Bioshock - Rootkit rumours routed

Ars Technica took on the challenge to uncover Bioshock's rootkit, confirming that there isn't one:

The fiasco stemmed ultimately from a misunderstanding of what Microsoft's RootkitRevealer is. In short, it is a diagnostic tool that offers avenues for further investigation. Microsoft puts it this way: RootkitRevealer "lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit" (emphasis added). It does not scan a system and then say "Hey, you've got a rootkit!" Rather, it looks for a number of signs that indicate that a service or application is attempting to hide itself and manipulate the system, or one of several other potential signs of a problem.

Click to expand...

Let's throw in a review for good measure, with Elite Bastards awarding 9/10:

So, BioShock is here, and the hype is turning into actual experience with the game itself. Can it possibly live up to the pre-release hysteria? The answer is, of course, no - No game will ever turn out as good as you envision it in your mind's eye.
But does that make it a disappointment? Absolutely not. BioShock may still be a humble first-person shooter, but boy does it do it well. It has a story that captivates, an atmosphere that is largely second to none, and the whole gameplay experience oozes polish from the graphics and audio down to the control scheme whether you're using keyboard and mouse or an Xbox 360 controller.

Click to expand...

More information.

Interesting, but routed might be an over statement.

I followed the link and read most all of this information before.
Did you notice they didn't mention the name of the software they used to determine it was Not a rootkit?
Unless they meant they just used m$ rootkit revealer, which they just stated does Not find rootkits only symptoms.
Additionally m$ rootkit revealer wasn't the only rootkit revealer that marked Securom, I posted the name in the forum thread of another, iirc.

There are a few very expensive (well they were during the starforce days) programs that catalog every Booting program, dll or system file then you meticulously have to check hundreds of booted files to the current running programs and try to find if there are some that are not accounted for.
I.e. programs that started but you can not currently find them running or why they were started, it's can be really bad news.

At least people are paying attention, even if this was just a false positive, makes me feel a little more secure, after the starforce debacle.

I'm confused, does Bioshock install a rootkit\spyware or not?

Going to install it tonight or tommorrow.

@Acleacius -- please stop flogging this horse. The flesh is coming off the bones.

@JDR -- by now, we have a fair bit of data in, and it's my (professional) opinion that Bioshock is over 99% certain to be free of rootkits, spyware, or malware. And 99% is about as good as it gets.

IOW, this has been a huge tempest in a teacup; Internet hysteria at its finest.

JDR13
I don't know, only what the basic procedures used to determine if they exist and I haven't seen any test.
Now Prime Junta, seems to be at 99%, maybe he has listed links to tests performed, in the thread he started.
I have been so busy in the last 2 weeks and these complicated threads often take me 30 minutes to read through and a minimum of 30 to reply to, so I haven't had time to read his thread, hell I have been twenty four to forty eight hours behind reading and responding to the threads I started.
Some of the threads I have tried to keep up with are now 100s of pages long, trying to sift through the different rhetoric’s.
Hell, Prime Junta's 99% might be 100% correct, but I sure haven't seen anything remotely coming close to 99%, but I could just be overly cautious, after starforce.

Prime Junta
Using tasty raw horse flesh as a main course, yet leaving out any complex carbohydrates, and finishing courses of small simple sugars intermixed with fermented liquids doesn’t convey any accurate info.

They do not say which software or the procedures, so please provide something to those of us whom are in the Fifty-Fifty or Sixty Forty range, if your 99%, sure.
I guess we disagree.
I know, I don’t take it personally, if I thought they were 99% not there, I would say so, just like you, but I don’t.

We are in the first or second week and your already 99% with no accurate test (I have seen) and the most general root kit finding software, saying securom IS using techniques of root kits and at almost the 99% rate, your claiming is proof they are Not using root kits.
I can see why people are confused.

I mean really have you seen any of the accurate complex test done, since 99% of the basic root kit software, found there are symptoms?

Edit
Now one thing on Prime Junta's side of the dinner table is a general fact that sony knows their butt is on the line and people are watching, hence all these threads, but we all know you can't leave corporations in charge of self monitoring/self policing, since they are based on profit, greed and exploitation in the worst cases, since they have share holders whom are like rabid cannibals deprived of rotting, raw horse flesh.

Acleacius said:

I mean really have you seen any of the accurate complex test done, since 99% of the basic root kit software, found there are symptoms?

Click to expand...

Acleacius, you are so utterly clueless about this subject that you really, REALLY should shut up and listen instead of shooting your mouth off and spreading panic. I'm getting seriously annoyed at you here.

More facts:

(1) Detecting a rootkit is very difficult.

(2) There is no magic test or toolkit in existence that will provide proof-positive that there are no rootkits on your computer. Nor is there a test or toolkit that will provide proof-positive that there *is* a rootkit, except ones that are already known and that they are specifically designed to detect.

(3) Therefore:
* Identifying a rootkit requires extremely specialized skills, as well as tools, time and dedication.
* Rootkit-detection tools sniff around for suspicious activity. This will dump a lot of data into the "detective's" lap, who will then need to sift through it, eliminating the false positives one by one. If there is a rootkit in there, eventually someone will find out what it is, and what it's trying to protect.
* If I was a systems specialist, and I had personally done this detective work, and I was personally convinced due to this work that there is no rootkit in SecuROM, I would *still* not be able to present you with anything stronger than my personal estimate -- I could walk you through the evidence and explain what I did to eliminate each of the false positives, but (a) you would probably not be able to understand my explanations and (b) there would still be the possibility that I missed something.

What does this mean for someone who is not in the business of sniffing out rootkits? Simply this:

Listen. To. The. Experts.

Individual experts are fallible. Collectively, they do a pretty damn good job.

If Sysinternals, SANS, and rootkit.com have not found a rootkit by now, after all this hoopla, it's virtually certain that there isn't one there. Moreover, both SecuROM and 2K have gone on record saying that there are no rootkits used. They know that lots of very dedicated people are looking very closely, which means that if there is one, it'll be found, and they will be facing some very serious legal problems. It's unlikely that they would want to take this risk.

So no, Acleacius, I cannot provide you with a test dump that will conclusively prove to you that there is no rootkit in the system, any more than I can provide you with a dump of intelligence data that conclusively proves that there are no WMD in Iraq. However, given the amount of effort expended in trying to find them, and the scope of each of the problems involved, I would put it at 99%+ that there is no rootkit involved in Bioshock, and at 95%+ that there are no WMD in Iraq.

"Absence of evidence is not evidence of absence," they say, but it's not always true: if there's no body, no bloodstains, and no missing person, it's not reasonable to run around screaming bloody murder.

I think looking at the evidence it's pretty safe to say that securom is not a rootkit - malware, possibly, depending on your view of such programs, but not a rootkit. It's certainly no starforce.

Still, that was never my problem with Bioshock's DRM - it's the limited installs / online activation that's truly hideous. Made far worse by the fact that customers were not warned about this restriction anywhere up front (and indeed not even in the EULA... which means technically 2k are in breach of their own licence). If this is the future of PC gaming then it's a bleak future indeed. Imagine having dozens of games with this "feature", some with an activation server that no longer works, others requiring you to jump through various hoops to re-install. Now imagine upgrading your computer and trying to get all your favourite games running. Urgh.

From Systeminternals there's a program caled "Rootkit Revealer" or so ... but MS has bought up System Internals some tiome ago - maybe exactly fpor this single program (like Symantec bought up Delrina for their WinFax Pro and stomped everything else that didn't fit in theior global domination scheme, including my beloved Opus & Bill screensavers. I'm still looking for the other ones).
Except that MS didn't stomp down all of System Internals' programs, since they are oh so useful for everyone. ( I use several of them myself. )

Holly Avenger said:

I think looking at the evidence it's pretty safe to say that securom is not a rootkit - malware, possibly, depending on your view of such programs, but not a rootkit. It's certainly no starforce.

Click to expand...

Well, some people stretch the definition of malware to include any copy protection software, but I'd prefer to keep it a bit narrower.

Still, that was never my problem with Bioshock's DRM - it's the limited installs / online activation that's truly hideous. Made far worse by the fact that customers were not warned about this restriction anywhere up front (and indeed not even in the EULA... which means technically 2k are in breach of their own licence). If this is the future of PC gaming then it's a bleak future indeed. Imagine having dozens of games with this "feature", some with an activation server that no longer works, others requiring you to jump through various hoops to re-install. Now imagine upgrading your computer and trying to get all your favourite games running. Urgh.

Click to expand...

I don't think that'll be the future of PC gaming -- 2K changed their policy quite quickly after the outcry, and stated that they'll remove the on-line activation eventually.

Of course, I don't know what *is* the future of PC gaming. It's been declared dead so many times that it's not even funny, yet it somehow keeps coming back from the grave...

Holly Avenger said:

Still, that was never my problem with Bioshock's DRM - it's the limited installs / online activation that's truly hideous.

Click to expand...

I agree. That is without a doubt the biggest negative I have with the game. I know that they want to protect their IP and reduce loss by theft like any good business tries to do. But none of the 'real life' practices such as embedded monitors and cameras are as anti-consumer as these practices. I know that the person who plays a 10-year old game (other than on a 'virtual console) represents a negligible and ignorable (yet very vocal) market segment ... but I don't care. I want Bioshock, like so many others, to be games my kids can play when they're old enough.

Prime Junta said:

I don't think that'll be the future of PC gaming -- 2K changed their policy quite quickly after the outcry, and stated that they'll remove the on-line activation eventually.

Click to expand...

I look forward to the day they do remove it, as it'll be the day I buy it

txa1265 said:

I agree. That is without a doubt the biggest negative I have with the game. I know that they want to protect their IP and reduce loss by theft like any good business tries to do. But none of the 'real life' practices such as embedded monitors and cameras are as anti-consumer as these practices. I know that the person who plays a 10-year old game (other than on a 'virtual console) represents a negligible and ignorable (yet very vocal) market segment ... but I don't care. I want Bioshock, like so many others, to be games my kids can play when they're old enough.

Click to expand...

So true. I still like to fire up the Infinity Engine games or one of the Fallouts every so often... with Interplay dead (or should that be undead?) they wouldn't be working anymore with online activation.

Holly Avenger said:

I look forward to the day they do remove it, as it'll be the day I buy it

Click to expand...

Out of curiosity, why are you so dead-set against online activation?

So true. I still like to fire up the Infinity Engine games or one of the Fallouts every so often... with Interplay dead (or should that be undead?) they wouldn't be working anymore with online activation.

Click to expand...

In which case there would certainly be cracks available, even if they had not removed the activation requirement themselves.

Prime Junta said:

Out of curiosity, why are you so dead-set against online activation?

Click to expand...

I cannot speak for Holly, but my problem is with longevity. But, as I have said, I bought it, have played it, and even if I can never play it again I consider the money well spent.

"Acleacius, you are so utterly clueless about this subject that you really, REALLY should shut up and listen instead of shooting your mouth off and spreading panic. I'm getting seriously annoyed at you here."

So when did rpgwatch get rid of their policy of no personal attacks? I guess this is attack of the angry-bitter-retarded computer "professional."

I guess asking for someone to back up their "professional" OPINIONS is so, like, yesterday or something. If someone is worried about something, he has every right to bring it up in a thread exactly dedicated to that topic. And your belief that you saying something makes a topic closed without further discussion is childish.

... let's just make sure we keep it respectful here ...

unregisted1 said:

"Acleacius, you are so utterly clueless about this subject that you really, REALLY should shut up and listen instead of shooting your mouth off and spreading panic. I'm getting seriously annoyed at you here."

So when did rpgwatch get rid of their policy of no personal attacks? I guess this is attack of the angry-bitter-retarded computer "professional."

I guess asking for someone to back up their "professional" OPINIONS is so, like, yesterday or something. If someone is worried about something, he has every right to bring it up in a thread exactly dedicated to that topic. And your belief that you saying something makes a topic closed without further discussion is childish.

Click to expand...

You're right, I was out of line. Acleacius has been beating this particular dead horse for a quite a while, though, so I simply lost patience.

That said, I would respect your opinion more if it didn't come from an anonymous account.

unregisted1 said:

"Acleacius, you are so utterly clueless about this subject that you really, REALLY should shut up and listen instead of shooting your mouth off and spreading panic. I'm getting seriously annoyed at you here."

So when did rpgwatch get rid of their policy of no personal attacks? I guess this is attack of the angry-bitter-retarded computer "professional."

I guess asking for someone to back up their "professional" OPINIONS is so, like, yesterday or something. If someone is worried about something, he has every right to bring it up in a thread exactly dedicated to that topic. And your belief that you saying something makes a topic closed without further discussion is childish.

Click to expand...

It may seem like PJ is attacking Acleascius but the latter has let his paranoia get the better of him in 3 or 4 different threads now and this is just the latest attempt by PJ to calm Acleascius down to no avail. (I'm sorry Acleascius: Caution is one thing but your rant against the Bioshock CP strikes me as downright paranoid)

*edit*
Nuts! The PJ himself beat me to it

Prime Junta said:

Out of curiosity, why are you so dead-set against online activation?

Click to expand...

Like I mentioned above, if it ever becomes the norm, we will live in a world where updating your computer will become a nightmare when all your old games require re-activating from now non-existent servers or ones that have now deemed you to have installed it too many times.

When I buy a game, I want to be 100% sure that I will be able to play that game whenever and wherever I choose in the years to come. Ideally that should be out of the box, but if a crack exists for what looks to be the final patched version, then that may suffice. It's hardly an ideal solution though.

DRM is a disease that will spread if it's allowed, gradually crippling you more and more if you'll let it. Bioshock is a prime example of an incremental increase in DRM applied to a new product.... and once they think we're happy with that, they'll push it out to all games. Then when it fails to dent piracy they'll move onto the next, all in the mistaken belief that it is somehow going to be the thing that will finally win the battle. Before you know it gaming isn't fun anymore because of all the restrictions you have to put up with. So it's a question of making a stand because if it's left to spread then it means gaming is something I will not want to do anymore. If no-one complained about Bioshock's DRM we'd see it everywhere all too soon.

Phew, that turned into a bit of a rant! Emotive subject DRM...

On a tangent, I'm fine with online activation as an *option* instead of having the DVD in the drive. That would provide us with choice, and a handy one for those who would prefer to not have to swap DVDs but are happy to be online when they play. But that empowers the user, so it's of no use to the publisher, hence why we never see it. We never get OR options, only AND (i.e. DVD AND online activation).

Look at the other future possible. Pirating becomes so easy and rampant that the only games made have the budget of a spiderweb game and the graphics of 2005 (shudder/cringe/the horror).

You always have a choice: buy the game or not. The publishers and developers have a choice: make the game easier to pirate or not. Pirates have a choice: help the hobby I enjoy or hurt it. Life is filled with choices, and until someone finds a way to stop piracy permanantly I welcome anti-pirate measures.

Online activiation is a good option. And once the sales dwindle the activitaion aspect will be removed. If not, oh well. I agreed to the EULA.

If i was going to complain about any aspect of Bioshock, it wouldn't be the activation. It would be the fact that Bioshock is System Shock 2 minus anything good about System Shock 2 besides the graphics and clicking.

I may be wrong but the way I understood it, 2K Games already admitted that they screwed up in the sense that the restriction was not meant to be a total of 2 installations altogether but rather 2 ACTIVE installations. The count was supposed to reset when you uninstalled the game but somehow that didn't happen.

If this is server side then they just have to fix the server software and you'll never hear of this problem again. If it is part server side and part client side then a simple patch will fix this problem as well.

I mean, yes it is regrettable that the screw up happened - as is evident in all the threads here and the watch and all over the internet - but when push comes to shove it really isn't that big a deal and it certainly won't be a problem in the long run.

If you take a look at what you can run via emulation software today on your PC - ranging from MAME arcade games to Playstation games or C64 games to old DOS games in DosBox - then I can't see why it would be a cause for concern that you activate the game online today. Looking at various Bittorrent sites I can see that Bioshock is readily available even with an online activation scheme and if 2K would announce that they're about to go out of business without anyone to take over for them, I think it will only be a matter of days before a patch to bypass the online activation part would surface on the net ... especially considering that Bioshock is a singleplayer only game.

In short: You're shooting yourself in the foot if you're missing out on Bioshock due to unfounded concern about the online activation portion because it really is no big deal.