ahead. (There are lots of people who would willingly compromise your system for free, incidentally.) Personally, I find it disgusting that anyone can't see the bigger picture and would support a company that engages in these practices, but it's your computer and your money.

Oh great-Intangible clues.

[Anonymous Coward]

"But only for making the software/music, not for the copies. So if an artist/programmer spends 100 hours making a song or programming an application, he/she should get paid for the 100 hours they spent, according to their hourly rate."

Typical slashdot. First most games are produced by teams, not individuals. Second you may want to look up "Mass Production" and "Economics of scale". Apparently those are your weak areas.

"Why do people think it's fair to get paid for work they actually haven't done ?"

It's amazing how many "haven't done"'s one can download over a broadband connection.

"I don't see how music or software is any different."

This is slashdot. Anything "intangible" is hard to understand.

Re:Oh great-Intangible clues.

[BorgDrone]

Typical slashdot. First most games are produced by teams, not individuals.

Houses are build by teams, should I pay a license fee for every person who visits my house ? No, you pay the guys who build your house according to their hourly rate, doesn't really matter if it's one guy or tens or hundreds.

Second you may want to look up "Mass Production" and "Economics of scale". Apparently those are your weak areas.

No, they aren't.

So, if a game sells 2 million copies, do I pay half as much as when the game sells 1 million copies ?

Re:Oh great-Intangible clues.

[Treffster]

The problem with your logic is it totally ignores risk, reward, and performance. If you make a piece of rubbish "game" (like daikatana) according to you the team should make about the same amount of money as a group who make the truly transcendent Bioshock. And this isn't about the programmers anyway, its about the companies who finance them. A company can spend 20 million dollars to buy a bunch of programmers from India to make them a game according to a piece of paper you wrote. And another group can spend 100-200 million dollars to hire a team of experienced managers and coders and content developers to work together and make something worth actually buying. The risk of course, is that you wont make your money back and so make a loss. This is not a simple "make a house according to a plan". Thats totally naive. Any code monkey can make boilerplate code. This is about investing money and time and resources to create a product that sells a number of units to make the money back. All games are not equal, and do not cost the same to make. And finally, lets not even get into the differences between software and physical devices. Both take the same amount of time to create, but one needs to be sold per unit, while the other can be reused without limit. If we reach a point where that difference becomes the defining feature, nobody will bother making software -> they'll just start selling hardware that incidentally happens to play a single game. Look up dongles on wikipedia if you want to know what that future looks like.

Re:You still don't get it.

[Dunkirk]

The thought that you are paying them for the privilege of having a rootkit installed on your computer and that you're okay with it quite disconcerting to me, but by all means, if the service of having your system compromised is worth $50 to you, go ahead. (There are lots of people who would willingly compromise your system for free, incidentally.) Personally, I find it disgusting that anyone can't see the bigger picture and would support a company that engages in these practices, but it's your computer and your money.

As others have pointed out, this particular piece of software is NOT a rootkit. I changed my tax preparation software because of issues LIKE this before, but my option here is play the game, or don't. I appreciate that someone who is vehemently against these practices is at least allowing me that it's my decision. I've chosen to do it; doesn't mean everyone has to. If we found that the software did, or even COULD, wipe out other partitions, I would avoid it. Like anything else in computer security, it's a constant balancing act. I find it acceptable in this case, but only just so.

In this particular example, I actually think this is a GOOD thing. I have another computer in the house for my kids, and there is one game on it that requires administrative permissions to run. I trust that it's just poorly written, and is not doing anything "bad" to the computer, so I enter those credentials when the kids want to play it. With Windows' architecture the way it is (needing elevated privileges to do basic things), I welcome this SORT of software to alleviate this problem. BELIEVE ME: I understand the tradeoffs. Again, it's a balancing act, and up to individuals to weigh their exposure to the benefits.

My original thoughts on weighing in here was just for people to keep in mind that this TOTAL situation is all part of the "negotiation" of either buying the thing or NOT buying the thing. If you agree to it, great, enjoy yourself. If you don't, then shut up and move on. Stop acting like this is some sort of crime against humanity to offer a certain thing at a certain price. That's the offer; take it or leave it. Just like anything else.

Re:But why do they need to install spyware/rootkit

[Anonymous Coward]

Ummm... not FUD. The article(blog post) is spot on. SecuROM is a rootkit by definition [wikipedia.org], as are most other copy protection and DRM utilities. I wouldn't call it malware, trojan, or anything else along those lines, but it is a rootkit. It's a piece of software being installed without your knowledge, whose sole purpose is to gain admin priveledges to your system. Yep, classic rootkit. Not sure why this one is so much more evil than all the other rootkits, that you get bundled with games these days. Maybe it's because it's made by Sony.

Re:Oh great

[InvalidError]

BioShock's SecuROM server is down = you cannot re-install and use the copy you bought.
Re-install Windows because of HD crash or OS corruption = your BioShock's SecuROM install count goes up and you eventually lose the ability to install.
WGA servers are down = Vista downgrades to non-genuine mode should you be unlucky enough that it phoned home during an outage.
The company goes out of business = you're fu**ed.

Fair compensation for work is... fair. But the restrictions they impose on legit customers and the risk of legit customers being hung out to dry should the company go bankrupt or experience technical difficulties is unacceptable.