Ubisoft DRM Fiasco: Allows Any Website To Take Control Of Your Computer

from the punishing-your-paying-customers dept

It's been nearly seven years since the great Sony rootkit fiasco, when it was discovered that Sony Music was using some DRM on its CDs that self-installed a rootkit (without letting users know) that had all sorts of security problems and vulnerabilities. The company took a massive hit for this, and you would think that others would be a lot more careful with their own DRM. You would think. But, then you don't know Ubisoft. The vast majority of times we've ever discussed Ubisoft in these pages, it's been because the company was doing something ridiculous with DRM. The company loves its DRM and seems to refuse to recognize that pissing off legitimate customers isn't such a good idea.

So would it come as any surprise that it may now be facing a "rootkit moment" of its own?

As a whole bunch of folks have been submitting, some hackers have figured out that Ubisoft's Uplay DRM appears to install an unsecure browser plugin. The details came out over the weekend, first on a security mailing list, and were then followed up with some test exploit code posted to Hacker News.

Basically, it appears that Ubisoft's DRM is installing an accidental backdoor that makes it possible for any website to effectively take control over your computer. That's... uh... pretty bad.

From the details, the real problem sounds to be one of exceptionally poor coding, rather than maliciousness. Basically, they wanted to let you launch the game via a website, but failed to limit it to just the game -- meaning that a site can make use of the plugin to basically do a whole bunch of stuff on your computer (including things you don't want it to do). The browser plugin is easy to remove (and you should, um, immediately, if you've installed any Ubisoft games), so it's not quite as messy as Sony's rootkit, which was pretty deeply buried. But it's still really bad.

Yet another case of DRM really making life difficult for legitimate customers who paid money for your product. When will companies figure out that DRM does nothing to stop piracy, but makes life really difficult for the people who actually give you money?


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Jul 30th, 2012 @ 4:48am

    Not DRM...

    Well technically not DRM since it was just used to launch the game from a website, the DRM is still written or integrated by similar development teams. This doesn't put faith into the company's development process. I mean if they couldn't do a proper security review of a browser plugin, what about their DRM or other systems like their forums. I can understand that it is difficult and there are always deadlines and the such. This is more of a case of a company that loves its DRM to screw over legitimate customers, screwing over customers for wanting to play their games.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 30th, 2012 @ 5:23am

      Re: Not DRM...

      Yeah, but it's a better story for Techdirt when it's an evil DRM, rather than just a convenience tool. But that's okay.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Rikuo (profile), Jul 30th, 2012 @ 5:39am

        Re: Re: Not DRM...

        DRM by default is evil. You can't say DRM is good without saying a lie.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 30th, 2012 @ 5:53am

          Re: Re: Re: Not DRM...

          I think we've all noticed similarities between certain AC shills that frequent the site. They only lie when they speak.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            DOlz, Jul 30th, 2012 @ 9:19am

            Re: Re: Re: Re: Not DRM...

            To paraphrase an old saying; How can you tell when an industry shill is lying? When they're typing.

             

            reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 30th, 2012 @ 5:44am

        Re: Re: Not DRM...

        How is DRM not evil? It's adding features that are meant to carry out the will of someone other than the owner of the pc.

        In any other context we call that malware.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 30th, 2012 @ 5:47am

        Re: Re: Not DRM...

        Convenience, my ass. What would I ever want to start a game from my browser?

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 30th, 2012 @ 5:48am

          Re: Re: Re: Not DRM...

          What = why

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          Ninja (profile), Jul 30th, 2012 @ 5:52am

          Re: Re: Re: Not DRM...

          A question that came to my mind but maybe it will be useful in the future?

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 30th, 2012 @ 6:07am

          Re: Re: Re: Not DRM...

          Because if your playing an online shooter and you visit a website with a server listed there, the ability to click and launch the game straight onto that server is useful no?

          But then there are a billion more secure ways of doing this that dont involve ubisoft's fail methods

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          BigKeithO, Jul 30th, 2012 @ 8:16am

          Re: Re: Re: Not DRM...

          Try playing Battlefield 3. The entire game is controlled from your browser, you even launch single player from the browser.

           

          reply to this | link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
         
        identicon
        Anonymous Coward, Jul 30th, 2012 @ 6:14am

        Re: Re: Not DRM...

        Yeah, but it's a better story for Techdirt when it's an evil DRM, rather than just a convenience tool. But that's okay.

        Ding, ding. Mike "Yellow Man" Masnick strikes again! DRM is scary! And it totally, absolutely, 100% doesn't work! He knows this with absolute certainty and there is absolutely no debate on that point.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 30th, 2012 @ 6:38am

          Re: Re: Re: Not DRM...

          Show me one version of someone's DRM that has worked. Go ahead. I'll wait.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward With A Unique Writing Style, Jul 30th, 2012 @ 6:42am

            Re: Re: Re: Re: Not DRM...

            Well, I'm not with the AC on this, he's full of it as usual in an attempt to paint Mike in a bad light.

            But I can think of at least one version of DRM that has worked. Steam. It is essentially DRM. But it's good DRM and is accepted as such by those who are aware of it. The trade-offs are few and the benefits actually surpass any of the usual DRM problems/critiques.

            In fact, I avidly avoid anything that has DRM, with the exception of Steam. But that's just me.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, Jul 30th, 2012 @ 6:51am

              Re: Re: Re: Re: Re: Not DRM...

              Stea DRM works... unless you have to go somewhere with shitty or no internets and you're stuck there for a while. Then you're fucked even for singleplayer.

               

              reply to this | link to this | view in chronology ]

              •  
                identicon
                Anonymous Coward, Jul 30th, 2012 @ 6:53am

                Re: Re: Re: Re: Re: Re: Not DRM...

                Oh, and steam games are still pirated.

                 

                reply to this | link to this | view in chronology ]

              •  
                icon
                Pitabred (profile), Jul 30th, 2012 @ 8:21am

                Re: Re: Re: Re: Re: Re: Not DRM...

                ...really? I can start Steam in offline mode, and the games I've tried playing all seem to work. Even in single player. But you do have to do a bit of prep to make sure:

                https://support.steampowered.com/kb_article.php?ref=3160-agcb-2555

                 

                reply to this | link to this | view in chronology ]

                •  
                  identicon
                  varagix, Jul 30th, 2012 @ 9:01am

                  Re: Re: Re: Re: Re: Re: Re: Not DRM...

                  I'm a Steam user myself, and while I've rarely had problems, I know people who either could not use Offline mode, or Offline mode didn't work like it was suppose to. And as was said before, Steam games still get pirated, so the DRM still doesn't 'work'. All the value in Steam comes from its UI, user tools, and the plethora of sales they regularly host.

                   

                  reply to this | link to this | view in chronology ]

                  •  
                    icon
                    The eejit (profile), Jul 30th, 2012 @ 10:26am

                    Re: Re: Re: Re: Re: Re: Re: Re: Not DRM...

                    Offline mode is like Chaos: for some it works, for others, you have to sacrifice a goat on the eve of a BLue Moon whilst chanting the theme to Psychonauts backwards.

                     

                    reply to this | link to this | view in chronology ]

                    •  
                      icon
                      ltlw0lf (profile), Jul 30th, 2012 @ 11:16am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Not DRM...

                      Offline mode is like Chaos: for some it works, for others, you have to sacrifice a goat on the eve of a BLue Moon whilst chanting the theme to Psychonauts backwards.

                      I've had mixed success. On my game machine, Steam just works, offline or not. But since it is always connected to the internet except when the ISP is borked, it should work. On my laptop (until I got rid of Windows,) I followed the exact procedure several different times and it never seemed to work right (sometimes I could play the games, but most of the time it just didn't work.) Getting it working on the laptop was kinda important, because that was the one machine which would go places where there wasn't reliable internet.

                       

                      reply to this | link to this | view in chronology ]

            •  
              icon
              AzureSky (profile), Jul 30th, 2012 @ 9:40am

              Re: Re: Re: Re: Re: Not DRM...

              steam drm dosnt work to stop piracy, check out l4d/l4d2/portal2 and most other steam games are torrent-able soon after release......the steam versions of some games are easier to pirate then the rest.....so it dosnt work to stop piracy in the way DRM proponents insist, steam promotes purchase due to good prices and excellent service.

               

              reply to this | link to this | view in chronology ]

          •  
            icon
            Tim Griffiths (profile), Jul 30th, 2012 @ 6:50am

            Re: Re: Re: Re: Not DRM...

            Steam. Steam is actually a very restrictive DRM system and actually I think still needs lots of improvements. I shouldn't for example still have issues with getting in to offline mode if I'm unexpectedly put offline.

            Yet for the most part users view it as "fair" and any pain the DRM is causing is off set by the features and value that the client adds. Valve understands it's user base and does not have to answer to panicy share holders over "OMG PIRACY" while ubisoft have largely shown they have no idea what they where doing. It's only been through user back lash that we've seen any improvement from them lately.

            Anyway, DRM is always a bad thing for the end user. Always. Yet so long as it's not awful and the DRM also comes with features we like then it's a trade off people can be willing to make.

             

            reply to this | link to this | view in chronology ]

          •  
            icon
            Marcel de Jong (profile), Jul 30th, 2012 @ 7:23am

            Re: Re: Re: Re: Not DRM...

            I don't agree with the ShillTroll (in fact I reported him), but one DRM that has worked is Steam.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, Jul 30th, 2012 @ 7:25am

              Re: Re: Re: Re: Re: Not DRM...

              Except when the games get pirated. :P

               

              reply to this | link to this | view in chronology ]

              •  
                icon
                Tim Griffiths (profile), Jul 30th, 2012 @ 8:50am

                Re: Re: Re: Re: Re: Re: Not DRM...

                I'm pretty sure the steamworks makes it nearly imposable for a cracked version of a game to come out before it's realised on steam as game files are encrypted and key content is missing from preloads and game disks. Proof that the only effective DRM is DRM that makes a product unusable. I would need to look this up to be sure but that is my current understanding.

                Once a game is available on steam it will most likely be cracked with in a day but at that point steam as done it's main job, to stop pirates getting their hands on a game before it's out. Which is actually a major thing in a world where not only can people get a game for free but they could be playing it before any one willing to pay would be able to do so.

                DRM is not so much about actually stopping pirates but about the fact that publishers often have to ensure their shareholders that they are doing something about them there evil pirate types. Valve would never ever have gotten steam off of the ground if it hadn't come with a set of DRM. With out steam getting off the ground DRM free services like good old games wouldn't have had a look in and even then GOG is doing well more out of a the fact that the industry is very slowly being brought around to the idea that it's better to see pirate copies of the game then turn away consumers who might buy it.

                The fact that people calling steams DRM one that works even when it's crackable is reflective of the fact that DRM is an issue of degrees. How much protection does it offer vs how much restriction does it impose and steam has struck a balance that works for most publishers and most gamers mainly by seeking to offset the problems of DRM through adding other value via the use of steam.

                I actually think that valve would happily and effectively DRM free if they could but in the current clement it wouldn't go down well with a lot of publishers. Even if valve only went DRM on their own games it would require the ground work for such a system be put in place in steam and publishers would see that as a move by valve to pushing this issue in the market they currently dominate. Which would have publishers fighting back hugely and could easily sink steam.

                Steam is proof that DRM that offers some effectiveness in publishers eyes can be accepted by a user base because it adds value. In fact people value steam as a service so much they are often willing to rebuy games on steam they already own in another format just to have them on the service.

                It's not ideal but I firmly believe that if some one other than valve had pushed the DD market first we'd all be far worse off.

                 

                reply to this | link to this | view in chronology ]

                •  
                  icon
                  AzureSky (profile), Jul 30th, 2012 @ 9:44am

                  Re: Re: Re: Re: Re: Re: Re: Not DRM...

                  thats not the point, DRM is ment to stop "piracy" (copyright infringement) you cant say steams done that, it may prevent games that are steam only from being leaked early, but it dosnt stop them from being copied and shared.....

                   

                  reply to this | link to this | view in chronology ]

                  •  
                    icon
                    The eejit (profile), Jul 30th, 2012 @ 10:28am

                    Re: Re: Re: Re: Re: Re: Re: Re: Not DRM...

                    No, but what it does do (without extarnal intereference) is have all your games in a single login, available as soon as you purchase the game. For 99% of games, it's download -> play.

                    That's it. There are issues (such as regional pricing bullshit) around the price points, but nothing is perfect.

                     

                    reply to this | link to this | view in chronology ]

                  •  
                    identicon
                    Anonymous Coward, Jul 30th, 2012 @ 10:34am

                    Re: Re: Re: Re: Re: Re: Re: Re: Not DRM...

                    I think while the ideal would be stopping piracy, the real goal of DRM is to significantly reduce it.

                    While you are correct in saying that steam does not stop piracy, which i think is simply impossible. I believe it has been rather effective in reducing it. Of course when publishers decide to layer their own DRM on top of steam... i'm not sure i'm convinced steam can make up for stupid

                     

                    reply to this | link to this | view in chronology ]

                  •  
                    icon
                    Tim Griffiths (profile), Jul 31st, 2012 @ 1:32am

                    Re: Re: Re: Re: Re: Re: Re: Re: Not DRM...

                    No DRM is or ever can be fully effective at stopping piracy. Most people understand that. Hell even the MPAA understands that, they've made it illegal to break DRM locks even if you are going to do something you are other wise legally allowed to do. This exists purely because it gives them a veto on new products... if they don't like a product they stick a lock on their content that stops it working and the new product becomes illegal.

                    Most DRM is put in place these days by people who either don't understand that DRM can't be fully effective or are having to answer to backers who don't understand that. Like I was trying to point out steam wouldn't have ever gotten off the ground if it had built in DRM.

                    Most anti piracy measures as a whole are aimed at making it harder to do for most people. Take the resent take down of the youtube to mp3 site. Any one who's posting here likely has the knowledge to still easily to get a MP3 of a youtube video and hell a lot of people know enough to use a browser extension to do so. But taking down that site is not aimed at them, it's aimed at people who are being enabled by the site.

                    I know it can be hard to understand for those of us who are technically minded but downloading and cracking a game is actually a relatively high bar to have to pass. It's of course meaningless in the long term as not only is most of the target market perfectly technically minded but people are getting more competent on the whole and things are getting easier and easier to do.

                    The point is that you are insisting that DRM is simply there to stop piracy. It's not. As you point out DRM is utterly ineffective so you have to ask WHY it's used in products like steam and in context of the market steams DRM does exactly what it is meant to do. Stop early leaking of steamworks games and assure publishers (more the shareholders of those publishers) that steam does something to try and stop piracy so that those publishers can justify to their shareholders why it's ok to use the service.

                    DRM is at this point about far more than actually trying to stop piracy and "stopping" piracy has been downgrading to "doing something to try and limit it".

                     

                    reply to this | link to this | view in chronology ]

                    •  
                      icon
                      Sheogorath (profile), Sep 7th, 2012 @ 8:35pm

                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Not DRM...

                      This exists purely because it gives them a veto on new products... if they don't like a product they stick a lock on their content that stops it working and the new product becomes unusable.
                      Fixed that for you, Tim Griffiths.
                      BTW, it's possible that YouTube to MP3 has simply been blocked in certain areas, because I've just tried to access it and it's still there.

                       

                      reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 30th, 2012 @ 6:45am

          Re: Re: Re: Not DRM...

          I've never had a game that chrashed because of lack of DRM.

          I've had security risks becuase of DRM

          I've had payed for games not launch the singleplaer because the DRM determined that I didn't start the game while online.

          I've had paid-for games not intalled because the DRM maker wrongly assume the only use for them is to copy commecial disks.

          So yes, DRM is malware and Mike is right on the money on this issue.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            AzureSky (profile), Jul 30th, 2012 @ 9:47am

            Re: Re: Re: Re: Not DRM...

            try titan quest, even legit copies can crash from the DRM in the orignal game.....with no warning or message as to why they just closed out on you.....(why the game got a bad reputation)

            the dumbshits made their own DRM that was only sposta crash "pirates" but it randomly effected legit copies as well :P

             

            reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 30th, 2012 @ 6:46am

          Re: Re: Re: Not DRM...

          I've never had a game that chrashed because of lack of DRM.

          I've had security risks becuase of DRM

          I've had payed for games not launch the singleplaer because the DRM determined that I didn't start the game while online.

          I've had paid-for games not intall when a dvd burner was detected because the DRM maker wrongly assume the only use for them is to copy commecial disks.

          So yes, DRM is malware and Mike is right on the money on this issue.

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 30th, 2012 @ 6:46am

          Re: Re: Re: Not DRM...

          I've never had a game that chrashed because of lack of DRM.

          I've had security risks becuase of DRM

          I've had payed for games not launch the singleplaer because the DRM determined that I didn't start the game while online.

          I've had paid-for games not intall when a dvd burner was detected because the DRM maker wrongly assume the only use for them is to copy commecial disks.

          So yes, DRM is malware and Mike is right on the money on this issue.

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          E. Zachary Knight (profile), Jul 30th, 2012 @ 7:20am

          Re: Re: Re: Not DRM...

          You want proof that DRM never works? Please provide me the name of a DRM using game that has never been pirated. I will wait.

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          Coyote (profile), Jul 31st, 2012 @ 6:33am

          Re: Re: Re: Not DRM...

          Ding, ding ding! We have a winner for the least informed comment of the day!

          There have been STUDIES, by legitimate companies, everywhere that have, and do state right up that DRM does NOTHING to deter piracy rates. NOTHING. They have done nothing, they continue to do nothing. The reason DRM even exists is just because the companies stop potential product leaks before the game's released. That's literally all DRM is for now.

          DRM is pointless, essentially, except for not leaking your product one day ahead or so. Hackers get past it no problem. The only 'problem' is online-only DRM, and we've already seen the backlash from that with Diablo 3 and Ubisoft.

          DRM is, by definition, evil. You're literally punishing your legitimate customers for paying for a product, because you think they're all just thieves or pirates or infringers and treat them as such.

          CD Projekt Red said something along the lines of DRM, in fact, that point out how stupid and useless it is; did they use it? Sure. But then they sent a patch removing it. It's that simple.

          The only way to combat piracy is by providing a superior service. If you ignore that, you're ignoring reality. So go ahead and ignore reality, it's not like logic's stopped you before.

           

          reply to this | link to this | view in chronology ]

      •  
        icon
        Tim Griffiths (profile), Jul 30th, 2012 @ 6:44am

        Re: Re: Not DRM...

        In this case the plugin could exist with out the DRM and the DRM could exist with out the plug in but while it's unlikely the plugin as is would have been created if the DRM hadn't been it's the result of ubisoft trying to provide a DRM neutral feature.

        You've got a valid point on this one. I love any chance to bash ubisoft, if you look at my post history I spent a while the other week trashing blizzard for the whole Diablo 3 always online mess and it's something I take very seriously. Yet the fact is this plug in could have been a feature of completely DRM free ubisoft store/social system. It's mind numbing that they let it happen and it calls in to question my willingness to have anything from them installed on my system, especially if it's something as intrusive as DRM can be.... but ya... not an case for "DRM IS EVIL" this time I feel.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Tim Griffiths (profile), Jul 30th, 2012 @ 6:54am

          Re: Re: Re: Not DRM...

          Actually I want to amend that a little bit.

          If this was not part of a DRM system then you wouldn't have been forced to install it. And while a lot of people may have installed it anyway for what ever reason the only reason every one who owns a ubisoft PC game has it installed is because of the systems role, as a whole, as acting as DRM.

          The plugin and the hole it creates is not directly related to the DRM but it is a required feature of it.... take that as you will.

           

          reply to this | link to this | view in chronology ]

      •  
        icon
        Jeremy2020 (profile), Jul 30th, 2012 @ 10:24am

        Re: Re: Not DRM...

        The 'DRM' portion is that it is 'required' to login. Take Heroes of Might and Magic VI for example which I bought off steam.

        You are REQUIRED to login to uplay (which is done through a browser) to launch the game.

        Perhaps, you should understand what you're talking about *BEFORE* spouting off about it.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 30th, 2012 @ 11:44am

        Re: Re: Not DRM...

        It's a convenience tool for the bad DRM that has been installed in the first place.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Ninja (profile), Jul 30th, 2012 @ 5:31am

      Re: Not DRM...

      You do have a point.

      But to my understanding, this plugin is not specific of any game but rather from Ubisoft's Uplay (which is a DRM in itself). So the plugin actually comes from a half assed DRM tool. So in the end the article point still stands.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    silverscarcat (profile), Jul 30th, 2012 @ 5:01am

    This ain't DRM!

    It's spyware!

    And now we know the truth!

    Ubisoft is nothing more than a company that produces nothing but spyware and is knee deep in phising scams.

    They want all your data!

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Zilberfrid (profile), Jul 30th, 2012 @ 5:06am

    Piracy incentive

    Another nice example of a game developer making the pirated versions easier and safer to use then the paid game.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 30th, 2012 @ 5:14am

    these companies will only start to worry and take notice of customers when those customers take the best action available and stop buying the games. hurts in the pocket are the best hurts to inflict!

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      MRK, Jul 30th, 2012 @ 6:07am

      Re:

      When customers stop buying the games, the publishers decry "piracy" and come up with even more invasive DRM.

      IP publishers don't really understand the concept of customers voting with their wallets. The publishers assume that they will have sales growth year after year, no matter how crappy the music/movies/games are. Any shortfall in that expected growth is assumed to be piracy.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 30th, 2012 @ 7:20pm

      Re:

      That doesn't work.
      The publishers just assume that if they are not making money hand over fist that people are pirating it instead of buying it (they don't need or even want proof, they just want to blame piracy for their latest craptastic game with it's craptastic DRM, not selling), and that means they need more DRM... and so the cycle continues.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    abc gum, Jul 30th, 2012 @ 5:18am

    "The company took a massive hit for this"

    Sony was subjected to a massive (verbal) hit in the media and blogs, but afaik was not prosecuted for their egregious behavior nor did they suffer much financially. A few people refuse to knowingly purchase anything from Sony, but the majority remain unaware or do not care. Can you imagine the uproar and righteous indignation resulting from an individual secretly installing a rootkit on millions of personal and business computers? Certainly we would be in need of a rootkit czar to coordinate the efforts of the war on rootkits.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Rikuo (profile), Jul 30th, 2012 @ 5:20am

      Re:

      Sony itself wasn't prosecuted but last I heard, the store that sold the rootkit-laden CDs was ordered to pay the repair costs of a customer's PC. That was because of UK laws, where the seller assumes all responsibility for damages arising from a faulty product, even if they didn't manufacture it and clearly had no knowledge of it.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Ninja (profile), Jul 30th, 2012 @ 5:40am

      Re:

      Oh their reputation got a hit yes. And you do have a point, they should have paid for the repairs and fined in millions to prevent it from happening again. But karma is a bitch, they lost millions in the PSN event not long ago ;)

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Marcel de Jong (profile), Jul 30th, 2012 @ 7:26am

      Re:

      To this day, since that rootkit debacle, not one Sony product has entered my house. And that includes the movies, the music but also their hardware division.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      That Anonymous Coward (profile), Jul 30th, 2012 @ 10:35am

      Re:

      I don't have to imagine that scenario, they have been pushing for that for the last few years.
      Skype is suddenly more tappable.
      All internet traffic seems to be going through black boxes, but I shouldn't worry if I am "good people" (tm).
      They keep pushing to have a copy of my use of the internet for 2 years, again saying if I am "good people" (tm) I shouldn't be worried.
      I have an agency blocked by law from spying on US citizens, harvesting massive amounts of data on citizens to make sure we all are "good people" (tm).

      The pundits are screaming how hackers could set the earths core to detonate with a browser, but the response to corporations and agencies hacking peoples machines/connections is to ask for the rights for them to do even more.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    John, Jul 30th, 2012 @ 5:25am

    STOP BUYING

    I see so many people complaining about DRM. If you want it to stop, quit buying games that require internet connections, unsecure add-ons, etc. If you support companies that use this business model, then you are part of the problem.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Bengie, Jul 30th, 2012 @ 5:39am

      Re: STOP BUYING

      What about the uneducated end user who doesn't know all of that stuff and when you even mention it, it goes over their head?

      While you say "Sucks to be them", we all have to suffer for their ignorance.

      I have a hard time blaming those who are ignorant, so I would rather blame Ubisoft.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        relghuar, Jul 30th, 2012 @ 5:58am

        Re: Re: STOP BUYING

        I don't have a hard time blaming ignorants. Actually I have a very easy time.
        I'm pretty sure you wouldn't hesitate to blame the man who drove you over with his car, if you found out not only has he no driver's licence, but also never bothered to learn basic traffic regulations??

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Bengie, Jul 30th, 2012 @ 6:38am

          Re: Re: Re: STOP BUYING

          I was think more along the lines of someone with down's not being able to take care of themselves.

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Jim McGinn, Jul 30th, 2012 @ 8:22am

          Re: Re: Re: STOP BUYING

          This, I deal with it every day.

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 30th, 2012 @ 11:19am

          Re: Re: Re: STOP BUYING

          "I'm pretty sure you wouldn't hesitate to blame the man who drove you over with his car, if you found out not only has he no driver's licence, but also never bothered to learn basic traffic regulations??"



          How does that equate to ignorance? Your analogy is piss poor. I am sure you can do better.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            relghuar, Jul 31st, 2012 @ 1:17am

            Re: Re: Re: Re: STOP BUYING

            Whooops... if THAT is not ignorance, I really don't know what is.
            I agree it may not happen very often these days, because by now it's pretty much too ignorant (and quite suicidal) for almost anyone to risk driving without basic knowledge how to avoid other "obstacles" on the road :-). But as an analogy (or hyperbole perhaps?) I believe it still stands. You solely would be to blame if you caused damage/harm by driving against regulations even if you didn't know which ones you were breaking, and this doesn't only go for driving. I think the legal principle is called "Ignorantia juris non excusat". This, as well, should not only go for law.
            Bottom line - you should always know what you're buying. You can complain about any "features" of the product as much as you like, but as long as the manufacturer/author doesn't try to hide them, it was only your decision to buy the product without getting relevant information. And if he does try to hide them (see sony and their rootkit), well, personally that would be the last thing I ever bought from this company/person, ever.

             

            reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 30th, 2012 @ 5:47am

      Re: STOP BUYING

      I know people who have bought games and were unware that drm is the cause of a lot of the issues they were experiancing.

      But yeah, I don't buy Ubisoft products or anything else that includes DRM malware.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 30th, 2012 @ 5:49am

      Re: STOP BUYING

      Done. No Diablo III money for Blizzard from me.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Ninja (profile), Jul 30th, 2012 @ 5:49am

      Re: STOP BUYING

      Or we can rise awareness to the ridiculousness. Some games are awesome and actually worth buying but the DRM will actually take value away.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      PaulT (profile), Jul 30th, 2012 @ 6:23am

      Re: STOP BUYING

      "I see so many people complaining about DRM. If you want it to stop, quit buying games that require internet connections, unsecure add-ons, etc"

      I do, but then the idiots in control of these things assume that the downfall in sales is due to piracy and double down on their idiot DRM tactics.

      There's a 2 pronged approached required here. One step is to not buy DRM-infected crap. The other is to make sure the company knows that it's DRM, not another more convenient scapegoat, that's the cause of their dropping sales.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Tim Griffiths (profile), Jul 30th, 2012 @ 6:34am

      Re: STOP BUYING

      What's funny is that I've avoided Uplay utterly until the steam sale the other week where I picked up an assassins creed game cheap enough that I was willing to write off the crappy DRM but only because it is no longer "always on" crap.

      I was really enjoying the game too and now the first thing I have to do when I get home is uninstall it. On the bright side it will let me go on to play one of the stack of other games I also brought in the steam sale!

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Gyre, Jul 30th, 2012 @ 6:35am

      Re: STOP BUYING

      That'd be nice if it wasn't for the fact that more and more games come demanding constant internet access and the like. They will just continue with ideas like Diablo 3, safe in the knowledge that anyone who wants to play this major game will have to shut up and roll over for them.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 30th, 2012 @ 7:59am

      Re: STOP BUYING

      Done.

      I was playing this.
      xenowar.net

      Which is an Android version of the UFO: Alien Invasion.
      http://ufoai.org/wiki/index.php/News

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 30th, 2012 @ 6:05am

    Ubisoft may be punished hard by this

    Cue the Ubisoft made botnets in 3...2...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 30th, 2012 @ 6:12am

    Easy. Security is better when systems are open and distributed. Installing software that is closed and centralized as a requirement to play a game, not so much...

    It's like you can just see companies digging there on graves sometimes...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 30th, 2012 @ 6:17am

    These are the kind of things that need regulating, if you cant guarantee security and privacy to a high level, then you shouldn't have the right to release it, not when your reputation as a company is on the line, for those who care that is, for those who don't, well that's just the equivalent of you saying a big fck y'all, internet etiquette man, internet etiquette.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 30th, 2012 @ 6:28am

      Re:

      And this is from a high profile company we assume takes these things into consideration, we still have to content with other companies who actively go out to be malicious, and those like ubisoft who supposedly do it through ignorance, because you see that the catch, we are all gonna automatically think, Was it ignorance?, if companies keep repeating them, or are they just completely incompetent when it comes to these issues, which for us, well those who care about it, is very important aspect to using the net

      Privacy and security should not be an option, it should be a god damn right, with no exceptions to that fact.

      Theses are the concerns that cyberbills should tackle, without having to do the very same thing (or worse) that the "cyberbill" is trying to prevent

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 30th, 2012 @ 8:04am

      Re:

      No regulations for me please.

      The government should only get involved in clarifying things like conducting research on security and how to develop things securely so they can open their mouth when things are fragrantly wrong.

      Those same regulations over time will evolve into insurmountable barriers to entry into the market.

      So no, no regulations.

      Research into best practices and awareness campaigns are all good but actually trying to govern how things are done specially in a field where there is no way to guarantee the final product will be bug free is out of the question.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 30th, 2012 @ 6:35am

    i.e

    Mandate that all companies adhere to a strict privacy and update security regime, and if it is found that they have willfully ignored it, fine their ass.

    Enough that it hurts, not to ruin, unless they consistently abuse, off course the amount would have to take the company into account, if you fine a company 10million, who clears 25million, more then likely they'll lift their socks. If you fine 10million to a company who clear 10billion, oh yeah, im sure that be enough incentive

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 30th, 2012 @ 8:06am

      Re:

      You know how such legislation will be used right?

      It will be used as a barrier to the market and to exclude lesser players in fact galvanizing bigger players into the market which will have the ears of judges and government officials while the rest scramble.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Ben S (profile), Jul 30th, 2012 @ 9:39am

      Re:

      Simplest way to do this, is to fine based on the yearly gross. Pick an appropriate percentage, and fine accordingly. This prevents creative accounting methods by not basing it on "net profit", and scales with the size of the company in question.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 30th, 2012 @ 6:39am

    Kill bit

    Microsoft and Mozilla should set the kill bit for that plugin.

    In case of broken plugins like this one, both browsers have an automatically-updated blacklist to disable the plugin. It is often used when a badly written plugin is crashing the browser a lot in the wild.

    For Mozilla, here it is: Blocklist npuplaypc.dll (uplaypc/Ubisoft Uplay) plugin.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 30th, 2012 @ 9:46am

    UBISOFT ONLINE PRIVACY STATEMENT

    UBISOFT ONLINE PRIVACY STATEMENT

    Q5 What kinds of security measures do we take to safeguard your personally identifiable information?

    A5 The security and confidentiality of your personal information is extremely important to us. We have implemented technical, administrative, and physical security measures to protect your personal information from unauthorized access and improper use. To prevent unauthorized electronic access to personal information, we maintain information collected online behind a firewall-protected server; use SSL encryption for purchases made through our online store; limit access to only those employees performing a legitimate business function; store your personal information on servers separate from other corporate information and systems; verify your identity by asking you for information only known to you; and notify you by email and by posting a notice on our website if we learn that a breach has occurred. From time to time, we review our security procedures to consider appropriate new technology and methods. However, please understand that, despite our best efforts, no security measure is perfect or impenetrable.


    “The security and confidentiality of your personal information is extremely important to us.”

    “To prevent unauthorized electronic access to personal information, we . . . limit access to only those employees performing a legitimate business function”

    “The security and confidentiality of your personal information is extremely important to us.”

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    John Fenderson (profile), Jul 30th, 2012 @ 9:49am

    This is not a rootkit

    I'm not saying that it isn't a terrible thing, but "rootkit" has a specific technical meaning, and this doesn't qualify.

    Specifically, an important part of what makes something a "rootkit" is that it uses privileged access to the machine to actively hide its presence from the OS itself.

    This is a browser plugin that not only is plainly visible but can be disabled.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      JMT (profile), Jul 30th, 2012 @ 3:04pm

      Re: This is not a rootkit

      Nobody said it was a rootkit.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        That Anonymous Coward (profile), Jul 30th, 2012 @ 4:59pm

        Re: Re: This is not a rootkit

        In his defense I do think I say a headline over on /. saying rootkit, and I am sure some people reported it that way.

        What this is, is a crapily made program and exposes customers to huge risks.

        And while he points out you can disable it, that would involve people knowing it was installed by the game, that the addon is a complete flaming failure that opens up a security hole all so this company could launch the game from your browser.
        Ubisoft isn't the company breaking this story, it is security researchers. Ubisoft quietly updated the program and let everyone else take the lead on informing consumers about this.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), Jul 31st, 2012 @ 8:38am

          Re: Re: Re: This is not a rootkit

          Yes, I had jsut come off of reading the /. story, and kneejerked when I saw the reference to the sony rootkit fiasco in the OP. Sorry.

          I do think comparing the two is incorrect, though. They are disasters of different flavors.

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    Sigfried, Jul 31st, 2012 @ 5:44am

    DRM: Noun. The practice of relentlessly begging one's users to use piracy instead of purchasing. See also: Unskippable dvd trailers; iTunes.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 31st, 2012 @ 11:36am

    I agree this is a horrible plugin.

    However developers have the luxury of making online servers required for play(wow, d3, tor) which still allows them to charge for the software.

    I'm wondering if Mike is also against that.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    hopponit (profile), Aug 2nd, 2012 @ 5:47pm

    sony rootkit

    Sony got caught in a big flap about rootkits before but I never heard more about an earlier example. Back in the late '90s on my first PC I purchased Beem, an emulator for playing Play-station games on PCs. I used it to play the games while my kids were hogging the consoles. It worked pretty well till Sony took them to court and caused them to go out of business. Older games would still play. But if you tryed a game launched after Sony started to go after them suddenly Beem wouldn't work. Even games that had played stopped functioning until you re-installed your OS and then only with the older games. Run a newer game and you were back to re-installing the OS. I have boycotted all new Sony products since then. Before that I was pretty much a big fan-boy of Sony. May they get much sand in their swim trunks at the beach:) We just got our third new Xbox, never another Play-Station!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    michealPW, Feb 4th, 2014 @ 5:58am

    Not DRM nor Rootkit

    "facing a "rootkit moment" of its own?"

    Well no, this is nowhere near a Rootkit. Rootkits modify the operating system's Kernel in order to hide locations from the user, such as a folder or file sitting at the root of your disk (C:\)

    In fact, this isn't even DRM... Digital Rights Management enforces licenses and copyright restrictions.. This was just some terribly planned (Not even so much bad code, but an awful plan from the very get-go to remotely-launch random programs.)

    For argument's sake, what I mean by bad plan, not bad code: If anything, when you click a link in a webpage it *could* trigger an already-installed launcher to run. Same way Steam and many other things work. You simply have the launcher register itself as a handler of some protocol.. Like the UBI:// protocol. Then whenever a link beginning with that protocol is clicked, your browser launches the UBI launcher and passes the address along to it... That way the enforcement is in the launcher and it's not just a random request to run *anything* on your machine.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This