Street Fighter V Update Installed Hidden Rootkits on PCs

Capcom's latest update for Street Fighter V was installing a secret rootkit on PCs. An anonymous Slashdot reader quotes The Register: This means malicious software on the system can poke a dodgy driver installed by Street Fighter V to completely take over the Windows machine. Capcom claims it uses the driver to stop players from hacking...to cheat. Unfortunately, the code is so badly designed, it opens up a full-blown local backdoor... it switches off a crucial security defense in the operating system, then runs whatever instructions are given to it by the application, and then switches the protection back on
Friday Capcom tweeted "We are in the process of rolling back the security measures added to the PC version of Street Fighter V." This prompted one user to reply, "literal rootkits are the opposite of security measures."

This should be the death of Capcom

Only a fool would install a game made by them after this.

Re:This should be the death of Capcom

[El+Lobo]

You mean, nobody is installing Sony software these days after the rootkit incident 2012? Right.

Re:This should be the death of Capcom

[donaldm]

You mean, nobody is installing Sony software these days after the rootkit incident 2012? Right.

The Sony rootkit scandal was 2005 and was instigated by BMG who were in the process of being merged by Sony, consequently Sony took the blame. See the following for more details. Yes the root-kit was a stupid thing to do but you would think that people would also blame the operating system and virus protection software for allowing this to happen.

I do understand Capcom were trying to stop people from cheating but there are much more acceptable ways although the more you try to prevent someone from cheating the more you penalise the honest player. The bottom line is if someone is determined to cheat they will find a way and the only way to reduce this is "Don't play with cheats."

Re:This should be the death of Capcom

[Opportunist]

You do understand, I hope, that anitivirus and OS can't do jack against something the user wants to install, despite any and all warnings, yes? Which is, by the way, the way it SHOULD be, because the opposite is way worse: The OS deciding what I may and what I may not install on a computer I allegedly own.

Re:This should be the death of Capcom

[Calydor]

You mean like Windows 10 and updates?

Re: This should be the death of Capcom

[GrahamJ]

What's bad is allowing an actor you don't trust to control the software on your machine. That doesn't necessarily preclude operating systems or their developers.

Re:STOP!!

[epyT-R]

Because people want to play video games..

Poaching

[darkain]

I know ya'll in the tech industry love to poach employees from other companies... But REALLY Capcom!? Did you have to hire that guy from Sony !?!?

Re:"Literal rootkits"

[Carewolf]

As opposed to figurative rootkits?

No, in this case it is a figurative one, like literally literally often means.

This "rootkit" is missing the "kit" part, it is a backdoor that could be used to set up full rootkits.

Rootkit x antivirus, same concerns

[hcs_$reboot]

the code is so badly designed, it opens up a full-blown local backdoor

Sounds like antiviruses: they're supposed to fix problems and filter out malware, but such complex software requires excellent optimized algorithms and code, which unfortunately is still due.

Re:Had to be done

[Calydor]

People aren't whining about Capcom trying to stop cheating from happening.

People are rightly complaining that Capcom's attempt to stop cheating from happening placed your computer one step away from being part of a botnet or worse.

Don't buy uncracked software

Cracked software is the only software that has been given an independent in-depth review of its security measures. Buying uncracked software opens your computer to every malice the original author has stooped to in order to seize control of your computer.

And more often than not, the EULA makes it rather hard to get legal recourse for damage intentionally done to your computer. In contrast, a cracker inserting malicious code may go to jail for it.

I'd have liked to finish off this posting with "/s" but there really is no suitable placement for the starting sarcasm tag.

Re:Great news!

[dbIII]

Why make it hard on yourself? Just re-use your Ashley Madison login.

I thought the point of Ashley Madison was to make it hard.

Re: Adding Capcom to tech boycott

What we need to be doing is getting executives arrested for violating the Computer Fraud and Abuse Act. That awful law has been used to prosecute hackers and hobbyists for much more minor things than this, and has been twisted enough to fit various cases that there's more than enough precedent now.

Games and OSes

[DrYak]

Because people want to play video games...

Was does Windows have anything to do with couple of thousands games on Steam(*) that all run on any OS (Windows ; Mac OS X ; Linux) ?

Oh, yeah... "Triple-A games".
The kind of overrated content that rarely gets correct ports (Hi, Ryan Gordon, thank you for being the refreshing exception to this sad rule !), and is the most likely to b0rk your machine due to DRM (You know! Because "AAA" development costs a lot of money, and the "AAA" studios have to protect their revenue. By completely fucking the experience of their paying customer base).

If anything, today's DRM example is a big argument of why people should prefer the PirateBay version, and why I've personally downloaded cracks for any DRMed game that I've bought.

----

(*) : I know that Steam also uses some forms of DRM, but we have yet to have a FA on /. titled "Steam's own DRM causes a massive backdoor on all computers"

Re:Who decides that

[gweihir]

I doubt that. Massive screw-ups like these are usually a team effort. You know, "engineers" that cannot explain the feature well or do not really understand it themselves, "managers" that make decisions without a clue about what they decide on, and so on. I have seen this numerous times in action. It is really quite fascinating to watch how dysfunctional most/all corporate decision-making processes are in large corporations.

Re: STOP!!

[Miamicanes]

Because a Linux PC with an inexperienced user willing to run a game or dancing pig animation as root is every bit as bad as a Windows PC whose user will click 'yes' for any UAC prompt... maybe *worse*.

Only the proprietors know the details. That's bad.

[jbn-o]

This sounds like another instance of proprietary malware to add to the list. And nobody should trust a proprietor to "roll back" their malware (just as some of the Twitter.com followups suggest), regardless of whether they say this was a mistake. There's no reason to trust unvettable, uncorrectable, unsharable code and there's no reason why people should have to live with months-old backdoors while the only programmers allowed to inspect or fix the code apparently don't fix that code.