Ubisoft Uplay DRM Found To Include a Rootkit

An anonymous reader writes "It has been discovered that the Uplay system Ubisoft uses to both check a game is legal and offer up gaming achievements, multiplayer, and additional content, actually contains a rootkit. The discovery was made by Tavis Ormandy, an information security engineer at Google, when he installed Assassin's Creed: Revelations on his laptop. He noticed that during the installation Uplay installed a browser plug-in that allows any website to gain access to your machine through a backdoor and take control of it.The plug-in can be classed as a rootkit because it is thought to allow continued privileged access to a machine without a user's consent."
Update: Ubisoft has released a statement saying it has issued a forced patch to correct the flaw in the browser plug-in for the Uplay PC application.

Not really surprising.

[Black LED]

It's reasons like this that I refuse to buy anything from Ubisoft.

Is anyone actually surprised?

[h4rr4r]

Who is actually surprised?

This is the one thing that has me worried about Steam on linux. Using it in wine I can be fairly sure I have it limited to one user account and no real ability to mess with the machine, but when it installs natively who knows.

Re:under the DMCA any antivirus software can get s

[MarioMax]

under the DMCA any antivirus software companies can get sued for remove or even marking this.

On the other hand, Ubisoft is probably guilty of violating Federal wiretap laws.

Re:Enough with giving Windows a pass

[h4rr4r]

This is software installed by the user on purpose, it is no flaw in windows that allowed it in. You could write software to do the same thing on any number of OSes.

I am no windows fan, but you can't blame them for this.

Torchs and Pitchforks are authorized

[Anonymous Coward]

Any time a rootkit is found the perpetrators should be (metaphorically) strung up.

It's hard to find a car analogy for this, but I can try: it's like a car dealer keeping a copy of your key for personal use. It's just unacceptable and so far outside of proper ethics that even the corporate sycophants should find it troubling.

Re:Not really surprising.

[afidel]

Yep, I own every HoMM game except VI due to the retarded DRM. I wish Steam had a filter button to remove anything with third party DRM so I wouldn't have to get my hopes up just to end up not buying a title due to publisher stupidity.

No wonder game sales are slumping...

[dryriver]

Game sales are seriously down in 2012 compared to previous years. I am willing to bet that at least partially, this is because of the Steam/Origin/UPlay DRM garbage game publishers force you to install. ------- The game industry needs to take a long, hard look at the way it treats paying customers. Instead of the "we force xyz conditions on you" mantra practiced today, the industry needs to switch to "the buyer is always right". This means that the industry will need to listen to what game buyers want, and no longer IMPOSE completely unnecessary and counterproductive terms & conditions on the paying gamer. -------- This will probably never happen... The industry is run by money-oriented suits & beancounters who don't really care about making good games. But it would definitely have been nice to see, even if for just one day, the industry actually listening to what its customers want. --------- Maybe Kickstarter.com can help fix this mess. The 24 game projects that have been funded with Kickstarter will all be delivered sometime in 2013. And then we will see if the "Crowdfunded Games" can serve as a replacement for buying games from the big Multi-Billion Dollar game publishers. ------

Re:Enough with giving Windows a pass

[Impy the Impiuos Imp]

You think a backdoor couldn't be installed on Linux? The person voluntarily ran an installer executable. The sky is the limit when you do that. Heck, it came from a big company as official product, giving the social engineering aspect a boost -- people just clicked approve approve approve on all Windows' carefully-engineered install blockers.

Which, IIRC, don't even exist on Linux. Or maybe you're a Mac fan. Guess what? See above re: running an executable from a trusted source.

Re:under the DMCA any antivirus software can get s

[Anonymous Coward]

You can't always waive your rights, even if you agree to it.

Re:All DRM is rootkit

[Anonymous Coward]

IMHO ANY software that allows someone to delete/alter/lock up something on my machine without my permission is essentially a rootkit.

DRM does not allow someone to "delete/alter" anything. It only "locks up" in the crypto sense, as DRM is basically crypto code. I dislike DRM, but will defend a software company's right to encrypt their software, and even allow them to require an Internet connection to "unlock/decrypt" that software so that it can be used. This is their choice, and in that respect, "buyer beware". Vote with your cash.

OTOH, installing a rootkit which allows possible unauthorised access to my machine, by the company or any other 3rd party without specific permission for each and every access??? They deserve to be fined out of existence by every legal system on the planet.

Re:Is anyone actually surprised?

[NalosLayor]

"Cheating"...it's the "terrorism" of the gaming world.

And they wonder...

[mycroft16]

And they wonder why there is piracy of video games. Seems quite obvious to me. "Buy game and get a rootkit installed on my machine, compromising my system's security or get the game from pirates without that."

Re:All DRM is rootkit

[Dog-Cow]

A rootkit is software that allows root access without (further) exploiting the OS/software on the machine. The software itself may do nothing at all beyond that, and it's still a rootkit.

Conversely, software which reformats your harddrive is not a rootkit if it doesn't grant root access. Even if it itself is running as root!

So, your definition is crap. You've basically made up your own just so you can hate on DRM. It's stupid because DRM is crap even without this misguided rationalization.

Re:under the DMCA any antivirus software can get s

[Anonymous Coward]

So? Ubisoft is a corporation, its not like anything bad is actually going to happen to them.

Re:under the DMCA any antivirus software can get s

[Sancho]

But sometimes actions are illegal only if they are non-consensual. Agreeing to a EULA might be considered consent.

Re:Not really surprising.

[localman57]

happily playing Diablo 3 after I told them how much of a bitch the DRM is to the market place

That's the problem in a nutshell. If they're happy, either we aren't doing a good job making our point, or it really doesn't matter to them. Only one of two things will happen to make them change their minds. We have to make a case that they will be happier without DRM (in a way that is compelling enough that they will choose to be less happy in the short term to achieve it--By not playing Diablo, etc), or they have to get burned bad enough that the product itself makes them unhappy.

The problem, as I see it, is that most people just don't care, as long as it works. Most people aren't game historians, who worry about whether the authentication servers will still be there in 10 years. And for the small percentage of the people who actively fight against corporate interests, things like DRM take a backseat (and probably rightfully so) behind getting fucked by the banks, fucked by your health care provider, poisoned by local industries, etc.

If there is a technical issue that's on the public's front burner, it's Net Neutrality. And I'm ok with that. I can walk away from Ubisoft. But it's much harder to just say I'll do without the Internet.

Re:Enough with giving Windows a pass

[SharpFang]

Wait, not really.

You install a computer game
The game claims to install counterfeiting and cheat protection
What you also get in the bundle without consenting is a backdoor/rootkit

This is the very definition of a trojan.

Re:under the DMCA any antivirus software can get s

[jones_supa]

Exactly. When a individual screws up, he loses his summer cabin, children, dog and job. But when a company does so, everything continues pretty much the same...it shouldn't be like that. Companies should be tools for us, not the other way around.

Re:Not really surprising.

[Anonymous Coward]

You'd like Steam - a DRM system - to help you buy only DRMed games that don't use a competing DRM system?

People really have drunk the Steam kool-aid, haven't they?

Re:No wonder game sales are slumping...

[ilsaloving]

Because of Steam, I have actually bought MORE games than I ever had in my entire life up to that point. And that's, IMO, it actually gives me value:
a) amazing deals on games, allowing me to buy top titles for $15 as long as I'm patient enough to wait for the sale
b) saved games are backed up, so when I need to delete a game, I know that I can reinstall in the future and continue from where I left off
c) I can load the game onto an entirely *different* machine and continue from where I left off
d) My primary machine is a mac, but when I buy a game on steam I get the mac AND windows version. While I have not actually tried to yet, I *think* the save games are supposed to move between platforms as well. I could be wrong about that though.
e) Steam/Valve has done a LOT to improve the gaming scene on Mac, and now they are trying to do the same for Linux.

The only real downside is that I can't sell my games second-hand to someone else. But considering that I've never really done that anyway, it's a moot point.

So yeah, Steam may have the properties of a DRM system, but I am willing to live with it because I consider the benefits to dramatically outweigh the negatives.

Meanwhile Blizzard and Ubisoft provide nothing of the sort, and can go DIAF for all I care.

Re:uPlay just updated

[ledow]

The problem is that people see things as fixed/not fixed.

Let's assume the problem is "fixed". What sort of development, security and testing regimes did their DRM go through to get to the point where any web page can open any application without any checks whatsoever previously? And how does that bode for anything that's not STUPIDLY TRIVIAL like finding this bug, e.g. buffer overflows, privilege escalations, etc.

Don't judge them on what they fixed. Judge them on just how terminally inept is was to allow that sort of thing to exist in the first place, let alone slip through into production code on a multi-million dollar game publisher. What else is there lurking in that plugin / app that *hasn't* been found and isn't so trivial to spot and fix?

Re:under the DMCA any antivirus software can get s

[fast turtle]

Of course, where I live "EULA's" are invalid and can not be enforced under California law. Sorry UbiSoft, you've just made a tactical error that will get your asses sued in California and no, since an EULA is not recognized by California and Symantec has? their HQ in Silicon Valley - Don't know about McAffee, they're protected from DMCA issues.

Re:Not really surprising.

[Githaron]

If he is anything like me, considering the (holiday sale) prices and relatively non-intrusive DRM of Steam, he finds Steam's DRM a fair compromise. Unfortunately, if ones does not pay attention, it is relatively easy to buy a Steam game that has an additional DRM on it. This additional DRM is usually much more intrusive. Also, it is usually harder to know what that additional DRM is going to do unless you want to do a bunch of Googling. The Steam DRM is the same from title to title. One online run after install and then the ability to plan offline. In the end, he wants to ability to easily filter out third-party DRMs that are likely to be intrusive and are unknown.

Re:Not really surprising.

[gman003]

I've said this before: DRM, in and of itself, is not evil.

If all the DRM does is check whether I have or have not purchased the [whatever], and reliably detects paying users as such (low false-positive rate; the false-negative rate is meaningless to me), and the only thing it does is conditionally run (or not run) the [whatever], and it requires minimal work on my own part, I'm fine with it. And, it seems, many others are fine with it as well.

Now, many, even most, DRM implementations fail at least one of those evilness checks. This Ubisoft one violates the "don't do anything on the system not related to your product" clause. Many others fail the "reliably detect paying users as such" clause - always-online systems detect offline-but-paying users as nonpaying, for instance.

Steam passes the evilness checks with only a few caveats (it's not perfect, but it's one of the better ones, and probably the best with that level and quantity of games). You will have to go online at least once to authenticate, you need to prepare a bit ahead of time before going offline (random internet dropouts or the Steam servers themselves going down can stop you), and it does encrypt pre-loaded games. And then there's the whole "no reselling/used games" thing, but honestly, I'm fine with that. I've never found selling my old games to be financially worth it, and the very phrase "used digital games" is an absurdity.

Re:under the DMCA any antivirus software can get s

[wvmarle]

In most if not all jurisdictions in this world, the law is always above any contract or agreement. And rightfully so, just think of the mess we would have if that is not the case. It's also why in all proper contracts you will find a "survivability clause", stating that if anything in the contract is overruled by another law, that the rest of the contract remains in force.

Re:Not really surprising.

[Baloroth]

You'd like Steam - a DRM system - to help you buy only DRMed games that don't use a competing DRM system?

People really have drunk the Steam kool-aid, haven't they?

Yes, because unlike every other DRM system I've ever seen, Steam actually helps to improve the experience, by making sure the game is up-to-date, storing saves and config files in the "cloud" (for developers who implement it), allowing me to re-download and re-install games on as many computers as I please, allowing me to easily play with friends (or not, as I see fit), and still allowing me to play games offline (unlike *ahem* Blizzard). And of course their famous sales. I know people who dislike Valve who still like Steam. Granted, the DRM isn't necessary for all that technically speaking, but it is to provide a decent selection (most developers wouldn't put their games on Steam if it didn't have copy-protection of some kind).

Honestly, Steam is almost always as easier, sometimes more, than pirating games.

Re:Not really surprising.

[ifrag]

+1 to that. A global flag in steam to hide them. With 30%+ using this flag devs would wise up.

Unlikely, would probably just cause another outbreak of "Our sales are dropping from piracy again!"

I really would like that toggle, if Steam could manage to make it accurate anyway.

Re:under the DMCA any antivirus software can get s

[NormalVisual]

Not only does it continue the same, but the company usually looks at whatever fine they received as an additional cost of doing business, and then just passes it along to the customer. Therefore, the *customer* is who actually pays for the company's transgressions.

Re:Doesn't give publishers value

[ilsaloving]

You spend less because of those top titles. You have no more time to play them, so you won't be needing any more games for a long time (unless they have an even deeper sale to tempt you).

Apart from the time thing, I really don't understand you. How do I spend less *because* of the top titles? Game prices are obscenely and artificially high in the first place. And that's still nothing compared to the majority of console games.

And I have backed up savegames. It's called "A USB HDD".

That may be true, but you're missing the point. It's the convenience. Why in the world would I spend money on hardware just to backup save games? I have significantly more important things that need backing up. If Steam didn't do it, I sure as hell wouldn't.

I can already load the game onto an entirely different machine. And moreover, I can let someone else play that game while I play another. Unlike Steam.

You can't with any of the DRM'ed titles, but I see your point. All I can say is that that situation has yet to arise for me.

Ok, Diablo had mac/windows on the same disk. So did Starcraft. Now, please name me some others? Having multiple platforms on one disk was an abberation, not common place.

You don't get the Mac version for a Steam game if it isn't released on both Steam and PC. And Diablo and Diablo II both had Mac and PC versions on the same disk.

And if a mac version of the game doesn't exist, then I wouldn't be buying it anyway. I really don't see your point for that one.

You can also lose ALL your games if you disobey the ToS. That's a rather big downside, isn't it?

What part of the ToS would I disobey? The only one I can think of would possibly be the ability to resell my games. Given that the majority of the games I bought were $10 bucks, who cares? The money I got back from reselling wouldn't even be enough to buy a happy meal.

If you don't like Steam, that's fine. All the more power to you. But Steam does what *I* want, for prices that I consider shockingly reasonable. So, they get my custom. It's really not any more complicated than that.

Re:under the DMCA any antivirus software can get s

[Khyber]

EULAs are not tested very well in court, and that's a 7th circuit decision. California is in the 9th circuit. 7th circuit might be REFERENCED but in the 9th circuit EULAs have been found null and void (try my legal battle with EA over the Spore DRM, which is why EA settled and FAST.)