BioShock Installs a Rootkit

An anonymous reader writes "Sony (the owner of SecureROM copy protection) is still up to its old tricks. One would think that they would have learned their lesson after the music CD DRM fiasco, which cost them millions. However, they have now started infesting PC gaming with their invasive DRM. Facts have surfaced that show that the recently released PC game BioShock installs a rootkit, which embeds itself into Explorer, as part of its SecureROM copy-protection scheme. Not only that, but just installing the demo infects your system with the rootkit. This begs the question: Since when did demos need copy protection?"

Re:Yet another game

[arth1]

I was about to buy it through Steam. I only waited because I had next to no disk space left on the partition that the Steam games are on, and Steam is too brain dead to let you use more than one partition. I was going to delete some other game and then download Steam, but now I think I'll wait. Especially since judging by Steam's web site, even the non-CD downloadable version comes with Securom (why??).

Re:Not QUITE a rootkit

[MikeBabcock]

Articles like this should have their link removed from the Slashdot summary to punish the author.

Re:Yet another game

[stg]

I wouldn't be okay with it, except for the detail that 30 seconds after my first attempt on activation I ran it again and it went through fine.

I was really ready to get angry (I had pre-loaded days before and it had the gall to make me wait another 2 hours since download speeds were awful - but that isn't activation related, AFAIK), but it's hard to make much of an issue of a 30 seconds delay.

Also, I live in Brazil. Sometimes games would take months, sometimes years and on occasion, they would never be available here in a legal form. Buying from the USA is of course possible, but even then it would something like US$20+80% customs taxes. And sometimes it would be translated (poorly) - argh! Prices are about the same as the US, sometimes a bit higher, sometimes a bit lower.

So I consider being able to download major releases (instead of just indie games) and play at the same time as anyone else major progress.

Steam could improve their download client a lot, though. I get 460K/s routinely on Getright with multiple connections, but sub-100K/s is the norm on Steam.

Maybe Sony is doing this on purpose?

[seebs]

So, what are the chances that this is Sony's way of trying to harm the success of a game that is, after all, a big deal on the Xbox 360, and not coming out for the PS3?

Re:raising vs begging the question

[Anonymous Coward]

The problem is it's wrong to anyone with an education in formal logic.

You'd correct someone if they called their computer case and all it encloses the CPU, right?
You'd correct someone if they mixed up ram, memory, bandwidth, and latency, right?
You'd correct someone if they mixed up mean, median, average, and stupidity, right?

It's up to the people who know better to correct the people who don't. You know what you'd get if you started throwing around legal jargon you didn't understand in front of a lawyer or judge? You'd get corrected, fast.

Re:Yet another game

[ludomancer]

It's ironic to me that you are comfortable using Steam, which opens much of your PC to the Valve network (sharing information about your computer, sends marketting statistics, etc), but don't want secureROM installed on your PC.

In my opinion, Steam is far worse than any regular DRM, because instead of simply installing software that checks and validates your game, you're allowing a company access via network to your game where they can outright regulate whatever you do with it.

I never installed Steam for that reason. It freaks me out. I don't want anyone on my machine other than myself, and I don't feel companies have a right to regulation on that level.
Even though this Bioshock thing turns out not to be a true Rootkit, it's a game I was going to buy, but now that I see they install this additional mess, I will be passing it up.

I will be happy if a piracy group supplies with me a DRM free version. But I truly LIKE to give my money to teams that deserve it, and I feel the inclusion of secureROM in this game may be robbing a very deserving team of it's sales.

In the end, if the publisher feels they need to install anything that is not necessary to the game itself, they will not get my money.

Re:Not a rootkit

[Dachannien]

The undeletable files under the Application Data tree may be protected by the cmdlineext.dll shell extension that is also installed with SecuROM (and gets a lot less fanfare than uaservice7.exe does). In earlier versions of SecuROM, one of the functions of this extension was to prevent you from deleting 16-bit executables (you'd get a sharing violation error if you tried). I've heard that the latest version of SecuROM doesn't do that anymore, but it may have other similar properties or may have its scope narrowed a bit to the so-called sacred files you mentioned.

Note that cmdlineext.dll (and other versions cmdlineext02.dll, cmdlineext03.dll) can be a bit tricky to remove. Since it's registered as a shell extension, and Explorer is invoked during startup, the file will always be in use unless you unregister it:

regsvr32 /u cmdlineext.dll

After rebooting, you can then (hopefully) delete the file. Note, however, that the file will be recreated and re-registered the next time you run a SecuROM game, so you have to take some extreme measures if you want to ensure that the file can't come back. I've tried creating a zero-length file and setting the permissions to Deny for all users, as well as setting the file read-only, and that seems to do it for at least some versions of SecuROM.

This functionality is at least as nefarious as the more commonly reported portion of SecuROM, which is indeed a service in the current version and can be stopped like other services.

Anyway, as for the larger question, I didn't buy Civ IV because of SecuROM, and I'm not buying BioShock because of it, either. If 2K decides to capitulate on this issue at some point, I'll reconsider. In any case, it'll give Irrational time to work on a patch for some other issues that have come up.

Re:It does not

[Jarjarthejedi]

I'm not sure what point you're trying to make, as you seem to post a picture in favor of the 'it's a rootkit' argument and then a link to their faq that says it's not.

Regardless I'm a lot less inclined to trust the company over a rootkit detection kit to be frank. I would definitely not put it past them to install a rootkit then try to pass it off as 'just a registry folder and some keys'.

Boy am I glad I was too lazy to install the demo back when I downloaded it. I really hate these 'Don't mind us, we'll be over here gaining access to every part of your computer while you play the game you bought from us, purely for security' type things. Why should the company get to know anything about my computer without my permission? Even their statement that they generate a unique ID for my computer is far more than I think they should be able to do. Obviously that unique ID relies on some information about the computer. When did we start saying 'eh' to companies taking information about our computers without permission? Doesn't that fall under some right, the right to not have people searching your personal property whenever they want (not the amendment, I know that's government only). It's really absurd that this is even considered a reasonable practice, I wonder how they would react to me wandering in to their building and putting some 'not a rootkit, just a couple of folders in the registry' on their servers since it contains information about my personal property...seems like it would be only fair, you gather info about me/my property without my permission, I get to put trackers on that info, and your hardware by extension, so I can make sure you don't pass it around...

Re:Oh great

[phoenixwade]

I am still laughing at how easily the anti-Sony-fanboy types disengage their brains when reading articles, on totally non-Sony, not-even-Sony-friendly titles. At the very most, if Sony's the one that the technology was licensed from, one could complain that Sony is still providing it. But the folks who decided to USE it, i.e. the Bioshock publishers, are the folks you ought to be mad at.

At the risk of being modded -1 ultradense. I know about Mac Fanbois, Microsoft Fanbois, Linux Fanbois, and the rest that are commonly heard from hear on /., but Sony and Anti-Sony fanbois are a new one for me...., I had no idea there was an anti-Sony fanboi culture.....

Re:Yes it is. RootkitRevealer says so

[g051051]

Rootkit Revealer merely reports that there's a suspicious registry key, and it marks it suspicious because it's got an embedded null that makes it difficult to delete manually without special tools. The key itself is not hidden or disguised in any way, and the software in question doesn't exhibit other rootkit behaviors (no "backdoor", no attempt to disguise or hide presence, etc.)

More Criminal Behavior by Corporations

[Jane Q. Public]

It should be a prosecutable, felony crime for any product to install ANY admin-level software on my computer without my prior permission!

Period!

No DRM for me.

[lanner]

I was looking forward to buying this game, but then I heard about the DRM.

I looked to see if Steam had a version that wasn't infected, but it was too.

I'll pass on this game. There are others.

Re:Oh great

[Andrzej Sawicki]

I'm saying it's the publisher's fault.

And right you are. There were rumors that Take 2 was considering using StarForce in Civ4. After a public outcry in the fan forums, they didn't (people were openly saying they would just not buy Civ with StarForce, and I mean hardcore fans). Since Bioshock didn't have a large fan base before release, guess what happened...

Re:Yet another game

[Headcase88]

Not to mention that you'll have to download that movie to avoid the inconvenient FBI Warnings / anti-downloading PSAs.

In the PS1's case (and probably newer consoles), anti-piracy technology made new games not work on chipped consoles. Oh, unless they were burned.

Maybe these companies should give up on anti-piracy. It seems that most people are decent enough to pay for something that's worth the price of admission. I can't imagine that all of these measures have made enough money from would-be pirates to justify money lost from would-be consumers turned off by DRM, etc. Not to mention the money they had to spend to set up all that shit. I mean, correct me if I'm wrong, but it seems that they'd make more money and have a better brand image from simply chilling out and trying to sell worthy products.

Re:Oh great

[arkhan_jg]

The frustrating thing is, this rootkit worry isn't the biggest problem (it's a bit of a stretch). It's that when the game shipped, you only got 2 activations. Yes, you could only install it twice. Ever. Using another user account or install of windows requires another activation. Wipe windows, and try to install a third time? Activation denied. They then proceeded to flat out lie and say uninstalling the game from windows before formatting would give you an activation 'credit' back. It didn't, and according to SecuROM never could.

The outrage over this on the 2K forums [2kgames.com] made them raise the limit to 5 installs on a given copy of windows, and up to 5 installs on different machines. Ever. Problem solved, right? I mean, who ever installs software they buy more than 5 times, right? Must be pirates. They want to carry on playing in a couple of years, they can go buy a new copy.

Oh, and they'll release a utility at some point in the future that when run, will supposedly uninstall the game and 'deregister' your install with the online securom database, thus giving you the privilege of reinstalling your own game on your own computer one more time. Just hope windows doesn't go belly up before you get to unregister. And I can't wait for the day all games do this, and I have to run round manually deregistering all of them prior to a reinstall with different tools. Then calling support when it doesn't work and won't let me reinstall.

Re:Yet another game

[dr_d_19]

Steam and Valve (and now 2kgames) thrive on the fact that most of their customers are 14 years old and really don't care. They'll spam the forums at every game release saying that "steam SUCKS!!!" when they can't activate their games for two days but then they'll start playing the their usual concentration rush sets in and they will forget about it.

When BioShock couldn't activate I used TCPView and nmap to figure out why it couldn't activate (because the "failed to contact key server" game instantly). Turns out the port on the IP it was trying to contact wasn't even open. The usual windows services including SMB was tho'.

Disapointed - Not Buying - Passing the Word

[BrendaEM]

Every video game I have I bought legally. In fact every piece of software I own, I own legally. Does the uninstaller uninstall the DRM cleanly or not? Why wasn't there a DRM rootkit or protected registry warning given?

That's like begging to be cracked

[Opportunist]

Let's be blunt here. There is software I do not want on my PC. Rootkits for example. And I have no problem with my conscience to remove rootkits that come tagging along with programs I want to use. I licensed the software, I am allowed to use it, I do not want you to bug my computer, reduce its stability or its security. You don't care about my needs, I don't care about yours. Fair deal.

I just wonder how many people will still take the, for the functionality unnecessary, burden of actually licensing the software, though.