Rootkit and Invasive DRM Information Thread

[Schadenfroh]

SecuROM installs to the following folder

C:\Documents and Settings\**USER NAME**\Application Data\SecuROM\UserData

It will not help that the game is on a separate hard drive, for SecuROM is not installed in that game's folder, hence it stays with you even after you uninstall the game.

 

[apoppin]

Originally posted by: Schadenfroh
StarForce installs to the following folder

C:\Documents and Settings\**USER NAME**\Application Data\SecuROM\UserData

It will not help that the game is on a separate hard drive, for SecuROM is not installed in that game's folder, hence it stays with you even after you uninstall the game.

IF i install the game and SecureCrap on "C" and *all my other Apps* are on "F" ... how do they interfere?


separate HDs ... two OSes ... never the twain shall meet ... might as well be on separate computers.

 

[Dethfrumbelo]

Originally posted by: Schadenfroh
StarForce installs to the following folder

C:\Documents and Settings\**USER NAME**\Application Data\SecuROM\UserData

It will not help that the game is on a separate hard drive, for SecuROM is not installed in that game's folder, hence it stays with you even after you uninstall the game.

That's right. It'll install to your OS boot drive/registry. You'd need two separate windows installs, either on separate HDs, partition, or maybe dual boot (I'm not sure you can use dual boot with the same OS).

 

[apoppin]

sure you can dual boot with the same OS ...

and you DO need two separate Win installs ... that IS the point.
i guess i will finally fire up my copy of XP home
[anyway ... to boot with Win2k ... not sure about the license requirements of one OS on two HDs ... i will be *safe* this way ... the XP installation will not be infected/infected whatsoever]

 

[CP5670]

Very useful thread. I wasn't aware that FEAR had Securom 7. I have the Securom folder in my user profile directory, but can't find the uaservice7.exe anywhere. I uninstalled FEAR several months ago, so does it partially remove the stuff with it?

Also, does anyone know what Splinter Cell: Double Agent uses? The previous SC title was one of the most high profile Starforce games. Ubi said they were removing Starforce from all their future titles, but it looks like their latest game, R6 Vegas, has Securom 7 instead. :roll: I'm wondering if SCDA also uses it.

I hate all this crap you have to put up with in modern games. I guess it's a good thing I'm mostly playing older games these days anyway.

 

[Schadenfroh]

Originally posted by: CP5670
I uninstalled FEAR several months ago, so does it partially remove the stuff with it?

That is a great thing about SecuROM 7, it stays with you even after you uninstall all the programs that use it, in order to get rid of it, you must obtain instructions from Sony's SecuROM support team.

Also, does anyone know what Splinter Cell: Double Agent uses?

This program will tell you, handy for detecting just about any known copy protection out there. I scanned it with A(squared) and Kaspersky, seems to be a safe program to run and it is very accurate, plus things from GameCopyWorld are safer than most other sites of its type.....

 

[Schadenfroh]

Originally posted by: Dethfrumbelo

Originally posted by: Acanthus
I dont really have much of a problem with securom7, i run nwn2 from an image and have no issues.

However, Atari patched it into nwn2 without telling anyone, which isnt cool for those of us that do care.

I believe they added it with patch 1.02 and onward.

I just checked, I removed NWN2 from my system and reinstalled it using my mounted image, without any patches (version 1.0 RTM), nwn2main.exe (the file that runs it) contains SecuROM 7.27. NWN2 1.04 patch (and probably the 1.03 as well) contains SecuROM 7.29, it was there when the game shipped it appears, still looking for warnings about it putting SecuROM on my system without prompting me on the box when I bought it.

 

[CP5670]

Originally posted by: Schadenfroh
That is a great thing about SecuROM 7, it stays with you even after you uninstall all the programs that use it, in order to get rid of it, you must obtain instructions from Sony's SecuROM support team.

I wasn't able to remove the Securom folder from the instructions in your OP (it kept saying the files couldn't be accessed or something like that), but this program did the trick nicely. The other Securom files aren't on my computer, as far as I can tell.

Do you know when Securom 7 actually installs itself? I believe Starforce installs only when the game starts up for the first time, which allows you to crack it or whatever before the system is infected.

Also, does anyone know what Splinter Cell: Double Agent uses?
This program will tell you, handy for detecting just about any known copy protection out there. I scanned it with A(squared) and Kaspersky, seems to be a safe program to run and it is very accurate, plus things from GameCopyWorld are safer than most other sites of its type.....

That looks like a useful utility, but I don't actually have the game. (and would be wary of buying it if I know it's going to install junk on my machine; Ubi already got me once with the previous game )

i would avoid it whenever possible

and it is becoming impossible ... my new *strategy* is to have *suspect programmes and games* on a separate HD

Great idea. I hadn't thought of that earlier. I already keep a spare drive around with a Windows install for testing overclocks, so I can just use that.

I guess we're heading back to the DOS days, when many games required you to restart the system with a boot disk before playing.

 

[BladeVenom]

Hopefully Sony gets sued again.

 

[shortylickens]

I have FEAR, NWN 2 and Titan Quest and I've never had problems with any of them or any other game I have.
But I thanks yous for the updates on Star Force. Thats a horrible scheme and every effort should be made to kill it.

Also, with the DVD's if I just rip an ISO from them (DVD Shrink) and never actually play them, will I get the problems?

- = VOTE FOR STICKY! = -

 

[apoppin]

Originally posted by: shortylickens
I have FEAR, NWN 2 and Titan Quest and I've never had problems with any of them or any other game I have.
But I thanks yous for the updates on Star Force. Thats a horrible scheme and every effort should be made to kill it.

Also, with the DVD's if I just rip an ISO from them (DVD Shrink) and never actually play them, will I get the problems?

- = VOTE FOR STICKY! = -

try using two different DVD drives to install your games from CDs ... if they have SecureCrap or StarForce the game will be corrupted

eg

[i have a DVD RW and a DVD ROM ... using FEAR's 5 CDs in alternate drives will corrupt the game files ... using just one of either Drive had no problem]
:Q

i am setting up a separate HD for these games as soon as i finish NWN2 ... hopefully this weekend ...

damn my x1950p is nice!

 

[shortylickens]

Originally posted by: apoppin

Originally posted by: shortylickens
I have FEAR, NWN 2 and Titan Quest and I've never had problems with any of them or any other game I have.
But I thanks yous for the updates on Star Force. Thats a horrible scheme and every effort should be made to kill it.

Also, with the DVD's if I just rip an ISO from them (DVD Shrink) and never actually play them, will I get the problems?

- = VOTE FOR STICKY! = -

try using two different DVD drives to install your games from CDs ... if they have SecureCrap or StarForce the game will be corrupted
eg
[i have a DVD RW and a DVD ROM ... using FEAR's 5 CDs in alternate drives will corrupt the game files ... using just one of either Drive had no problem]:Q i am setting up a separate HD for these games as soon as i finish NWN2 ... hopefully this weekend ...
damn my x1950p is nice!

I have the DVD editions of all three games.
I dont know why consumers or publishers bother with CD's.
A DVD reader costs about 10 bucks and a writer costs about 20 bucks if you look around.
There is no way in hell you could play any of todays games with a 10 video card. It makes no sense to advance everything else in leaps & bounds and we're still holding on to multi-CD games.
Heck with Blu-Ray and HD-DVD in play now we shouldnt need to worry about multiple DVD's for the next generation of games either.

 

[apoppin]

uh ... you missed my point.

the Secure Crap/Farce needs to be installed and read on the same Drive or the game may not run properly. Many people have a DVD ROM and a DVD writer ... or CD-Rom and a writer ... i don't think too many people are aware of this.
:Q

and *pretty soon* we will need multiple BluRay disks for a single game
:shocked:

not that far off

 

[shortylickens]

This may make me sound like an ass but I did not miss your point. You missed my point.

I'll try and state it simple, since I'm an engineer and sometimes I jump from A to C and forget about B.

I dont have any more discs or drives than I absolutely need.
I get DVD games when available and I only use one Dual Layer Burner.
I dont believe in copying from disc to disc.
I rip an ISO and then burn that. It really doesnt take any longer and helps reduce time lost to fudged up burns.

 

[apoppin]

Originally posted by: shortylickens
This may make me sound like an ass but I did not miss your point. You missed my point.

I'll try and state it simple, since I'm an engineer and sometimes I jump from A to C and forget about B.

I dont have any more discs or drives than I absolutely need.
I get DVD games when available and I only use one Dual Layer Burner.
I dont believe in copying from disc to disc.
I rip an ISO and then burn that. It really doesnt take any longer and helps reduce time lost to fudged up burns.

missed you point ?... an ass?
[i think not]

oh my!
:Q


i'd say ... i was just *clarifying* ... for others

i also used to forget *which drive*... before SecureCrap ...
.... and i have two DVD-drives which used to be very convenient.

i also have no problem with DVD or CD game versions - i tend to install them only *ONCE* ... so, whichever is cheaper

 

[Schadenfroh]

Originally posted by: xtknight
I think this tidbit really needs to be added about rootkits:

They can run at ring-0 (kernel level) and intercept crucial system calls. This makes them hard to detect and in some cases they may be completely undetectable. They could introduce bugs and cause hardware problems (like StarForce). It's important to realize that these kernel rootkits essentially have control over your whole system, not just your hard disk. They have access to your CPU, its memory timings, and direct access to the BIOS too. Most of them are infact drivers and since drivers have these capabilities, so do the rootkits. The rootkits will be loaded as drivers first and then intercept enumeration calls (the OS will ask for a list of drivers, to be presented to the user, and the rootkit will just take itself out of the list and pass it on). It appears unharmed to the receiving application.

Good stuff, mind if I add it in draft 3? I will credit it to you.


Also, I am considering adding the latest variants of SafeDISC. It has become something questionable now a days, although it seems to have far fewer problems than SecuROM 7 and StarFORCE.

http://en.wikipedia.org/wiki/Safedisc#Vulnerabilities

SafeDisc installs its own Windows device driver to the user's computer, named secdrv.sys. In addition to enabling the copy protection, it grants ring 0 access to the running application. This is a potential security risk, since trojans and other malware could use the driver to obtain administrator access to the machine, even if the programs are running under a limited account.

Even worse is that (beside the default configuration on Windows XP), most installers don't set the security configuration appropriately, allowing every user to let the driver configuration point at an arbitrarily chosen executable which (at the next reboot) is started with administrator privileges.

But, I do need to do some more research into SafeDisc before adding it.

 

[John]

Information Week
Review: Six Rootkit Detectors Protect Your System

Conclusions
The rootkit detection tools out there right now seem to break down into two basic categories:

[*]Professionally written tools, which seem to be mostly marketed as a way to get people to buy a full commercial product.
[*]Independently authored tools of broadly varying pedigrees and usability.

Ironically enough, it was one of the independent tools ? Rootkit Unhooker ? that turned out to be the best. I'm not sure that means the big vendors will see them as competition, though, since the indie-written tools clearly are meant for self-appointed pros.

If rootkits continue to proliferate and become as difficult to detect as is predicted to happen, that will be yet another selling point for the major security-software makers to market their own products. But it also will be an incentive for the indies to continue to write and update their tools for their own market, too.

Rootkit Unhooker
Icesword 1.20
AVG Antirootkit
F-Secure Blacklight
GMER

 

[Staver]

It seems for 1/23/07only. Giveawayoftheday has Safety Monitor 2.0 as freeware. Is this one any good for monitoring their install?

 

[KAZANI]

Originally posted by: John
Ironically enough, it was one of the independent tools ? Rootkit Unhooker ? that turned out to be the best. I'm not sure that means the big vendors will see them as competition, ]

From the Rootkit Unhooker's FAQ page:

Q: What additional programs should I use to detect/fight with rootkit(s)?

A: RootkitRevealer from www.sysinternals.com, DarkSpy, IceSword, GMER. All others - full sh*t..

:laugh:

 

[Schadenfroh]

Draft 3 is now up for review, hopefully the last draft before it is merged with the CST

Changes in draft 3 include:
[*]Safedisc information added
[*]Links to more Anti-RootKit reviews (John)
[*]Added more general information about RootKits (xtknight)
[*]Vista x64 rootkit protection information
[*]Modifications to removal instructions of securom (I am working on a way to remove it to post, right now emailing sony is the way to go)
[*]Various link, text, and format corrections

Enjoy, and do give feedback

 

[MustISO]

Bump for all your hard work and a vote to sticky this!

 

[xtknight]

Originally posted by: Schadenfroh
Good stuff, mind if I add it in draft 3? I will credit it to you.

Sorry, took me a while to respond. Sure is OK with me and thanks the thread and for adding my info.

 

[TechHead87]

So...lately I've been having problems with Windows "showing" my LiteOn SOHW1673S. Basically, if I re-boot my machine, Windows doesn't see it unless I go into my device manager and 'scan for hardware changes'. Is SecuROM to blame for this???

 

[Schadenfroh]

Originally posted by: TechHead87
So...lately I've been having problems with Windows "showing" my LiteOn SOHW1673S. Basically, if I re-boot my machine, Windows doesn't see it unless I go into my device manager and 'scan for hardware changes'. Is SecuROM to blame for this???

I doubt it, I had a similar problem with a Nec 3500A on a system with no games, following these steps fixed it (be sure to backup your registry):
http://extended64.com/blogs/andre/archive/2006/01/07/1630.aspx

 

[Schadenfroh]

Jade Empire's PC port is going to use Securom

It appears that it is becoming an industry standard, seems as if 2K games has started to place it on all new titles

http://jade.bioware.com/forums/viewtopic.html?topic=544783&forum=108

Hopefully Sony will make it work better since they are gaining market share and there will be more people complaining.