Options

no glaring mention of SecuROM in Crysis: Warhead over Steam?

2»

Posts

  • Options
    TTODewbackTTODewback Puts the drawl in ya'll I think I'm in HellRegistered User regular
    edited September 2008
    I like how they tell you it only has to run once after you install to confirm it's legal.
    Everytime I opened Mass Effect there's a few instances of SecuROM stuff running within it.
    And I know it's still running because I have to run process explorer after I'm already in game or it won't let me play the game.

    TTODewback on
    Bless your heart.
  • Options
    RookRook Registered User regular
    edited September 2008
    TTODewback wrote: »
    I like how they tell you it only has to run once after you install to confirm it's legal.
    Everytime I opened Mass Effect there's a few instances of SecuROM stuff running within it.
    And I know it's still running because I have to run process explorer after I'm already in game or it won't let me play the game.

    I'm sure that's just you not understanding. It has to activate online once. Of course it has to run otherwise how else is it supposed to work as copy protection?

    Rook on
  • Options
    TTODewbackTTODewback Puts the drawl in ya'll I think I'm in HellRegistered User regular
    edited September 2008
    It needs to run once then GTFO.
    That's what I'm trying to say. Sure it won't be as effective.
    But it will be a lot less irritating.

    TTODewback on
    Bless your heart.
  • Options
    OmegasquashOmegasquash Boston, MARegistered User, ClubPA regular
    edited September 2008
    Daedalus wrote: »
    ...DRM exists to placate computer-illiterate shareholders, that's all.

    This right here? This right here damn near made me laugh water straight outta my nose, that's what it did. And I agree. It's just funny to look at if from this perspective. The amount of piracy that occurs for DRM'd games is just ludicrous, but it sure does make 75 year-old rich white men happy to know that someone is looking out for their interests. Jaded, but that's the mental picture that I got.

    Omegasquash on
  • Options
    DragonTHCDragonTHC Registered User regular
    edited September 2008
    well, here's how to prevent SecuROM and other such nonsense from taking over.

    with something else to take over.

    my AV/Security suite prevents that stuff from doing what it wants to do. Macrovision is blocked. SecuROM is going to be blocked as soon as I do more research on where the damn thing is.

    DragonTHC on
  • Options
    OmegasquashOmegasquash Boston, MARegistered User, ClubPA regular
    edited September 2008
    An even better way to stop SecuRom: don't buy games with SecuRom in it. Don't play 'em either (piracy is theft, after all), but just don't buy 'em. It might be the best damn game out there, but if no one is playing it, then someone will get the message.

    Omegasquash on
  • Options
    subediisubedii Registered User regular
    edited September 2008
    piracy is copyright infringement, after all

    /nitpick.

    subedii on
  • Options
    OmegasquashOmegasquash Boston, MARegistered User, ClubPA regular
    edited September 2008
    subedii wrote: »
    piracy is copyright infringement, after all

    /nitpick.

    In communist Russia, picks nit you.

    Just wiki'd SecuRom. Huh. I didn't know that it was a Sony product.

    Omegasquash on
  • Options
    DaedalusDaedalus Registered User regular
    edited September 2008
    Daedalus wrote: »
    ...DRM exists to placate computer-illiterate shareholders, that's all.

    This right here? This right here damn near made me laugh water straight outta my nose, that's what it did. And I agree. It's just funny to look at if from this perspective. The amount of piracy that occurs for DRM'd games is just ludicrous, but it sure does make 75 year-old rich white men happy to know that someone is looking out for their interests. Jaded, but that's the mental picture that I got.

    After that Sony BMG rootkit fiasco, I remember reading an interview that gave me some insight into what they were thinking. It went something like this (I'm paraphrasing):

    Q: So, why did you put a rootkit installer on to a music CD?

    A: Hey, we just bought the protection software from some other company. We didn't know that it installed that stuff.

    Q: But didn't you at least test it before shipping it on all those discs?

    A: Of course we tested it! We put the CD into our testing computer and tried to rip the music tracks with a variety of programs. The tracks couldn't be ripped, so it tested out!

    Daedalus on
  • Options
    DarmakDarmak RAGE vympyvvhyc vyctyvyRegistered User regular
    edited September 2008
    subedii wrote: »
    piracy is copyright infringement, after all

    /nitpick.

    In communist Russia, picks nit you.

    Just wiki'd SecuRom. Huh. I didn't know that it was a Sony product.

    lol Sony?

    Darmak on
    JtgVX0H.png
  • Options
    PeregrineFalconPeregrineFalcon Registered User regular
    edited September 2008
    Rook wrote: »
    Rook wrote: »
    Just because it was BoTP'd, I'm going to hazard this question a second time: On an unrelated note, can someone who's more computer savvy than me tell me how much SecuROM has in terms of privileges on a given machine? I know rootkit revealer shows SecuROM as using embedded nulls, which seems bad to me, but Sony insists it's not a rootkit. Even so, is there any possibility for someone to exploit the privileges of SecuROM for other purposes? Is this a backdoor waiting to happen, or is that tinfoil hat bullshit?
    "Fucking everything." Seriously. "More permissions than the user" would be accurate as well. You ever try to use Task Manager to kill off your antivirus and get "Permission Denied"? No such problem there.

    There were several exploits for Sony's XCP rootkit that used it to hide from virus scanners/detection programs.

    I don't think this is true of the recent SecuROM, according to wiki it runs in ring 3.

    UAService7 runs at Ring 3, but the SecuROM driver is still Ring 0.

    Do you have a link to that?

    Ring 0 is needed due to the way the Windows security model works. The only way it can get the legit information from other Ring 0 level software (virtual CD/DVD driver) is to run at Ring 0 itself. Ring N can lie to Ring N+x, but not vice versa. If it actually was running at Ring 3, it wouldn't be able to tell that actualDVDdrive.sys is actually virtualDVDdrive.sys.

    tl;dr - no, I don't have a link, but it needs Ring 0 to pull off what it's doing.

    PeregrineFalcon on
    Looking for a DX:HR OnLive code for my kid brother.
    Can trade TF2 items or whatever else you're interested in. PM me.
  • Options
    OmegasquashOmegasquash Boston, MARegistered User, ClubPA regular
    edited September 2008
    Darmak wrote: »
    subedii wrote: »
    piracy is copyright infringement, after all

    /nitpick.

    In communist Russia, picks nit you.

    Just wiki'd SecuRom. Huh. I didn't know that it was a Sony product.

    lol Sony?

    Pfft. lol me. There again though, I make it a point to buy games with as little extra "packaging" as possible. It's like hooking up with someone in college and finding out they've given you mono. Not life ending, but me-oh-my is it an inconvenience.

    Omegasquash on
  • Options
    PeregrineFalconPeregrineFalcon Registered User regular
    edited September 2008
    Holy crap D: That's seriously frightening. Again, I'm not totally informed when it comes to security issues, but if SecuROM has ring 0 access, how seriously does that mean it's a potential risk? Does this mean that people who run/operate SecuROM (Sony) could pretty much do whatever they want, whenever they want? I'd heard urban legends of flash-drives getting nuked by SecuROM for having 'illegal' software on them, but I always assumed it was nonesense spouted by people trying to raise alarm.

    And if the XCP rootkit was exploited, is there some potential for someone to figure out how to make SecuROM to be the greatest Trojan ever?

    Seriously though, I know nothing about this in the least. I have no idea if it's possible, so I know I probably sound like a moron. It just seems like that is a lot of freaking access to give a game.

    Pretty picture time:
    633px-Priv_rings.svg.png

    Normal apps run at Ring 3 - so if they start going batshit insane, you can shut them down via Task Manager or other conventional means. Ring 3 kills Ring 3.

    The SecuROM driver is hooked into Ring 0 with your kernel, in order to prevent someone from just saying "shut down securom.exe" and playing a pirate version. It also lets them investigate other things running at Ring 0, such as virtual CD/DVD drivers, by having their Ring 3 app (UAService7.exe) make calls to the Ring 0 driver.

    The problem is that if someone figures out those function calls, or finds a bug/"undocumented feature" in the SecuROM driver, they could use their own normal Ring 3 application to send "delete DIR\File" or "install trojan.exe"

    Yes, it's a little bit on the tinfoil-hat side of things, but it's possible.

    PeregrineFalcon on
    Looking for a DX:HR OnLive code for my kid brother.
    Can trade TF2 items or whatever else you're interested in. PM me.
  • Options
    RookRook Registered User regular
    edited September 2008
    Rook wrote: »
    Rook wrote: »
    Just because it was BoTP'd, I'm going to hazard this question a second time: On an unrelated note, can someone who's more computer savvy than me tell me how much SecuROM has in terms of privileges on a given machine? I know rootkit revealer shows SecuROM as using embedded nulls, which seems bad to me, but Sony insists it's not a rootkit. Even so, is there any possibility for someone to exploit the privileges of SecuROM for other purposes? Is this a backdoor waiting to happen, or is that tinfoil hat bullshit?
    "Fucking everything." Seriously. "More permissions than the user" would be accurate as well. You ever try to use Task Manager to kill off your antivirus and get "Permission Denied"? No such problem there.

    There were several exploits for Sony's XCP rootkit that used it to hide from virus scanners/detection programs.

    I don't think this is true of the recent SecuROM, according to wiki it runs in ring 3.

    UAService7 runs at Ring 3, but the SecuROM driver is still Ring 0.

    Do you have a link to that?

    Ring 0 is needed due to the way the Windows security model works. The only way it can get the legit information from other Ring 0 level software (virtual CD/DVD driver) is to run at Ring 0 itself. Ring N can lie to Ring N+x, but not vice versa. If it actually was running at Ring 3, it wouldn't be able to tell that actualDVDdrive.sys is actually virtualDVDdrive.sys.

    tl;dr - no, I don't have a link, but it needs Ring 0 to pull off what it's doing.

    So, you don't have any proof, nor does anyone else. Don't you think someone would have just pointed this out by now?

    Rook on
  • Options
    DaedalusDaedalus Registered User regular
    edited September 2008
    Holy crap D: That's seriously frightening. Again, I'm not totally informed when it comes to security issues, but if SecuROM has ring 0 access, how seriously does that mean it's a potential risk? Does this mean that people who run/operate SecuROM (Sony) could pretty much do whatever they want, whenever they want? I'd heard urban legends of flash-drives getting nuked by SecuROM for having 'illegal' software on them, but I always assumed it was nonesense spouted by people trying to raise alarm.

    And if the XCP rootkit was exploited, is there some potential for someone to figure out how to make SecuROM to be the greatest Trojan ever?

    Seriously though, I know nothing about this in the least. I have no idea if it's possible, so I know I probably sound like a moron. It just seems like that is a lot of freaking access to give a game.

    Pretty picture time:
    633px-Priv_rings.svg.png"undocumented feature" in the SecuROM driver, they could use their own normal Ring 3 application to send "delete DIR\File" or "install trojan.exe"  Yes, it's a little bit on the tinfoil-hat side of things, but it's possible.

    Not only is it possible, but it happened with a different DRM product that the music division of Sony shipped with some of their CDs.

    This is one of the reasons why my gaming computer is pretty much only for games and movies, and my computer that I use for actual work runs Linux.

    Daedalus on
  • Options
    PeregrineFalconPeregrineFalcon Registered User regular
    edited September 2008
    Rook wrote: »
    Ring 0 is needed due to the way the Windows security model works. The only way it can get the legit information from other Ring 0 level software (virtual CD/DVD driver) is to run at Ring 0 itself. Ring N can lie to Ring N+x, but not vice versa. If it actually was running at Ring 3, it wouldn't be able to tell that actualDVDdrive.sys is actually virtualDVDdrive.sys.

    tl;dr - no, I don't have a link, but it needs Ring 0 to pull off what it's doing.

    So, you don't have any proof, nor does anyone else. Don't you think someone would have just pointed this out by now?

    Re-read the bolded section. The fact that it can spot other Ring 0 drivers as virtual drives is the proof.

    PeregrineFalcon on
    Looking for a DX:HR OnLive code for my kid brother.
    Can trade TF2 items or whatever else you're interested in. PM me.
  • Options
    subediisubedii Registered User regular
    edited September 2008
    Rook wrote: »
    Rook wrote: »
    Rook wrote: »
    Just because it was BoTP'd, I'm going to hazard this question a second time: On an unrelated note, can someone who's more computer savvy than me tell me how much SecuROM has in terms of privileges on a given machine? I know rootkit revealer shows SecuROM as using embedded nulls, which seems bad to me, but Sony insists it's not a rootkit. Even so, is there any possibility for someone to exploit the privileges of SecuROM for other purposes? Is this a backdoor waiting to happen, or is that tinfoil hat bullshit?
    "Fucking everything." Seriously. "More permissions than the user" would be accurate as well. You ever try to use Task Manager to kill off your antivirus and get "Permission Denied"? No such problem there.

    There were several exploits for Sony's XCP rootkit that used it to hide from virus scanners/detection programs.

    I don't think this is true of the recent SecuROM, according to wiki it runs in ring 3.

    UAService7 runs at Ring 3, but the SecuROM driver is still Ring 0.

    Do you have a link to that?

    Ring 0 is needed due to the way the Windows security model works. The only way it can get the legit information from other Ring 0 level software (virtual CD/DVD driver) is to run at Ring 0 itself. Ring N can lie to Ring N+x, but not vice versa. If it actually was running at Ring 3, it wouldn't be able to tell that actualDVDdrive.sys is actually virtualDVDdrive.sys.

    tl;dr - no, I don't have a link, but it needs Ring 0 to pull off what it's doing.

    So, you don't have any proof, nor does anyone else. Don't you think someone would have just pointed this out by now?

    I'm really not sure what you're contesting here. Are you saying that's not how the windows security model works, or that SecuROM doesn't actually need Ring 0 access in order to access the DVD drivers?

    subedii on
  • Options
    RookRook Registered User regular
    edited September 2008
    subedii wrote: »
    Rook wrote: »
    Rook wrote: »
    Rook wrote: »
    Just because it was BoTP'd, I'm going to hazard this question a second time: On an unrelated note, can someone who's more computer savvy than me tell me how much SecuROM has in terms of privileges on a given machine? I know rootkit revealer shows SecuROM as using embedded nulls, which seems bad to me, but Sony insists it's not a rootkit. Even so, is there any possibility for someone to exploit the privileges of SecuROM for other purposes? Is this a backdoor waiting to happen, or is that tinfoil hat bullshit?
    "Fucking everything." Seriously. "More permissions than the user" would be accurate as well. You ever try to use Task Manager to kill off your antivirus and get "Permission Denied"? No such problem there.

    There were several exploits for Sony's XCP rootkit that used it to hide from virus scanners/detection programs.

    I don't think this is true of the recent SecuROM, according to wiki it runs in ring 3.

    UAService7 runs at Ring 3, but the SecuROM driver is still Ring 0.

    Do you have a link to that?

    Ring 0 is needed due to the way the Windows security model works. The only way it can get the legit information from other Ring 0 level software (virtual CD/DVD driver) is to run at Ring 0 itself. Ring N can lie to Ring N+x, but not vice versa. If it actually was running at Ring 3, it wouldn't be able to tell that actualDVDdrive.sys is actually virtualDVDdrive.sys.

    tl;dr - no, I don't have a link, but it needs Ring 0 to pull off what it's doing.

    So, you don't have any proof, nor does anyone else. Don't you think someone would have just pointed this out by now?

    I'm really not sure what you're contesting here. Are you saying that's not how the windows security model works, or that SecuROM doesn't actually need Ring 0 access in order to access the DVD drivers?

    Well I'm saying this

    1) not one source on the internet has got any proof it installs anything with Ring 0 access. I mean actual proof, not just some "well it must have". And generally, the internet is really fucking good at this kinda stuff.

    2) SecuRom say they don't do that (ok, scoff at that one, but it's their business rep on the line here)

    3) Sony are already in deep shit last time they tried to put a root kit on peoples computers (being sued in a couple of places) etc, Starforce pretty much got dumped immeadiatly when people found out what it was doing (and isn't Ubi getting sued over it as well?)

    4) It goes without saying that if people found out that this is what SecuRom was doing, a lot of companies would be in a lot of trouble as a hell of a lot of people are using it.

    5) it doesn't stop daemon tools etc, as they've already got a work around, so whatever it was doing, it wasn't doing very well.




    So, at this point, I've got the word of someone on a forum saying it must be true. I'm not saying it's not true, but if you really believe this is 100% the case, then I got some cold fusion technology I'm interested in selling.

    Rook on
  • Options
    subediisubedii Registered User regular
    edited September 2008
    Rook wrote: »
    subedii wrote: »
    Rook wrote: »
    Rook wrote: »
    Rook wrote: »
    Just because it was BoTP'd, I'm going to hazard this question a second time: On an unrelated note, can someone who's more computer savvy than me tell me how much SecuROM has in terms of privileges on a given machine? I know rootkit revealer shows SecuROM as using embedded nulls, which seems bad to me, but Sony insists it's not a rootkit. Even so, is there any possibility for someone to exploit the privileges of SecuROM for other purposes? Is this a backdoor waiting to happen, or is that tinfoil hat bullshit?
    "Fucking everything." Seriously. "More permissions than the user" would be accurate as well. You ever try to use Task Manager to kill off your antivirus and get "Permission Denied"? No such problem there.

    There were several exploits for Sony's XCP rootkit that used it to hide from virus scanners/detection programs.

    I don't think this is true of the recent SecuROM, according to wiki it runs in ring 3.

    UAService7 runs at Ring 3, but the SecuROM driver is still Ring 0.

    Do you have a link to that?

    Ring 0 is needed due to the way the Windows security model works. The only way it can get the legit information from other Ring 0 level software (virtual CD/DVD driver) is to run at Ring 0 itself. Ring N can lie to Ring N+x, but not vice versa. If it actually was running at Ring 3, it wouldn't be able to tell that actualDVDdrive.sys is actually virtualDVDdrive.sys.

    tl;dr - no, I don't have a link, but it needs Ring 0 to pull off what it's doing.

    So, you don't have any proof, nor does anyone else. Don't you think someone would have just pointed this out by now?

    I'm really not sure what you're contesting here. Are you saying that's not how the windows security model works, or that SecuROM doesn't actually need Ring 0 access in order to access the DVD drivers?

    Well I'm saying this

    1) not one source on the internet has got any proof it installs anything with Ring 0 access. I mean actual proof, not just some "well it must have". And generally, the internet is really fucking good at this kinda stuff.

    The problem is that rootkits are incredibly difficult to directly prove the existence of, this is something by their very nature. The only reason the original researcher was able to show something was up with the Sony DRM was when he could show that specific files on his computer were disappearing if he labelled them with a $$ sign in front and behind (or some symbols along those lines, I can't remember the exact sequence). That was because the files had root access and were hiding themselves in the system by being labelled that way. MS's rootkit detection software flags up Bioshock, and closer examination of the files involved reveals null characters internally which are generally used to mark an end of file. Again, you can't prove that there is something to be found, but it's pretty frigging suspicious.

    What can be ascertained is the likelihood of the software needing root access in order to achieve it's goals. Given that, I'd say there's a pretty heavy possibility, and it definitely shouldn't be ignored.
    2) SecuRom say they don't do that (ok, scoff at that one, but it's their business rep on the line here)

    Neither did Starforce, and Ubisoft actively called people pirates that tried to prove otherwise at first. Sony denied anything was up with their DRM as well initially (although that may have been more to do with their ignorance of software they were getting from a third party) and even tried to prosecute someone for posting the "workaround" of holding the shift key when you put the CD in.
    3) Sony are already in deep shit last time they tried to put a root kit on peoples computers (being sued in a couple of places) etc, Starforce pretty much got dumped immeadiatly when people found out what it was doing (and isn't Ubi getting sued over it as well?)

    If I'm honest, I don't believe that Starforce was dumped specifically because of Ring 0 access, at least not in itself. It's because it raised too much of a negative profile and became a burden to Ubisoft, there was too much negative press on it (mainly centering around stability issues), and the baggage wasn't worth it anymore.
    4) It goes without saying that if people found out that this is what SecuRom was doing, a lot of companies would be in a lot of trouble as a hell of a lot of people are using it.

    I disagree there, I honestly don't think they'd catch much heat for it. But then I'm cynical like that. Sony had to abandon their DRM, but the fallout from that for them was little more than a slap on the wrist.
    5) it doesn't stop daemon tools etc, as they've already got a work around, so whatever it was doing, it wasn't doing very well.

    Workarounds have always been possible once you've got a rough idea of what the DRM may be looking for. Workarounds even existed for Starforce, or at least earlier versions before they plugged holes (starforce 3 was pretty potent stuff). That doesn't change the fact that they still had Ring 0 access.
    So, at this point, I've got the word of someone on a forum saying it must be true. I'm not saying it's not true, but if you really believe this is 100% the case, then I got some cold fusion technology I'm interested in selling.

    It's not just one person saying it. But you're right, it can't be categorically proven. I just don't think it's as impossible as you seem to.

    subedii on
  • Options
    DaedalusDaedalus Registered User regular
    edited September 2008
    Basically, Rook, you can believe people here on this forum who know how Windows's security model works, or you can believe SecuROM's business rep.

    Daedalus on
  • Options
    subediisubedii Registered User regular
    edited September 2008
    Daedalus wrote: »
    Basically, Rook, you can believe people here on this forum who know how Windows's security model works, or you can believe SecuROM's business rep.

    I'm not claiming any in-depth knowledge of the security model. I'm not a researcher, Windows security and software hierarchy isn't my field. I would say I have a very basic grasp of software hierarchy and escalation. Heck I've had to write some programs and databases using some of those principles, but I sure as crap don't understand it all. I'm going to be honest and say that my own understanding shouldn't be taken as any better than Rook's.

    It's just that from what I have been able to understand of the situation, I'm certainly not giving SecuROM carte blanche on this one.

    subedii on
  • Options
    PeregrineFalconPeregrineFalcon Registered User regular
    edited September 2008
    Not sure, but Daedalus might have been talking to me. If not, sorry to presume. If so, yeah, that's just how it works. I don't know how else to put it other than stating - again - that what it does absolutely requires Ring 0 access unless they are using an unpublished, unpatched exploit to elevate an application to kernel-level permissions. Which is even worse.

    PeregrineFalcon on
    Looking for a DX:HR OnLive code for my kid brother.
    Can trade TF2 items or whatever else you're interested in. PM me.
  • Options
    RookRook Registered User regular
    edited September 2008
    Daedalus wrote: »
    Basically, Rook, you can believe people here on this forum who know how Windows's security model works, or you can believe SecuROM's business rep.

    Yeah, so it's a user on this forum who "knows how windows security works"

    Or it's every single other company on the internet who's business is windows security, every single tech website that has pointed out it's not a rootkit, every person that's had a look at this and the complete lack of any evidence, from anyone that this is a rootkit.

    But yeah, user on this forum who knows how windows security model works is probably right. Sorry guys, what a fucking retard I've been. I know who to trust in the future now.

    Rook on
  • Options
    PeregrineFalconPeregrineFalcon Registered User regular
    edited September 2008
    Rook wrote: »
    Daedalus wrote: »
    Basically, Rook, you can believe people here on this forum who know how Windows's security model works, or you can believe SecuROM's business rep.

    Yeah, so it's a user on this forum who "knows how windows security works"

    Or it's every single other company on the internet who's business is windows security, every single tech website that has pointed out it's not a rootkit, every person that's had a look at this and the complete lack of any evidence, from anyone that this is a rootkit.

    But yeah, user on this forum who knows how windows security model works is probably right. Sorry guys, what a fucking retard I've been. I know who to trust in the future now.

    You are aware that "Software that runs at Ring 0 and is a potential security risk if an exploit is determined" and "rootkit" do not mean the same fucking thing right?

    PeregrineFalcon on
    Looking for a DX:HR OnLive code for my kid brother.
    Can trade TF2 items or whatever else you're interested in. PM me.
  • Options
    DaedalusDaedalus Registered User regular
    edited September 2008
    Rook wrote: »
    Daedalus wrote: »
    Basically, Rook, you can believe people here on this forum who know how Windows's security model works, or you can believe SecuROM's business rep.

    Yeah, so it's a user on this forum who "knows how windows security works"

    Or it's every single other company on the internet who's business is windows security, every single tech website that has pointed out it's not a rootkit, every person that's had a look at this and the complete lack of any evidence, from anyone that this is a rootkit.

    Woah, hey, your source just changed from "SecuROM's business rep" to "every single tech website". Citation's on you now.

    Daedalus on
  • Options
    RookRook Registered User regular
    edited September 2008
    Daedalus wrote: »
    Rook wrote: »
    Daedalus wrote: »
    Basically, Rook, you can believe people here on this forum who know how Windows's security model works, or you can believe SecuROM's business rep.

    Yeah, so it's a user on this forum who "knows how windows security works"

    Or it's every single other company on the internet who's business is windows security, every single tech website that has pointed out it's not a rootkit, every person that's had a look at this and the complete lack of any evidence, from anyone that this is a rootkit.

    Woah, hey, your source just changed from "SecuROM's business rep" to "every single tech website". Citation's on you now.

    http://arstechnica.com/news.ars/post/20070826-clearing-the-air-bioshock-does-not-contain-a-rootkit.html
    http://www.extremetech.com/article2/0,1697,2176151,00.asp
    http://www.theinquirer.net/en/inquirer/news/2007/08/25/avoid-bioshock-like-the-plague
    http://www.tomsgames.com/us/2007/08/27/bioshock_drm/
    http://www.corpnews.com/node/177


    I can't find anyone who has any reasonable claim that it's a rootkit or it has kernal access. In fact, the only person that does seem to put up any sort of real claim that it is doing something nefarious is this guy.

    And yeah, he's the guy that's come up with the "it must be ring 0 or how else would it work, and that's proof itself" claim. Except that having been called to demonstrate any of his findings so that other people can replicate them, he can't and seems to be using made up programs.
    You are aware that "Software that runs at Ring 0 and is a potential security risk if an exploit is determined" and "rootkit" do not mean the same fucking thing right?

    Yeah, but are you aware what circular logic is? All I'm asking for is one bit of proof.
    You made this statement: "UAService7 runs at Ring 3, but the SecuROM driver is still Ring 0."

    With absolutley nothing to back up that claim when called on it. You don't have any proof of a different SecuROM driver, you've got the entire internet out there. And the best thing you can come up with is a shitty bit of circular logic. Where are you even getting that from?

    "Ring 0 is needed due to the way the Windows security model works. The only way it can get the legit information from other Ring 0 level software (virtual CD/DVD driver) is to run at Ring 0 itself. Ring N can lie to Ring N+x, but not vice versa. If it actually was running at Ring 3, it wouldn't be able to tell that actualDVDdrive.sys is actually virtualDVDdrive.sys.

    tl;dr - no, I don't have a link, but it needs Ring 0 to pull off what it's doing."


    So yeah, I guess I find it hard to take people's word for it compared to a nice bit of proof. I mean saying stuff like Ring N+x, kinda makes you sound as though you might actually not know what you're talking about. Windows ONLY has Kernel and User level, (Ring 0 and Ring 3) (link) So what's the point of mentioning anything else?

    Anyone claiming that something is fact when they have zero proof deserves at best a little skepticism.

    Rook on
Sign In or Register to comment.