Capcom Releases DRM For Street Fighter 5, Promptly Rolls It Back When It Screws Legitimate Customers
from the sigh dept
It should be quite clear by now that DRM is a fantastic way for video game makers to keep people from playing their games. Not pirates, though. No, those folks can play games with DRM just fine, because DRM doesn’t actually keep piracy from being a thing. No, I’m talking about legitimate buyers of games, who in example after example after example suddenly find that the games they bought are unplayable thanks to DRM tools that work about as well as the American political system. And yet DRM still exists for some reason, as game makers look for some kind of holy grail piece of software that will turn every past pirate into a future dollar sign.
This search for the perfect DRM continues, as we have just the latest story of DRM gone wrong. This story of the Street Fighter V DRM, though, is a special kind of stupid because it was put in place via a software update release, meaning that a game that worked perfectly one day was bricked the next.
The doodad was announced on Thursday shortly before the update rolled out. Capcom called it “an updated anti-crack solution (note: not DRM) that prevents certain users from hacking the executable.”
They continued, “The solution also prevents memory address hack that are commonly used for cheating and illicitly obtaining in-game currency and other entitlements that haven’t been purchased yet.”
This DRM that Capcom insisted wasn’t DRM apparently set off anti-virus software for a ton of legitimate customers, triggered warnings from Windows security software, caused PC crashes for others, and even killed one person’s new puppy. Okay, that last one didn’t actually happen, but the rest did, and it’s the exact sort of thing that DRM shouldn’t do: screw those who actually bought the game. On top of that, it seems the update gave the game a rather deep level of access into any PC it was installed on, leading some to warn others off from buying it entirely.
As a result of the backlash, Capcom rolled back the DRM via another update pretty quickly, but one has to wonder just how many potential customers were lost in the meantime and how that number compares with the number of potential pirates that were turned into paying customers during that same time period. It would take more imagination than I have to dream up a version of reality in which the latter outnumbered the former, making this attempt at DRM a complete bust.
But, then again, they’re all busts, really. So why are we wasting our time with DRM still?
Filed Under: drm, legitimate customers, piracy, street fighter
Companies: campcom
Comments on “Capcom Releases DRM For Street Fighter 5, Promptly Rolls It Back When It Screws Legitimate Customers”
NOW you know why I only buy DRM-free games.
And won’t even think about Steam.
GOG rulez!
"Honest, this /next/ patch won't crash your system like the last one, I promise."
As a result of the backlash, Capcom rolled back the DRM via another update pretty quickly,
And of course Capcom realized their mistake, apologized, and will never do something that stupid and anti-paying customer again, meaning that people can totally trust the next update Capcom throws out not to trash their systems, right?
Meanwhile in the land of eye-patches and parrots the cracked versions of the game continued to run without a hitch, interspersed with chuckles as the poor sods who paid learned the hard way that in the eternal game of ‘whack-a-pirate’ some companies insist on playing the pirates are pretty much the only group not affected, quite unlike the paying customers.
Re: "Honest, this /next/ patch won't crash your system like the last one, I promise."
What about online play?
The (stated) purpose of the DRM was to avoid people playing online with cheats. Can pirates play on Capcom’s servers, or is there a server-side way of detecting whether the player is running a modified copy of the game?
Re: Re: "Honest, this /next/ patch won't crash your system like the last one, I promise."
Not now nor ever relevant to someone whose lawfully acquired game is FUBAR’d by a supposed patch.
Re: Re: Re: "Honest, this /next/ patch won't crash your system like the last one, I promise."
I didn’t ask the question on behalf of anyone whose lawfully acquired game was FUBAR’d by a patch. (Nothing “supposed” about it, it was definitely a patch; just a patch that did very bad things.) Neither did I ask it on behalf of anyone whose system was exposed to a massive security flaw by said patch. I was not defending the patch.
I asked the question in response to somebody who said pirates were unaffected. I think the question of whether pirates were affected is entirely relevant to the conversation, because the argument that DRM doesn’t work is stronger than the argument that DRM is bad for customers.
If you don’t know the answer to my question, that’s cool, you don’t have to answer. But don’t tell me my question is irrelevant. Erecting a strawman instead of just answering my damn question is irrelevant.
Re: Re: Re:2 "Honest, this /next/ patch won't crash your system like the last one, I promise."
Please wind your neck in.
Doing right by those that PAY YOU is ALWAYS more relevant than anything else. When DRM screws over and alienates your last line of defense, the paying customer, whether or not pirates were affected is absolutely and utterly irrelevant.
Re: Re: Re:3 "Honest, this /next/ patch won't crash your system like the last one, I promise."
In other words, “I don’t know.”
You could have just said “I don’t know.”
Not just the game
the “update” installs a self-signed driver (using a cert issued by Symantec). That driver has no security, meaning any program can bind to it, and it only has one function: to disable SMEP (an exploit mitigation feature which prevents the kernel from executing code in userspace), and then jumps to a user-provided function pointer.
In other words, it gives anyone who cares kernel-level access to your computer.
All to prevent people from bypassing microtransactions
Re: Not just the game
If that is true, then what they actually did was distribute malware, which is illegal and can put them at risk of a lawsuit.
Re: Not just the game
In other words, malware.
Re: Re: Not just the game
DRM, Malware, potayto, potahto.
Re: Re: Re: All men are Socrates
Not really. All DRM is malware, but not all malware is DRM.
You know...
the only programs who had an actual third-party low-level audit focused on the way they interact with your computer’s general operation are cracked programs.
The more we see DRM on the level of rootkits, the more it becomes essential for people to use only cracked programs.
Crackers may go to jail for malicious code. The software producers tend to exclude that consequence in their EULAs.
Between the rock and the hard place
[Disclaimer: I work in the video game industry]
Developers don’t have a simple choice and most people don’t realize taht differences in the game type make a big difference in strategy. This causes the rest of the world to lump the problems into one big heap of “bad”.
Games that have multiplayer as the central feature can get away from DRM (in the true sense of limiting build copies) as the account can be validated when you log in. BUT if you don’t have protection on the game code then greifers and cheaters find ways to ruin game play for everybody. Either they will hack in cheats to give them major advantages (and ruin the game balance) or take advantage of free trials to make a bunch of “burner” accounts that they will use to grief others. There are new systems that will kick out players that have stats that are “too good” (and likely using cheats) but those have to be carefully balanced or risk punishing players that are just really good.
Single player games that don’t have multiplayer as the central feature will tend to rely more on DRM (to prevent unauthorized copies) as they don’t have a constant check to validate the user owns the game like an online game does. Game Developers tried to innovate to find other ways to make money with micro transactions and DLC (so the base game becomes more of a loss leader/commodity) but the community doesn’t like that either (it is hard to find the right balance).
Although each pirated copy doesn’t equal a lost sale, when you realize that a good game dev is $100K+ a year, hiring a small team of 10 takes a lot of money so maximizing sales becomes critical just to pay the bills. Then add on the producers, managers and scores of QA you need to get a game to a playable state and the space to house them we are talking $$$. Now add in another couple of specialized developers to prevent game hacks, you get my point.
So in the end game developers and publishers have to rely on the goodness of people to buy the game while having to protect them by combating those that just want to grief others or get something for free. Do they get the balance off sometimes… yes, is it malicious or evil… probably not.
The video game industry has a LOT of innovation at all levels from marketing to game code to protecting the assets, gaming companies need to innovate just to survive in a crowded market. But like all innovation, some pans out as good and some is just bad. There are good decisions and bad ones in any company but gamers are a very vocal passionate group so any wrong doing becomes a spectacle.
My 2 cents.
Re: Between the rock and the hard place
uh… yes it is in fact malicious AND evil.
The professional game making industry is burdened by huge numbers of middlemen and publishers sucking things dry. According to your post, indie games should not be possible because there is NO way they could afford to produce a game without “scores of QA”. The professional gaming industry is sawing off its own leg to save a foot.
EA, Capcom, Nintendo, Sony and all the other publishers needs to die, just like all of the MafiAA’s out there in the media industry that do nothing but devise ways to bilk the consumers & artists out of as much money as they can.
I do not necessarily begrudge the people working in mainstream video games, but at the end of the day. Just like my day job. I work to make my bosses richer while I just make a living while also being fed a line of bullshit about costs that need to be cut on my end of the bargain while the execs waste money left and fucking right.
Re: Between the rock and the hard place
While I sympathise with and understand this (I’m a commercial software developer myself), the industry is still somewhat missing the point.
DRM isn’t going to prevent piracy or increase sales. It never has and it never will. Pirates gonna pirate, freeloaders gonna freeload.
What can increase sales is making a better game (take the time and money spent on DRM and spend it on something else) and making the game more available. If you release on Steam only, I’m not going to buy it. I won’t pirate it either, but the end result is the same: you get no money from me. But if you release it on GOG, I will buy it if I like it. (Steam and GOG used for comparision purposes only; I’m not tied to either.)
You can’t ‘fix’ the pirate gamers. But you can ‘fix’ the didn’t buy gamers by giving them something they want.
Customers can survive without games. Games cannot survive without customers.
Re: Between the rock and the hard place
Single player games that don’t have multiplayer as the central feature will tend to rely more on DRM (to prevent unauthorized copies)
Which DOES NOT work! Never has. So what’s the point?
Re: Between the rock and the hard place
OK, basic business practice.
If a product costs X to develop, manufacture(code), supply, advertise, and the revenue generated from selling that product < X, you don’t make the freakin product.
If it’s gonna cost $2billion to make a movie, yet the analysis shows you are only gonna make $0.5bill in revenue, you don’t make it.
If a game costs $20mill, yet there are only 10,000 people in the world who will buy it, then you better make damn sure it’s good enough that those 10k people will pay the $2000 per copy, or don’t make it.
And, guess what? Of course you don’t always know beforehand exactly what revenue you are going to get. There are too many variables (especially in an entertainment product – are people even going to like it?) to know exactly beforehand if it’s gonna make enough revenue to cover it’s costs let alone a profit.
That’s the risk you take in business. Sometimes you lose, sometimes you win. The better your analysis of the market vs what you want to make, the more often you’ll win.
If you want to make a profit you don’t need DRM or anti-cheating/hacking code or whatever.
You need a GOOD product, that people WANT to use, at a price that enough people are willing to pay.
If you miss out on any of those points – sorry, it’s not the customers, or pirates, or cheaters fault. Its the businesses fault. Either it was a crap product in the first place (nothing anyone needs, wants, or gives a toss about), or badly implemented (poor manufacturing, poor coding — i.e. buggy , poor graphics design – crap visuals) or badly marketed (hey look, let’s call our product an offensive name that noone wants anything to do with – or let’s get Hitler as our spokesperson). And poor management for not performing a market analysis properly first.
Tell me, why is there free, open source products out there that even tho they are free, do actually generate money for some people? You get products where people like it enough that they donate enough to it that the developers make money from it. Or business that charge for value-added-services, e.g. RedHat makes money from the totally free, open source Linux operating system by charging for (and providing) support to those who’d rather pay someone than try to support it themselves. Or the writers who make money on speaking/academic circuits – people pay them stupid money to come to a conference to talk about their product or sometimes anything else.
No, if you aren’t making money, you aren’t good enough – either the management is bad, the analysts are bad, the producers are bad, the coders are bad, the marketeers are bad, the manufacturers are bad, or just the damn product is bad. End of story.
Re: Between the rock and the hard place
“Single player games that don’t have multiplayer as the central feature will tend to rely more on DRM”
Which not only fails and screws legitimate players, but the entire industry somehow built itself without the internet and without reliance on DRM.
“maximizing sales becomes critical just to pay the bills”
True. So, why depend on something that not only fails to do anything of the sort, but actually helps to kill the industry as a whole. There’s other factors involved, but I know more than one person who stopped PC gaming altogether following DRM debacles. It’s true that consoles are hardly DRM free, but their DRM doesn’t have the unpredictability and system-killing capabilities that poorly implemented Windows DRM does.
“So in the end game developers and publishers have to rely on the goodness of people to buy the game while having to protect them by combating those that just want to grief others or get something for free.”
As opposed to relying on the goodness of people to buy a shoddy product that may not function at all? The non-DRM version is ALWAYS a better product.
Re: Re: Between the rock and the hard place
Congratulations, you just found both Ubisoft’s and Konami’s business model! Here’s your medal which you have to pay $150 for, then it’s glitchy, unworkable shite.
Re: Between the rock and the hard place
This is why god gave us toggle boxes. A simple selection by the user for “cheat controlled server” and “not cheat controlled server” solves any issue with users thinking your cheat control is DRM.
Re: Between the rock and the hard place
One: Companies shouldn’t prevent cheating in offline play.
Two: While I understand the importance of preserving balance in online play, there came a point in the development of this piece of software where a developer said “Let’s disable the kernel’s protections against arbitrary code execution.”
You can dress it up however you like, but that’s indefensible. Whether it’s down to malice or incompetence, that is a completely unacceptable thing to do. The programmer should have known it, his boss who approved it should have known it, and the company should have a team of security testers who would know it.
I’m sympathetic to the importance of preserving the integrity of online play.
I am not at all sympathetic to any suggestion that this justifies disabling kernel-level security features on a customer’s machine. Find another way to prevent cheating or don’t prevent cheating at all; those are your choices. Deliberately weakening security without a user’s knowledge or consent should never be considered an option.
It wasn’t a DRM update, it was a security update.
Re: Re:
That’s an awfully Orwellian thing to call something that disables the security on your computer.
Re: Re: Re:
It was a doubleplus-good update, who could possible object to that?!
No puppy killing from Capcom, but...
Blizzard killed a dog. After a fashion. Without DRM being involved.
People will obsess over anything.
Take that DRM, illegal customers.
Sorry about the DRM, legal customers.
Capcom probably has the common insane belief that customers don’t own what they buy they are just renting access to the games and capcom deserves the right to deny that access any time they choose for no reason at all.
Re: Re:
Honestly? In this case they did something more despicable: They put at risk the actual machine that the game is installed on. Which they had no hand in creating.
Re: Re:
It’s not just software companies. Try FTDI out for size. First a hardware-killing “feature”, than a malformed data sent to “bad” devices. They should just put a notice that you have to pay a $5 fee to use unauthorized clones. Effectively, you don’t own the hardware you paid for. Prolific is even better: They just blacklist/refuse to allow/support older chips because $$$$$.
Even better, is how the USB IF consortium deliberately didn’t provide a serial port equivalent of UMS (hard drives) or HID (keyboards/mice/etc). It’s no wonder that people just use the defacto standard. Reminds me of the old “NE2000 compatible” network cards.
Game of cheats
Maybe it’s time to embrace making a game that encourages cheating. If you can’t beat ’em…
Re: Game of cheats
My friends and I have long lamented lack of built in cheats for single player experiences. Not in every game mind you, and notn necessarily easy to get, but sometimes you just want to have fun.
Big head modes, infinate ammo/energy/life/gold and so on. Sometimes it helps you learn new strategies, sometimes it lets you blow off steam, usually it is quite fun. It can even be funny, like my completionist friend not realising cheats in one GTA game prevented you getting past 99% completion. His reaction was priceless. XD
Re: Re: Game of cheats
Agree, devs need to fucking get over themselves and realize that the gamer market in the majority of times want to do something different with the game they made. Also, the MOD community can make copies of your game sell alone because there if value in it that you cannot offer.
Sometimes I want to run around with UNLIMITED AMMO and bottomless clips like it was allowed in Halo Reach. Or even very low gravity with stupid high jumping. Let people have fun, try to avoid “dictating” what that fun is.
DRM
DRM has (obviously) no intention of actually stopping piracy. I bet I have lost tens-of-thousands-of-dollars of legitimate software due to DRM ‘strongarming’ my use. It’s more applicably named ‘PFO’ (program for obsolescence).
I mean, from decades of Microsoft pushing ‘mandated updates’ (until your software no longer works unless you upgrade) to just general ‘your time is up’ on software you thought you bought, to ‘oops, yeah, you bought that movie, but you can’t REALLY put it on a ‘media server’, I’ve been there. Simultaneously watching as thousands upload pirated movies onto YT, pirated music onto the internet, TV shows, etc. – and nothing happens to them.
Yeah, the protocol shouldn’t be ‘DRM’, it’s ‘PRF’, programmable rape of the customer (pirates need not worry).
“it’s the exact sort of thing that DRM shouldn’t do: screw those who actually bought the game”
Correction: That’s the only thing DRM does effectively. It fails at everything it’s supposedly designed to do.
Re: Re:
Not at all; it’s also good at locking sellers into a specific platform, and as legal justification for suing security researchers. DRM does lots of things effectively!
Use of DRM = Profit!
If you’re in the business of selling DRM to game developers…
Otherwise… not so much.
Re: Use of DRM = Profit!
That may be true for things like games, but it isn’t true for all software.
I worked for a company that made software used by mechanical engineers. It started at $20,000 a year and piracy was rampant. The company added DRM (a special USB key) and sales rose more than 30% in one year.
Now, because the keys are a bit of a pain, the software is all moving to the cloud where piracy is less of a concern. People can share logins, but that’s a tiny problem compared to what they were experiencing.
Re: Re: Use of DRM = Profit!
“It started at $20,000 a year and piracy was rampant.”
Hmmm… Not trying to be cheeky, but I wonder what the cause and effect there was?
“The company added DRM (a special USB key) and sales rose more than 30% in one year.”
A $20k/year bit of engineering software with a hardware dongle sounds like something rather specialised and thus not particularly comparable to games. I’m guessing there wasn’t exactly a lot of competition? Those prices and restrictions don’t really work for a commodity nor something typically bought in volume. Dongles are a particular pain in the ass, and there’s a good reason why most people look for other methods, and I’d wager that piracy wasn’t completely stopped if there was enough of a market for it.
I also wonder how many problems were caused by that DRM for legitimate customers, which is part of the problem being discussed. Turning some piracy back into sales is good for you, but I wonder what the cost was to other businesses. How did the sales look in the years after that, by the way? I’d wager they probably levelled off rather than continue to increase at a similar rate, but I could be mistaken.
Not the whole story
I was wondering when Tech dirt was going to cover this catastrophe and you managed to muck it up.
As explained above the thing was not actually DRM. It required no online communication and didn’t even attempt to authenticate the source of any interactions with the program. In fact it did the exact opposite by giving kernel level access and bypassing smep to any program that interacted with it. Capcom used this driver to attempt to keep people from altering data values in the game like health or damage (hacking essentially) which could be used to either beat single player content or unlock items which had to be paid for by fooling the game into thinking you had bought them. It’s worth noting that neither of these uses affected online play at all. Due to how online works if you hacked your health or whatever there all you would get is an immediate desync. Additionally some people were hacking to run bots online which was perceived as a problem even though bots were extremely rare and not doing anything illegitimate other than having very good reactions.
Some people extracted the code from this driver Capcom used and based on some code strings heavily suspect that it was simply copied verbatim from a malware site, tweaked a bit, and renamed Capcom.sys.
So, is it DRM? No. Is it literal malware? Oh yes. Thankfully it has been rolled back but I can’t fault anyone for having second thoughts about purchasing a the game now.
Re: Not the whole story
What is your definition of DRM? DRM doesn’t require online communication or authentication to act as DRM, although some forms do.
“Some people extracted the code from this driver Capcom used and based on some code strings heavily suspect that it was simply copied verbatim from a malware site, tweaked a bit, and renamed Capcom.sys.”
Thus, thanks to the automatic nature of copyright, they installed an infringing product to try to prevent any abuse of their own product. The irony is probably lost on them.
Re: Re: Not the whole story
Unless the conclusion you jumped to is wrong and they are the original authors and copyright holders of the malicious code from whom others have previously acquired it.
Re: Re: Re: Not the whole story
True, but I think the lazy developer theory is more likely.
Re: Re: Not the whole story
I define something as DRM if it would fail two specific, somewhat detailed tests, which can be somewhat loosely summarized as “install and run normally, from a backup of the installer, on a deserted island with no network access”.
By that definition, at a glance, I would have to say that indeed this does not look like DRM. Malware, definitely, yes – and if the company can push out an update such that you can’t run (or newly install) the game without accepting the update which installs the malware, that’s a problem of its own, which could indeed qualify as DRM. But the behavior of the code which was pushed out by this update does not sound like DRM to me.
(Examples of a mechanism which would qualify as DRM which would not fail that test would be interesting to me; if you know of any, please do share them.)
Re: Not the whole story
I appreciate the specific details. Though it still sounds to me like it was DRM, even if its purpose wasn’t to prevent illegal copying of the game.
Capcom is easily one of the most clueless companies in the business. They’re kinda like Konami in that they are oblivious as to how much every loves all the games and characters they’ve created over the years, to the point where they’re cyclically surprised that anyone outside of Japan knows who Mega Man is. They recently declared that their goal is to become the number one developer in the world, which at this point sounds like a last gasp before they give up the ghost.
Buying a Bundled Game
Some software ships with a bonus. A game of crack this. In some cases the best feature. The real game sought out by pirates. If that is not your thing then it is best to avoid those items or use the post process version.
And now my flatmate can't play the game anymore
My flatmate’s PC wasn’t capable of running the game, so I was letting him use my most powerful tower when he felt like. As soon as this stuff came out, I uninstalled the game, deleted Capcom.sys (which required rebooting the computer, since it stays in use even after Street Fighter 5 is closed…), and have had to ban it from being reinstalled because like hell I’m trusting Capcom now.
As usual, this stuff just hurts the legitimate users.