Street Fighter V Update Installed Hidden Rootkits on PCs

Capcom's latest update for Street Fighter V was installing a secret rootkit on PCs. An anonymous Slashdot reader quotes The Register: This means malicious software on the system can poke a dodgy driver installed by Street Fighter V to completely take over the Windows machine. Capcom claims it uses the driver to stop players from hacking...to cheat. Unfortunately, the code is so badly designed, it opens up a full-blown local backdoor... it switches off a crucial security defense in the operating system, then runs whatever instructions are given to it by the application, and then switches the protection back on
Friday Capcom tweeted "We are in the process of rolling back the security measures added to the PC version of Street Fighter V." This prompted one user to reply, "literal rootkits are the opposite of security measures."

This should be the death of Capcom

Only a fool would install a game made by them after this.

Re:This should be the death of Capcom

[El+Lobo]

You mean, nobody is installing Sony software these days after the rootkit incident 2012? Right.

Re:This should be the death of Capcom

[donaldm]

You mean, nobody is installing Sony software these days after the rootkit incident 2012? Right.

The Sony rootkit scandal was 2005 and was instigated by BMG who were in the process of being merged by Sony, consequently Sony took the blame. See the following for more details. Yes the root-kit was a stupid thing to do but you would think that people would also blame the operating system and virus protection software for allowing this to happen.

I do understand Capcom were trying to stop people from cheating but there are much more acceptable ways although the more you try to prevent someone from cheating the more you penalise the honest player. The bottom line is if someone is determined to cheat they will find a way and the only way to reduce this is "Don't play with cheats."

Re:This should be the death of Capcom

[Carewolf]

You mean, nobody is installing Sony software these days after the rootkit incident 2012? Right.

2012? It was in the 90s on CDs. Or did they do it again?

Re:This should be the death of Capcom

[Opportunist]

You do understand, I hope, that anitivirus and OS can't do jack against something the user wants to install, despite any and all warnings, yes? Which is, by the way, the way it SHOULD be, because the opposite is way worse: The OS deciding what I may and what I may not install on a computer I allegedly own.

Re:This should be the death of Capcom

[Calydor]

You mean like Windows 10 and updates?

Re:This should be the death of Capcom

Are you still crying like an anime fan on prom night over the justified cancellation of MML3?

Re:This should be the death of Capcom

[Zontar+The+Mindless]

Personally, I'm crying like there's still no port of Eternal Champions to Linux. Dammit, I miss my Genesis sometimes.

Re:This should be the death of Capcom

[Zontar+The+Mindless]

Whaddaya know. Problem solved.

Re:This should be the death of Capcom

[Opportunist]

That's one good example (a better one would actually be the Lenovo laptop blunder), another would would be the iPhone.

Re: This should be the death of Capcom

[GrahamJ]

What's bad is allowing an actor you don't trust to control the software on your machine. That doesn't necessarily preclude operating systems or their developers.

Re:This should be the death of Capcom

so sony has never done anything bad, then....

Re:This should be the death of Capcom

After the CD stunt they pulled the same shit with their USB sticks. I think that was just a few years after the CD incident so there are probably more instances.
Don't buy a Sony.

Re: This should be the death of Capcom

[decentralized]

Lucky for capcom then !

Re:This should be the death of Capcom

The point was you can't install anything on an iPhone unless the overseers of the precious walled garden deem it worthy (and profitable).

Re:This should be the death of Capcom

Which way do you want it?

People get pissed when they can accidentally install malware by clicking on the wrong thing, yet they also want the ability to install any bit of crap software they come across. Can't have it both ways. Get over it.

--XYZZY--

Re:This should be the death of Capcom

[Opportunist]

That is exactly the point of the whole damn subthread.

Re:This should be the death of Capcom

LOL you're vastly overestimating the importance of the PC to most japanese devs, let alone Capcom.

Re:This should be the death of Capcom

The way Android does it. By default you can only install from the Play Store, which only has apps that have been vetted by Google (they are highly likely to be free of malware, though not 100% as Google's vetting isn't perfect). However if you want you can check a box in your security settings which allows you to install apps from elsewhere, so giving you the freedom to install what you want, and even through this method by default Google still does a security scan on what you install, so you still get some protection, though you can disable that scan if you wish.

So yes, you can have it both ways.

Re:This should be the death of Capcom

[Uberbah]

The point was you can't install anything on an iPhone unless the overseers of the precious walled garden deem it worthy (and profitable).

And how many of your precious little snowflakes whine about Apple's "walled garden" and then go fire up a game console?

Re:This should be the death of Capcom

[nazsco]

Well, even before this. If you ever played the new SF games, you will see that they are now just tekken clones. Absolutely nothing of the old SF games remain other than the title.

Good riddance capcom of today.

Re:This should be the death of Capcom

[davester666]

Actually, you can install apps on your iPhone, without needing Apple to vet/sign the app, or pay extra to Apple, or jailbreak your iPhone to do it.

Re:This should be the death of Capcom

[Trogre]

That's great news!

Could you please reply here with step by step instructions on how to accomplish this?

Thanks.

Re:This should be the death of Capcom

[complete+loony]

Antivirus software is merely a curated blacklist of known bad code. It can't do anything about newly designed bad code.

Re:This should be the death of Capcom

[davester666]

See this:

http://apple.stackexchange.com/questions/206123/xcode-7-develop-for-ios-without-developer-account

Re:This should be the death of Capcom

You mean like Windows 10 and updates?

Windows 10 is a means to an end, the end being to run software. If you have to deal with occasional annoyances in the process, so be it. Windows 7 is dying, can't stick with it forever, and certainly can't just throw out the baby with the bathwater by avoiding 10 forever either, hence we live with it.

Re:This should be the death of Capcom

[theshowmecanuck]

I don't like Ape, but I'll switch to Apple before I use Windows 10. Either that or switch to Linux full time.

Re:This should be the death of Capcom

[Opportunist]

Your information is from the early 2000, at best. Or from some rather outdated antivirus tool. AV software is today way more than just a collection of hashes.

Re:This should be the death of Capcom

[complete+loony]

I'm not wrong, I didn't say hashes. Sure modern AV software is using more complex heuristics, but it's still just blacklisting known patterns of "bad code".

Re:This should be the death of Capcom

[Tukz]

You mean like Windows Update just installed several applications on my PC without my prior acceptance?

  - Google Earth
  - Xbox (?)
  - Groove Music

Re:This should be the death of Capcom

[Opportunist]

It's a bit more complicated than that. There's behaviour analysis, pattern analysis ... ok, in the end, it's "bad code". But the analysis does end at known code, it is quite possible to flag code as suspicious that you have not analysed before. There has been a lot of development in the past years, and the detection gets better. It's still too prone to false positives to be part of a scanner, but it is already a very valuable analysis tool.

Re:This should be the death of Capcom

[Carewolf]

After the CD stunt they pulled the same shit with their USB sticks. I think that was just a few years after the CD incident so there are probably more instances.
Don't buy a Sony.

I fully buycutted them for 15 years, but had to pardon them recently to buy a compact flagship cellphone, they were literally the least evil, all other options had done MUCH MUCH worse, and more recently. At least as far as I know, which is why I am interested in whether they did it recently.

Re:This should be the death of Capcom

[Agripa]

I am not.

Re:This should be the death of Capcom

[Coren22]

Do you honestly think that Apple is any way better at this?

STOP!!

Why are people STILL running WINDOWS and WINDOWS SOFTWARE?

This shit happens EVERY FUCKING DAY NOW!!! What the FUCK??

Re:STOP!!

[epyT-R]

Because people want to play video games..

Re:STOP!!

And what in the hell it has to do with Windows? Or any OS at all?

Re: STOP!!

Well, games on Steam for Linux are not installing stuff with root privileges.

Re:STOP!!

[Fragnet]

Haha.

Re: STOP!!

[The+MAZZTer]

Capcom made their game and malware to run on the OS their target audience uses. It happened to be Windows but there was nothing to stop it from bring Linux under other circumstances.

Re: STOP!!

[Miamicanes]

Because a Linux PC with an inexperienced user willing to run a game or dancing pig animation as root is every bit as bad as a Windows PC whose user will click 'yes' for any UAC prompt... maybe *worse*.

Re: STOP!!

[tijgertje]

Besides the point that steam-games on Linux get installed as user and not with root privileges?
Sure the software could ask for root, but the password prompt would ring alarms instantly

Rolling back the security measures

Sorry for the unwanted penetration. Please accept our apologies as we proceed to unfuck you.

Poaching

[darkain]

I know ya'll in the tech industry love to poach employees from other companies... But REALLY Capcom!? Did you have to hire that guy from Sony !?!?

Re:Poaching

To be fair, Sony contracted their rootkit code out to another company.

Re:Poaching

[D,Petkow]

i wish i could mod up your comment as funny

Re:Poaching

[donaldm]

I know ya'll in the tech industry love to poach employees from other companies... But REALLY Capcom!? Did you have to hire that guy from Sony !?!?

I have no idea why Capcom bothered, all they needed to do is get in the good books with Microsoft and all the information pertaining to a suspect user is theirs for the asking. You have read the Windows 10 EULA, haven't you?

"Literal rootkits"

[93+Escort+Wagon]

As opposed to figurative rootkits?

Re:"Literal rootkits"

Yes. Are you so much of a stickler that when people use "literally" wrong you complain, and when they use it right you complain too?

Re:"Literal rootkits"

[Carewolf]

As opposed to figurative rootkits?

No, in this case it is a figurative one, like literally literally often means.

This "rootkit" is missing the "kit" part, it is a backdoor that could be used to set up full rootkits.

Re:"Literal rootkits"

It's just a typing error for littoral. I feel I forgot a letter from that, but can't point out which...hmm.

Re:"Literal rootkits"

That's literally how millennials talk, everything is literally this and literally that, and they're literally using it wrong all the fucking time. It took off at about the same time as all the "could of" and "would of" shit you see everywhere these days. I can't help but wonder whether or not English is being taught in school anymore.

Adding Capcom to tech boycott

I'm adding Capcom to my little boycott list.

Sure, that's not going to make much of a difference to their finances, but for what it's worth, my money won't be supporting their total misunderstanding of "security" and their abuse of other people's property and trust.

Telling others about misguided companies like Capcom and Sony may have a larger effect, especially as Xmas approaches.

Re: Adding Capcom to tech boycott

What we need to be doing is getting executives arrested for violating the Computer Fraud and Abuse Act. That awful law has been used to prosecute hackers and hobbyists for much more minor things than this, and has been twisted enough to fit various cases that there's more than enough precedent now.

Re:Adding Capcom to tech boycott

I'm adding Capcom to my little boycott list.

Yeah? That's nothing! I'm boycotting them retroactively!. I've never bought any of their products in the past, either.

Re: Adding Capcom to tech boycott

Where is the fraud? The user assented to this when they clicked "accept" on the EULA. The EULA is a contract, and this is first semester law school stuff. Nobody held a gun to the user and said that they could not install Capcom's game. Don't like it, don't install it.

Re: Adding Capcom to tech boycott

If a EULA is a contract (which is an assertion on shaky ground at best), then it is only a contract of adhesion. That severely limits its scope and enforceability.

Try again.

Re: Adding Capcom to tech boycott

That's not a contract. An actual contract requires a "meeting of the minds" which clicking the "install this" button is not. Hell, I quietly recite the words "I do not" before every time I click any button that says "accept" - which negates any attempt to claim that I agreed to shit. All I did was click the only button that would make it work.

I don't read any of the text, and I actually make it a policy of NOT reading screenfulls of alleged contract text, again negating any meeting of the minds.

And in this case, even if I did, unless the text had words to the effect of "WARNING: THIS SOFTWARE WILL INSTALL A ROOTKIT ON YOUR COMPUTER, COMPROMISING ITS SECURITY. DO NOT INSTALL THIS SOFTWARE IF YOU DON'T WANT TO BE ROOTED" then it's insufficient, and Capcom should be charged with violating the CFAA.

Re: Adding Capcom to tech boycott

I go one step further and select "I Don't Agree" first (if the software then uninstalls itself then ok I won't use it, but none do that). The EULAs always say you must click "I Agree" if you agree to the terms, so I first tell them I don't agree and then prove it by clicking "I Agree". If you don't do that, then you're agreeing with the terms because they say you shouldn't use the software if you don't agree. In order to not accept that statement, you're forced to use the software/service.

Probably bullshit in terms of the law, but it's logically valid.

Re: Adding Capcom to tech boycott

Where is the fraud?

Only in the name of the law, which isn't even part of the law.

All you have to do to violate the CFAA is to gain unauthorized access to a system, and you bet nobody authorized Capcom to install a rootkit through a software update, nor could they ever believably hope to get authorization by cheaters to do so.

In all meanings of the CFAA, they violated it, and should be charged with it.

Re: Adding Capcom to tech boycott

[tijgertje]

In a lot of countries the EULA is not valid if you can't see it before you buy the software!
Even then : the law goes above every EULA.

Re: Adding Capcom to tech boycott

[BiggyDingus]

First, the idea of "meeting of the minds" is an old common law concept that strongly influences how contract law works in the U.S., but it is not used in the U.S. the way it used to be--partially because of jokers like you.

Second, the idea of "meeting of the minds" does not mean what you think it means. It implies that a valid contract requires mutual intent and understanding. There are three situations where a meeting of the minds does not occur under reasonable circumstances, and so a contract doesn't exist: 1) two guys vaguely agree to something, but their promises leave out too many specific details to be reasonably enforced, 2) two guys agree to certain terms, one of those terms is ambiguous, both guys didn't notice the ambiguity and reasonably thought they believed it meant two different, incompatible things, or 3) one guy is in a coma, or black out drunk, and the other guy puts a pen in his hand, and has him sign a contract.

No court that I know of has ever bought your whole argument that "I said all the words and performed all the actions that a reasonable person would interpret to be assent to the terms being offered in order to trick you into performing your part of the contract, but secretly I had my fingers crossed behind my back, so there was no actual contract. Haha I win!" From my own moderate sample size, I can tell you that around that point, the other side moves for a directed verdict and usually gets it. Also, once when the judge was feeling particularly grumpy, the case was referred to criminal court to determine whether any criminal fraud was committed.

I sincerely hope that you learned contract law from poorly written blog posts. If you actually paid some degree-mill to teach you what you just vomited here, I would recommend demanding a refund. Don't hold your breath, though. When they agreed to accept your tuition, promising to teach you law in exchange, they probably said "Not!" after you left the room. Which, according to you, means there wasn't actually a valid contract to begin with.

Re: Adding Capcom to tech boycott

[Agripa]

What we need to be doing is getting executives arrested for violating the Computer Fraud and Abuse Act. That awful law has been used to prosecute hackers and hobbyists for much more minor things than this, and has been twisted enough to fit various cases that there's more than enough precedent now.

Ya, I can see the CFAA being used against a user who bypassing the company's root kit.

Reminds me of Sony Musci CDs

The Sony DRM Installs a Rootkit.
https://it.slashdot.org/story/05/10/31/2016223/Sony-DRM-Installs-a-Rootkit

These acts should have been met with crippling penalties, but nothing changes....

Thanks for playing

[decentralized]

You lose!

Informational

Cuntish behavior from a cunt company.

Rootkit x antivirus, same concerns

[hcs_$reboot]

the code is so badly designed, it opens up a full-blown local backdoor

Sounds like antiviruses: they're supposed to fix problems and filter out malware, but such complex software requires excellent optimized algorithms and code, which unfortunately is still due.

Had to be done

I think people are too quick to whine about this stuff.

Every online game has anti-cheating stuff in it. Especially Korean MMO games. However things like Hackshield tend to make the computer running it behave poorly.

There's no "even handed" anti-cheating off-the-shelf software. Everyone either rolls their own, and you get stuff like this, or everyone uses crap like Hackshield and under-performing systems become completely unusable while it's running. Like, on a game that was designed in 2003, it shouldn't behave like it's running on a PC from 2003.

In the case of Street Fighter, honestly has a "PC" version of a console game ever not sucked? Even FFXIV, which was designed around PC/PS3 specs at the time, had to be redesgined to not totally suck the performance out of the machine. The result is that all the models lost some some complexity (all the female models lost butt curves so that they could all wear the same human armor.) The end result is that FFXIV for the PC has no anti-hacking protection what-so-ever.

So we have various examples of where anti-hacking tools do little or nothing (eg Hackshield in Archeage, Mabinogi, and so forth), overkill (Warden for WoW) , or the lack of anti-hacking tools (FFXIV) and honestly I prefer the non-shitty FFXIV experience to the Archeage and Mabinogi experience where the system would just straight up die randomly due to the anti-hacking tools.

The point is you can NEVER rely on the client side, so quit assuming players won't be assholes, and instead apply anti-hacking from the server end. Randomly check that packets are valid and investigate sources of invalid data.

Re:Had to be done

The PC version of SFV has been universally regarded as superior to the PS4 version. In fact, this was the update that supposedly finally brought the PS4 version up to the level of the PC version.

Re:Had to be done

[Calydor]

People aren't whining about Capcom trying to stop cheating from happening.

People are rightly complaining that Capcom's attempt to stop cheating from happening placed your computer one step away from being part of a botnet or worse.

Re:Had to be done

People aren't whining about Capcom trying to stop cheating from happening.

People are rightly complaining that Capcom's attempt to stop cheating from happening placed your computer one step away from being part of a botnet or worse.

No, people are complaining that this software was not only installed without their knowledge or consent, but that it's actually there to stop people unlocking costumes and the like before they've earned/paid for them. Cheating had nothing to do with this debacle.

Re:Had to be done

[Blaskowicz]

Street Fighter IV was well regarded in not needing a high end PC or GPU, I think.

On the other hand, PC version of Street Fighter II was unspeakable, but it was the tail end of rip off arcade conversions made by contractors for atari/amstrad/commodore/amiga etc., quite some time ago. So.. you get a 16 bit computer version with the beautiful backgrounds and characters, but they're turned into drunk paper dolls that jump higher that the depth of the screen and the controls are designed for a single button joystick (!), not that the game would have been playable anyway.
THAT is a PC port that sucks! I remember trying Halo 2 and thinking it looked like crap and ran like a dog (because on PC if you wanted those graphics you could play Quake 2 and run at 60 fps on a 400MHz CPU), but the game otherwise worked like intended.
Rip off games of the 80s and 90s were as if you wanted to play a game of chess, but the pawns are on the top most and bottom most ranks, you're in check when the game starts, and there are illegal moves such as nonsensical castling all over the place.

Re:Had to be done

[Blaskowicz]

(correction : it was Halo 1, delayed Windows version. Looked bland without pixel shaders, and the textures were low res. Perhaps it would have been more fun on the original Xbox)

Going from bad to worse

[Opportunist]

SFV was already a mediocre, overpriced, overhyped and unfinished piece of junk. But this really is the dingleberry on top of the shit sundae.

Sic transit gloria Capcom. They really did make some awesome games in their time, but it seems today they rely on brand name alone to pump out turd after turd.

Re:Going from bad to worse

Eh, the core gameplay was solid from day 1, and the netcode was good (but maybe not *great*). It's literally everything else that goes into making a polished, completed game that has been a total disaster. But the two most important things are there.

Re:Going from bad to worse

[Opportunist]

Great, so next time you buy a house I won't hear you complain about shoddy insulation, leaky windows, doors I cannot lock and moldy rooms because it has walls and a roof, so the most important things are there. But I promise to deliver the door locks and insulation within the month, promised. I'll also deliver the missing walls and shingles when we remove the mold.

Then 6 months later I come and charge you extra for all that. Without delivering it, of course.

I am sure I won't hear a single complaint from you, right?

Security for them

This is similar to a bank forcing everyone to take a drug injection before entering. This increases the security of the bank by making everyone docile. The fact that customers can easily get mugged when they exit the bank is secondary.

Re:Security for them

It's more like a bank forcing everyone to have an enema before entering.

Who decides that

So people are saying Capcom

But there's always 1 idiot who gave green light for this "feature" and knew EXACTLY what it meant

Re:Who decides that

[gweihir]

I doubt that. Massive screw-ups like these are usually a team effort. You know, "engineers" that cannot explain the feature well or do not really understand it themselves, "managers" that make decisions without a clue about what they decide on, and so on. I have seen this numerous times in action. It is really quite fascinating to watch how dysfunctional most/all corporate decision-making processes are in large corporations.

This should be a criminal offense

While I think the ultimate cause is the user's trust model (you don't stuff things you just found on the street into your mouth, do you?) [1], Capcom should be prosecuted for this.

[1] But still you give admin powers to some shady game installer, execute random Javascript your browser just found in the Intertubes and so on. Well, you *fucking deserve* to be pwned. Ah, but, but... it's sooo convenient. Your choice.

Re:This should be a criminal offense

It violates the CFAA.

Although that is only ever enforced against the Little People. If you or I did 1% of this we'd be going away for a looong time.

Re:This should be a criminal offense

[gweihir]

Actually, in countries with a working legal system, this _is_ a criminal offense. The problem is that the legal profession is so far behind the times (and never understood how reality works anyways) that criminals like Capcom will go free.

Re:This should be a criminal offense

It's criminal-level stupidity and sheer arrogance on behalf of Capcom to use root-level access to try to punish cheaters, yeah, but not a criminal offense. If it's a criminal offense to write software that enables others to install rootkits or other malware, then Microsoft and pretty much any OS vendor is guilty. Worldwide. They've all done what Capcom did. Capcom didn't create a rootkit here. They opened a security hole granted to them by the OS, using user-granted permissions (the software had to start requesting administrative rights after this patch) in order to do something meant to improve their product. They screwed up though, and (presumably unintentionally) created a security hole bad actors could exploit.
They didn't install malicious software. They didn't intentionally enable malicious activity. Even if the US legal system were to punish people who knowingly allowed rootkits to be installed, malicious intent would need to be shown for Capcom to be guilty. Unless of course this is one of those crimes that is so heinous and sensitive that mere opportunity is sufficient without requiring intent... which it isn't.

... wait for it ... LITERALLY!

Like hogwash.

Literally.

Re:Great news!

[Zontar+The+Mindless]

Why make it hard on yourself? Just re-use your Ashley Madison login.

Don't buy uncracked software

Cracked software is the only software that has been given an independent in-depth review of its security measures. Buying uncracked software opens your computer to every malice the original author has stooped to in order to seize control of your computer.

And more often than not, the EULA makes it rather hard to get legal recourse for damage intentionally done to your computer. In contrast, a cracker inserting malicious code may go to jail for it.

I'd have liked to finish off this posting with "/s" but there really is no suitable placement for the starting sarcasm tag.

Code signing?

Such a driver certainly needs a EV code signing certificate, I assume Microsoft has revoked this by now? Preferably by blacklisting whichever company is in the certificate for all eternity.
Supposedly the code signing was required exactly to prevent such things, or is it maybe in reality all about keeping users out while letting the criminals do whatever they want still?
On the plus side, if Microsoft doesn't revoke the certificate that driver will be very useful to circumvent all kinds of Microsoft (and other program's) DRM.

Re:Great news!

[dbIII]

Why make it hard on yourself? Just re-use your Ashley Madison login.

I thought the point of Ashley Madison was to make it hard.

Hmmm.... makes me ponder....

[Opportunist]

Considering the whole mess that PC game was is a half-baked, barely ported console clone, one has to wonder whether that rootkit exists in the console version as well, and whether it can be used to gain control over the system...

Why should rootkits only work against the interests of the person owning... ok, that's saying too much, "being in the possession of" is a better term ... the machine?

Games and OSes

[DrYak]

Because people want to play video games...

Was does Windows have anything to do with couple of thousands games on Steam(*) that all run on any OS (Windows ; Mac OS X ; Linux) ?

Oh, yeah... "Triple-A games".
The kind of overrated content that rarely gets correct ports (Hi, Ryan Gordon, thank you for being the refreshing exception to this sad rule !), and is the most likely to b0rk your machine due to DRM (You know! Because "AAA" development costs a lot of money, and the "AAA" studios have to protect their revenue. By completely fucking the experience of their paying customer base).

If anything, today's DRM example is a big argument of why people should prefer the PirateBay version, and why I've personally downloaded cracks for any DRMed game that I've bought.

----

(*) : I know that Steam also uses some forms of DRM, but we have yet to have a FA on /. titled "Steam's own DRM causes a massive backdoor on all computers"

Re:Games and OSes

My concern about Steam is VAC. All it might take is having Visual Studio installed, and you get slapped with a VAC ban and lose multiplayer access to everything you purchased. Does this stop the cheats? Not really, they just get another account. However, for people who pay a lot for Steam games, it can mean a lot.

I just stay with GOG. No strings, no things hidden, searching your machine to rat you out for wrongdoing and convict you in a court where you can't defend yourself. Just download and play.

Re:Games and OSes

[epyT-R]

Yes, it's great that we're seeing more games going native multiplatform with linux. That said, linux still doesn't have the title availability that windows has.. So, if you're a pc gamer, you'll need a windows install at some point. With windows serving well enough for other tasks they may want to do, most just say 'fuck it' and run windows 24/7.

DRM sucks. Steam uses it too. I don't know why people exempt steam from criticism in this area. Anyway, this is tangential to the original point.

Re:Games and OSes

[Coren22]

You should be able to dispute a VAC ban of that type, just explain calmly in the email that you are a programmer and make your living using VS, and don't have a spare computer to use just for gaming.

It doesn't even make sense to ban someone for having a programming tool installed anyways.

Re:Games and OSes

[Coren22]

People exempt Steam for their DRM because it is nowhere near as intrusive as other DRM implementations.

Win 10 Anniversary Driver Signing?

Is this signed by Microsoft? Am I protected? Oh, I don't even play this game!

SFV is for Linux

[HalAtWork]

But Street Fighter V is available on Linux

Re:SFV is for Linux

Like hell it is lol.

A linux version is one of the dozens of things Capcom promised for this game and never delivered on.

Re:SFV is for Linux

Lame, wasn't aware of that.

Re:SFV is for Linux

[thegarbz]

But Street Fighter V is available on Linux

And? There's lots of stuff that's available for Linux but runs better on Windows.

And console

[HalAtWork]

And not to mention consoles. I have a Linux PC but not a very powerful GPU so I play games on consoles. Works fine.

Re:And console

a console is JUST LIKE a game publisher-rooted computer. YOU HAVE NO FUCKING CONTROL. you run whatever bits the platform sends you. period.

Re:And console

[epyT-R]

So does the PC version (afaik). The issue reported here isn't that the game doesn't work, it's that it installs a rootkit. From this perspective, your console is already rooted out of the box.

Sounds highly criminal

[gweihir]

Where is the intrepid prosecutor that throws them all in jail?

Oh, wait, the US police state does not do that to representatives of companies, because they might be able to fight back. Better to only do it to individuals that cannot defend themselves...

You're right, this is pretty sad

[HalAtWork]

http://steamcommunity.com/grou...

Didn't know since I just game on console. With all the problems PC ports have anyway I find it too frustrating to play on that platform.

Legal consequences...

[XSportSeeker]

The only thing I wanna see is if this will result in a class action lawsuit like what happened in Sony's case back... in the 90s was it?
It'll say something about the current state of forgiveness for huge screw ups in this day and age of broken games and gamers being used as beta or alpha testers of new releases.

Sonic Boom there goes your OS.

[GoodNewsJimDotCom]

I'd rather just pay an extra 50 cents to continue than spend two days reinstalling windows and all my software.

Re:Negroe

Isn't it great that the compassionate conservatism is still practiced?

Re:Ahh Confirmation Bias.

Look at me, I only see what I want to see, thanks to my zeal for being ignorant!

You have the assessment skills of an idiot.

Re: Great news!

No, that's viagra spammers.

Only the proprietors know the details. That's bad.

[jbn-o]

This sounds like another instance of proprietary malware to add to the list. And nobody should trust a proprietor to "roll back" their malware (just as some of the Twitter.com followups suggest), regardless of whether they say this was a mistake. There's no reason to trust unvettable, uncorrectable, unsharable code and there's no reason why people should have to live with months-old backdoors while the only programmers allowed to inspect or fix the code apparently don't fix that code.

Windows 10 Can't Get Root Kits!

UEFI eliminated all root kits without disabling the ability to install Linux. Oh snap!

WHY THE HELL IS NOBODY GOING TO JAIL FOR THIS?

[BlytheBowman]

This is a computer crime, bar none. No shades of grey here. So why aren't companies that pull this shit getting raided by the authorities and people being frog marched out of the offices in handcuffs? No too long ago, from what I heard, a student was facing serious prison time for tampering with a school's master calendar, yet these companies are damaging computer systems by the millions and at worst they face a lame lawsuit that they just write off as the cost of doing business. I am sick of it. And these same companies want to lock down, SECUREBOOT,and drm and fucking mummify everything so there is zero freedom to do anything without their blessing. Fuck this shit. If they law does not apply to them, it should not apply to me either. Maybe i should go and fuck their shit up, and get everyone else to do the same. Hak, crak and PIRATE! BANZAI!!!!!!!!

Re: WHY THE HELL IS NOBODY GOING TO JAIL FOR THIS?

Doesn't UEFI and secure boot prevent root kits from being installed?

Re: WHY THE HELL IS NOBODY GOING TO JAIL FOR THIS?

you have to have them turned on first.

Re: WHY THE HELL IS NOBODY GOING TO JAIL FOR THIS?

[wbo]

Secure Boot only protects against unexpected changes to the boot loader (which typically only changes legitimately when a new OS is installed.)

This protects against malware that relies on infecting boot media with a compromised boot loader but not against rootkits that use OS drivers or some other attack vector.

Re:WHY THE HELL IS NOBODY GOING TO JAIL FOR THIS?

[nhat11]

It was rolled back within a day, you're just a dick if you start fucking shit up because there's thousands of players playing the game. Same with the hackers stealling and ddos'ing sony and blizzard games, if you start, as in your own words, "fuck their shit up" you're simply being a dick to everyone that's trying to play the game.

And this is why we need app stores..

See, this is the kind of nonsense that an App Store protects us from; or at least tries to. If Street Fighter blah was a UWP program, it literally could not do this sort of thing. Microsoft are trying to divide the world into "belongs to the OS" and "available for Apps" -- increasingly, the role of the Operating System is to defend the User against the actions of Applications (compared to the traditional model that the Application was an agent for the User.) That's the big advantage of "Apps", they're in their sandbox and they cannot get out of it. Protects the user and the OS.

This does, sadly, mean sometimes we can't get good things - some useful features become denied to all applications because some applications behaved poorly and ruined it for everything.

Re: Great news!

[dbIII]

No, that's viagra spammers.

True - I stand corrected, or is that erected?

Remove Capcom

I made a report to Steam about this rootkit when the news did so, and encouraged several others to do so. Despite this, Capcom was not told "GTFO and stay out" by Valve. I guess being a jerk to your customers is a bigger crime than compromising the security of a system.

Never buying a Capcom game again.

seems ok... eye for an eye

you hack us we hack you