Comments on: Ubisoft's DRM leaves your computer wide open to browser-based system hijacking

By: Rob

Rob — Tue, 31 Jul 2012 16:28:00 +0000

This.

My only sources for PC games are GoG and Humble Bundle because I don’t trust anything else.

By: McGreens

McGreens — Tue, 31 Jul 2012 13:20:00 +0000

I got hit by that too, though I *swear* I unchecked the “infect my browser” option. Fortunately I don’t mind playing with dragons and could remove all traces but it was still annoying :(

By: fuzzyfuzzyfungus

fuzzyfuzzyfungus — Tue, 31 Jul 2012 12:06:00 +0000

Well, I certainly hope that you showed due respect for Intellectual Property and left that poor daemon alone… If people somehow get the idea that the property rights of the computer owner should be taken into consideration who knows what the world will come to?

By: fuzzyfuzzyfungus

fuzzyfuzzyfungus — Tue, 31 Jul 2012 11:01:00 +0000

While Steam (still, after all these years, WTF?) has some ugly warts(the UI of the ‘downloads’ system, for example, lacks pretty much every convenience feature, even basic stuff like queuing and priority, that every other download manager and bittorrent client in the universe seem to have mastered years ago and, despite the fact that most of the Steam interface is basically just a customized web browser, there. is. no. tab. support. Obviously I would never, say, want to open multiple tabs from the main ‘Store’ page because I’m interested in checking out more than one game…) one gets the horrible impression that their competitors are genuinely years behind in competence and execution.

Games for Windows Live is a bad joke so bad that it isn’t even funny for being bad, Ubisoft built a browser plugin that allowed executing arbitrary binaries from javascript embedded in any website and actually shipped it, EA’s system is a mess…

It’s honestly a bit surprising. DRM is a fundamentally hard problem(on open platforms) because of the ‘you have to give them the key to the locked box but still control how they can unlock it’ problem; but the ‘build a website with a shopping cart’ and “construct a download manager that doesn’t suck’ problems seem like they should be fairly easy…

By: Bonobo

Bonobo — Mon, 30 Jul 2012 22:17:00 +0000

I think that was covered by “just don’t pay them at all.”

By: Seg

Seg — Mon, 30 Jul 2012 20:18:00 +0000

One more thing I thought of and different question from my other comment.

If they wanted a game launcher, wouldn’t it be better to register a protocol URL (http, ftp)? In this case “uplay://” where an application handler would be needed to launch by a client application installed on the system.

When installed, Steam registered “steam://” to the user’s computer with an array of commands. That way browsers can launch, install, and mangage games with-in Steam. The key is that you can’t arbitrarily launch as a command prompt. “Launch” and “Install” is of a number to a specific game. From there it’s Steam handling things.

It looks like a better layout would be for Ubi to implement a launcher app and registered to a domain. Easier to support as you’re not at the whim of browser support.

By: MadLogician

MadLogician — Mon, 30 Jul 2012 19:55:00 +0000

I will never buy a game that requires me to be on-line to play it.

By: Seg

Seg — Mon, 30 Jul 2012 19:46:00 +0000

Correct me if I’m wrong, but doesn’t Chrome, Firefox and/or others have a way to push up an update blocking known security risks in plugins? Especially on version number so that a patched version can be enabled again.

Debate aside if you want to actually keep the Ubi plug-in, I’m curious for the answer if something more useful (Flash, Java) had a similar security issue.

By: ahclem

ahclem — Mon, 30 Jul 2012 19:17:00 +0000

From the same outfit that forced Starforce on their players. Never forgive, never forget.

By: Deb Johnson

Deb Johnson — Mon, 30 Jul 2012 19:07:00 +0000

I don’t buy any Ubisoft games since they started it.

By: Nimdae

Nimdae — Mon, 30 Jul 2012 18:43:00 +0000

Better yet, don’t give them money. Giving them money validates their decisions because they know the income is there. If you stop giving them money, they’ll either start making decisions that attracts people back to their games, or stop making games with DRM schemes that have giant security holes.

By: James Penrose

James Penrose — Mon, 30 Jul 2012 18:32:00 +0000

I understand they do this to protect their revenue: Guess what fellows? I used to spend $500 to $1,000 or more per year on games and such on my and my wife’s machines. I don’t now because I’ll damned if I’ll let stuff like this load on my system. How’s that revenue protection working for you now?

By: foobar

foobar — Mon, 30 Jul 2012 18:23:00 +0000

And the pirated versions were entirely unaffected.

By: Jorpho

Jorpho — Mon, 30 Jul 2012 18:10:00 +0000

Dangit, I thought they were finally learning their lesson. They even released Rayman Origins without DRM. Silly Ubisoft.

And why the heck are applications still able to toss plugins into your browsers without permission!? Have we learned NOTHING? (I thought maybe Firefox had finally gotten over this until I got hit by Babylon Search last week.)

By: Cowicide

Cowicide — Mon, 30 Jul 2012 17:25:00 +0000

Yeah, “always on” DRM is heinous. I had a client with a Mac that was constantly having nasty “wake from sleep” issues. After hundreds of dollars of troubleshooting, I found out it was a DRM daemon that was installed from a Photoshop plug-in from Alien Skin Software.

A fricken Photoshop plug-in. Not only was there the cost of finding this issue, the time lost for my client fitzing with this issue was probably in the hundreds of dollars as well.

By: Cowicide

Cowicide — Mon, 30 Jul 2012 17:20:00 +0000

Seriously, it seems like if you pay for Ubisoft products you shouldn’t install them and install a cracked version instead after checking it for malware. Or better yet, since they are wasting your time and willing to jeopardize your computer’s security, just don’t pay them at all.

By: Thad Boyd

Thad Boyd — Mon, 30 Jul 2012 17:10:00 +0000

Pirates, as always, are unaffected.

By: fuzzyfuzzyfungus

fuzzyfuzzyfungus — Mon, 30 Jul 2012 17:01:00 +0000

I propose the following: In order to induce Ubisoft to get off its ass and actually fix this, we must appeal to something that it actually cares about(ie. not customers or security).

To wit: let it be resolved that Warez sites and similar locations of ill-repute shall exploit this drive-by download bug in order to check the list of installed Ubisoft games, install cracks for the same, and then pop up a convenient menu offering the user the option of downloading and installing de-crippled versions of other Ubisoft titles…

That should get their attention right quick.

By: Deb Johnson

Deb Johnson — Mon, 30 Jul 2012 16:56:00 +0000

http://www.rockpapershotgun.com/2012/07/30/ubisoft-respond-to-uplay-security-drama/ they’ve responded, somewhat. What I do hope is that this turns into as big a deal as the SONY drm debacle. We can only wish, eh? Would be nice to see “always on drm” die a fast, painful death like it deserves.