Ubisoft: We Didn't Install a Rootkit on Your PC
July 30, 2012 4:50 PM
comment(s) - last by
But Ubisoft admits its code allows remotely controllable arbitrary executable launches
defines a "
" as "a stealthy type of malicious software designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer."
We just heard back from a spokesperson from Ubisoft Entertainment S.A. (
) regarding claims that dozens of its most popular titles contained
a browser plugin that acted as a rootkit
There was some skepticism among readers regarding whether this was a true "rootkit". Writes
, "The described behavior of the DRM package doesn't define a rootkit at all. It may be an evil nonetheless, but let's be accurate here instead of using the R-word to inflame people by misdirection."
But it appears as more details have become available that the software was acting relatively close to the aforementioned definition of a rootkit, though it's likely closer to an unintentional Trojan by definition.
According to the Ubisoft spokesperson:
The browser plugin that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they're being made. This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.
Pre-patch the uPlay browser plug-in could allow remotely controlled arbitrary executable launch.
[Image Source: Geek.com]
Now Ubisoft denies that this is a rootkit, writing, "The Uplay application has never included a rootkit."
Technically this appears to be correct in that the plugin was not
to be malicious, and has not yet been exploited in the wild.
That said consider the following:
The browser plugin is intended to launch game related software, but due to apparent coding error is allowed unrestricted executable access, meaning its advertised purpose does not match its capabilities.
This makes it, in effect, an accidental Trojan.
The plugin allows privileged access to the host machine.
The plugin runs in the background and is largely invisible.
The plugin accepts remote control signals to control the host machine.
Thus even if Ubisoft is correct -- that Uplay is not acting as a rootkit at present -- if the control channel were to be hijacked by a third party, it would become one. Channel hijacking would fulfill the sole missing criteria -- malicious behavior.
In other words, Ubisoft is arguing semantics, but based on a purely technical standpoint its plugin is very close to being capable of offering similar capabilities to a rootkit if hijacked by a malicious party. That, ostensibly, is where various media reports labelling the plugin as a "rootkit" arose.
Semantics aside, Ubisoft appears to realize this is a dangerous capability to leave lying around. It writes:
The issue was brought to our attention early Monday morning and we had a fix into our QC department an hour and a half later. An automatic patch was launched that fixes the browser plugin so that it will only open the Uplay application. Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.
To update your Uplay client and apply the patch:
-Close any open web browsers (Internet Explorer, Firefox, Chrome, Opera, etc.) If the web browser is open during the patch it will require restarting the browser.
-Launch the Uplay PC client. The Uplay PC client update will start automatically.
-An updated version of the Uplay PC installer is also available to download from Uplay.com.
It remains to be seen if this is enough to wash Ubisoft's hands of
liability for allowing arbitrary code execution
on victim machines.
This article is over a month old, voting and posting comments is disabled
RE: Still not a Rootkit
7/30/2012 8:58:20 PM
Nobody wants this. Ubisoft's online DRM is one of the reasons why their PC assassin's creed ended up tanking, though they spun it as "reduction in piracy". you MUST go through this DRM in order to play ubisoft games, so it's more like buying some software and being forced to install OoVoO.
RE: Still not a Rootkit
7/30/2012 11:40:25 PM
Actually, you can just pirate the games and not have to deal with any of Ubisoft's crap. I'm not advocating piracy, but I know for a fact that pirated versions of some of the Assassin's Creed games worked better than the bought versions.
I bought a couple of the games and my buddies pirated them all and they all had a lot less trouble. I ended up applying all the cracks to my version and everything worked just fine after that.
RE: Still not a Rootkit
7/31/2012 9:02:44 AM
I also remember CDProjekt stating that when they removed the DRM from the Witcher 2; the game magically gained a higher framerate. :)
“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs
Ubisoft Caught Installing Exploitable DRM Plug-in on Users' Machines
July 30, 2012, 11:44 AM
The EFF Wants You to Know About Sony BMG Settlement
March 13, 2006, 2:17 AM
"World's Smallest Chess Code" is a Cheating Novice (But Still Kind of Lovable)
January 28, 2015, 2:24 PM
Microsoft's Windows 10 Now Has "Over 2 Million" Public Testers
January 28, 2015, 9:25 AM
Quick Note: With Windows 10, the Windows Source Hits Build 10,000
January 20, 2015, 2:05 PM
Microsoft Kills "Mainstream Support" Windows 7
January 13, 2015, 1:01 PM
Windows 10's "Spartan" IE11 Variant Will Get Firefox/Chrome-Like Extensions
December 30, 2014, 1:30 PM
Cortana, Xbox App, OneDrive Apps/Settings Backup Added to Windows 10 Build
December 15, 2014, 3:43 PM
Most Popular Articles
Under the Hood: How DirectX 11.3 and 12 Will Supercharge Windows 10 Gaming
January 23, 2015, 12:34 PM
2016 Cadillac CTS-V Packs 640 hp Punch with 200 mph Reach
January 23, 2015, 3:25 PM
Google Fixes Homophobic "Bug" in its Translator
January 27, 2015, 2:31 PM
Microsoft Shows Off Latest Windows 10 Build, Preps it for Next Week Release
January 21, 2015, 2:57 PM
Microsoft to Close Nokia Store, May Lose Over a Hundred Thousand Apps
January 26, 2015, 11:15 AM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information