Slashdot Mirror
Ubisoft Uplay DRM Found To Include a Rootkit
An anonymous reader writes "It has been discovered that the Uplay system Ubisoft uses to both check a game is legal and offer up gaming achievements, multiplayer, and additional content, actually contains a rootkit. The discovery was made by Tavis Ormandy, an information security engineer at Google, when he installed Assassin's Creed: Revelations on his laptop. He noticed that during the installation Uplay installed a browser plug-in that allows any website to gain access to your machine through a backdoor and take control of it.The plug-in can be classed as a rootkit because it is thought to allow continued privileged access to a machine without a user's consent."
Update: Ubisoft has released a statement saying it has issued a forced patch to correct the flaw in the browser plug-in for the Uplay PC application.
Update: Ubisoft has released a statement saying it has issued a forced patch to correct the flaw in the browser plug-in for the Uplay PC application.
under the DMCA any antivirus software companies can get sued for remove or even marking this.
It's reasons like this that I refuse to buy anything from Ubisoft.
Who is actually surprised?
This is the one thing that has me worried about Steam on linux. Using it in wine I can be fairly sure I have it limited to one user account and no real ability to mess with the machine, but when it installs natively who knows.
I started boycotting several manufacturers over the games that required a constant online connection. I can't wait to tell my buddy that thinks that the boycott is stupid how his system is rooted (again)!
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
under the DMCA any antivirus software companies can get sued for remove or even marking this.
On the other hand, Ubisoft is probably guilty of violating Federal wiretap laws.
This is software installed by the user on purpose, it is no flaw in windows that allowed it in. You could write software to do the same thing on any number of OSes.
I am no windows fan, but you can't blame them for this.
Because it's missing from the summary and also the linked article, here's the initial report: http://seclists.org/fulldisclosure/2012/Jul/375
Any time a rootkit is found the perpetrators should be (metaphorically) strung up.
It's hard to find a car analogy for this, but I can try: it's like a car dealer keeping a copy of your key for personal use. It's just unacceptable and so far outside of proper ethics that even the corporate sycophants should find it troubling.
Game sales are seriously down in 2012 compared to previous years. I am willing to bet that at least partially, this is because of the Steam/Origin/UPlay DRM garbage game publishers force you to install. ------- The game industry needs to take a long, hard look at the way it treats paying customers. Instead of the "we force xyz conditions on you" mantra practiced today, the industry needs to switch to "the buyer is always right". This means that the industry will need to listen to what game buyers want, and no longer IMPOSE completely unnecessary and counterproductive terms & conditions on the paying gamer. -------- This will probably never happen... The industry is run by money-oriented suits & beancounters who don't really care about making good games. But it would definitely have been nice to see, even if for just one day, the industry actually listening to what its customers want. --------- Maybe Kickstarter.com can help fix this mess. The 24 game projects that have been funded with Kickstarter will all be delivered sometime in 2013. And then we will see if the "Crowdfunded Games" can serve as a replacement for buying games from the big Multi-Billion Dollar game publishers. ------
Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
You think a backdoor couldn't be installed on Linux? The person voluntarily ran an installer executable. The sky is the limit when you do that. Heck, it came from a big company as official product, giving the social engineering aspect a boost -- people just clicked approve approve approve on all Windows' carefully-engineered install blockers.
Which, IIRC, don't even exist on Linux. Or maybe you're a Mac fan. Guess what? See above re: running an executable from a trusted source.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
You can't always waive your rights, even if you agree to it.
Technically, rootkit is the wrong term. It doesn't insert itself into the system, and it cannot execute code with privileges. It's still a security hole big enough to swallow small countries.
IMHO ANY software that allows someone to delete/alter/lock up something on my machine without my permission is essentially a rootkit.
DRM does not allow someone to "delete/alter" anything. It only "locks up" in the crypto sense, as DRM is basically crypto code. I dislike DRM, but will defend a software company's right to encrypt their software, and even allow them to require an Internet connection to "unlock/decrypt" that software so that it can be used. This is their choice, and in that respect, "buyer beware". Vote with your cash.
OTOH, installing a rootkit which allows possible unauthorised access to my machine, by the company or any other 3rd party without specific permission for each and every access??? They deserve to be fined out of existence by every legal system on the planet.
Can we stop calling them "Computer" games when what we really mean is Windows game? Linux constantly gets a pass in the popular press using generic terms when the entertainment is very specific to the Windows platform. Yes, other OSs get games but it is a drop in the bucket to the ocean of what is seen on Windows and it is disingenuous to mislead laypeople otherwise.
And don't worry, if Ubisoft ever makes a game available on linux, this is what you'd see:
[sudo] password for AC:
What?
Thanks. It seems however this is technically not a rootkit, but just a backdoor disguised as a browser plugin. It's not deeply embedded in the system and doesn't try to hide its existence. Still serious though.
Rootkit = hidden from the file structure of an OS, typically by intercepting explorer display calls. So it's not that but definitely a trojan, as it is a game on the outside and secret remote control browser plugin on the inside. By the way, there is no such thing as a hidden browser plugin. IE9 pops up and says that there's a new browser plugin and asks to enable it or not. Does it get around this? I think Firefox is a little more inviting to whatever the hell wants to hop in, as is Chrome, but no matter what, you can see all add-ons listed in all 3 browsers.
By the way, if you're thinking "hmmm, where have I heard Ubisoft news before?" they used a hacker team's no-CD crack, as-is, in one of their official updates to Rainbow 6 Vegas 2 to solve a problem with the game calling their own legit CD a fake CD.
In what way?
You really think they did not include some fine print in the EULA about how the user was consenting to this?
An illegal action (not sure if this is or not) remains illegal, even if both parties agree to it.
What, have you never heard of the sony rootkit? they were pretty damn close to getting sued for similar issues.
Fine print won't do anything to get around this. Just like every fine print says you indemnify the company - if there's a real issue, the judges will ignore the EULAs which have been deemed legally unenforceable anyway.
Steam also runs on Mac OS X and runs many of the same games from the same publishers. Does anyone know whether Ubisoft has done this on the Mac platform? I would think that they could since the admin is allowing the install in either case right?
Very often, people confuse simple with simplistic. The nuance is lost on most. - Clement Mok
And they wonder why there is piracy of video games. Seems quite obvious to me. "Buy game and get a rootkit installed on my machine, compromising my system's security or get the game from pirates without that."
A rootkit is software that allows root access without (further) exploiting the OS/software on the machine. The software itself may do nothing at all beyond that, and it's still a rootkit.
Conversely, software which reformats your harddrive is not a rootkit if it doesn't grant root access. Even if it itself is running as root!
So, your definition is crap. You've basically made up your own just so you can hate on DRM. It's stupid because DRM is crap even without this misguided rationalization.
Correct, in the UK at least, not sure about US law. For example, even if I agreed to work for less than minimum wage the employer is still breaking the law if they don't pay minimum wage, you can't sign away your legal rights. Also, they could be leaving themselves open to even bigger trouble - it could be argued that by doing this Ubisoft have taken responsibility for anything placed on the computer as a result and could be held legally responsible for anything found on it, such as malware or child porn.
Please consider this account deleted, I just can't be bothered with the spam anymore.
var x = document.createElement('OBJECT');
x.setAttribute("type", "application/x-uplaypc");
document.body.appendChild(x);
x.open("-orbit_product_id 1 -orbit_exe_path QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ== -uplay_steam_mode -uplay_dev_mode -uplay_dev_mode_auto_play")
So, what does your moronic comment have to do with an installer, that the user has run, adding a plugin to your browser?
So? Ubisoft is a corporation, its not like anything bad is actually going to happen to them.
RPM and DEB packages run arbitrary Bash scripts as pre-install/post-install during package installation, with full rights to alter the entire system. Gentoo ebuilds use a sandbox prelinked object that prevents writes into the system--it overlays the sandbox through libc function calls, writing new files to a separate directory tree and reading them from the real filesystem if they don't exist in that tree--but you can easily escape this by making direct syscalls.
Making a secure package manager is hard. When you install anything, it gets free reign of your system as root. From there you could even insert kernel modules if you wanted.
Support my political activism on Patreon.
But sometimes actions are illegal only if they are non-consensual. Agreeing to a EULA might be considered consent.
And the price you pay for buying d3 is an endless pointless grind to gather loot, to sell to the vendor for a paltry few of the billion gold that you would need in order to have the gear strong enough to farm for actual items. Or you can go on the real money auction house and give blizzard an extra 15% of filthy lucre from the $500 to $2500 it will cost you to gear up for inferno act4.
I'm going to contact my Congresspeople, and ask them to ask the Department of Justice to investigate and prosecute any violation of wiretapping and/or computer crime laws which may have occurred.
Wait, not really.
You install a computer game
The game claims to install counterfeiting and cheat protection
What you also get in the bundle without consenting is a backdoor/rootkit
This is the very definition of a trojan.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Guess we should all just use the pirated versions of Ubisoft games to get around this rootkit.
DNA -- National Dyslexic Association
uPlay update 2.0.4: 'Fix addressing browser plugin. Plugin now only able to open uPlay application.'
Well, that was fast.
You mean the EULA you are forced to agree to AFTER making the purchase? Null and void.
Seven puppies were harmed during the making of this post.
Exactly. When a individual screws up, he loses his summer cabin, children, dog and job. But when a company does so, everything continues pretty much the same...it shouldn't be like that. Companies should be tools for us, not the other way around.
Don't you watch South Park?
I hope you don't have any Apple products or software on your system...
This is software installed by the user on purpose
True, it is a Troyan, software that disguise as something you want but do things or allow others to do things you don't granted permission
As someone who personally boycotted Ubisoft a long time ago because of their DRM shenanigans, the only thing I have to say is:
HA HA (in nelsons voice)
It's impossible to convince everyone to not buy a game because people just don't care. So I'll just sprinkle this nice big helping of schadenfreude onto my cereal this morning, instead.
Which is incorrect. There was a class action suit, which Sony in the end settled.
Stop buying their games. The DRM will stop. Steam isn't much better as far as playing 'unplugged' but I guess I have more faith in Valve as a company.
Join the Slashcott! Feb 10 thru Feb 17!
Of course, where I live "EULA's" are invalid and can not be enforced under California law. Sorry UbiSoft, you've just made a tactical error that will get your asses sued in California and no, since an EULA is not recognized by California and Symantec has? their HQ in Silicon Valley - Don't know about McAffee, they're protected from DMCA issues.
Mod me up/Mod me down: I wont frown as I've no crown
In most if not all jurisdictions in this world, the law is always above any contract or agreement. And rightfully so, just think of the mess we would have if that is not the case. It's also why in all proper contracts you will find a "survivability clause", stating that if anything in the contract is overruled by another law, that the rest of the contract remains in force.
GTFO, that EULA is specifically for the website and has nothing to do with Uplay or their games.
Not only does it continue the same, but the company usually looks at whatever fine they received as an additional cost of doing business, and then just passes it along to the customer. Therefore, the *customer* is who actually pays for the company's transgressions.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
I dislike DRM, but will defend a software company's right to encrypt their software, and even allow them to require an Internet connection to "unlock/decrypt" that software so that it can be used.
I would too. But I would also defend the right of people to modify their copy of the software to remove said DRM and even distribute cracks for it.
Filthy, filthy copyrapists!
Actually, in this case, 'pretty damn close' really means they settled to avert a damning precedent. The law is on the books, but it hasn't been tested; and no one who might be in a position to be punished by it wants that precedent. If any class-action stuff starts up from this, I would expect it to also be settled, for the same reason the Sony rootkit was.
By replying here or anywhere else in this forum you agree to:
1) give me all your money, assets and all future earnings and assets.
2) whenever there is a full moon, stand in a public area on one foot and howl at the moon.
3) Say "boop" every 87.24 minutes.
One of the tags on this story is, "theyneverlearn".
On the contrary, "they" have learned exceptionally well! One could argue that "they" are A+ students with a 4.0 GPA across the board, having graduated Suma cum laude from the University of Violating People's Rights.
1. Any illegal action is legal until you get caught. (This is universal, and does not apply only to software.)
2. If you get caught, bluff. Claim that the plaintiff signed away their rights in the EULA.
3. If the bluff fails, obstruct. Claim that the EULA dictates the plaintiff must agree to arbitration in the Dominican Republic, where all parties may only meet on the 5th Wednesday of every month, between the hours of 8AM to 12PM.
4. If the obstruction has failed, then the client has identified themselves as a serious threat. Primarily because they have enough money to get this far in a court of law. Commence filing delaying actions. Request discovery on the plaintiff's machine. Engage private investigators, or even law enforcement by accusing the plaintiff of willfully violating the EULA. Plaintiff's property is then confiscated pending an investigation which can take up to a year. Continue until plaintiff runs out of money.
5. If things get this far, then plaintiff is extremely dangerous. Withdraw all claims against plaintiff. Immediately offer a deal to the plaintiff in return for a non-disclosure. Agree to any amount of money. Because it has not made it to court, you can promise umpteen squintillion bars of diamond-studded gold, and never have to pay one thin dime. What's the plaintiff going to do? Send the debt to a collection agency? (Use caution with this tactic! People are learning-albeit slowly-that you can send the sheriff to foreclose on a defaulting defendant's property.)
6. The plaintiff refuses any deal. Case actually makes it to court. Offer another deal for much less money. Court costs for the plaintiff will now most likely exceed damages, so make an appropriate offer. Use caution: a court-agreed settlement MUST be paid, but it will not dictate as to when it must be paid.
7. All attempts at a deal have failed. Plaintiff has bottomless pockets and blood in their eye, and is Hell-bent on taking you down. Begin repeat of Step 4.
8. Repeat of Step 4 has failed. The Lord God has taken a direct interest in this case, and has been witnessed pissing into your cornflakes. Change your plea to "no contest". The court is restricted to how much they can fine you, and the case comes to a halt.
9. Write off all losses by routing funds through the third set of books. Engage social media sock puppets to gin up your products. Sue anyone who bad-mouths you, even if they're pointing out the truth. Inform R&D that they are to conceal the program on the next release.
[End Of Line]
This is Slashdot, and you lacked a car analogy. He thought you did well and was trying to protect you from later complaints.
Actually they were sued by several state's attorneys, and settled. Personally, as a victim of XCP (I didn't agree to their god damned eula, my daughter installed it, never imagining that a big respected company would deliberately install MALWARE) I'd like to meet Sony's President in Felbers' beer garden and beat him to death with a two by four. I'm still pissed, and it's almost been ten years. I will never EVER be stupid enough to buy another Sony product. I want the company broken up and its board of directors impoverished. Nothing's too bad for those evil sociopaths. Cancer and AIDS are too good for 'em.
A rootkit is MALWARE. The president of Sony should have gone to prison, and the President of Ubisoft should, too. If I did to Sony what Sony did to me, you can bet your ass I'd go to prison. But it's OK for the 1% to fuck over the 99% any way they want, but if you mess with them, well, you're screwed.
And you stupid people should quit buying their damned games! Jesus, stop letting these assholes take advantage of you! You would buy from a company that deliberately installs malware on their customers' computers??? How goddamned stupid can you get????
Free Martian Whores!
EULAs are not tested very well in court, and that's a 7th circuit decision. California is in the 9th circuit. 7th circuit might be REFERENCED but in the 9th circuit EULAs have been found null and void (try my legal battle with EA over the Spore DRM, which is why EA settled and FAST.)
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
The flaw with the root kit of course being that someone detected it.
But don't worry, they're working hard to correct that problem.
So? Ubisoft is a corporation, its not like anything bad is actually going to happen to them.
There are lines that even major corporations cannot cross. Putting rootkits on US Federal computing equipment is one such line. Sony's fine for their rootkit fiasco was certainly enough to get Sony's stockholders' attention, but that wasn't the worst of it.
The Department of Justice basically said: it would be within the law to sieze all Sony assets in America and ban all future imports of all Sony products, but we're not going to ask for that becuase we don't think it was deliberate .... this time.
Deliberately infecting US government-owned computers with rootkits is one of the few ways a corporation could actually get a corporate death sentence. When it starts looking like organized crime (or military action) instead of mere corporate greed, there are sill real teeth left in enforcement.
Socialism: a lie told by totalitarians and believed by fools.
If EULAs were able to allow you to agree to something like this frankly there wouldn't be any malware nor would there be any antivirus, because malware writers would just wrap their "freeware" in a EULA and sue the AV companies under DMCA if they tried to detect or remove their "product".
Now since the only time I've ever heard of a malware writer trying that kind of BS they got laughed out of court I seriously doubt such a defense is gonna work this time. Then there is the fact that the feds got laws up the ying yang against hacking into other people's computers and I think Ubisoft will most likely be pulling a Sony and doing a shitload of backtracking and apologizing, the only question being how much this fuckup is gonna cost 'em.
That said maybe this bullshit will finally get Ubisoft to just use Steam and call it a day. I know there were several times on the Steam sale when I was ready to hand my money over to Ubisoft and then saw that "This product requires" followed by a huge list and said "Fuck that noise" and gave my money to someone else. I doubt they'd agree to give us the figures (because it would piss off publishers like Ubisoft) but what I wouldn't give for the sales figures for games that just used Steam VS games that piled on the BS during the last sale. I know all my friends were doing the same thing and like me they were spending like crazy on the sale so maybe this will finally get them to drop the horseshit.
ACs don't waste your time replying, your posts are never seen by me.
As we have seen, US isn't the world and it's EU that's currently championing consumer rights in the Western world. And in here, you can't waive rights through a simple click-through quite as easily. In many cases, you cannot waive them at all.
The fact that Ubi rushed to fix the problem so fast tells you just how risky someone high up thought this is.
Which is a perfect example of how the rich and powerful live by a different set of laws. If I put a root kit on Sony's computer, you'd better believe I'd have felony charges filed against me. If Sony puts a root kit on my computer, all they have to do is pay off some state AGs.
Give me Classic Slashdot or give me death!
The court stated that Zeidenberg could have rejected the terms of the contract and returned the software.
Good luck finding any software retailer that will allow you to return opened software, of course. Is the manufacturer even legally required to compensate the purchaser in a case such as that? Seems like the consumer is screwed either way...
I've seen you cite that three times in the comments so far, and I'm not even very far down the page. I'm pretty sure it's been tested more recently than 1996. In fact, here you go. I imagine you got your link from the wikipedia page on shrink-wrap contracts, as did I.
It varies by court and by license - there's no precedent that's used in all cases.
And regardless, what they're doing is illegal so it doesn't matter if it was in the EULA. Knowledge != consent
How are sites slashdotted when nobody reads TFAs?
And that makes them more expensive than their competition
It does? Always?
Please stand clear of the doors, por favor mantenganse alejado de las puertas
I don't kn ow about the other McGrew but I haven't bought a single Ubisoft title since they started including extra DRM crap and always online garbage instead of just using Steam. In fact I came THIS close to buying a good $75 worth of games on the Steam sale...until I saw it was Ubisoft and their extra bullshit and instead gave it to other companies.
I'll buy Steam, i'll buy games that have GFWL (although I won't buy from GFWL, MSFT still can't design a UI for games for shit and I hate the way it keeps trying to sell me Xbox games) but I won't be buying from any company that piles on the DRM and that goes for my friends and family. Just talking to them on Steam chat there was a good couple of grand that would have been spent on game packs that would have went to Ubisoft that instead went to other companies. Its not much in the grand scheme of things but at least our systems run stable and doesn't have backdoors you could drive a truck through.
BTW OT but for all those that have recently switched to X64 or haven't ran into this problem yet? A little word of warning...avoid older games that have DRM like Starforce and SecuROM on them! The older DRM didn't recognize 64 bit and would try to jam a 32bit kernel hook into a 64 bit kernel with disastrous results and the uninstaller they host on their website? DOES NOT WORK ON X64. So if you don't dual boot so you have an uninfected OS to work from its a royal bitch getting it cleaned up and will make your system as unstable as Win9x which is why I ended up going Steam.
I'd love to hear from those with exp with Ubisoft DRM as I've found those that jam in deep level hooks like that tend to make things more than a little unstable. If you've installed a Ubi game and are experiencing hangs, lock ups, BSODs, weird errors, you might want to remove the DRM and see if that clears it up, because you'd be surprised how many times I've seen machines at the shop that were "infected/broken/crashing" that turned out to be a shittily written DRM hosing the system. The only "nice" thing I can say about the non Steam DRMs is they don't seem to burn out drives like the old Starforce did, but that's like saying "well at least it just shat on the bed instead of the floor".
ACs don't waste your time replying, your posts are never seen by me.
Maybe they'll actually get sued this time...
I play Everquest 2 on this machine, and look what I just found (installed yesterday). Firefox never informed me that it was being installed.
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\5kpvldeq.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
In the Firefox browser Add-on pane it is listed as SOE Web Installer 1.0.3.171. It can be disabled, but I have not attempted to remove it yet. I want to keep it around while I figure out what it is doing. A web-search is inconclusive as it appears to have just been released, although I did find several links to a "test page" that belongs to Sony that instantly tries to install said plug-in. No-script blocked these attempts, so I have to assume it was served to me via the EQ2 GAME updating system. If so, complete bullshit.
Again, I never got any sort of plug-in install warning when running Firefox, and I have my browser warning settings at maximum verbosity. This plug-in was just "there".
Do people still buy their games with all the shit they've pulled with DRM? Seriously, Ubisoft has to be the most anti-gamer gaming company there is, and a disgrace to the gaming community. Not to mention, their games suck... the only games I recall that were pretty good were Prince of Persia: The Sands of Time, Prince of Persia: The Two Thrones, and that Prince of Persia remake they released on Xbox Live Arcade.
I stopped paying attention to them after the Prince remake, so who knows--maybe they made a decent sequel sometime later. I just know Warrior Within and the one for Xbox 360 that you never die in (always "rewind" time) sucked.
You have to be careful about what you consider to be waiving your rights ie. I wave my rights, sorry changed my mind, waived them again, changed my mind again, waived, not waived, waived, mine again.
Waiving your rights means pretty much nothing because the very second you claim them back, they return with full force of the law, constitutional and criminal law both of which out weigh contract law. There is no legal condition of contract that can prevent you from reclaiming your rights, at any time you choose.
Chaos - everything, everywhere, everywhen
but you keep claiming your citation as if it were applicable to the entire country. All over the thread. It doesn't. Period.
I know way more than you'd suspect. I've done it from criminal and civil sides, from unlawful detainers to suing the shit out of EA.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.