Slashdot Mirror
Ubisoft Uplay DRM Found To Include a Rootkit
An anonymous reader writes "It has been discovered that the Uplay system Ubisoft uses to both check a game is legal and offer up gaming achievements, multiplayer, and additional content, actually contains a rootkit. The discovery was made by Tavis Ormandy, an information security engineer at Google, when he installed Assassin's Creed: Revelations on his laptop. He noticed that during the installation Uplay installed a browser plug-in that allows any website to gain access to your machine through a backdoor and take control of it.The plug-in can be classed as a rootkit because it is thought to allow continued privileged access to a machine without a user's consent."
Update: Ubisoft has released a statement saying it has issued a forced patch to correct the flaw in the browser plug-in for the Uplay PC application.
Update: Ubisoft has released a statement saying it has issued a forced patch to correct the flaw in the browser plug-in for the Uplay PC application.
under the DMCA any antivirus software companies can get sued for remove or even marking this.
It's reasons like this that I refuse to buy anything from Ubisoft.
Who is actually surprised?
This is the one thing that has me worried about Steam on linux. Using it in wine I can be fairly sure I have it limited to one user account and no real ability to mess with the machine, but when it installs natively who knows.
I started boycotting several manufacturers over the games that required a constant online connection. I can't wait to tell my buddy that thinks that the boycott is stupid how his system is rooted (again)!
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
While it may not fit the dictionary definition, IMHO ANY software that allows someone to delete/alter/lock up something on my machine without my permission is essentially a rootkit. DRM fits that definition, thus "All DRM is rootkit".
nevertheless, glad to see people calling out companies for particularly egregious behavior in the DRM realm.
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
under the DMCA any antivirus software companies can get sued for remove or even marking this.
On the other hand, Ubisoft is probably guilty of violating Federal wiretap laws.
This is software installed by the user on purpose, it is no flaw in windows that allowed it in. You could write software to do the same thing on any number of OSes.
I am no windows fan, but you can't blame them for this.
Because it's missing from the summary and also the linked article, here's the initial report: http://seclists.org/fulldisclosure/2012/Jul/375
Any time a rootkit is found the perpetrators should be (metaphorically) strung up.
It's hard to find a car analogy for this, but I can try: it's like a car dealer keeping a copy of your key for personal use. It's just unacceptable and so far outside of proper ethics that even the corporate sycophants should find it troubling.
ANY website????
Game sales are seriously down in 2012 compared to previous years. I am willing to bet that at least partially, this is because of the Steam/Origin/UPlay DRM garbage game publishers force you to install. ------- The game industry needs to take a long, hard look at the way it treats paying customers. Instead of the "we force xyz conditions on you" mantra practiced today, the industry needs to switch to "the buyer is always right". This means that the industry will need to listen to what game buyers want, and no longer IMPOSE completely unnecessary and counterproductive terms & conditions on the paying gamer. -------- This will probably never happen... The industry is run by money-oriented suits & beancounters who don't really care about making good games. But it would definitely have been nice to see, even if for just one day, the industry actually listening to what its customers want. --------- Maybe Kickstarter.com can help fix this mess. The 24 game projects that have been funded with Kickstarter will all be delivered sometime in 2013. And then we will see if the "Crowdfunded Games" can serve as a replacement for buying games from the big Multi-Billion Dollar game publishers. ------
Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
In what way?
You really think they did not include some fine print in the EULA about how the user was consenting to this?
FUCK UBISOFT!
Glad I stuck to my Ubisoft (and EA and Blizzard) boycott even in the face of the big Steam Summer Sale. Here's hoping more gamers will stick to their principles and force developers into customer-friendly behavior, though sadly it seems that most people prefer to boycott companies just until a new title is released...
I am no windows fan, but you can't blame them for this.
See, there's a big part of the problem right there and you perfectly exemplify it. I wasn't "blaming" anyone I was merely pointing out an inconsistency between popular semantics and reality and how it is misleading to people that don't know any better. And you choose to retort with a very charged and misleading word thereby politicizing the discussion. And what does the truth have with being a "fan" of the operating system? I am a fan of what tool works for me. This isn't the world cup.
You think a backdoor couldn't be installed on Linux? The person voluntarily ran an installer executable. The sky is the limit when you do that. Heck, it came from a big company as official product, giving the social engineering aspect a boost -- people just clicked approve approve approve on all Windows' carefully-engineered install blockers.
Which, IIRC, don't even exist on Linux. Or maybe you're a Mac fan. Guess what? See above re: running an executable from a trusted source.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Hide/ban games by publisher
You can't always waive your rights, even if you agree to it.
Technically, rootkit is the wrong term. It doesn't insert itself into the system, and it cannot execute code with privileges. It's still a security hole big enough to swallow small countries.
Can we stop calling them "Computer" games when what we really mean is Windows game? Linux constantly gets a pass in the popular press using generic terms when the entertainment is very specific to the Windows platform. Yes, other OSs get games but it is a drop in the bucket to the ocean of what is seen on Windows and it is disingenuous to mislead laypeople otherwise.
And don't worry, if Ubisoft ever makes a game available on linux, this is what you'd see:
[sudo] password for AC:
What?
I bought D3. I knew there will be a price to pay for showing the top execs that you can get away with screwing users with silly restrictions...
Thanks. It seems however this is technically not a rootkit, but just a backdoor disguised as a browser plugin. It's not deeply embedded in the system and doesn't try to hide its existence. Still serious though.
Rootkit = hidden from the file structure of an OS, typically by intercepting explorer display calls. So it's not that but definitely a trojan, as it is a game on the outside and secret remote control browser plugin on the inside. By the way, there is no such thing as a hidden browser plugin. IE9 pops up and says that there's a new browser plugin and asks to enable it or not. Does it get around this? I think Firefox is a little more inviting to whatever the hell wants to hop in, as is Chrome, but no matter what, you can see all add-ons listed in all 3 browsers.
By the way, if you're thinking "hmmm, where have I heard Ubisoft news before?" they used a hacker team's no-CD crack, as-is, in one of their official updates to Rainbow 6 Vegas 2 to solve a problem with the game calling their own legit CD a fake CD.
In what way?
You really think they did not include some fine print in the EULA about how the user was consenting to this?
An illegal action (not sure if this is or not) remains illegal, even if both parties agree to it.
What, have you never heard of the sony rootkit? they were pretty damn close to getting sued for similar issues.
Fine print won't do anything to get around this. Just like every fine print says you indemnify the company - if there's a real issue, the judges will ignore the EULAs which have been deemed legally unenforceable anyway.
You want to call a generic thing a "Windows" virus instead of a "Computer" virus, and you're complaining about word choice?
What a fucking joke.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
What do you think android and ios are? hint: not windows Are they gaming platforms? Well, look at the gaming profits from them: astronomical.
Meanwhile steam trying to invigorate linux means that people will recognize that a computer is a computer, and the OS doesn't matter. We already have enough issues with the million genres of games, now you want to double/triple/quadruple them by saying it's by OS? We don't do this with consoles. We define it by hardware. PS3/Sony/etc. We don't refer to it by SonyOS or whatever it's called. A computer is a computer.
Steam also runs on Mac OS X and runs many of the same games from the same publishers. Does anyone know whether Ubisoft has done this on the Mac platform? I would think that they could since the admin is allowing the install in either case right?
Very often, people confuse simple with simplistic. The nuance is lost on most. - Clement Mok
And they wonder why there is piracy of video games. Seems quite obvious to me. "Buy game and get a rootkit installed on my machine, compromising my system's security or get the game from pirates without that."
The security team have already assigned the job
if there's a real issue, the judges will ignore the EULAs which have been deemed legally unenforceable anyway.
I think it is swinging more and more towards upholding the contract whenever possible, though. The Supreme Court recently upheld contract clauses forcing binding arbitration (removing your right to sue), and prohibiting class actions. (That's my understanding, anyway. IANAL).
Home users tend to blindly say yes whenever an installer wants to do something (or a virus wants to do something, for that matter). Changing the OS won't fix that unless the OS is highly locked down (ala iOS).
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
This is a browser plugin installed by the user, turd. It could have happened on any platform.
Correct, in the UK at least, not sure about US law. For example, even if I agreed to work for less than minimum wage the employer is still breaking the law if they don't pay minimum wage, you can't sign away your legal rights. Also, they could be leaving themselves open to even bigger trouble - it could be argued that by doing this Ubisoft have taken responsibility for anything placed on the computer as a result and could be held legally responsible for anything found on it, such as malware or child porn.
Please consider this account deleted, I just can't be bothered with the spam anymore.
Under computer tresspass, Ubisoft are guilty of several crimes.
I can't imagine how it could be any more clear that this entire thread of discussion started by me referring to the specific malware discussed in the summary which is indeed Windows malware.
Aside from the fact they just shitting out the same franchises over and over, I dont like that they constantly use DRM that is intrusive. I dont support companies that A) Use and DRM, B) Start pimping dlc for games before they come out or soon as they launch. So I dont ever buy a ubisoft game new at a store, I buy them used off amazon marketplace or on ebay because I refuse to support that company with my money. Id rather give that money to the game selling the game used so it can go in their pocket and some game developer/publisher that shits on its paying customers.
But intrusive drm only means Ill pirate your game for my pc or Ill buy it on a console used.
Capcom, bethesda, ubisoft, EA, activision and a few others never get my money because I only buy their products used.
var x = document.createElement('OBJECT');
x.setAttribute("type", "application/x-uplaypc");
document.body.appendChild(x);
x.open("-orbit_product_id 1 -orbit_exe_path QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ== -uplay_steam_mode -uplay_dev_mode -uplay_dev_mode_auto_play")
So, what does your moronic comment have to do with an installer, that the user has run, adding a plugin to your browser?
So? Ubisoft is a corporation, its not like anything bad is actually going to happen to them.
So it is still a matter of education then? I thought most people by now were aware that giving access to their computer was akin to giving access to their wallet?
Time is what keeps everything from happening all at once.
RPM and DEB packages run arbitrary Bash scripts as pre-install/post-install during package installation, with full rights to alter the entire system. Gentoo ebuilds use a sandbox prelinked object that prevents writes into the system--it overlays the sandbox through libc function calls, writing new files to a separate directory tree and reading them from the real filesystem if they don't exist in that tree--but you can easily escape this by making direct syscalls.
Making a secure package manager is hard. When you install anything, it gets free reign of your system as root. From there you could even insert kernel modules if you wanted.
Support my political activism on Patreon.
But sometimes actions are illegal only if they are non-consensual. Agreeing to a EULA might be considered consent.
Can we stop calling them "Computer" games when what we really mean is Windows game?
Er, get with the times, grampa. People have been calling them PC games for the last few years. And since the Mac vs. PC commercials pretty much sealed PC as a specific term for Windows computer it's a non-issue. As far as conflating this with proper semantics in the area of security I think that maybe you have your priorities a bit skewed. Interestingly this article is the intersection of the two though.
That's my remote management console !
deleting the extra space after periods so i can stay relevant, yeah.
I'm going to contact my Congresspeople, and ask them to ask the Department of Justice to investigate and prosecute any violation of wiretapping and/or computer crime laws which may have occurred.
This is a browser plugin installed by the user, turd. It could have happened on any platform.
Maybe you are confused (possibly by virtue of being a 12 year old. Or maybe you are just a semi-sentient turd yourself) but it didn't happen on "any platform". It happened on Windows. Try to keep up.
Wait, not really.
You install a computer game
The game claims to install counterfeiting and cheat protection
What you also get in the bundle without consenting is a backdoor/rootkit
This is the very definition of a trojan.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
What, have you never heard of the sony rootkit? they were pretty damn close to getting sued for similar issues.
So you're saying they were actually not..
c++;
Have you taken a good, long look at the license agreement yet?
"The plug-in can be classed as a rootkit because it is thought to allow continued privileged access to a machine without a user's consent." - that is the very definition of a backdoor; not a rootkit. A rootkit intercepts and modifies API calls in order to conceal itself.
And any DRM that isn't like that is, as the GPP says, a rootkit.
Guess we should all just use the pirated versions of Ubisoft games to get around this rootkit.
DNA -- National Dyslexic Association
uPlay update 2.0.4: 'Fix addressing browser plugin. Plugin now only able to open uPlay application.'
Well, that was fast.
You mean the EULA you are forced to agree to AFTER making the purchase? Null and void.
Seven puppies were harmed during the making of this post.
"Agreeing to a EULA might be considered consent"
But shrink wrap EULA's have not been agreed upon by the user.
Windows doesn't have a root user by default
On Windows you have an administrator account. No it is not named "root" but does that really make any difference?
To have a right to do a thing is not at all the same as to be right in doing it
Do you think the EULA states "You agree that any party can do anything ever to your computer"?
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Exactly. When a individual screws up, he loses his summer cabin, children, dog and job. But when a company does so, everything continues pretty much the same...it shouldn't be like that. Companies should be tools for us, not the other way around.
No. I'm not confused. Nor am I a child. You're just a moron. And what you're saying has no bearing on anything whatsoever. As in: could not be any less relevant to anything.
I doubt it, but I'm not sure what the relevancy of that question is.
Don't you watch South Park?
I hope you don't have any Apple products or software on your system...
Certainly even Window's has done away with the reboot anytime you install anything mentality by now, right?
Wrong.
To have a right to do a thing is not at all the same as to be right in doing it
ANY website????
Any website. Yes. Why?
Write boring code, not shiny code!
This is software installed by the user on purpose
True, it is a Troyan, software that disguise as something you want but do things or allow others to do things you don't granted permission
We could additionally ask, should there be more rigorous limitations as to what browser plugins can do.
That built it and the managers that ordered it.
RICO violation.
As someone who personally boycotted Ubisoft a long time ago because of their DRM shenanigans, the only thing I have to say is:
HA HA (in nelsons voice)
It's impossible to convince everyone to not buy a game because people just don't care. So I'll just sprinkle this nice big helping of schadenfreude onto my cereal this morning, instead.
Was it on a computer? Yes.
Was it a virus? Yes.
Is there anything different in Linux/Mac that would have prevented this virus? No.
Therefore, it's a computer virus. I suggest you grow the fuck up.
That's pretty much what EA's Origin EULA says regarding the information they collect.
It should be. However, given the increasingly pro-corporate decisions by SCOTUS lately I wouldn't exactly hold my breath on that.
A Pirate and a Puritan look the same on a balance sheet.
Your argumentation skills are stunning. Or maybe it's the stupidity. Probably the stupidity.
I'm not trying to argue anything, I'm trying to point out that you're a fucking moron.
It doesn't matter where it happens. If there is a screw up on another platform, we need to analyze that and defend against it. Complacency simply isn't productive. We can't just assume that we're safe. We need to be sure that we are safe and verify.
If necessary defenses and countermeasures need to be mounted.
Not learning from their mistakes or the mistakes of others is Microsoft's real problem.
A Pirate and a Puritan look the same on a balance sheet.
Another example of why Stallman is right.
Pray tell, what consumer-oriented OS is there that would protect against this kind of stuff? OSX doesn't, Haiku doesn't, BSD doesn't, Linux doesn't... Hell, how would the OS even do that without seriously limiting users' ability to use their own computers?
You think a backdoor couldn't be installed on Linux?
Read what I said. I said that using the term root kit was inappropriate terminology when you are talking about Windows.
I don't see anything wrong with calling a Windows rootkit a rootkit. There is little to be gained by calling it an Administratorkit. But that is beside the point. The malware described does not seem to be a rootkit. True, it creates a backdoor which allows the intruder access at a later date. But, nowhere does the article suggest that it does that which distinguishes rootkits from other malware: rootkits subvert the system so that neither they nor the malacious programs which they detect can be detected using ordinary system tools.
No it is not named "root" but does that really make any difference?
If you have a vested interest in keeping people ignorant then I can see how pretending that there is no difference would be a fairly compelling viewpoint. It's funny how so often on here people mock normal people for being computer illiterate yet in the next breath won't even bother to refer to something by its actual name therefore fostering the previously derided ignorance. Maybe it is some weird manifestation of the Dunning-Kruger effect.
Captcha: cheapen. Ha!
Which is incorrect. There was a class action suit, which Sony in the end settled.
Clearly piracy started AFTER DRM was invented, not BEFORE. All the signs point to it.
Pretending this is something that could only happen on Windows is fucking retarded. The pedantry centering on "Administrator vs root" when they are the same thing is equally fucking retarded. Go chase yourself. Preferably in front of a train.
Ubisoft has declared an act of war against the united states. Why has the US government not raided the US offices of ubisoft and arrested all the executives and managers and shipped them off to Gitmo for "interrogation"?
OR is the declaration of the US govenment that this stiff is an act of war just complete BS? Balls in your court whitehouse. Arrest and torture Ubisoft executives.
Do not look at laser with remaining good eye.
consoles are the superior gaming systems. You never have to worry about this crap with an XBox.
Stop buying their games. The DRM will stop. Steam isn't much better as far as playing 'unplugged' but I guess I have more faith in Valve as a company.
Join the Slashcott! Feb 10 thru Feb 17!
I'm not trying to argue anything, I'm trying to point out that you're a fucking moron.
When you post something contrary as a direct response to someone else that is by definition arguing. And the ad hominems are not even entertaining. If you're going to bother exposing your insecurities by insulting the other person, you have to make it good or it defeats the purpose of distracting from your own inadequacies. I don't give a shit about you but I'm feeling charitable today so pro tip: get some better material.
.. appears to suggest they had already developed this update beforehand (translated: they *knew* they were breaking the law).
I leave you to ponder the ramifications, especially in the light that a rootkit is unauthorised access to a computer, in many, many jurisdictions.
I'd fine the *crap* out of them.
As opposed to illegally enforceable?
Installed on purpose or not, software should not have privileged continuing access to your system. That's why Windows UAC puts up those scary permission dialogs every time you run a program that needs that need to do something special. If you can bypass UAC just by having the user install a browser plugin, that's definitely a security flaw. Even MS would admit that.
Of course, where I live "EULA's" are invalid and can not be enforced under California law. Sorry UbiSoft, you've just made a tactical error that will get your asses sued in California and no, since an EULA is not recognized by California and Symantec has? their HQ in Silicon Valley - Don't know about McAffee, they're protected from DMCA issues.
Mod me up/Mod me down: I wont frown as I've no crown
It's not insecurity. It's aggravation with your misleading pedantry. I can't tell if you're retarded or you have some kind of agenda, but the combination of arrogance and self-importance accompanying the useless "information" you're posting is a prime example of the sort of thing that is the reason you're going to die alone.
When I bought the original Xbox a friend of mine told me I was an idiot for purchasing what is basically a PC to play games, I have heard tons of bashing towards the consoles and how the low specs hinder everything and dumb down the experience and you know the rest. I'm not a very big gamer, I was when I was younger and didn't had a work or a girlfriend, but I'm in my late twenties right now and the only games I play are Starcraft II and Pokémon (I'm a bronze with no hopes to going silver and japanese kids ridicule me in every pokemón battle online), so maybe my views part from those 'hardcore gamers' out there. That being said, my two cents on the subject are that games are increasingly behaving as trojans and I think is more sane to have a computer that only plays games (i.e. a console or a dedicated PC)
Pirates get a better product than buyers...
Pretending this is something that could only happen on Windows is fucking retarded.
Nobody's pretending anything. The malware exists solely for the Windows platform therefore calling it a root kit is a misnomer since Windows doesn't have a root account but an administrator account. Is that really such a difficult concept to understand? Or is it that people on here are so wrapped up in the tech side of the equation that they ignore the other important things like language and the proper use of it? I'm sure that to you the electronic doo-daddery is more important but the opposite perspective applies equally to some other people. It is objectively appropriate to attach specific names to specific phenomena if nothing else to prevent misunderstandings. Your subjective opinion obviously differs. Possibly you're a victim of the modern education system that places emphasis on rote memorization than understanding underlying concepts. Language isn't an end, it is a means to communicate. A tool if you will. Mis-use of any tool at a minimum curtails efficiency and at worst is dangerous. For example not communicating basic concepts of computer security. Maybe that's why Windows is the mess it is right now.
Go chase yourself. Preferably in front of a train.
I'm glad I could be an outlet for your anger. Maybe you'll be kinder off-line today as a result.
That's exactly my point. The exploit here is cross-platform. Windows, Mac, nix - it doesn't matter. Calling it a "Windows virus" (actually a trojan, but w/e) so you feel better about running a non-windows OS is counterproductive when the goal is analysis and preventing complacency. It boils down to useless pedantry.
It's aggravation with your misleading pedantry.
I'm more inclined to believe it is aggravation at encountering an opposing viewpoint. I have presented facts. Windows does not have a root account therefore it is misleading to refer to malware on the platform as a rootkit. I've also pointed out that language and communicating accurately is more efficient than communicating less accurately. You could possibly make the argument that Administrator has more syllables and that impacts efficient speech but I would counter that that is more than made up for in accuracy which is possibly the only subjective opinion I've presented on the matter. If you can argue like a human being and point out a legitimate flaw in my presumptions then I'd be happy to adopt your viewpoint. You haven't done this. So far you have hurled insults and tried to impress your subjective opinion on me. And now...
I can't tell if you're retarded or you have some kind of agenda, but the combination of arrogance and self-importance accompanying the useless "information" you're posting is a prime example of the sort of thing that is the reason you're going to die alone.
...when all else fails you resort to sanctimony. And people say Slashdot isn't dead.
In most if not all jurisdictions in this world, the law is always above any contract or agreement. And rightfully so, just think of the mess we would have if that is not the case. It's also why in all proper contracts you will find a "survivability clause", stating that if anything in the contract is overruled by another law, that the rest of the contract remains in force.
> the sony rootkit? they were pretty damn close to getting sued
I'm sure plenty of corporations have no problem with getting 'pretty damn close' to getting sued.
In the end if the results is they avoid suit, or get sued and end up not having any meaningful damage from the suit then its a cost of doing business.
- For the complete works of Shakespeare: cat
Monitoring communications is not against the law if the user agrees. Sorry guys, this holds no weight.
That's exactly my point. The exploit here is cross-platform.
Then your point is flawed as this exploit is not cross-platform. The browser plug-in doesn't work without the accompanying UPlay binary also being installed on the machine.
An illegal action (not sure if this is or not) remains illegal, even if both parties agree to it.
Nonsense. Wrong. Utterly wrong. a.) Many illegal actions (actions that are illegal by default) stop being so if the involved parties agree. b.) Illegal != criminal. There are even quite a few possibilities to turn criminal action into legal action (by consent of the involved parties). Think sex vs. rape. Trespassing vs. visiting your neighbour. Your doctor poking a needle into your arm. Etc.pp.
"Though, to their credit, I pirate a lot less also!"
How is that "to THEIR credit"? What are you talking about?
Same in the US.
Just because we have a contract does not mean we can do whatever we want... In fact it does one of two things. It strikes out that particular part of the contract or voids the whole thing (depending on the judge and what you ask for).
Only Windows runs binaries now? News to me.
Any website that tries to, yes. ...) who get hacked.
Not any website that doesn't try, obviously. But those that don't try now could start trying at some point either through direct malice, being hacked, or carrying content served by 3rd parties (advertisers, stats collectors, servers providing public copies of common libraries,
When Sony had their rootkit scandal, they were ultimately fined $150 per "infected" system. Several of the above UBISoft games are multi-million sellers. This could definitely sting Ubisoft financially if similar legal repercussions result from this screwup.
How is this an anti-virus in any way, shape or form?
In what way?
You really think they did not include some fine print in the EULA about how the user was consenting to this?
An illegal action (not sure if this is or not) remains illegal, even if both parties agree to it.
What's your point? It's not illegal to put a rootkit on a machine with permission of the owner.
No one has a right to their *own* opinion. They have a right to the TRUTH.
That is NOT what a rootkit it!
I don't see anything wrong with calling a Windows rootkit a rootkit. There is little to be gained by calling it an Administratorkit.
I beg to differ. Many Windows users have an idea that the Administrator account is pretty much what it says on the tin. The account that can administrate. When their user is "an administrator" then they too can administrate. Root means nothing to 99 percent of windows users in the context of their computer. However, administrator kit would very easily be understood as something that can take over the computer and "administrate" in a bad way.
I mentioned above and I'll say again I made my original comment with the full expectation of getting modded to oblivion and I wasn't disappointed. That doesn't mean I am wrong. It just means that the person that modded me down disagreed with what I had to say for some reason. Slashdot being a site that cater's to the tech-savvy contingent I expect appropriate use of language to not be held in equal esteem to more technical things. Bear in mind that this is a bit of a myopic perspective and objectively speaking is distinctly inaccurate.
"Id rather give that money to the GAME selling the game used so it can go in their pocket AND SOME game developer/publisher that shits on its paying customers."
Guy? And NOT some?
Lol wut?
If you are vulnerable to this exploit, this webpage will open Calculator.exe on your desktop.
http://pastehtml.com/view/c6gxl1a79.html
There is a war going on for your mind.
GTFO, that EULA is specifically for the website and has nothing to do with Uplay or their games.
I don't think you actually read that EULA. That agreement applies to the use of their Internet sites, not their shrinkwrapped products, and specifically refers you to the EULAs included with said products for the terms of use that apply to them. Additionally, the linked EULA only applies to the United Kingdom.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
Not only does it continue the same, but the company usually looks at whatever fine they received as an additional cost of doing business, and then just passes it along to the customer. Therefore, the *customer* is who actually pays for the company's transgressions.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
Only Windows runs binaries now? News to me.
Only Windows runs this particular binary. The UPlay binary that enables the malware only runs on the Windows platform. I'm not sure how much clearer this can be stated or how you can possibly be confused on this.
In this sort of case it's not the user that's at fault, but the granularity of the authorisation in the operating system, so changing the OS certainly would fix the problem (but then you have the issue of games requiring a specific OS). This is what happens on Windows 7:
Installer, please install your game
Do you want to allow the following program to make changes to your computer? Yes/No
That's right, I asked it to install. Allow.
The installer installs the game but also and sneaks plugins into your browsers without notifying the user.
See the problem? This all-or-nothing approach is basically an elaborate security system that forces you to deactivate it completely at the slightest sign of a potential non-threat, leaving you completely unprotected from subsequent actual threats. If UAC asked for authorisation to install a new program and then asked again when the installer tries to alter another installed program (especially if that program was signed by a different publisher) then it would be in the users' hands. This is something that's well within the scope of an operating system's ability and responsibility.
Many illegal actions (actions that are illegal by default) stop being so if the involved parties agree.
Bingo. It's illegal for you to take my money and it's illegal for me to take your car, but if you agree to give me the car and I agree to give you the money, that's perfectly fine. Such a simple thought process that everyone here deals with almost every day, yet it seems that so few understand it. Bravo, AC!
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
They are fine doing their thing. From the DMCA section 1201, 2 B:
has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
Antivirus software has a commercially significant purpose other than technological protection measure circumvention. Additionally, from the 3 B:
`(B) a technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work
The disabling and removing of the rootkit does not constitute circumvention of the "technological measure" if the rootkit is required to provide access to the content. After removing the rootkit, the customer might no longer have an access to the work, so the antivirus company has not given an "access to the work". It all falls to the armor plated shoulders of Ubisoft's legal assassins.
Is there anything different in Linux/Mac that would have prevented this virus? No.
False. The fact that the UPlay binary that facilitates the malware is compiled and intended for the Windows platform makes it different in the context of what you are talking. I realize that some computing concepts can be a little confusing but I'll try to give you a quick overview. Operating Systems like Windows and OS X have this thing called an API or Application Programming Interface. When you compile a program of any complexity you are almost certain to need to make one or more "API calls". Since these APIs are specific to each platform one program compiled for one platform will not generally work on another although note the existence of third party API ports like Wine but that is outside our scope. Since the version of UPlay discussed in the article is compiled for the Windows API, it will not work on OS X or any other operating other than...you guessed it...Windows. And now you know.
Actually, in this case, 'pretty damn close' really means they settled to avert a damning precedent. The law is on the books, but it hasn't been tested; and no one who might be in a position to be punished by it wants that precedent. If any class-action stuff starts up from this, I would expect it to also be settled, for the same reason the Sony rootkit was.
just waiting to release if some one noticed...
The exploit depends on user trust, a binary and a browser plug-in. All of which can be leveraged in the same manner on any platform. This [i]implementation[/i] (I need you to stay with me on the five-syllable words here) runs only on windows. The fact is that the vulnerability exists on any platform though, so by pointing to the fact that it only works on MS Windows, you aren't actually pointing at the thing that needs pointed at. I can understand how that might be hard for you to grasp. This is Slashdot, after all, where pedantry and MS-bashing reign supreme. You about done being autistic?
Stopped buying any EA games years ago, after being burned with a similar story. The DRM from EA broke my windows install, with crashes etc. It would prevent me ((completely) from burning any CD, related or not to EA products, it would just prevent the laser from working correctly (cost me real money in failed bare disks, at the time these were expensive, and my time is not free either). Never, ever, bought (or played, for what it matters) an EA game again. Looks like the same is happening to Ubisoft.
I am very wary of buying games. I have the money, I could enjoy playing, but I cannot stand the idea of paying to get the stick. I had enough bad feedback from bought games (and DVDs) that I just don't bother anymore. I don't even "pirate", I just don't care anymore, found something else to do. If I could get a warranty that installing a game will not turn my computer in a steaming piece of junk, and that I would not have to spend 4 hours of my own valuable time fixing it, I may revise, until then, my money is used on other entertainments that don't waste my time and do all they can to turn me sour.
You spend less because of those top titles. You have no more time to play them, so you won't be needing any more games for a long time (unless they have an even deeper sale to tempt you).
Apart from the time thing, I really don't understand you. How do I spend less *because* of the top titles? Game prices are obscenely and artificially high in the first place. And that's still nothing compared to the majority of console games.
And I have backed up savegames. It's called "A USB HDD".
That may be true, but you're missing the point. It's the convenience. Why in the world would I spend money on hardware just to backup save games? I have significantly more important things that need backing up. If Steam didn't do it, I sure as hell wouldn't.
I can already load the game onto an entirely different machine. And moreover, I can let someone else play that game while I play another. Unlike Steam.
You can't with any of the DRM'ed titles, but I see your point. All I can say is that that situation has yet to arise for me.
Ok, Diablo had mac/windows on the same disk. So did Starcraft. Now, please name me some others? Having multiple platforms on one disk was an abberation, not common place.
You don't get the Mac version for a Steam game if it isn't released on both Steam and PC. And Diablo and Diablo II both had Mac and PC versions on the same disk.
And if a mac version of the game doesn't exist, then I wouldn't be buying it anyway. I really don't see your point for that one.
You can also lose ALL your games if you disobey the ToS. That's a rather big downside, isn't it?
What part of the ToS would I disobey? The only one I can think of would possibly be the ability to resell my games. Given that the majority of the games I bought were $10 bucks, who cares? The money I got back from reselling wouldn't even be enough to buy a happy meal.
If you don't like Steam, that's fine. All the more power to you. But Steam does what *I* want, for prices that I consider shockingly reasonable. So, they get my custom. It's really not any more complicated than that.
So then the next question is, did Ubisoft get my permission? EULAs are not *nearly* as binding as manufacturers like to make out.
By replying here or anywhere else in this forum you agree to:
1) give me all your money, assets and all future earnings and assets.
2) whenever there is a full moon, stand in a public area on one foot and howl at the moon.
3) Say "boop" every 87.24 minutes.
*AHEM*
An illegal action is legal, until you can afford to contest it in court, assuming you haven't already assumed that said illegal action *is* legal, and you don't believe you can fight it.
FTFY.
[End Of Line]
This is potentially a felony under the "exceeds authorized access" part of 18 USC 1030. Have Homeland Security (CERT) and the FBI been notified?
You spend less because of those top titles. You have no more time to play them, so you won't be needing any more games for a long time (unless they have an even deeper sale to tempt you).
I can't speak for the parent, but I spend roughly the same and get more for my money.
And I have backed up savegames. It's called "A USB HDD".
You forgot the snark tags, but I'll respond in kind: when your HDD breaks my saves will still be in the cloud.
I can already load the game onto an entirely different machine. And moreover, I can let someone else play that game while I play another. Unlike Steam.
And with modern games neither of you will be able to play when you hit the limit on activations. Woe betide you if you and your friend both play the same game at the same time.
You don't get the Mac version for a Steam game if it isn't released on both Steam and PC. And Diablo and Diablo II both had Mac and PC versions on the same disk.
What?! You mean I don't get the Mac version of a game that isn't released on Steam?! Oh, the humanity!
On the other hand, when I buy a game on Steam that has both Mac and PC versions (Civ V springs to mind) I can install it on either or both. Maybe I misunderstood, but parsing that sentence was a chore.
You can also lose ALL your games if you disobey the ToS. That's a rather big downside, isn't it?
Violating a contract has consequences. Movie at 11.
At least Valve let you read the T&C's before you pay for anything, which in my view is a big upside compared to the usual shrink-wrappeds EULAs. Wouldn't you agree?
On Win7, the local Administrator account is disabled by default.
These "survivability clauses" are illegal in most European countries, though. This means that in front of the court the clauses will be void and part or all of the EULA might also be judged void in case it clearly contains clauses not legal in the country. What to make of this situation is up to the judge,but nobody has the time and money to sue large companies anyway. (There are no class action suites lawyers won't work for free here.)
AFAIK, the situation differs in US. But in Europe you can readily sign and ignore most EULAs, since they are usually not worth the paper printed on. (If they are printed anyway...)
Oh wait, what?
Seven puppies were harmed during the making of this post.
One of the tags on this story is, "theyneverlearn".
On the contrary, "they" have learned exceptionally well! One could argue that "they" are A+ students with a 4.0 GPA across the board, having graduated Suma cum laude from the University of Violating People's Rights.
1. Any illegal action is legal until you get caught. (This is universal, and does not apply only to software.)
2. If you get caught, bluff. Claim that the plaintiff signed away their rights in the EULA.
3. If the bluff fails, obstruct. Claim that the EULA dictates the plaintiff must agree to arbitration in the Dominican Republic, where all parties may only meet on the 5th Wednesday of every month, between the hours of 8AM to 12PM.
4. If the obstruction has failed, then the client has identified themselves as a serious threat. Primarily because they have enough money to get this far in a court of law. Commence filing delaying actions. Request discovery on the plaintiff's machine. Engage private investigators, or even law enforcement by accusing the plaintiff of willfully violating the EULA. Plaintiff's property is then confiscated pending an investigation which can take up to a year. Continue until plaintiff runs out of money.
5. If things get this far, then plaintiff is extremely dangerous. Withdraw all claims against plaintiff. Immediately offer a deal to the plaintiff in return for a non-disclosure. Agree to any amount of money. Because it has not made it to court, you can promise umpteen squintillion bars of diamond-studded gold, and never have to pay one thin dime. What's the plaintiff going to do? Send the debt to a collection agency? (Use caution with this tactic! People are learning-albeit slowly-that you can send the sheriff to foreclose on a defaulting defendant's property.)
6. The plaintiff refuses any deal. Case actually makes it to court. Offer another deal for much less money. Court costs for the plaintiff will now most likely exceed damages, so make an appropriate offer. Use caution: a court-agreed settlement MUST be paid, but it will not dictate as to when it must be paid.
7. All attempts at a deal have failed. Plaintiff has bottomless pockets and blood in their eye, and is Hell-bent on taking you down. Begin repeat of Step 4.
8. Repeat of Step 4 has failed. The Lord God has taken a direct interest in this case, and has been witnessed pissing into your cornflakes. Change your plea to "no contest". The court is restricted to how much they can fine you, and the case comes to a halt.
9. Write off all losses by routing funds through the third set of books. Engage social media sock puppets to gin up your products. Sue anyone who bad-mouths you, even if they're pointing out the truth. Inform R&D that they are to conceal the program on the next release.
[End Of Line]
Under many country's laws... you are entitled to a refund if you happen to not agree to the EULA within a certain period of time..
Wow, thanks BronsCon! I appreciate the kudos as much as I appreciate that you think my three examples were insufficient!
>Is that really such a difficult concept to understand
No. It's just a pointless distinction that only serves to add confusion to the situation by calling the same concept by two different names.
>is it that people on here are so wrapped up in the tech side of the equation that they ignore the other important things like language and the proper use of it?
Yes. It's that people here care about the tech side of things more than mindless word games.
>It is objectively appropriate to attach specific names to specific phenomena if nothing else to prevent misunderstandings.
It's already got a specific name attached to it. You're the one trying to muddy it.
>Possibly you're a victim of the modern education system that places emphasis on rote memorization than understanding underlying concepts.
The concept here is the concept of a rootkit. There's no reason at all to call the same thing two different things over some extremely superficial difference. It adds nothing and subtracts much.
>For example not communicating basic concepts of computer security.
Again, the concept here is the concept of a rootkit. Word games have nothing at all to do with computer security.
Hell, from there it can snoop your grub.conf, find out where your kernel is located, and overwrite your entire kernel. You wouldn't even know until you rebooted...
This is Slashdot, and you lacked a car analogy. He thought you did well and was trying to protect you from later complaints.
Congratulations on getting modded so highly on the basis of a pure strawman. Slashdot is a fucking joke.
Right. When I rootkit a DoD workstation, I go to PITA Fed, when Sony does it it costs $150.
Actually they were sued by several state's attorneys, and settled. Personally, as a victim of XCP (I didn't agree to their god damned eula, my daughter installed it, never imagining that a big respected company would deliberately install MALWARE) I'd like to meet Sony's President in Felbers' beer garden and beat him to death with a two by four. I'm still pissed, and it's almost been ten years. I will never EVER be stupid enough to buy another Sony product. I want the company broken up and its board of directors impoverished. Nothing's too bad for those evil sociopaths. Cancer and AIDS are too good for 'em.
A rootkit is MALWARE. The president of Sony should have gone to prison, and the President of Ubisoft should, too. If I did to Sony what Sony did to me, you can bet your ass I'd go to prison. But it's OK for the 1% to fuck over the 99% any way they want, but if you mess with them, well, you're screwed.
And you stupid people should quit buying their damned games! Jesus, stop letting these assholes take advantage of you! You would buy from a company that deliberately installs malware on their customers' computers??? How goddamned stupid can you get????
Free Martian Whores!
No. It's just a pointless distinction that only serves to add confusion to the situation by calling the same concept by two different names.
You say it's pointless because it serves your argument to say so when in reality you are just making a bald assertion. The distinction is in the implementation. Normal users have no idea what "root" is but they do know what Administrator is. It makes more sense to call malware that usurps Administrator privileges on Windows an Administrator kit rather than a root kit. Ask any disinterested party what makes more intuitive sense and they will almost always pick the latter.
Yes. It's that people here care about the tech side of things more than mindless word games.
Thanks for your tacit support of my point though I'm sure that's not what you were going for. Trivializing the issue doesn't make it go away.
It's already got a specific name attached to it. You're the one trying to muddy it.
A name that was coined before Windows was ever even thought of. Times change and with Windows being the primary vector of malware today terminology should be updated to reflect that. "Rootkit" sounds like jargon to the average user. s/Root/Administrator/g makes much more sense.
The concept here is the concept of a rootkit. There's no reason at all to call the same thing two different things over some extremely superficial difference. It adds nothing and subtracts much.
The implementation is malware on Windows that usurps Administrator privileges. Why not just tell it like it is rather than hiding behind jargon rooted in a bygone era?
Again, the concept here is the concept of a rootkit. Word games have nothing at all to do with computer security.
Painting a clear picture has much to do with computer security. And that starts with clear concise communication.
And quoting isn't that hard. It works like this <quote>Phrase to be quoted</quote>
Might is the wrong word. EULA are court tested in the US. EULA are legally binding.
ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir. 1996)
"The court held that Zeidenberg did accept the offer by clicking through. The court noted, "He had no choice, because the software splashed the license on the screen and would not let him proceed without indicating acceptance." The court stated that Zeidenberg could have rejected the terms of the contract and returned the software. The court, in addition, noted the ability and "the opportunity to return goods can be important" under the UCC."
I find being offended by me offensive.
The feds say they can be enforced.
ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir. 1996)
I find being offended by me offensive.
EULA are court tested in the US. They're very much binding.
ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir. 1996)
"The court held that Zeidenberg did accept the offer by clicking through. The court noted, "He had no choice, because the software splashed the license on the screen and would not let him proceed without indicating acceptance." The court stated that Zeidenberg could have rejected the terms of the contract and returned the software. The court, in addition, noted the ability and "the opportunity to return goods can be important" under the UCC."
I find being offended by me offensive.
The 7th Circuit disagrees with you. EULA are legally tested and enforceable in the US.
ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir. 1996)
"The court held that Zeidenberg did accept the offer by clicking through. The court noted, "He had no choice, because the software splashed the license on the screen and would not let him proceed without indicating acceptance." The court stated that Zeidenberg could have rejected the terms of the contract and returned the software. The court, in addition, noted the ability and "the opportunity to return goods can be important" under the UCC."
I find being offended by me offensive.
In what way?
You really think they did not include some fine print in the EULA about how the user was consenting to this?
An illegal action (not sure if this is or not) remains illegal, even if both parties agree to it.
So does that mean VNC is illegal? Or any screen-sharing service? What about remote diagnostics?
If you agree to it, it's perfectly legal to give others the keys to your computer.
Not to mention once you break the shrinkwrap it's damn near impossible to return it.
EULAs are not tested very well in court, and that's a 7th circuit decision. California is in the 9th circuit. 7th circuit might be REFERENCED but in the 9th circuit EULAs have been found null and void (try my legal battle with EA over the Spore DRM, which is why EA settled and FAST.)
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Your name is too fitting for your ignorance, realityimpaired.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
7th circuit is not the entire USA. The 7th circuit has jurisdiction over:
Central District of Illinois
Northern District of Illinois
Southern District of Illinois
Northern District of Indiana
Southern District of Indiana
Eastern District of Wisconsin
Western District of Wisconsin
And that's it. Try again when you understand the legal system.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Boop
The flaw with the root kit of course being that someone detected it.
But don't worry, they're working hard to correct that problem.
In the UK, they're certainly violating the Computer Misuse Act.
So? Ubisoft is a corporation, its not like anything bad is actually going to happen to them.
There are lines that even major corporations cannot cross. Putting rootkits on US Federal computing equipment is one such line. Sony's fine for their rootkit fiasco was certainly enough to get Sony's stockholders' attention, but that wasn't the worst of it.
The Department of Justice basically said: it would be within the law to sieze all Sony assets in America and ban all future imports of all Sony products, but we're not going to ask for that becuase we don't think it was deliberate .... this time.
Deliberately infecting US government-owned computers with rootkits is one of the few ways a corporation could actually get a corporate death sentence. When it starts looking like organized crime (or military action) instead of mere corporate greed, there are sill real teeth left in enforcement.
Socialism: a lie told by totalitarians and believed by fools.
If EULAs were able to allow you to agree to something like this frankly there wouldn't be any malware nor would there be any antivirus, because malware writers would just wrap their "freeware" in a EULA and sue the AV companies under DMCA if they tried to detect or remove their "product".
Now since the only time I've ever heard of a malware writer trying that kind of BS they got laughed out of court I seriously doubt such a defense is gonna work this time. Then there is the fact that the feds got laws up the ying yang against hacking into other people's computers and I think Ubisoft will most likely be pulling a Sony and doing a shitload of backtracking and apologizing, the only question being how much this fuckup is gonna cost 'em.
That said maybe this bullshit will finally get Ubisoft to just use Steam and call it a day. I know there were several times on the Steam sale when I was ready to hand my money over to Ubisoft and then saw that "This product requires" followed by a huge list and said "Fuck that noise" and gave my money to someone else. I doubt they'd agree to give us the figures (because it would piss off publishers like Ubisoft) but what I wouldn't give for the sales figures for games that just used Steam VS games that piled on the BS during the last sale. I know all my friends were doing the same thing and like me they were spending like crazy on the sale so maybe this will finally get them to drop the horseshit.
ACs don't waste your time replying, your posts are never seen by me.
Even then, the installer could easily abuse a bug in the OS to do it's bidding (as any malware would).
Just remember, if you can "jb" or "root", malware and businesses can sneak in system-level software as desired.
I hate corporations as much as the next guy (especially working for them), but what would you suggest if a corporation screws up as badly as the individual who lost his summer cabin, children, dog, and job? Shut them down? Then all of their employees lose their jobs. Much as we hate to admit it, corporations are comprised of people who stand to lose a lot if that corporation is shut down. Corporations have too much power now, yes, but we have to be careful how we address that issue.
In the US, there are very, very few restrictions in this area, and you can legally waive your rights to damn near anything, as consumer protection laws are all but nonexistent.
Check out my world simulator thingy.
As we have seen, US isn't the world and it's EU that's currently championing consumer rights in the Western world. And in here, you can't waive rights through a simple click-through quite as easily. In many cases, you cannot waive them at all.
The fact that Ubi rushed to fix the problem so fast tells you just how risky someone high up thought this is.
Yeah, I know the situation is much different in Europe (better, in my opinion.)
Check out my world simulator thingy.
Which is a perfect example of how the rich and powerful live by a different set of laws. If I put a root kit on Sony's computer, you'd better believe I'd have felony charges filed against me. If Sony puts a root kit on my computer, all they have to do is pay off some state AGs.
Give me Classic Slashdot or give me death!
The court stated that Zeidenberg could have rejected the terms of the contract and returned the software.
Good luck finding any software retailer that will allow you to return opened software, of course. Is the manufacturer even legally required to compensate the purchaser in a case such as that? Seems like the consumer is screwed either way...
I read their patch effort and instantly thought of an Ubisoft executive saying:
"Damn they found our rootkit, oh well better close it down to save face... hope they don't find the other one."
It could be illegal if the rootkit is not represented as such.
In other words, you would have to disclose the nature of the software in a way that accurately describes it before installation. Think of it this way, suppose I fix your virus riddled computer and install software to prevent it from being infected again. You agree to that. Now suppose in that software, I installed a back door (rootkit) allowing me to turn the webcam on at any time and do so when you, your girlfriend, your mom, your kids, whatever comes out of the shower naked and drying off. Does your consent to me installing software on your computer to keep it virus free include this stuff? Of course the answer is no just like my consent for the local repair shop to change the battery in my car does not allow the to pull the engine and replace it with a smaller one.
Yay, they issued a fix!
Let me guess, the fix is to hide their rootkit better so they don't get caught again? ;)
10. If the publicity damage results in an egg-on-face coating that's just too hard to remove, rename the company. Most people find history by means of hits in search engines, and none of them are as of yet smart enough to redirect searches to the old name.
11. Then: start at 1 and repeat.
The likelihood of you going to jail for constantly breaking the law diminishes in equal fashion to the money you make, instead you will be featured in Wall Street journals as the newest business genius with valid insights on anything you can think of and you get to sell your new company at a valuation which is so far north of sanity it can justifiably be called extraterrestrial. But that's OK - shareholders and tax payers are there to be abused.
Insert
I've seen you cite that three times in the comments so far, and I'm not even very far down the page. I'm pretty sure it's been tested more recently than 1996. In fact, here you go. I imagine you got your link from the wikipedia page on shrink-wrap contracts, as did I.
It varies by court and by license - there's no precedent that's used in all cases.
And regardless, what they're doing is illegal so it doesn't matter if it was in the EULA. Knowledge != consent
How are sites slashdotted when nobody reads TFAs?
They only release their games on Origins and UPlay now and removed themselves from Steam so all we have to do is... keep buying from Steam or other outlets that isn't Origins etc.
They played right into our master plan, they put themselves into their own coffin.
Nobody wants to use Origins or Ubi electronic product jail.
Btw, has Battlefield 3 been released yet? I haven't seen it anywhere I shop yet.
Your username is appropriate.
There is a war going on for your mind.
And that makes them more expensive than their competition, which hurts their profit and thus their shares. If they want to swallow the cost to remain competitive, then it hurts their profit and thus their shares.
I'm saying it's /not/ costless to them. That worn-out water-cooler remark only washes when you fine the goverment, or a similarly protected monopoly. It's glib, not insightful.
And furthermore, since corporations are people according to the Supreme Court, the whole company should go to jail.
And that makes them more expensive than their competition
It does? Always?
Please stand clear of the doors, por favor mantenganse alejado de las puertas
I don't kn ow about the other McGrew but I haven't bought a single Ubisoft title since they started including extra DRM crap and always online garbage instead of just using Steam. In fact I came THIS close to buying a good $75 worth of games on the Steam sale...until I saw it was Ubisoft and their extra bullshit and instead gave it to other companies.
I'll buy Steam, i'll buy games that have GFWL (although I won't buy from GFWL, MSFT still can't design a UI for games for shit and I hate the way it keeps trying to sell me Xbox games) but I won't be buying from any company that piles on the DRM and that goes for my friends and family. Just talking to them on Steam chat there was a good couple of grand that would have been spent on game packs that would have went to Ubisoft that instead went to other companies. Its not much in the grand scheme of things but at least our systems run stable and doesn't have backdoors you could drive a truck through.
BTW OT but for all those that have recently switched to X64 or haven't ran into this problem yet? A little word of warning...avoid older games that have DRM like Starforce and SecuROM on them! The older DRM didn't recognize 64 bit and would try to jam a 32bit kernel hook into a 64 bit kernel with disastrous results and the uninstaller they host on their website? DOES NOT WORK ON X64. So if you don't dual boot so you have an uninfected OS to work from its a royal bitch getting it cleaned up and will make your system as unstable as Win9x which is why I ended up going Steam.
I'd love to hear from those with exp with Ubisoft DRM as I've found those that jam in deep level hooks like that tend to make things more than a little unstable. If you've installed a Ubi game and are experiencing hangs, lock ups, BSODs, weird errors, you might want to remove the DRM and see if that clears it up, because you'd be surprised how many times I've seen machines at the shop that were "infected/broken/crashing" that turned out to be a shittily written DRM hosing the system. The only "nice" thing I can say about the non Steam DRMs is they don't seem to burn out drives like the old Starforce did, but that's like saying "well at least it just shat on the bed instead of the floor".
ACs don't waste your time replying, your posts are never seen by me.
Maybe they'll actually get sued this time...
I play Everquest 2 on this machine, and look what I just found (installed yesterday). Firefox never informed me that it was being installed.
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\5kpvldeq.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
In the Firefox browser Add-on pane it is listed as SOE Web Installer 1.0.3.171. It can be disabled, but I have not attempted to remove it yet. I want to keep it around while I figure out what it is doing. A web-search is inconclusive as it appears to have just been released, although I did find several links to a "test page" that belongs to Sony that instantly tries to install said plug-in. No-script blocked these attempts, so I have to assume it was served to me via the EQ2 GAME updating system. If so, complete bullshit.
Again, I never got any sort of plug-in install warning when running Firefox, and I have my browser warning settings at maximum verbosity. This plug-in was just "there".
If many people say the same inaccurate thing should you only correct one?
The comment I responded to said EULA weren't valid. My response accurately refutes that. You give a specific example not applicable to the point at hand since there is no download button mentioned.
The illegality of what they are doing was not mentioned nor responded to so your final sentence is off topic.
I find being offended by me offensive.
You could take them to court. But realistically yeah you're fucked either way.
I find being offended by me offensive.
We can do more than stop buying from a company that installs malware. We can educate those we influence. For me that pretty much means my kids (for now), but they know how bad Sony is and why we don't consider buying anything Sony makes.
Sig is on vacation
I still remember the Sony root kit. The CD refused to play in the car CD player. Putting it on the computer busted the OS and led to a 2 day ordeal of reinstalling everything and recovering the data. I lost a lot of time due to their arrogance. I stopped viewing Sony as a reputable company after that.
Do people still buy their games with all the shit they've pulled with DRM? Seriously, Ubisoft has to be the most anti-gamer gaming company there is, and a disgrace to the gaming community. Not to mention, their games suck... the only games I recall that were pretty good were Prince of Persia: The Sands of Time, Prince of Persia: The Two Thrones, and that Prince of Persia remake they released on Xbox Live Arcade.
I stopped paying attention to them after the Prince remake, so who knows--maybe they made a decent sequel sometime later. I just know Warrior Within and the one for Xbox 360 that you never die in (always "rewind" time) sucked.
I live in New York State. No contract can force an individual here to waive their right to sue. Businesses add them anyway to fool people who don't know any better.
If you want to be anal about it, it's probably a "LocalSystem-kit", as Administrator is actually a less-privileged account.
Thank the pro-corporate GOP SCOTUS judges for that one.
If it was up to them, we serfs would be outright OWNED by our corporate masters.
"There are laws that enslave men, and laws that set them free. " - Sean Connery as King Arthur
We need realistic penalties for corporations, and I don't mine fines. They are useless for the reasons mentioned above.
The only way to get a corporation to behave differently is to hold the people that run it (the CEO, board, President) accountable.
The best way to do that is to give the government the power to outright kick the board and CEO out and replace them with a government determined management team for a set period of time. Call it Corporate Jail. And the people kicked out CANNOT COME BACK to that company to work. Or maybe they could after a set period of time. Probably both punishments would be useful for different offenses.
"There are laws that enslave men, and laws that set them free. " - Sean Connery as King Arthur
no, they just remember what happened the last time someone mentioned "root kit" (*cough* sony) - still, I avoid ubisoft like the plague for their previous policies.
For such a trivial amount that one could hardly say they lost. Most people didn't get anything, and those that did essentiially had to work for much less than minimum wage while repairing the damage done by the root-kit.
Also, if it's the case I'm thinking of, Sony never did restore the equipment to previously working condition. (But I may be confusing two different cases. In both Sony technically lost, but the decision was such that the real losers were Sony's customers.)
I think we've pushed this "anyone can grow up to be president" thing too far.
You have to be careful about what you consider to be waiving your rights ie. I wave my rights, sorry changed my mind, waived them again, changed my mind again, waived, not waived, waived, mine again.
Waiving your rights means pretty much nothing because the very second you claim them back, they return with full force of the law, constitutional and criminal law both of which out weigh contract law. There is no legal condition of contract that can prevent you from reclaiming your rights, at any time you choose.
Chaos - everything, everywhere, everywhen
True, but that's just how capitalism works.
because the software splashed the license on the screen and would not let him proceed without indicating acceptance
I prefer to simply amend the terms before I agree/click-through (web EULAs are trivial). Just wait until they try to come at me with a terms violation and they find out they owe me millions.
+1000
It's okay. Very few people are going to listen to you or be aligned with your principles. Give it just a few years and people will tell you to just get over it, nothing really big happened, and it only really affected you if your were guilty.
Right, and the big problem from the package manager's point of view is that it's perfectly reasonable for the user to want to install a kernel module.
Perhaps the best fix would be for packages to contain a list of the permissions they needed to install, and so at least technical users would be able to check if they were far too over-encompassing or not. Doing that's not going to help nontechnical users so much, though.
(1)DOCOMEFROM!2~.2'~#1WHILE:1<-"'?.1$.2'~'"':1/.1$.2'~#0"$#65535'"$"'"'&.1$.2'~'#0$#65535'"$#0'~#32767$#1"
Interesting, while living in the UK (for about 4 yeras) I always wondered what the "this does not violate your statutory rights" meant. I always wanted to know what my "statutory rights" were, but could never find them.
Ubuntu is an African word meaning 'I can't configure Debian'
They installed malware on your computer, so you think their executives should get AIDS, cancer, and die. Cool. What's it like being a sociopath?
The best way to do that is to give the government the power to outright kick the board and CEO out and replace them with a government determined management team for a set period of time.
That will just sink the whole company. You might as well set their building on fire.
Heavy, even crippling fines are a better answer. Not the "$200,000 and don't admit wrongdoing," BS that Sony got away with. If that rootkit had cost them, say, $1 billion, you can bet they wouldn't try it again, and neither would anyone else including Ubisoft.
There is no reason that replacing the board and CEO will 'sink the whole company'. And even if there is a fair probability that it WILL, then GOOD.
Punishment must be sufficiently heinous to DETER misbehavior, and it is clear that the total BS fines that corporations get hit with are NOT in ANY WAY SHAPE OR FORM a deterrent.
Look at Barclays. Look at HSBC. Barclays blatantly manipulated LIBOR and violated numerous laws and got a fine that is maybe 50% of 1 quarter's PROFITS. Not revenue... PROFITS... Barely enough to even make a dent in their earnings.
HSBC money laundered drug profits and ran accounts for known terrorists and did this KNOWINGLY, and they are not in any way shape or form looking at a penalty that will destroy the company or put the CEO and his cronies in JAIL. This is the PERFECT CASE for a corporate DEATH PENALTY, where all corporate assets are SEIZED and sold off.
Mark my words, until we have a way to realistically hold corporations accountable for their misdeeds, they will continue to steal from and kill us individuals with IMPUNITY.
"There are laws that enslave men, and laws that set them free. " - Sean Connery as King Arthur
but you keep claiming your citation as if it were applicable to the entire country. All over the thread. It doesn't. Period.
I know way more than you'd suspect. I've done it from criminal and civil sides, from unlawful detainers to suing the shit out of EA.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Your amendments are not legally binding.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
In Sweden, the law explicitly states that if a part of a contract is found invalid, the rest of the contract is still legally binding.
Still, if you strike out clauses before you click "Ok", shouldn't that make those clauses "legally un-binding"?
I don't think the main complaint is about monitoring communications, it's about opening up users' machines to being remote controlled, and potentially infested by third-party malware.
As noted elsewhere in the thread, it MAY be enforceable, depending on the circumstances.
I hate corporations as much as the next guy (especially working for them), but what would you suggest if a corporation screws up as badly as the individual who lost his summer cabin, children, dog, and job? Shut them down? Then all of their employees lose their jobs.
Ah, but dismantling a corporation doesn't mean all the factories are closed, their products are no longer sold, and all their employees are without a job. As long as the market is profitable, someone will buy most of the buildings and equipment and hire most of the workers, since there's a profit to be made by filling the void. The problems are mostly temporary.
It's different from when a firm goes bankrupt because the market is no longer profitable, like when the steel or automobile producers have to close because foreign companies can produce the same goods much cheaper.
That will just sink the whole company. You might as well set their building on fire.
Closing down the whole company may even be better than trying to run it with government-appointed leadership. If a company closes down, the buildings, equipment, workers and market share become available for anyone who wants to start a new company and fill the hole in the market. If the company survives, but is run inefficiently, it'll just tie up those resources.
But in any case, I agree that the fees need to be substantial.
I don't know about the Ubisoft rootkit, but Sony's rootkit was actually there to prevent the user from accessing the work, except in those ways Sony approved of. It prevented the user from playing the raw Audio CD, so they had to use the DRM:ed files on the Data portion of the CD instead.
Actually it's not perfectly reasonable for the user to install a kernel module... not without telling the package manager. Installing a kernel module is perfectly doable, and in DEB and RPM it's done by telling the package manager there's a module to install and letting it put the module somewhere. You can also have a pre-install script (that runs before anything's even installed, and even if the install fails and the packager rolls back changes) or post-install script that spits a kernel module into the appropriate directory, unbeknownst to the package manager. It could even straight out modify the kernel in /boot.
I've actually considered writing a secure package manager. From my point of view, you need to ban running any application as root. The whole thing should run the installation scripts as a non-privileged user with a fakeroot. Track user changes, additions, setuid, etc. pre-install and post-install through bash scripts (maybe with a modified bash), and an 'environment builder' that lets it bring in non-read files for modification (hence a bash interpreter with a sandboxer or modification to prevent writing to the system--can run the thing as root and prevent it from writing to something the packager can read).
That way you could stop and tell the user, "It wants to pull these configs in so it can modify them. They're usually marked sensitive." You can stop and tell the user, "Installation will add system services, kernel modules, and these setuid binaries." You can control the whole installation. World-writable directories need protection though, which is hard; we actually need a system function to supply world-writable protection, and POSIX doesn't supply one (but we're dealing with a Linux package manager, we can always use process namespaces or something... Linux also lets you ban syscalls, so you can block networking. We can add these facilities to Minix if we want to use the packager there).
A couple bumps. You can always detect escapes--or rather you can detect an escape condition. Everything's done in bash scripts? Hell we can use a modified bash or busybox, you can't break out of our policy with that. A preload sandbox or libc could even control bash, perl, awk, the like. You need to run some other binary, something included in the package? The system doesn't have a control to prevent it stomping on world-writable directories? Warn the user: we may lose control of the installation soon, it could stomp all over world-writable directories. It's possible to attach to it with ptrace (POSIX!) and intercept/stop all system calls, but that could get slow. Just watching (strace) isn't as slow, and can give you a report of possible nastiness (files read/altered, network connections made, the like). You can easily detect if the program stayed within its bounds too.
Support my political activism on Patreon.
The Administrator account on Windows doesn't quite have root access. Try, for example, to create a file in another user's name.
As root on ***X, you just create the file and change ownership. Done.
As Administrator on Windows, you have to create the file, give the other user permissions to take ownership of the file, then log in as that user and take ownership of the file.
On Windows machines, I think the closest equivalent to root is the SYSTEM account, not the Administrator account. The Administrator account is locked down for security reasons.
Fines are just expenses to a corporation.
To a human, there's a moral component - oh yeah,running a red light is bad, that's why I got the ticket, i won't do it again. To a corporation, nobody learns anything. If a garbage hauler says $10,000 for drums of toxic waste, and the fine for dumping them down the drain is $9,000, the drain wins because it's cheaper.
Or if the fine is $100,000, and I think I can get away for 52 weeks before getting caught, I will have saved $420,000 out of my $520,000 budget this year, and by then I will have a promotion for saving money and won't be stuck in this crappy toxin disposing role anymore, so that's somebody else's problem! Win-win!
Normal users have no idea what "root" is but they do know what Administrator is. It makes more sense to call malware that usurps Administrator privileges on Windows an Administrator kit rather than a root kit. Ask any disinterested party what makes more intuitive sense and they will almost always pick the latter.
I agree that root and Administrator are two different things, but calling it root access is technically correct.
A root kit is called that because it gains access at the kernel level, i.e, gains root access to the operating system. But the Windows Administrator account has *less* access than root. The Administrator can't bypass certain Windows security features, such as the inability to create files in another user's name.
Yeah yeah. Everyone is god on the internet.
If you've installed a Ubi game and are experiencing hangs, lock ups, BSODs, weird errors, you might want to remove the DRM and see if that clears it up
When I see a machine like that, I assume it's pwned and just back up the data, FDISK, reformat, and reinstall. As they say at slashdot, "nuke it from orbit, it's the only way to be sure."
Free Martian Whores!
I don't understand what you mean. Can you use a car analogy?
Frankly that is going a little overboard, especially if you don't have any proof that its a bug. Sure it'll work most times but so will killing a rabid dog with an air strike, kinda overkill for most cases LOL!
I keep several tools on a CD and give them a quick run before choosing a plan of action, malwarebytes, a couple of rootkit scanners (which BTW show the kernel DRM hooks nicely) and Trend Micro Housecall. You see if you don't do something like that first you may just be covering up a hardware error that will bite you in the ass down the road. I've seen plenty of cases where a hardware problem, bad RAM cell, dying channel on a board, flaky PSU, will be covered up by a classic "boot and nuke" for a little while as it takes a little while before enough errors end up back on the HDD to start making the OS shit the bed again.
Another good tool which I'm sure you know of is Ultimate Boot CD, its got scanners for just about every hardware problem you can name, RAM, CPU, HDD, if I do a scan and find no bugs and no error listings in event viewer to narrow the cause (which is telling in and of itself, as most bugs will trigger an event while many hardware glitches won't) I'll go to UBCD and give it a quick run to see if it finds something flaky. You'd be surprised how many times its a bad RAM cell or a HDD with sectors going bad.
Sure it takes a little longer but since the tools don't need babysat it isn't like you have to be sitting there and I've found its better to find out WHAT is causing the problem before simply nuking from orbit. Sure if its got more bugs than a Bangkok whore on coupon night nuke the sucker, but its not a good move to do so without at least having some sort of confirmation. Hell even in Aliens they made sure there were bugs on the ground before talking nuking it LOL.
ACs don't waste your time replying, your posts are never seen by me.
Your three examples lacked depth and detail, ergo they *were* insufficient for those who don't already understand the principle you are describing. As for what you appreciate, you're an AC and I've got karma coming out of my ears, so... I don't really give a shit.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
No, because you have to get the approval of the other party as well.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
That would make it a component of the whole technological measure consisting of the rootkit and the right-management system. By access I meant the "authorized way" of accessing the content. Authorized ways are sometimes not the available, or the right ways when a promise (about the product in this case) is broken.
I think you could create a text file, include a little unicode sledding then run it with java. - Bobs your uncle!
That only allows you to run a program with the same privileges you already have.
Except a couple of his suits were published here on /.
No I don't. You keep claiming I claim that.
The 7th circuit is in the US. Thus they've been court tested in the US.
I find being offended by me offensive.
You see if you don't do something like that first you may just be covering up a hardware error that will bite you in the ass down the road.
Yes, I've run into that. Several years ago when I was running XP and Mandriva dual-boot, Windows started crashing, bluescreening, and hanging. I thought there was some sort of registry corruption, but it turned out that the power supply was going bad. The Linux side was fine until the supply went out completely; apparently, it's more tolerant of hardware faults than Windows.
I saw the same thing with a notebook a couple of years ago. It had a bug where if you had it set to hibernate when closing the lid on battery but do nothing when closing the lid under AC, it would hang if you closed the lid and plug it in before all the lights went out. It had this problem in both Win 7 and kubuntu. After this happened two or three times (in either OS the only way to get it back was remove and reinstall the battery), Windows crapped out completely. It didn't have Windows after that. I wonder what the theief who stole it thought when it booted into kubuntu?
OTOH, someone had an XP PC they thought was infected, but it turned out all it was infected with was toolbars and other useless crapware; there was so much stuff running TSR that its memory was maxed out before it was finished booting. All I had to do was go into control panel and uninstall the useless crapware (after resetting the admin password and removing admin rights from one of her kids' accounts, thanks to a tool a slashdotter pointed me to). It ran like brand new after that.
Free Martian Whores!
>doesn't understand 'implication'
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Yeah you really gotta watch for the flaky PSUs. I had one customer, in the same building mind you, that kept bring his PC back because "it'll run for a little bit and just die" so after the first PSU replacement i called the super and had him check the line....it turned out his outlet was getting less than 87 volts on average which would stress the PSU as it struggled to boot and then it'd cook.
Be sure to also test the RAM though, i've been noticing a LOT more chips coming down the line with bad cells. my guess is because its a race to the bottom they are just cranking those suckers out with little QC and a bad cell will act a lot like malware or a flaky drive.
But if you don't already know about 'em WSUS Offline and ninite make a nuke and install pretty much a "clicky clicky, go have a smoke" kinda deal. Just let WSUS update all the patches (and service packs if your Windows disc is behind) ahead of time and when the OS is installed just let 'er run, you can put 'em on a DVD, flash, hell I just leave 'em in a network share, and when its done ninite will give you all the third party stuff like browsers, AV, flash, etc. Can't be simpler so when you DO have to nuke you don't have any real work, just clicky clicky and go.
ACs don't waste your time replying, your posts are never seen by me.
Sorry to reply to myself, but I would also like to point out that PS3 does allow this (at least with some games and DLC), but they are much more restrictive on requiring activating and deactivating content that would make the currently well received Steam DRM much less well received by making it more cumbersome to use.
Yep, even though there have been several Ubisoft games I've wanted to play in recent years, every time I see the Ubisoft name on a game, it's a death sentence for them.
Haven't bought one of their games in years.
Long ago, I bought Splinter Cell: Chaos Theory. Never could play the game until very recently when I found a crack (Actually, two different cracks that I had to mix and match). This is the last time that Ubisoft ever saw my money. They won't fool me twice.
Nowadays, I'm very cautious when I buy a game from Steam. I make sure it's not from Ubisoft and that there are no other DRMs than Steam itself. I even do research elsewhere since the information on Steam is not always thorough. I also search youtube for videos that shows actual gameplay so I don't base my decision on a trailer.
I also decided not to get on the EA Origin bandwagon. I already have a platform; Steam. I don't need another one. So unfortunately, I had to pass up on good games like Battlefield 3 and Mass Effect 3. Oh well, I'll buy them on GOG in a couple of years, if ever.
boop
I did. I made the amendments, clicked ok and it let me through.
Obviously that's not valid, as the other party has not read your amendments, therefore your amendments were not approved by the other party.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".