backtop


Print 62 comment(s) - last by NellyFromMA.. on Aug 1 at 7:37 AM

Assasin's Creed installs dangerous software -- can we say "class action lawsuit"?

Google, Inc. (GOOG) engineer Tavis Ormandy has created a world of woe for French software giant Ubisoft Entertainment S.A. (EPA:UBI) after he revealed that the company was endangering customers by installing dangerous software that opened a back-door to their machines.

Ubisoft is well known for its best-selling Assassin's Creed, Rayman, and Far Cry franchises, as well as a number of Tom Clancy titles (e.g. the Splinter Cell series).  But according to Mr. Ormandy, Ubisoft's recent software comes with a dangerous attachment -- a browser plugin designed to support the company's secured Uplay service.

The browser plug-in acts as an accidental Trojan, allows arbitrary code execution via the opened "door" inside the affected browser.  Ubisoft uses the plugin to check if the installed title is valid, allowing gamers access to online play and achievements.  But according to Mr. Ormandy hackers could also exploit the open door in escalation of privileges attacks on the users' machine.

Hundreds of thousands of PC gamers are believed to be affected.

Uplay Uplay
Ubisoft Uplay browser plugin allowed unauthorized acceess to users' machines.
[Image Source: Geek.com]

Affected titles include 5 Assassin’s Creed games, 3 Tom Clancy games, as well as popular titles such as Driver: San Francisco, and Settlers 7.  Mr. Ormandy first observed the exploitable plug-in while installing Assassin's Creed: Revelations.

Assassin's Creed
The exploitable plug-in came with installs of Assassin's Creed titles. [Image Source: IGN]

Ubisoft had already upset customers with its DRM scheme, as many complained that they had legitimately purchased titles, but were being locked out of gameplay when their machines were offline.  Ubisoft defended this policy.

Now it may be forced to defend itself in court against class action lawsuits for endangering its loyal customers.

The incident is eerily reminiscent to the rootkit discovered on Sony Corp. (TYO:6758) music CDs several years ago.  Sony was subsequently sued and forced into an apology/settlement for recklessly endangering its users.

Note: As the plug-in does not mask its presence, in its current form it is closer to an exploitable plug-in aka. an accidental Trojan than a rootkit by definition, hence the text was changed to correct this.

Sources: SecLists, Geek, Ycombinator News



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: DRM should be illegal
By Solandri on 7/30/2012 7:10:59 PM , Rating: 2
quote:
Just curious, because I get the reasons against DRM (I agree with most, especially rootkits) but no one suggests a proper alternative. What are software developers to do when people are stealing their software?

In all honesty, I say (and I'm a programmer) the problem isn't piracy. It's the notion that you should be able to write code once and sell it over and over again. No other industry works like this.

- If I build cars, I have to buy materials and parts, assemble them, and sell the car. If I want to sell another car, I have to do it all over again.
- If I sell burgers, I have to buy the meat, bun, and veggies, fry the burger, then assemble it and sell it. If I want to sell another one, I have to do it all over again.
- If I want to mow lawns, I have to buy the lawnmower, a car to haul it around in, market my lawnmowing services, then spend the time to mow someone's lawn. If I want to make another sale, I have to do it all over again.
- If I want to rent out a car, I have to buy the car, get insurance, find renters, and rent it to them. If I want to make another rental sale, I have to do it all over again.

In all other jobs, you get paid for doing work, and if you want to get paid some more you have to do more work. Only in the IP industries do we have this strange notion that you should be able to work once, and collect money from it over and over again (and your kids should be able to collect money from it over and over again).

It didn't used to be this way. For most of the existence of IP, the cost of duplication and distribution was substantial, sometimes even exceeding the cost of creating the work itself. Once I had written and practiced a song, recording it, mastering it, pressing duplicates onto vinyl records, packaging the records, and distributing them through retail stores around the country still cost a significant amount of money. So it made sense to allow the IP owner to charge money per copy - he was still doing a lot of work per copy. He had to pay a significant amount of costs per copy, and those costs scaled with number of copies, so it made sense to let him charge per copy.

But then computers and the Internet happened, and the cost of duplicating and distributing software (programs, music, books, movies, ideas) dropped to nearly zero. It now costs a musician next to nothing to make copies of a song and distribute it to millions of people around the world. So why are they still demanding they be paid full price per copy even though it entails almost no additional work?

Piracy isn't the problem, it's a symptom. A symptom of an IP system which no longer works. People know it didn't cost the artist any extra money to make that extra copy of the song, so their conscience doesn't really bother them that they copied it. I'm not sure exactly what the solution is - maybe musicians/software authors can be funded via kickstarter, or get paid per job like wedding photographers now do. But letting them charge a lot of money for something which costs them nothing to create, is not a solution.


RE: DRM should be illegal
By Motoman on 7/30/2012 8:27:26 PM , Rating: 2
I have a hard time believing you're a programmer and you just said that.

It costs exhorbitant amounts of money to develop software of any significance. It's not hard to imagine a game having to sell a million copies just to break even.

Your "argument" also applies to movies, books, TV shows, whatever...LOTS of other industries work that way.

There's nothing inherently wrong with our current understanding of IP and the concept of IP producers being paid on a per-copy basis. The problem is that there will simply always be people who want something for nothing...and they will find a way to get something for nothing.

The point of my posts here is that DRM does nothing to prevent the piracy that is simply going to happen no matter what. You will never change human behavior.

...how you start to take that and twist it into some kind of argument implying that IP producers don't deserve to get paid for every copy of their work sold is beyond me.


RE: DRM should be illegal
By augiem on 7/31/2012 4:11:39 AM , Rating: 2
Who is to put the value on what a creation is worth? Who is to say how much money someone should make from a certain creation before you deem that they have fully recouped their costs and have been fully and fairly compensated for the time/effort of creation? Do they release their song/game/movie/painting/book/etc. for say 6 months or 1 year and gather whatever revenue they can, then after that it becomes public domain? Who decides this? Some government body?

You make it sound like you'd prefer it if all creatives only got paid hourly for their work and that's it. (That's essentially what happens for the most part as the company that they work for, not the creatives themselves, usually gets all the earnings ad infinitum.)

quote:
No other industry works like this.


What are you talking about? Nearly every industry works like this. Just about everything that involves any sort of R&D works EXACTLY like this. You pay scientists, chemists, engineers, etc. to develop ideas which are evolved over time from product to product, generation to generation. Do you think it would even be possible to have the technology we have if they had to just start from the ground up every time they wanted to develop something? The only part you really HAVE to do over and over again is the manual labor of manufacturing and distribution and the parts themselves. You're looking this from purely labor perspective. Without the architecht, the pyramid workers would simply be moving stone around without reason.

Not everyone in the world is creative. And believe me, having been in the field, it can VERY taxing, frustrating, and all consuming 24/7. Its not easy. Your point of view devalues those people who create the art and ideas and breakthroughs and puts all the value only on the ones directly executing those ideas.

The chance for for potentially unlimited reward is the driving force beind most of the world's creative people who sacrifice everything over and over again in the hopes of "making it". Most will never achieve anything close to fantastic success, but a world without that possibility sounds horribly dismal. It reminds me of the movie Hudsucker Proxy.


RE: DRM should be illegal
By NellyFromMA on 7/31/2012 12:52:51 PM , Rating: 2
Seriously? All software should simply be open source because essentially profit and software do not go hand in hand?

I have to say I can't disagree more with your opinion (to which you are entitled). I too am a developer and luckily we do not face any real piracy as we have a niche group of customers. So for that, I am thankful... because IF we did, almost surely jobs would be lost.

The thought that someone would invest time and money into something that (if I understand you correctly) essentially returns no profits just isn't sensible from a real life practicality point of view.

You're also assessing the current pay model with manufacturing which in itself is not a good comparison. Maybe we should measure the benefits received as a result of the contribution of the developers/business? If you don't want to pay for it, you must not need it. Or, if you do, why shouldn't the developers/business be rewarded?

Because it doesn't cost to replicate? It actually does almost always cost because ultimately someone needs to be funded to write it anyways.

Idk, I'm not disrespecting your opinion, and I get your basis (I like to play devils advocate and have used that very same arguement to argue the point you are, except it was movies and music) I just don't agree with it at the end of the day.

Because a bueinss model can be more efficient or isn't restricted to the physical contraints of material objects manufactured and sold doesn't invalidate its value. It does not imply it should be free unless the authors/owners decide they want to give it away. We have the right NOT to pay for it and not use. To not pay for it AND circumvent what has been implemented to protect their investment is frankly what is wrong IMO. Not that I agree with those implementations being invasive (like rootkits, which it turns out this is not) but I totally would secure my investment. You'd be foolish not to. It's about profits, not charity (most of the time)


RE: DRM should be illegal
By augiem on 7/31/2012 3:58:54 PM , Rating: 2
I think a big part of the problem in general is that people do not think of digital goods the same as they do physical. Because it can be copied 100% with the push of a button, suddenly it seems as if it took no work to create and its not harming anyone if you just take it. A very small percentage of people in the first world would even steal a candy bar from a grocery store, but a very large percentage of them have, would, and do steal digital goods. Its a dangerous attitude that could ultimately lead to complete devaluation of all art forms that can be distributed digitally. Stealing digitial goods is awesome so long as there is a huge library of good content to steal from, but if the monetary incentive dries up, nobody will be producing those goods anymore for everyone to steal. Rampant, casual piracy has just been a normal part of daily life in East Asia, Russia, and eastern Eurpoe for the last 30 years or so, but they couldn't have had access to that catalog of free content were it not for all the people supporting its production by paying for it in the USA, UK, France, etc. It's kind of like socialism/communism. It works great until your stockpile of rich people on which you have been feeding is dried up. The scary/sad part is, in the first world, especially among the youth, the attitude that digital content has no intrinsic value is only getting more prevalant year after year.


RE: DRM should be illegal
By NellyFromMA on 8/1/2012 7:37:14 AM , Rating: 2
In general, I think the upcoming generation doesn't really have a firm grasp on nor do they seem to place or assess any real value in much of anything.

I agree with all of what you've said though.


"I mean, if you wanna break down someone's door, why don't you start with AT&T, for God sakes? They make your amazing phone unusable as a phone!" -- Jon Stewart on Apple and the iPhone














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki