New Securom, the new Starforce?
- Thread starter Acleacius
- Start date
- Joined
- October 18, 2006
- Messages
- 3,201
Yes but they also have the power to remove the activation requirement with one release of a final patch (after the game has been out for a certain time)
. Let's hope that common sense prevails. The Euro/German version of Two Worlds has activation as well (3 activations, bound to hardware) and they (Zuxxez) are pretty liberal. If you run out of activations, you just need to call them and ask them to reset your activation count. I would hope that Take 2 will make it possible as well that you just need to call or email their support to get a reset.Well, and if all else fails then we'll just have to resort to any cracks that are bound to surface sooner or later anyway
.- Joined
- Oct 18, 2006
- Messages
- 3,201
Lucky Day
Daywatch
Ken Levine posted a reply to the technical problems at launch
this may be news worthy. first instinct was that it was the lack of a widescreen option (widescreen shows as a cropped regular screen) but he may be referring to this issue as well. he's not specific though.
reports at the 2k forums find the reality of only two installs and it being tied to the hardware is in reality mixed
http://forums.2kgames.com/forums/showthread.php?t=5527
In the case of two people they can install the game on multiple machines. One person reports installing it on a dual boot Vista/XP machine on both OS's and it giving him fits.
this may be news worthy. first instinct was that it was the lack of a widescreen option (widescreen shows as a cropped regular screen) but he may be referring to this issue as well. he's not specific though.
reports at the 2k forums find the reality of only two installs and it being tied to the hardware is in reality mixed
http://forums.2kgames.com/forums/showthread.php?t=5527
In the case of two people they can install the game on multiple machines. One person reports installing it on a dual boot Vista/XP machine on both OS's and it giving him fits.
Moriendor
"No. No. And no again . BTW, even if it is obviously biased as it's from the SecuROM website itself but they are very open about what SecuROM does. Check this..."
Since your only explanation so far that it's not a rootkit is that because you can see "Some" hidden files and you keep repeating the word "no" without any explanation as if that would work, not to mention you would have never know the files where there if I didn’t post them.
So you have no explanation, why it's not a rootkit but your offering up securom's marketing message as a sign of their honesty and proof it's not a rootkit or malware? :rofl:
So if you really deleted this files why didn't you offer how to all the concerned people, how this was done?
How did you do it?
I found a couple of ways, so I am anxious to hear and will post my finds, immediately.
If you want to try again with an explanation why this can't be a rootkit so everyone can get a little peace, I would love to hear it.
"No. No. And no again . BTW, even if it is obviously biased as it's from the SecuROM website itself but they are very open about what SecuROM does. Check this..."
Since your only explanation so far that it's not a rootkit is that because you can see "Some" hidden files and you keep repeating the word "no" without any explanation as if that would work, not to mention you would have never know the files where there if I didn’t post them.
So you have no explanation, why it's not a rootkit but your offering up securom's marketing message as a sign of their honesty and proof it's not a rootkit or malware? :rofl:
So if you really deleted this files why didn't you offer how to all the concerned people, how this was done?
How did you do it?
I found a couple of ways, so I am anxious to hear and will post my finds, immediately.
If you want to try again with an explanation why this can't be a rootkit so everyone can get a little peace, I would love to hear it.
- Joined
- Oct 18, 2006
- Messages
- 2,772
Reading your argument i still don't see this as a rootkit. It doesn't phone home, and it isn't a backdoor into my computer.
If one should label rootkit this easily i am MUCH MUCH more concerarnd with advertizing in game.
I still thinks this is an annoyance, and i do still think developers are shooting over the mark with going with this activation thingie, i will still buy the game and love it, and i will most probably be able to play it in 10-20 years from now, if i want that seeing i will be spoiled by holodeck experience and people doing old games come alive in new fashíons.
As little one can trust securoms website, the same amount of trust i put into people complaining about how copyprotection schemes ruined their computer. My 2 cents is, i don't know anyone of them and i can only judge by my own experience about evilness and neither starforce or microsofts activationsplot (they WILL take over the world however) has gone bad on me, and i don't think this will either.
This is my reflection
Your rootkit is not my rootkit - and i think i stick with what the virus vendors deems a rootkit. I must measure it by something, and thats not perfect either - cause - they could have interest in this copyprotection - and they also needs internet access - with activation.
Ouch, i think when reading my own post that the whole world gone bad.
Like we say in sweden: "Detta är ett I-lands problem".
If one should label rootkit this easily i am MUCH MUCH more concerarnd with advertizing in game.
I still thinks this is an annoyance, and i do still think developers are shooting over the mark with going with this activation thingie, i will still buy the game and love it, and i will most probably be able to play it in 10-20 years from now, if i want that seeing i will be spoiled by holodeck experience and people doing old games come alive in new fashíons.
As little one can trust securoms website, the same amount of trust i put into people complaining about how copyprotection schemes ruined their computer. My 2 cents is, i don't know anyone of them and i can only judge by my own experience about evilness and neither starforce or microsofts activationsplot (they WILL take over the world however) has gone bad on me, and i don't think this will either.
This is my reflection
Your rootkit is not my rootkit - and i think i stick with what the virus vendors deems a rootkit. I must measure it by something, and thats not perfect either - cause - they could have interest in this copyprotection - and they also needs internet access - with activation.
Ouch, i think when reading my own post that the whole world gone bad.
Like we say in sweden: "Detta är ett I-lands problem".
Prime Junta
RPGCodex' Little BRO
- Joined
- October 19, 2006
- Messages
- 8,540
Am I the only one who is *not* seriously concerned by this? AFAICT SecuROM doesn't do anything inherently evil in the OS like run in Ring 0 or even Ring 1. All it does is hardware fingerprint your box and use the fingerprint to activate your installation. It even removes the fingerprint when you uninstall the game, which makes for unlimited re-installs. This sounds like a perfectly reasonable copy-protection scheme to me.
Of course, copy protection in and of itself is annoying, but it's required by the current business model of games development. Sure, there are other business models, but that's another story altogether.
Of course, copy protection in and of itself is annoying, but it's required by the current business model of games development. Sure, there are other business models, but that's another story altogether.
- Joined
- Oct 19, 2006
- Messages
- 8,540
I asked if it was it clearly has signs and behavior, as I mentioned it's very hard to tell but Mo keep claiming it's not while never saying why.
I hope it's not a rootkit those things are nigh impossible to get rid of short of a format.
If it's not a rootkit let him explain that, I am just saying for sure there is reason to be concerned since securom is leaving at the very least a potentially dangerous piece of software running on your computer.
Remember you have to consider what rootkits are and how they have been exploited by these compainies like sony and starforce, what if someone backwards engineered to be make it send out info.
How do we know that some part of this is NOT embedded in the Kernel, that's what I want to know?
This is about trying to learn from the past and trying to prevent problems in the future.
Well just because you didn't experience any problems don't mean problems don't exist, hell sony and starforce both admit they were wrong, so if I or if anyone chooses to ignore the problems doesn't make them less real.
Not sure why we as gamers/consumers have to be the ones proving that a rootkit exist, shouldn’t the companies be the ones required to show they are not dangerous?
Clearly the abilities of this program are very dangerous at a minimum.
I hope it's not a rootkit those things are nigh impossible to get rid of short of a format.
If it's not a rootkit let him explain that, I am just saying for sure there is reason to be concerned since securom is leaving at the very least a potentially dangerous piece of software running on your computer.
Remember you have to consider what rootkits are and how they have been exploited by these compainies like sony and starforce, what if someone backwards engineered to be make it send out info.
How do we know that some part of this is NOT embedded in the Kernel, that's what I want to know?
This is about trying to learn from the past and trying to prevent problems in the future.
Well just because you didn't experience any problems don't mean problems don't exist, hell sony and starforce both admit they were wrong, so if I or if anyone chooses to ignore the problems doesn't make them less real.
Not sure why we as gamers/consumers have to be the ones proving that a rootkit exist, shouldn’t the companies be the ones required to show they are not dangerous?
Clearly the abilities of this program are very dangerous at a minimum.
- Joined
- Oct 18, 2006
- Messages
- 2,772
Prime Junta
That would be good news, so you have checked this and it doesn't do anything inherently bad?
Wait you just said it uninstalls when you uninstall the game, that's clearly not true at least with the demo, as I mentioned those 3 folders Stay and can't be removed without some experiened level of getting rid of, Nulls.
That would be good news, so you have checked this and it doesn't do anything inherently bad?
Wait you just said it uninstalls when you uninstall the game, that's clearly not true at least with the demo, as I mentioned those 3 folders Stay and can't be removed without some experiened level of getting rid of, Nulls.
- Joined
- Oct 18, 2006
- Messages
- 2,772
Prime Junta
RPGCodex' Little BRO
- Joined
- October 19, 2006
- Messages
- 8,540
I asked if it was it clearly has signs and behavior, as I mentioned it's very hard to tell but Mo keep claiming it's not while never saying why.
I hope it's not a rootkit those things are nigh impossible to get rid of short of a format.
Not even a format will do it, if the rootkit is specifically designed to handle that sort of situation. It could rewrite the system calls that do the format, e.g. to write the rootkit right back in at the end of the format process.
I don't know if it is a rootkit, but so far I haven't seen any information that would strongly lead me to suspect that it is, and some information that leads me to suspect the contrary. Specifically, the copy protection mechanism does not require anything that needs low-level hardware access -- computing a hash of your hardware ID's, sending it to a server, and getting back an activation key is all completely doable under ring-3 privileges; there's nothing inherently evil about it.
Second, the piece of software it installs runs under ring 3 privileges -- limited user account, basically. That's about as potentially dangerous as an animated GIF with the Hampsterdance.
Of course, it *MAY* be doing something else that is nasty that nobody has found out about yet, but that's true of any piece of software.
Starforce wasn't a rootkit either. It was a driver running under ring 0 (or was it ring 1, I forget) privileges. It had a bug that could screw up your DVD player, possibly permanently. That's very nasty. But it's not a rootkit.
We don't. But we don't have reasonable cause to suspect that it is, either. I'm sure some security geeks are looking into it as we speak -- they flock to this sort of thing like [enter your preferred metaphor here]. But until they find something, yelling "rootkit! rootkit!" is pure Chicken Little.
Commendable. One lesson we could learn is that unfounded hysteria doesn't do any good; on the contrary, it makes people less inclined to respond to real threats.
Well just because you didn't experience any problems don't mean problems don't exist, hell sony and starforce both admit they were wrong, so if I or if anyone chooses to ignore the problems doesn't make them less real.
"Having problems" != "rootkit" or even "very dangerous."
You keep *saying* this, yet you can't point to anything the program is KNOWN to do that actually IS dangerous. What we do know of the way the program works doesn't even REQUIRE a rootkit -- it computes a hash of your hardware ID's, sends that to a server, and gets back an activation code. You can do that with ring-3 privileges just fine. So, unless the software does something else as well, it doesn't even *NEED* ring-0 privileges, let alone rootkits. So what reason is there to suspect that there is one there?
- Joined
- Oct 19, 2006
- Messages
- 8,540
Prime Junta
RPGCodex' Little BRO
- Joined
- October 19, 2006
- Messages
- 8,540
I didn't say it uninstalls when you uninstall the game. I said it removes the hardware activation when you uninstall it, letting you install it again on a different machine.
Yes, leaving stuff behind after uninstall is bad behavior. Sadly, it's also very, very common bad behavior. But the difference between that and a rootkit is about the same as a difference between farting in public and purposely infecting someone with AIDS.
- Joined
- Oct 19, 2006
- Messages
- 8,540
"Not even a format will do it"
I really hate to disagree with you but, I know when I do a format I also format the boot record, plus not if your doing the format from a clean bootable drive.
"under ring 3 privileges"
Really, was that from securom, out of curiosity?
"Starforce wasn't a rootkit either."
Really, maybe I remember wrong, but I could swear it was revealed as a rootkit and I remember ring 0.
" One lesson we could learn is that unfounded hysteria"
Well if you find someone being hysterical you lets us know, ok?
""Having problems" != "rootkit" or even "very dangerous." "
Well, I remember it being proven a rootkit, though I could be wrong, but as I mentioned if it a rootkit as I and many recall, then you making nice code trying to prove it wasn't , doesn't affect reality, does it.
"You keep *saying* this, yet you can't point to anything the program is KNOWN to do that actually IS dangerous"
Well the behavior certainly could be a rootkit and/or Malware as I mentioned and I never said it was definitively as I mentioned, I am asking out of concern, if you don't care that's fine.
Humm, did I say dangerous, maybe. Certianly I said cause for concern.
Btw, what was your position here and RPGDot about Starforce, besides the fact that your currently saying it's Not a rootkit, nor ever was if I understand you correctly?
Did blow off the idea of problems or potential problems when starforce was going on, sort of like you are now?
I really hate to disagree with you but, I know when I do a format I also format the boot record, plus not if your doing the format from a clean bootable drive.
"under ring 3 privileges"
Really, was that from securom, out of curiosity?
"Starforce wasn't a rootkit either."
Really, maybe I remember wrong, but I could swear it was revealed as a rootkit and I remember ring 0.
" One lesson we could learn is that unfounded hysteria"
Well if you find someone being hysterical you lets us know, ok?
""Having problems" != "rootkit" or even "very dangerous." "
Well, I remember it being proven a rootkit, though I could be wrong, but as I mentioned if it a rootkit as I and many recall, then you making nice code trying to prove it wasn't , doesn't affect reality, does it.
"You keep *saying* this, yet you can't point to anything the program is KNOWN to do that actually IS dangerous"
Well the behavior certainly could be a rootkit and/or Malware as I mentioned and I never said it was definitively as I mentioned, I am asking out of concern, if you don't care that's fine.
Humm, did I say dangerous, maybe. Certianly I said cause for concern.
Btw, what was your position here and RPGDot about Starforce, besides the fact that your currently saying it's Not a rootkit, nor ever was if I understand you correctly?
Did blow off the idea of problems or potential problems when starforce was going on, sort of like you are now?
- Joined
- Oct 18, 2006
- Messages
- 2,772
I guess i take the low road in this case. What you are fearing Acleaus is more parnoia than fact!
Yes, we only knows what the company says to us, and they could exploit us. But we also not know what you are fearing is the truth.
In my view, from a business logic point of view, it would bee very bad and short handed to risk the software using more than necssary and not be open about what it does. It doesn't help the hackers much revealing that info.
I am not saying that you are wrong, nor right. You have a fear about it and thats ok with me. It could be turned out legit, but then securerom would not exist anymore. Its not like Sonys root kit, this is the life and bread of securerom. Having a copyprotection that works - for publishers as well as for users. (This is the reason why i think its ok).
I still don't like copyprotections, but i also think its better to wait for the fact before we react. We will know if this cp does more and phone home, or install backdoor. Cause, we are able to monitor our computers. And hackers will be the first to point out how it works. If by then its a really bad thing then Securom will seize to exist. I am sure of that.
I don't know where Starforce was pointed out as root kit. They did however installed drivers close to the kernerl in a space where failsafe of windows wasn't aware of it. And there was the problem with that scheme. But if there is a rootkit with starforce please link the info on that. I am interested to know.
Oh, and - since i understand your fear, i also think the best thing to do is not to think alot of what if - cause, for whatever i knew, my latest MSN message, which i just clicked my just as well be the rootkit than was used to attack some important website in the far west.
Yes, we only knows what the company says to us, and they could exploit us. But we also not know what you are fearing is the truth.
In my view, from a business logic point of view, it would bee very bad and short handed to risk the software using more than necssary and not be open about what it does. It doesn't help the hackers much revealing that info.
I am not saying that you are wrong, nor right. You have a fear about it and thats ok with me. It could be turned out legit, but then securerom would not exist anymore. Its not like Sonys root kit, this is the life and bread of securerom. Having a copyprotection that works - for publishers as well as for users. (This is the reason why i think its ok).
I still don't like copyprotections, but i also think its better to wait for the fact before we react. We will know if this cp does more and phone home, or install backdoor. Cause, we are able to monitor our computers. And hackers will be the first to point out how it works. If by then its a really bad thing then Securom will seize to exist. I am sure of that.
I don't know where Starforce was pointed out as root kit. They did however installed drivers close to the kernerl in a space where failsafe of windows wasn't aware of it. And there was the problem with that scheme. But if there is a rootkit with starforce please link the info on that. I am interested to know.
Oh, and - since i understand your fear, i also think the best thing to do is not to think alot of what if - cause, for whatever i knew, my latest MSN message, which i just clicked my just as well be the rootkit than was used to attack some important website in the far west.
Prime Junta
RPGCodex' Little BRO
- Joined
- October 19, 2006
- Messages
- 8,540
Uhh, ok. Didn't know about the farting.
Did you see this?
"this newest SecuRom variant is being labeled by Sysinternal's Rootkit Revealer as a rootkit."
Is that like farting or the aids?
I don't know. I do know that Rootkit Revealer gives out lots of false positives, which is why you shouldn't run it unless you have cause to suspect that you have a rootkit. So, as stated, until we have better data on this, I would not label it a rootkit.
Just a question, Acleacius -- do you actually know what a rootkit is? I get the impression from many of your posts that you don't.
- Joined
- Oct 19, 2006
- Messages
- 8,540
Prime Junta
RPGCodex' Little BRO
- Joined
- October 19, 2006
- Messages
- 8,540
"Not even a format will do it"
I really hate to disagree with you but, I know when I do a format I also format the boot record, plus not if your doing the format from a clean bootable drive.
Yes, booting from a second, known to be clean volume will get rid of the rootkit.
No. It's based on my own knowledge about how operating systems work, and what's known about the copy protection mechanism of SecuROM.
It is either a ring-0 or ring-1 driver, but to my knowledge it is not a rootkit.
To get some definitions straight:
(1) A rootkit is a piece of software that runs under ring-0 (kernel) privileges, and hides itself from the operating system kernel.
(2) A ring-0 driver is a piece of software that interfaces with hardware and runs under ring-0 (kernel) privileges. If it does not hide itself from the OS, it is not a rootkit.
(3) A ring-1 driver is a piece of software that runs directly under the kernel with elevated "system" privileges. It's not a rootkit.
(4) A piece of software that does not come with an uninstaller, flags files as hidden, or behaves badly in any of a huge number of other ways is not a rootkit. If it runs under ring-3 privileges, the damage it can do is fairly limited.
" One lesson we could learn is that unfounded hysteria"
Well if you find someone being hysterical you lets us know, ok?
I've been slapping you for a while now, trying to get you to snap out of it.
Yes, SecuROM *MAY* be a rootkit. However, until it has been *SHOWN TO BE* a rootkit, it is way, way premature to label it one. What's more, I have come across no information yet that would even give strong cause to suspect that it is a rootkit. In particular, the copy protection mechanism it uses -- code activation using a hardware hash -- does not *REQUIRE* kernel-level privileges.
""Having problems" != "rootkit" or even "very dangerous." "
Well, I remember it being proven a rootkit, though I could be wrong, but as I mentioned if it a rootkit as I and many recall, then you making nice code trying to prove it wasn't , doesn't affect reality, does it.
The Wikipedia article on StarForce (look it up if you like) describes it quite well. It doesn't explicitly state what ring the driver runs under. However, it looks to me that it's ring-1 (system) rather than ring-0 (kernel):
"The access control list of the drivers are set such that any person with control over the computer, including those without administrative rights, is allowed to change the code that is run by the driver. Exploitation is simple: The user changes it to point at any arbitrarily chosen executable, which is executed with full system privileges on next reboot."
(edit) Going back on how StarForce actually works, I think it probably is ring-0. It requires very low-level hardware access, which may not be possible to do at ring-1. I don't know for certain, though. That's still different from a rootkit, though.
"You keep *saying* this, yet you can't point to anything the program is KNOWN to do that actually IS dangerous"
Well the behavior certainly could be a rootkit and/or Malware as I mentioned and I never said it was definitively as I mentioned, I am asking out of concern, if you don't care that's fine.
Humm, did I say dangerous, maybe. Certianly I said cause for concern.
*Anything* could be a rootkit or malware, but most things aren't.
When I found out what Starforce was doing, I immediately uninstalled all games I had that used it and used the utilities provided by Sysinternals to get rid of the drivers. I also put an immediate personal boycott on Starforce-protected games. Starforce is a pretty evil piece of software that opens up a genuine security hole in the system.
But that don't make it a rootkit.
Last edited:
- Joined
- Oct 19, 2006
- Messages
- 8,540
Prime Junta
RPGCodex' Little BRO
- Joined
- October 19, 2006
- Messages
- 8,540
One more thing: I can't find any discussion of SecuROM on any of the serious security/hacking websites I checked (for example SANS, www.rootkit.com . There's a lot of chatter on the SysInternals forums that I haven't managed to go through yet, but I haven't seen anything there yet that looks (a) well-informed and (b) supports the rootkit hypothesis. If something solid had come up, it would be front-page news on all of these sites.
Since these guys are virulently anti-DRM and anti-copy protection, as well as being extremely good at kernel hacking, I think this is pretty solid evidence that SecuROM is neither a rootkit nor particularly dangerous to system security.
Can we be absolutely certain? Of course not. But can we be *pretty* certain? Yup, I think so.
Since these guys are virulently anti-DRM and anti-copy protection, as well as being extremely good at kernel hacking, I think this is pretty solid evidence that SecuROM is neither a rootkit nor particularly dangerous to system security.
Can we be absolutely certain? Of course not. But can we be *pretty* certain? Yup, I think so.
- Joined
- Oct 19, 2006
- Messages
- 8,540
Prime Junta: I like your approach. And what i am now doing is what i shouldn't say - anyway. I think it was a article at SimHQ about starforce, where the guy admitted that one problem area was the need for a ring0 level access for one of its drivers.
After reading that piece however i started to think of starforce as a necessary evil to be able to play the game i want. Not that i like em.
I have no links no nothing for this. Sorry.
Anyhow, nice "sane" postings by you.
After reading that piece however i started to think of starforce as a necessary evil to be able to play the game i want. Not that i like em.
I have no links no nothing for this. Sorry.
Anyhow, nice "sane" postings by you.
dteowner
Shoegazer
3/4 of the discussion is beyond my feeble little brain, but the trivial detail of limited installs is what actually troubles me the most. I still try to load up my M&M games, among others. We all know the tale of New World and 3do. Assuming that "those servers will be there in 15 years" seems like a rather trusting and maybe naive position to take. Sure, there should be a patch to remove the activation requirement, but how many games have we complained about for getting kicked out the door and utterly forgotten never to be patched? Heuristic Park games, anyone?
I'm a little touchy to the whole rootkit thing since my best guess is that a rootkit is what killed my old rig. That said, I'm not smart enough to differentiate between ring 0, ring 1, ring 3, and nose ring. If some copy protection package is lurking somewhere in my system, I'm not likely to recognize it anyway. I guess I'm willing to live in ignorance. OTOH, if at some point in the future I can't play a game that I paid good money for, I'll be reaching for the pitchfork. Unfortunately, that situation kind of implies that there won't be a castle to march on, but my wailing shall be loud.
I'm a little touchy to the whole rootkit thing since my best guess is that a rootkit is what killed my old rig. That said, I'm not smart enough to differentiate between ring 0, ring 1, ring 3, and nose ring. If some copy protection package is lurking somewhere in my system, I'm not likely to recognize it anyway. I guess I'm willing to live in ignorance. OTOH, if at some point in the future I can't play a game that I paid good money for, I'll be reaching for the pitchfork. Unfortunately, that situation kind of implies that there won't be a castle to march on, but my wailing shall be loud.