The RDV Group InfoSec Blog

Thursday, February 02, 2006

Is your game hiding malware?

What’s game copy protection and what’s malware? Cory over at BoingBoing has been having a run-in with StarForce, a company that supplies copy protection routines for PC games. Also, Glop is organizing a StarForce boycott, with a list of the games using it and tips on removing it: “StarForce is a software copy protection tool installed by PC game publishers, which is designed to prevent the casual copying of retail CDROM applications. It installs as a hidden device driver, without the end-user's knowledge or consent.”

However, it isn’t readily apparent if the software crosses over into the next threshold of malware-ism: that is, intentional damage vs. ancillary damage due to incompetent design. Avi at Browian Emotion has been looking into it:“The claim I've heard (many times) is that StarForce is malware, that it infects your computer with low-level drivers that could easily be compromised by virus writers, it prevents you from running things like debuggers (some claim it's only while the game is running, some claim it's all the time) and it may decelerate the performance of--or accelerate the death of--your CD/DVD drives due to how they force CD errors to detect original disks.”

This would seem to be verified by my friend Bill Glennon. He installed “Splinter Cell: Chaos Theory” and, sure enough, the StarForce software had landed on his machine. He noticed a change in his CD/DVD drives and, after logging on to his user account, his bootup sequence noticeably slowed down. He has since removed the game and software and everything’s back to normal.

But the controversy is now starting to gain serious traction, and even hit John Aravosis’s heavily traveled Americablog yesterday. And StarForce has been in full-court press mode to stop the discussion of this, by posting a reply to a negative CNET post (which compared this issue to the Sony ‘rootkit’ debacle that left serious egg on Sony’s face), and threatening BoingBoing with legal action.

So this isn’t going away anytime soon, and while StarForce may have some points, their heavy-handed attempts to instill fear isn’t going to win them many converts. While the legality of StarForce’s protection scheme is not in question, skirting with the tenets of malware by installing itself without the knowledge or the choice of the user may not be the best policy. It appears that the only option open to the consumer now is to not buy/play these games.

As Sony learned, it’s time to get another scheme.


Post a Comment

<< Home