Page 1 of 2
1
2
LastLast
  1. #1

    Bought a recent Ubisoft game? Read, PC security might be threatened!

    The newest Ubisoft DRM (Gee, who saw that coming) that silently installs itself to your browser apparently has some huge security flaws that may let your PC open to all sorts of evil things like viruses, trojans, keyloggers and other happy assorted things.

    http://www.rockpapershotgun.com/2012...omment-1047465

    We’re currently investigating the full extent of this, but moralising and recrimination can come later. For now, the important thing is to warn folks who have certain Ubisoft games installed on their PCs that an apparent backdoor has been discovered in the Uplay infrastructure/DRM which may in theory allow any anyone so minded to install God knows what horrors on your PC. It isn’t confirmed as definite, but certainly proof of concept code is calling up Uplay windows and then loading other programs from websites that have nothing to do with Ubisoft. If Uplay is on your PC, I urge you to uninstall it and any games that use it immediately, until we know more. Update: the flaw lies specifically in a browser plugin Uplay quietly installs, and the general consensus is now that’s all you need to remove to protect yourself. See below for details on how to rid your PC of it.

    Essentially, as described here, with the right piece of code any website can call up a Uplay window and from that might be able to slip a program install or launch of their choice onto your PC. Were someone with malevolent intent to inject the code onto a commonly-visited website, they might be able to gain control over any number of PCs – or install keyloggers, viruses and the like, or just plain old wipe your hard drive. The web security expert we chatted to says this could even occur via an email link, making this exploit a phisher’s dream if it’s as a bad as it sounds.

    Says the expert we spoke to, “you could click on a weblink, thinking you were visiting the BBC News Website from a friendly list of bookmarks. Except it’d also install a program via UBISoft’s DRM plugin which wiped your hard drive. It is a genuine threat. All it would take is an exploited wordpress, say.”

    But I come here not to sensationalise, but to warn. With news of this backdoor spreading like wildfire and proof of concept code already out there, there’s a very real chance that someone will try to achieve something unpleasant with it before Ubisoft can shut it down. That’s presuming it is what it appears to be, of course – this may turn out to be an exaggeration, especially as the internet does so love to mock Ubi’s notorious DRM, but so far the evidence very much points to this being as dangerous as it sounds. I’ve contacted Ubisoft for comment and will update as and when we know more. There’s been no response as yet, and other sites are reporting similar silence.


    List of affected games:

    Assassin’s Creed II
    Assassin’s Creed: Brotherhood
    Assassin’s Creed: Project Legacy
    Assassin’s Creed Revelations
    Assassin’s Creed III
    Beowulf: The Game
    Brothers in Arms: Furious 4
    Call of Juarez: The Cartel
    Driver: San Francisco
    Heroes of Might and Magic VI
    Just Dance 3
    Prince of Persia: The Forgotten Sands
    Pure Football
    R.U.S.E.
    Shaun White Skateboarding
    Silent Hunter 5: Battle of the Atlantic
    The Settlers 7: Paths to a Kingdom
    Tom Clancy’s H.A.W.X. 2
    Tom Clancy’s Ghost Recon: Future Soldier
    Tom Clancy’s Splinter Cell: Conviction
    Your Shape: Fitness Evolved
    Last edited by Wilian; 2012-07-30 at 06:19 PM.
    Modern gaming apologist: I once tasted diarrhea so shit is fine.

    "People who alter or destroy works of art and our cultural heritage for profit or as an excercise of power, are barbarians" - George Lucas 1988

  2. #2
    Wow, Ubisoft still exists? Weren't they in big financial trouble after one of their previous DRM schemes backfired? It doesn't look like they learnt something from that.
    Last edited by Ferocity; 2012-07-30 at 06:27 PM.

  3. #3
    From the link:

    The fault does appear to specifically lie with a browser plugin Uplay installs rather than Uplay itself, so remove that from your Firefox/Chrome/IE/etc extensions as a priority, but I’m erring on the side of extreme caution and advocating the removal of anything associated with Uplay until this apparent threat is dealt with. Here’s how to locate and disable the errant plugin:


    Firefox:
    Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins

    Chrome:
    Visit aboutlugins and disable

    Opera:
    Settings – Preferences – Advanced – Downloads – Search “Uplay”, delete
    Last edited by Wilian; 2012-07-30 at 06:30 PM.
    Modern gaming apologist: I once tasted diarrhea so shit is fine.

    "People who alter or destroy works of art and our cultural heritage for profit or as an excercise of power, are barbarians" - George Lucas 1988

  4. #4
    Quote Originally Posted by Ferocity View Post
    Wow, Ubisoft still exists? Weren't they in big financial trouble after one of their previous DRM schemes backfired? It doesn't look like they learnt something from that.
    No, they're doing very well actually, better than a lot of publishers (especially THQ). DRM hasn't had that much of a negative effect on them as a whole, but it has shrank the PC market for their games a bit. That hasn't hurt them much as the PC market for their games isn't anywhere near the size of the console market though.

  5. #5
    DRM hasn't had that much of a negative effect on them as a whole, but it has shrank the PC market for their games a bit. That hasn't hurt them much as the PC market for their games isn't anywhere near the size of the console market though.
    Yeaaah. <.<

    Remember this little golden piece? ;o

    http://www.pcgamer.com/2011/10/07/op...ath-of-reason/

    However, Ubisoft provides a test-case. We are almost two years into its aggressive attack on PC piracy. Recently, Ubisoft called its “always-on” DRM a success, claiming “a clear reduction in piracy.”

    In terms of actual sales, however, the results seem decidedly mixed. Michael Pachter told Eurogamer that Ubisoft’s “PC game sales are down 90% without a corresponding lift in console sales.”

    Pachter framed the problem in terms of piracy, as I’m sure Ubisoft frames the problem, but a 90% decline in PC sales is a catastrophic number. If piracy were the problem, then their “successful” DRM policy should have prevented such a free-fall.

    Instead, PC gamers have stopped buying Ubisoft games. In fact, the decline of sales even calls into question the decline in piracy rates. All we know for sure is that Ubisoft have stopped people from playing their games. Full stop.
    Last edited by Wilian; 2012-07-30 at 06:36 PM.
    Modern gaming apologist: I once tasted diarrhea so shit is fine.

    "People who alter or destroy works of art and our cultural heritage for profit or as an excercise of power, are barbarians" - George Lucas 1988

  6. #6
    I really hope this inspires some more talk about DRM, because I'm really tired of being screwed over by it. I understand companies wanting to "protect" their content, but they're only hurting their legitimate customers, and the pirates, quite frankly, offer a better service by taking out such content.

    Note, I'm not advocating piracy.
    Last edited by icedwarrior; 2012-07-30 at 06:36 PM.

  7. #7
    Quote Originally Posted by icedwarrior View Post
    I really hope this inspires some more talk about DRM, because I'm really tired of being screwed over by it. I understand companies wanting to "protect" their content, but they're only hurting their legitimate customers, and the pirates, quite frankly, offer a better service by taking out such content.

    Note, I'm not advocating piracy.
    There are some developers that do it right. Croteam with Serious Sam 3, the guys that make Arma II, and a few others. I'd much prefer no DRM, but the DRM on those two games (SS3 has an unkillable enemy in pirated versions and Arma II has "fade", which causes the game quality to decay over time until it's unplayable) doesn't punish honest consumers. I'm not a big fan of DRM, but I don't have any real problems with it as long as it's not harmful to honest consumers (which is usually is, sadly).

  8. #8
    Quote Originally Posted by edgecrusherO0 View Post
    There are some developers that do it right. Croteam with Serious Sam 3, the guys that make Arma II, and a few others. I'd much prefer no DRM, but the DRM on those two games (SS3 has an unkillable enemy in pirated versions and Arma II has "fade", which causes the game quality to decay over time until it's unplayable) doesn't punish honest consumers. I'm not a big fan of DRM, but I don't have any real problems with it as long as it's not harmful to honest consumers (which is usually is, sadly).
    The two examples you listed are awesome and creative ways to combat piracy, but the problem is in the bolded statement; there are far too few companies that do it the right way. Sure, a couple of companies don't punish the legitimate consumers, but far too many do, and that's what the discussion needs to entail.

  9. #9
    Scarab Lord Hraklea's Avatar
    10+ Year Old Account
    Join Date
    Jan 2011
    Location
    Brazil
    Posts
    4,801
    The fault does appear to specifically lie with a browser plugin Uplay...
    Uplay is one of the most stupid things I've ever seen in my life... and now that. Good job, Ubi!

  10. #10
    If it's just a browser plugin which can be deleted in a matter of seconds, and the problem is a lot of "mights" and "coulds", I'll be the first to say "Who cares?"

    Driver: SF is awesome.
    Last edited by Grraarrgghh; 2012-07-30 at 07:53 PM.
    Corsair 500r - i5-3570k@4.8 - H100i - 580 DirectCUII - Crucial M4
    Lenovo y580 - i7-3630QM - 660M - Crucial M4 mSATA

  11. #11
    Got some of those games listed at the top installed via Steam, but no sign of the plugin... maybe I have to launch the game and let Steam finalize the install before it appears?

  12. #12
    Quote Originally Posted by Tarien View Post
    Got some of those games listed at the top installed via Steam, but no sign of the plugin... maybe I have to launch the game and let Steam finalize the install before it appears?
    Yeah, it doesn't install uplay until you run it for the first time.
    ~ flarecde
    Reality is nothing; Perception is everything.

  13. #13
    Quote Originally Posted by Grraarrgghh View Post
    If it's just a browser plugin which can be deleted in a matter of seconds, and the problem is a lot of "mights" and "coulds", I'll be the first to say "Who cares?"

    Driver: SF is awesome.
    The thing is, if you have a version of the game that requires Uplay and then install it, the program itself installs the browser plugin without asking from you.

    Update: the flaw lies specifically in a browser plugin Uplay quietly installs, and the general consensus is now that’s all you need to remove to protect yourself.

    Got some of those games listed at the top installed via Steam, but no sign of the plugin... maybe I have to launch the game and let Steam finalize the install before it appears?
    Some versions don't have it apparently.

    It appears versions of some of these games are Uplay-free and thus in theory safe
    Last edited by Wilian; 2012-07-30 at 08:03 PM.
    Modern gaming apologist: I once tasted diarrhea so shit is fine.

    "People who alter or destroy works of art and our cultural heritage for profit or as an excercise of power, are barbarians" - George Lucas 1988

  14. #14
    Pandaren Monk
    10+ Year Old Account
    Join Date
    Jun 2009
    Location
    Sweden
    Posts
    1,777
    Luckily Trackmania 2 isn't on the list, so I'm safe hopefully. D:

  15. #15
    Well Anno 2070 isn't on that list either but a friend of mine found the plugin installed to his browser. Good thing I didn't buy the game due to my DRM boycott even if it was so tempting. X.x

    And it's not hard to find out, posted out the guide up there how to. Just few clicks.
    Last edited by Wilian; 2012-07-30 at 08:14 PM.
    Modern gaming apologist: I once tasted diarrhea so shit is fine.

    "People who alter or destroy works of art and our cultural heritage for profit or as an excercise of power, are barbarians" - George Lucas 1988

  16. #16
    Quote Originally Posted by Wilian View Post
    The thing is, if you have a version of the game that requires Uplay and then install it, the program itself installs the browser plugin without asking from you.

    Update: the flaw lies specifically in a browser plugin Uplay quietly installs, and the general consensus is now that’s all you need to remove to protect yourself.



    Some versions don't have it apparently.

    It appears versions of some of these games are Uplay-free and thus in theory safe
    Well I upgraded and subsequently reformatted last week, and ended up reinstalling Driver: SF.

    Yesterday, while re-installing Vuze, I accidentally allowed it to install a toolbar in Chrome (doh). While uninstalling and un-enabling said toolbar, I saw no other plugins/widgits installed...so is it covert? Or am I just lucky?
    Corsair 500r - i5-3570k@4.8 - H100i - 580 DirectCUII - Crucial M4
    Lenovo y580 - i7-3630QM - 660M - Crucial M4 mSATA

  17. #17
    Quote Originally Posted by Grraarrgghh View Post
    Well I upgraded and subsequently reformatted last week, and ended up reinstalling Driver: SF.

    Yesterday, while re-installing Vuze, I accidentally allowed it to install a toolbar in Chrome (doh). While uninstalling and un-enabling said toolbar, I saw no other plugins/widgits installed...so is it covert? Or am I just lucky?
    It should be there listed with all the other plugins you have if you have any. It's not special in that sense.
    Modern gaming apologist: I once tasted diarrhea so shit is fine.

    "People who alter or destroy works of art and our cultural heritage for profit or as an excercise of power, are barbarians" - George Lucas 1988

  18. #18
    Fluffy Kitten Remilia's Avatar
    10+ Year Old Account
    Join Date
    Apr 2011
    Location
    Avatar: Momoco
    Posts
    15,160
    Quote Originally Posted by edgecrusherO0 View Post
    There are some developers that do it right. Croteam with Serious Sam 3, the guys that make Arma II, and a few others. I'd much prefer no DRM, but the DRM on those two games (SS3 has an unkillable enemy in pirated versions and Arma II has "fade", which causes the game quality to decay over time until it's unplayable) doesn't punish honest consumers. I'm not a big fan of DRM, but I don't have any real problems with it as long as it's not harmful to honest consumers (which is usually is, sadly).
    There should be a gigantic monster that runs behind you and eventually catches up to you and eats you.

    I've always been against extreme DRMs like Ubisoft does. Steam is generally fine, it'd be even better if they let you trade games. That'd be awesome, but I doubt that's going to happen any time soon. It reduces piracy... yeah sure... but it reduces their sales too. Ending up that you gain less than you intend to. Basically screwing yourself over.

  19. #19
    The Lightbringer inux94's Avatar
    10+ Year Old Account
    Join Date
    Feb 2011
    Location
    Nuuk, Greenland
    Posts
    3,352
    Why can't Ubisoft just go bankrupt & go to hell?

    Their Assasins Creed franchise is going the way Call of Duty is at.
    i7-6700k 4.2GHz | Gigabyte GTX 980 | 16GB Kingston HyperX | Intel 750 Series SSD 400GB | Corsair H100i | Noctua IndustialPPC
    ASUS PB298Q 4K | 2x QNIX QH2710 | CM Storm Rapid w/ Reds | Zowie AM | Schiit Stack w/ Sennheiser HD8/Antlion Modmic

    Armory

  20. #20
    Quote Originally Posted by inux94 View Post
    Why can't Ubisoft just go bankrupt & go to hell?

    Their Assasins Creed franchise is going the way Call of Duty is at.
    If they did that I'd never get to play Watch_Dogs...
    Corsair 500r - i5-3570k@4.8 - H100i - 580 DirectCUII - Crucial M4
    Lenovo y580 - i7-3630QM - 660M - Crucial M4 mSATA

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •