AntiPiracy Macrovision Bug is Actually Six Years Old

twitter writes "A recently reported Macrovision bug has actually been around for six years, according to Computerworld. 'Flawed antipiracy software now being exploited by attackers has been bundled with Windows for the last six years to protect game publishers, Macrovision Corp. said today. The "secdrv.sys" driver has shipped with all versions of Windows XP, Windows Server 2003 and Windows Vista ... users do not have to play a SafeDisc-protected game to be vulnerable.' The article goes on to play down danger and claim that Vista is safe, but ZDNet notes: 'Malware authors are actively exploiting a zero-day privilege escalation vulnerability ... [which] can be exploited overwrite arbitrary kernel memory and execute arbitrary code with SYSTEM privileges. This facilitates the complete compromise of affected computers.'"

6 years old?

So, wouldn't this be a -2190 day vulnerability?

That's not *terrible* by MS or Oracle standards...

MS have known about this bug but didn't update.

[Rashkae]

FTFA, the bug was fixed in Vista, becasue "Microsoft and Macrovision worked together during the development of Windows Vista RTM [release to manufacturing] to review the security of the Vista version of the driver."

Hackers only started exploiting this 3 weeks ago, but MS must have known about this for 6 months at least. Macrovision even offers an update for WinXP on their web site based on the same fix, but MS never pushed the update through their security update mechanism, and even now, isn't commiting to it.

So, to recap for those keeping score at home, you now have to download patches for Windows system files from Macrovision's website! MS bashers have a goldmine to work from here.

Re:Yay DRM.

[Volante3192]

EULAs are shaky legal ground though; they're untested. Just because they say they're not liable doesn't mean it's been held up in court. They're there to scare people into thinking there's no recourse.

What is the vulnerability?

[Monty845]

It should be required that any story about a security hole indicate whether user interaction is required for the system to be comprimised... If I have to download/run something then I could care less... only if the vulnerability can be exploited remotely with NO interaction on my part do I care... There are many stories that hype threats were it all boils down to the user running something they shouldn't have.

How is this vulnerability exploited?

I'm a pirate.

[Bellewether]

...and more of my discretionary income goes towards games than anything else. There was an article here this week (http://yro.slashdot.org/article.pl?sid=07/11/03/048256) about the most profligate music pirates being the biggest music *buyers* as well- same principle.

However...the industry, especially PC gaming, has lost quite a few purchases from me because of copy protection. Just a few examples:

I loved Neverwinter Nights. Would have bought the Infinite Dungeons mod, but it requires an always-on net connection while you play to verify you're not a pirate. Screw that.

Starforce? Any Starforce'd game is automatically disqualified from my consideration.

I don't buy games that use Securom or Safedisc anymore, either. As a pirate, I find it inconvenient to have to download bypasses so I can run stuff on my Daemon Tools-happy gaming box. I almost bought Civ 4 and its expansions recently, but the DRM dissuaded me- though it won't stop those who torrented it from downloading a workaround.

I import games. Over the past year or two I've imported multiple games that would never have been released in the U.S.- the Touhou series, both Ouendans... but I won't do so for any console that has to be modded, because it's too much of a pain. If it weren't for that, I would have bought SO much crap for my PS2- guess I'll never buy any of those Cave shooters.

I'm a huge Megaten fan and will gladly buy FES the day it hits stores, assuming it's released stateside, even though FES is generally considered mediocre. If it weren't for emulation, I might not even be a fan of the series. Atlus acquitted itself pretty poorly with its release of the first two Persona games in the U.S.; it was actually the fanslation/romhacking scene's English patches for SMT1 and 2 that got me into the series. (I remember a comment from another Slashdotter who wrote the same thing in another copy-protection thread, too.)

The funny thing is, if I wanted to bypass any of this copy protection, I easily could. Every time this is discussed on Slashdot there are comments from Slashdotters who legitimately purchase games and then download cracked versions because the crippled, boxed versions are too much hassle. Me, I prefer to wean myself off the companies who resort to copy protection. There are plenty of other games out there which are just as good and don't involve all the bullshit- more than I have the free time to play, in fact. I'll just buy some of those instead.

And the games that I DO pirate? Those are the ones I wouldn't have bought anyway- though you only have my word on that. Ever spend time on a forum for an Atlus game? Atlus fans know damn well that they're not dealing with automatic-trillion-sellers like Madden 200X: Same Shit, New Roster or World War 2 Shooter: The Shootening. They (we) will tell other fans to buy, and buy a *new* copy, *before* price drops, *because we want Atlus to release more games we like*.

So: can somebody explain to me why all this antipiracy stuff is necessary? Or even prove to me that it isn't outright counterproductive? Last I heard, Galciv and Stardock were doing just fine.

Re:Here is update (Macrovision SECDRV.SYS Driver)

[Nom+du+Keyboard]

Well, I just renamed the files...and the game still loads and runs.

Did you reboot after the rename, and ensure that the rename still held? DRM seeks to protect itself.

Macrovision is legally vulnerable

[Animats]

If anyone incurs costs as a result of this, they can sue Macrovision. Macrovision isn't protected by Microsoft's EULA. (Nor can it be; there's a legal concept called "privity" that applies to third party issues like this.) The end user has no contractual relationship with Macrovision. So there's nothing protecting them from a negligence lawsuit.

Macrovision is as vulnerable as Sony was.

Re:I've played this game from both sides.

[99BottlesOfBeerInMyF]

My favorite copy protection was in the game "Escape Velocity." I'm not referring to the mechanism, just the way it was implemented. Unregistered version beyond 30 days did not stop working, or do anything annoying, except occasionally a special, unkillable space ship would show up tell you they hate pirates and attack you... forcing you to jump to another star system or two and escape. Coders that go to that kind of effort inspire me to not only buy the game, but encourage others to do the same.

Re:I've played this game from both sides.

[Lothsahn]

And after a while, that ship appears ALL THE TIME.

I bought the game, but my friend didn't. :) I think it's the only game he DIDN'T crack, because it was so ingenious, he actually kept trying to run from the ship, instead of cracking the game.

Re:Yay DRM.

[Holmwood]

The company that sold you the dead parrot... err... dog... might well be required to refund you your purchase price, sure.

The distinction is, if the dog they sold you fails to apprehend an intruder who robs you blind, they're not liable for everything he stole.

Similarly, if some piece of software you purchase for $500 crashes and corrupts your hard drive, the developer isn't liable for the $100,000 (pick a number) worth of data you have on the drive.

Limitation of liability is important, and not just for 'evil' big companies and their presumably not-so-evil shareholders and employees. Would you like unlimited personal liability for every piece of code you write?