Slashdot Mirror

← Back to Stories (view on slashdot.org)

Street Fighter V Update Installed Hidden Rootkits on PCs (theregister.co.uk)

Posted by EditorDavid on from the gaming-your-system dept.

Capcom's latest update for Street Fighter V was installing a secret rootkit on PCs. An anonymous Slashdot reader quotes The Register: This means malicious software on the system can poke a dodgy driver installed by Street Fighter V to completely take over the Windows machine. Capcom claims it uses the driver to stop players from hacking...to cheat. Unfortunately, the code is so badly designed, it opens up a full-blown local backdoor... it switches off a crucial security defense in the operating system, then runs whatever instructions are given to it by the application, and then switches the protection back on
Friday Capcom tweeted "We are in the process of rolling back the security measures added to the PC version of Street Fighter V." This prompted one user to reply, "literal rootkits are the opposite of security measures."

73 of 126 comments (clear)

  1. This should be the death of Capcom by Anonymous Coward · · Score: 5, Insightful

    Only a fool would install a game made by them after this.

    1. Re:This should be the death of Capcom by El+Lobo · · Score: 4, Insightful

      You mean, nobody is installing Sony software these days after the rootkit incident 2012? Right.

      --
      It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
    2. Re:This should be the death of Capcom by donaldm · · Score: 5, Informative

      You mean, nobody is installing Sony software these days after the rootkit incident 2012? Right.

      The Sony rootkit scandal was 2005 and was instigated by BMG who were in the process of being merged by Sony, consequently Sony took the blame. See the following for more details. Yes the root-kit was a stupid thing to do but you would think that people would also blame the operating system and virus protection software for allowing this to happen.

      I do understand Capcom were trying to stop people from cheating but there are much more acceptable ways although the more you try to prevent someone from cheating the more you penalise the honest player. The bottom line is if someone is determined to cheat they will find a way and the only way to reduce this is "Don't play with cheats."

      --
      There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
    3. Re:This should be the death of Capcom by Carewolf · · Score: 1

      You mean, nobody is installing Sony software these days after the rootkit incident 2012? Right.

      2012? It was in the 90s on CDs. Or did they do it again?

    4. Re:This should be the death of Capcom by Opportunist · · Score: 3, Insightful

      You do understand, I hope, that anitivirus and OS can't do jack against something the user wants to install, despite any and all warnings, yes? Which is, by the way, the way it SHOULD be, because the opposite is way worse: The OS deciding what I may and what I may not install on a computer I allegedly own.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    5. Re:This should be the death of Capcom by Calydor · · Score: 5, Insightful

      You mean like Windows 10 and updates?

      --
      -=This sig has nothing to do with my comment. Move along now=-
    6. Re:This should be the death of Capcom by Zontar+The+Mindless · · Score: 1

      Personally, I'm crying like there's still no port of Eternal Champions to Linux. Dammit, I miss my Genesis sometimes.

      --
      Il n'y a pas de Planet B.
    7. Re:This should be the death of Capcom by Zontar+The+Mindless · · Score: 1

      Whaddaya know. Problem solved.

      --
      Il n'y a pas de Planet B.
    8. Re:This should be the death of Capcom by Opportunist · · Score: 1

      That's one good example (a better one would actually be the Lenovo laptop blunder), another would would be the iPhone.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    9. Re: This should be the death of Capcom by GrahamJ · · Score: 3, Insightful

      What's bad is allowing an actor you don't trust to control the software on your machine. That doesn't necessarily preclude operating systems or their developers.

    10. Re: This should be the death of Capcom by decentralized · · Score: 1

      Lucky for capcom then !

    11. Re:This should be the death of Capcom by Anonymous Coward · · Score: 1

      The point was you can't install anything on an iPhone unless the overseers of the precious walled garden deem it worthy (and profitable).

    12. Re:This should be the death of Capcom by Opportunist · · Score: 1

      That is exactly the point of the whole damn subthread.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    13. Re:This should be the death of Capcom by Uberbah · · Score: 1

      The point was you can't install anything on an iPhone unless the overseers of the precious walled garden deem it worthy (and profitable).

      And how many of your precious little snowflakes whine about Apple's "walled garden" and then go fire up a game console?

    14. Re:This should be the death of Capcom by nazsco · · Score: 1

      Well, even before this. If you ever played the new SF games, you will see that they are now just tekken clones. Absolutely nothing of the old SF games remain other than the title.

      Good riddance capcom of today.

    15. Re:This should be the death of Capcom by davester666 · · Score: 1

      Actually, you can install apps on your iPhone, without needing Apple to vet/sign the app, or pay extra to Apple, or jailbreak your iPhone to do it.

      --
      Sleep your way to a whiter smile...date a dentist!
    16. Re:This should be the death of Capcom by Trogre · · Score: 1

      That's great news!

      Could you please reply here with step by step instructions on how to accomplish this?

      Thanks.

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
    17. Re:This should be the death of Capcom by complete+loony · · Score: 1

      Antivirus software is merely a curated blacklist of known bad code. It can't do anything about newly designed bad code.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    18. Re:This should be the death of Capcom by davester666 · · Score: 1

      See this:

      http://apple.stackexchange.com/questions/206123/xcode-7-develop-for-ios-without-developer-account

      --
      Sleep your way to a whiter smile...date a dentist!
    19. Re:This should be the death of Capcom by theshowmecanuck · · Score: 1

      I don't like Ape, but I'll switch to Apple before I use Windows 10. Either that or switch to Linux full time.

      --
      -- I ignore anonymous replies to my comments and postings.
    20. Re:This should be the death of Capcom by Opportunist · · Score: 1

      Your information is from the early 2000, at best. Or from some rather outdated antivirus tool. AV software is today way more than just a collection of hashes.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    21. Re:This should be the death of Capcom by complete+loony · · Score: 1

      I'm not wrong, I didn't say hashes. Sure modern AV software is using more complex heuristics, but it's still just blacklisting known patterns of "bad code".

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    22. Re:This should be the death of Capcom by Tukz · · Score: 1

      You mean like Windows Update just installed several applications on my PC without my prior acceptance?

        - Google Earth
        - Xbox (?)
        - Groove Music

      --
      - Don't do what I do, it's probably not healthy nor safe. -
    23. Re:This should be the death of Capcom by Opportunist · · Score: 1

      It's a bit more complicated than that. There's behaviour analysis, pattern analysis ... ok, in the end, it's "bad code". But the analysis does end at known code, it is quite possible to flag code as suspicious that you have not analysed before. There has been a lot of development in the past years, and the detection gets better. It's still too prone to false positives to be part of a scanner, but it is already a very valuable analysis tool.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    24. Re:This should be the death of Capcom by Carewolf · · Score: 1

      After the CD stunt they pulled the same shit with their USB sticks. I think that was just a few years after the CD incident so there are probably more instances.
      Don't buy a Sony.

      I fully buycutted them for 15 years, but had to pardon them recently to buy a compact flagship cellphone, they were literally the least evil, all other options had done MUCH MUCH worse, and more recently. At least as far as I know, which is why I am interested in whether they did it recently.

    25. Re:This should be the death of Capcom by Agripa · · Score: 1

      I am not.

    26. Re:This should be the death of Capcom by Coren22 · · Score: 1

      Do you honestly think that Apple is any way better at this?

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  2. Re:STOP!! by epyT-R · · Score: 4, Informative

    Because people want to play video games..

  3. Poaching by darkain · · Score: 5, Funny

    I know ya'll in the tech industry love to poach employees from other companies... But REALLY Capcom!? Did you have to hire that guy from Sony !?!?

    1. Re:Poaching by D,Petkow · · Score: 1

      i wish i could mod up your comment as funny

    2. Re:Poaching by donaldm · · Score: 1

      I know ya'll in the tech industry love to poach employees from other companies... But REALLY Capcom!? Did you have to hire that guy from Sony !?!?

      I have no idea why Capcom bothered, all they needed to do is get in the good books with Microsoft and all the information pertaining to a suspect user is theirs for the asking. You have read the Windows 10 EULA, haven't you?

      --
      There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
  4. "Literal rootkits" by 93+Escort+Wagon · · Score: 1

    As opposed to figurative rootkits?

    --
    #DeleteChrome
    1. Re:"Literal rootkits" by Carewolf · · Score: 3, Informative

      As opposed to figurative rootkits?

      No, in this case it is a figurative one, like literally literally often means.

      This "rootkit" is missing the "kit" part, it is a backdoor that could be used to set up full rootkits.

  5. Thanks for playing by decentralized · · Score: 1

    You lose!

  6. Rootkit x antivirus, same concerns by hcs_$reboot · · Score: 3, Insightful

    the code is so badly designed, it opens up a full-blown local backdoor

    Sounds like antiviruses: they're supposed to fix problems and filter out malware, but such complex software requires excellent optimized algorithms and code, which unfortunately is still due.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  7. Going from bad to worse by Opportunist · · Score: 1

    SFV was already a mediocre, overpriced, overhyped and unfinished piece of junk. But this really is the dingleberry on top of the shit sundae.

    Sic transit gloria Capcom. They really did make some awesome games in their time, but it seems today they rely on brand name alone to pump out turd after turd.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Going from bad to worse by Opportunist · · Score: 1

      Great, so next time you buy a house I won't hear you complain about shoddy insulation, leaky windows, doors I cannot lock and moldy rooms because it has walls and a roof, so the most important things are there. But I promise to deliver the door locks and insulation within the month, promised. I'll also deliver the missing walls and shingles when we remove the mold.

      Then 6 months later I come and charge you extra for all that. Without delivering it, of course.

      I am sure I won't hear a single complaint from you, right?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  8. Re: STOP!! by Anonymous Coward · · Score: 1, Informative

    Well, games on Steam for Linux are not installing stuff with root privileges.

  9. Re:Had to be done by Anonymous Coward · · Score: 1

    The PC version of SFV has been universally regarded as superior to the PS4 version. In fact, this was the update that supposedly finally brought the PS4 version up to the level of the PC version.

  10. Re:Had to be done by Calydor · · Score: 3, Interesting

    People aren't whining about Capcom trying to stop cheating from happening.

    People are rightly complaining that Capcom's attempt to stop cheating from happening placed your computer one step away from being part of a botnet or worse.

    --
    -=This sig has nothing to do with my comment. Move along now=-
  11. Re:Great news! by Zontar+The+Mindless · · Score: 1

    Why make it hard on yourself? Just re-use your Ashley Madison login.

    --
    Il n'y a pas de Planet B.
  12. Don't buy uncracked software by Anonymous Coward · · Score: 3, Interesting

    Cracked software is the only software that has been given an independent in-depth review of its security measures. Buying uncracked software opens your computer to every malice the original author has stooped to in order to seize control of your computer.

    And more often than not, the EULA makes it rather hard to get legal recourse for damage intentionally done to your computer. In contrast, a cracker inserting malicious code may go to jail for it.

    I'd have liked to finish off this posting with "/s" but there really is no suitable placement for the starting sarcasm tag.

  13. Re:Great news! by dbIII · · Score: 3, Funny

    Why make it hard on yourself? Just re-use your Ashley Madison login.

    I thought the point of Ashley Madison was to make it hard.

  14. Re:STOP!! by Fragnet · · Score: 1

    Haha.

  15. Hmmm.... makes me ponder.... by Opportunist · · Score: 1

    Considering the whole mess that PC game was is a half-baked, barely ported console clone, one has to wonder whether that rootkit exists in the console version as well, and whether it can be used to gain control over the system...

    Why should rootkits only work against the interests of the person owning... ok, that's saying too much, "being in the possession of" is a better term ... the machine?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  16. Re: Adding Capcom to tech boycott by Anonymous Coward · · Score: 5, Insightful

    What we need to be doing is getting executives arrested for violating the Computer Fraud and Abuse Act. That awful law has been used to prosecute hackers and hobbyists for much more minor things than this, and has been twisted enough to fit various cases that there's more than enough precedent now.

  17. Re: STOP!! by The+MAZZTer · · Score: 1

    Capcom made their game and malware to run on the OS their target audience uses. It happened to be Windows but there was nothing to stop it from bring Linux under other circumstances.

  18. Games and OSes by DrYak · · Score: 2, Insightful

    Because people want to play video games...

    Was does Windows have anything to do with couple of thousands games on Steam(*) that all run on any OS (Windows ; Mac OS X ; Linux) ?

    Oh, yeah... "Triple-A games".
    The kind of overrated content that rarely gets correct ports (Hi, Ryan Gordon, thank you for being the refreshing exception to this sad rule !), and is the most likely to b0rk your machine due to DRM (You know! Because "AAA" development costs a lot of money, and the "AAA" studios have to protect their revenue. By completely fucking the experience of their paying customer base).

    If anything, today's DRM example is a big argument of why people should prefer the PirateBay version, and why I've personally downloaded cracks for any DRMed game that I've bought.

    ----

    (*) : I know that Steam also uses some forms of DRM, but we have yet to have a FA on /. titled "Steam's own DRM causes a massive backdoor on all computers"

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Games and OSes by epyT-R · · Score: 1

      Yes, it's great that we're seeing more games going native multiplatform with linux. That said, linux still doesn't have the title availability that windows has.. So, if you're a pc gamer, you'll need a windows install at some point. With windows serving well enough for other tasks they may want to do, most just say 'fuck it' and run windows 24/7.

      DRM sucks. Steam uses it too. I don't know why people exempt steam from criticism in this area. Anyway, this is tangential to the original point.

    2. Re:Games and OSes by Coren22 · · Score: 1

      You should be able to dispute a VAC ban of that type, just explain calmly in the email that you are a programmer and make your living using VS, and don't have a spare computer to use just for gaming.

      It doesn't even make sense to ban someone for having a programming tool installed anyways.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    3. Re:Games and OSes by Coren22 · · Score: 1

      People exempt Steam for their DRM because it is nowhere near as intrusive as other DRM implementations.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  19. SFV is for Linux by HalAtWork · · Score: 1

    But Street Fighter V is available on Linux

    --
    Twinstiq, game news
    1. Re:SFV is for Linux by thegarbz · · Score: 1

      But Street Fighter V is available on Linux

      And? There's lots of stuff that's available for Linux but runs better on Windows.

  20. And console by HalAtWork · · Score: 1

    And not to mention consoles. I have a Linux PC but not a very powerful GPU so I play games on consoles. Works fine.

    --
    Twinstiq, game news
    1. Re:And console by epyT-R · · Score: 1

      So does the PC version (afaik). The issue reported here isn't that the game doesn't work, it's that it installs a rootkit. From this perspective, your console is already rooted out of the box.

  21. Sounds highly criminal by gweihir · · Score: 1

    Where is the intrepid prosecutor that throws them all in jail?

    Oh, wait, the US police state does not do that to representatives of companies, because they might be able to fight back. Better to only do it to individuals that cannot defend themselves...

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  22. Re:This should be a criminal offense by gweihir · · Score: 1

    Actually, in countries with a working legal system, this _is_ a criminal offense. The problem is that the legal profession is so far behind the times (and never understood how reality works anyways) that criminals like Capcom will go free.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  23. Re:Who decides that by gweihir · · Score: 4, Interesting

    I doubt that. Massive screw-ups like these are usually a team effort. You know, "engineers" that cannot explain the feature well or do not really understand it themselves, "managers" that make decisions without a clue about what they decide on, and so on. I have seen this numerous times in action. It is really quite fascinating to watch how dysfunctional most/all corporate decision-making processes are in large corporations.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  24. You're right, this is pretty sad by HalAtWork · · Score: 1

    http://steamcommunity.com/grou...

    Didn't know since I just game on console. With all the problems PC ports have anyway I find it too frustrating to play on that platform.

    --
    Twinstiq, game news
  25. Re: STOP!! by Miamicanes · · Score: 2

    Because a Linux PC with an inexperienced user willing to run a game or dancing pig animation as root is every bit as bad as a Windows PC whose user will click 'yes' for any UAC prompt... maybe *worse*.

  26. Legal consequences... by XSportSeeker · · Score: 1

    The only thing I wanna see is if this will result in a class action lawsuit like what happened in Sony's case back... in the 90s was it?
    It'll say something about the current state of forgiveness for huge screw ups in this day and age of broken games and gamers being used as beta or alpha testers of new releases.

  27. Sonic Boom there goes your OS. by GoodNewsJimDotCom · · Score: 1

    I'd rather just pay an extra 50 cents to continue than spend two days reinstalling windows and all my software.

    --
    God spoke to me
  28. Only the proprietors know the details. That's bad. by jbn-o · · Score: 2

    This sounds like another instance of proprietary malware to add to the list. And nobody should trust a proprietor to "roll back" their malware (just as some of the Twitter.com followups suggest), regardless of whether they say this was a mistake. There's no reason to trust unvettable, uncorrectable, unsharable code and there's no reason why people should have to live with months-old backdoors while the only programmers allowed to inspect or fix the code apparently don't fix that code.

    --
    Digital Citizen
  29. WHY THE HELL IS NOBODY GOING TO JAIL FOR THIS? by BlytheBowman · · Score: 1

    This is a computer crime, bar none. No shades of grey here. So why aren't companies that pull this shit getting raided by the authorities and people being frog marched out of the offices in handcuffs? No too long ago, from what I heard, a student was facing serious prison time for tampering with a school's master calendar, yet these companies are damaging computer systems by the millions and at worst they face a lame lawsuit that they just write off as the cost of doing business. I am sick of it. And these same companies want to lock down, SECUREBOOT,and drm and fucking mummify everything so there is zero freedom to do anything without their blessing. Fuck this shit. If they law does not apply to them, it should not apply to me either. Maybe i should go and fuck their shit up, and get everyone else to do the same. Hak, crak and PIRATE! BANZAI!!!!!!!!

    1. Re: WHY THE HELL IS NOBODY GOING TO JAIL FOR THIS? by wbo · · Score: 1

      Secure Boot only protects against unexpected changes to the boot loader (which typically only changes legitimately when a new OS is installed.)

      This protects against malware that relies on infecting boot media with a compromised boot loader but not against rootkits that use OS drivers or some other attack vector.

    2. Re:WHY THE HELL IS NOBODY GOING TO JAIL FOR THIS? by nhat11 · · Score: 1

      It was rolled back within a day, you're just a dick if you start fucking shit up because there's thousands of players playing the game. Same with the hackers stealling and ddos'ing sony and blizzard games, if you start, as in your own words, "fuck their shit up" you're simply being a dick to everyone that's trying to play the game.

  30. Re: Great news! by dbIII · · Score: 1

    No, that's viagra spammers.

    True - I stand corrected, or is that erected?

  31. Re: Adding Capcom to tech boycott by tijgertje · · Score: 1

    In a lot of countries the EULA is not valid if you can't see it before you buy the software!
    Even then : the law goes above every EULA.

  32. Re: STOP!! by tijgertje · · Score: 1

    Besides the point that steam-games on Linux get installed as user and not with root privileges?
    Sure the software could ask for root, but the password prompt would ring alarms instantly

  33. Re: Adding Capcom to tech boycott by BiggyDingus · · Score: 1

    First, the idea of "meeting of the minds" is an old common law concept that strongly influences how contract law works in the U.S., but it is not used in the U.S. the way it used to be--partially because of jokers like you.

    Second, the idea of "meeting of the minds" does not mean what you think it means. It implies that a valid contract requires mutual intent and understanding. There are three situations where a meeting of the minds does not occur under reasonable circumstances, and so a contract doesn't exist: 1) two guys vaguely agree to something, but their promises leave out too many specific details to be reasonably enforced, 2) two guys agree to certain terms, one of those terms is ambiguous, both guys didn't notice the ambiguity and reasonably thought they believed it meant two different, incompatible things, or 3) one guy is in a coma, or black out drunk, and the other guy puts a pen in his hand, and has him sign a contract.

    No court that I know of has ever bought your whole argument that "I said all the words and performed all the actions that a reasonable person would interpret to be assent to the terms being offered in order to trick you into performing your part of the contract, but secretly I had my fingers crossed behind my back, so there was no actual contract. Haha I win!" From my own moderate sample size, I can tell you that around that point, the other side moves for a directed verdict and usually gets it. Also, once when the judge was feeling particularly grumpy, the case was referred to criminal court to determine whether any criminal fraud was committed.

    I sincerely hope that you learned contract law from poorly written blog posts. If you actually paid some degree-mill to teach you what you just vomited here, I would recommend demanding a refund. Don't hold your breath, though. When they agreed to accept your tuition, promising to teach you law in exchange, they probably said "Not!" after you left the room. Which, according to you, means there wasn't actually a valid contract to begin with.

  34. Re: Adding Capcom to tech boycott by Agripa · · Score: 1

    What we need to be doing is getting executives arrested for violating the Computer Fraud and Abuse Act. That awful law has been used to prosecute hackers and hobbyists for much more minor things than this, and has been twisted enough to fit various cases that there's more than enough precedent now.

    Ya, I can see the CFAA being used against a user who bypassing the company's root kit.

  35. Re:Had to be done by Blaskowicz · · Score: 1

    Street Fighter IV was well regarded in not needing a high end PC or GPU, I think.

    On the other hand, PC version of Street Fighter II was unspeakable, but it was the tail end of rip off arcade conversions made by contractors for atari/amstrad/commodore/amiga etc., quite some time ago. So.. you get a 16 bit computer version with the beautiful backgrounds and characters, but they're turned into drunk paper dolls that jump higher that the depth of the screen and the controls are designed for a single button joystick (!), not that the game would have been playable anyway.
    THAT is a PC port that sucks! I remember trying Halo 2 and thinking it looked like crap and ran like a dog (because on PC if you wanted those graphics you could play Quake 2 and run at 60 fps on a 400MHz CPU), but the game otherwise worked like intended.
    Rip off games of the 80s and 90s were as if you wanted to play a game of chess, but the pawns are on the top most and bottom most ranks, you're in check when the game starts, and there are illegal moves such as nonsensical castling all over the place.

  36. Re:Had to be done by Blaskowicz · · Score: 1

    (correction : it was Halo 1, delayed Windows version. Looked bland without pixel shaders, and the textures were low res. Perhaps it would have been more fun on the original Xbox)