Update: Major Security Hole Found in Ubisoft's PC Titles

[Adam Jensen_v1legacy]

As a PC gamer, I have a love/hate relationship with Ubisoft. Their support of the PC as a platform is abysmal. But at the same time they make some of the best games. Assassin's Creed is probably one of the best series I have ever played. And it's the only reason I still buy some of their games. I couldn't give a fuck about multiplayer so I just use a crack and go about my day. So this doesn't really affect me.

 

[nodlimax]

Oh just wait for it. The console versions are going to be next with the DRM stuff and guess what - it's more difficult to get around this stuff there.

 

[Clearing the Eye]

OT: Why on Earth would you let it install the web plugin? Always, always say no to that shit. Take your toolbar/plugin/addon and shove it, I say!

That's what I thought too.

Then I checked "chrome://plugins"... Motherfuckers.

They got you! You're... one of them now :O

 

[Zoe Castillo]

--

 

[Nalgas D. Lemur]

Doesn't affect me, and i got IE. maybe IE has been proven useful.

If you're unaffected by it, IE is not the reason. There's more than one version of the plugin, and it affects IE, Firefox, Chrome, Opera, etc. Everyone's pretty much equally screwed this time around.

 

[wottabout]

I installed Assassin's Creed II last week on Steam, and it looks like UPlay installed, but I do not see any UPlay plugins. Also, the test site doesn't load on any browser on my computer. So... I guess I'm safe-ish? I don't know why I wouldn't have the plugins though, I didn't exactly go out of my way to avoid them...

 

[Antari]

What a lovely reward for being a customer. An exposed system. I'm glad I stopped buying Ubi's crap a long while ago.

 

[KefkaCultist]

And another reason why I refuse to buy an Ubisoft game for the PC.

But you have no problem giving them money for the console versions, further supporting them as a force on the market? Yeah, stand up for those principles, man. You're a true inspiration from up on those barricades.

I do not understand why you're berating me. I did not say that I'm boycotting the whole company. All I said was that I don't buy their games for the PC because of the dreadful DRM that doesn't work. Ubisoft actually has decent games that I would play on a console, however, I do not own any consoles, so I just don't play Ubisoft games at all...

Recap: I do not buy Ubisoft's PC games and I do not own a console, therefore, I do not buy Ubisoft games.

 

[Furism]

It's not a rootkit, it's a backdoor. A rootkit is something that installs itself at the lowest levels of the operating system, and is virtually impossible to remove, this is an unsecured browser plugin. Now, someone could use this plugin to install a rootkit of their own, but the plugin is not, by any stretch of the imagination, a rootkit.

I'm going to post this and then stop arguing with you because we are arguing semantics. A rootkit doesn't have to be installed at the lowest level of the OS. It can be in "Ring 3", that is User Space. Quoting Wikipedia [http://en.wikipedia.org/wiki/Rootkit#User_mode] here.

User-mode rootkits run in Ring 3, along with other applications as user, rather than low-level system processes. They have a number of possible installation vectors to intercept and modify the standard behavior of application programming interfaces (APIs). Some inject a dynamically-linked library (such as a .DLL file on Windows, or a .dylib file on Mac OS X) into other processes, and are thereby able to execute inside any target process to spoof it; others with sufficient privileges simply overwrite the memory of a target application. Injection mechanisms include:

* Use of vendor-supplied application extensions. For example, Windows Explorer has public interfaces that allow third parties to extend its functionality.
[...]

Their program is a DLL that hooks into Chrome so that it will start program(s). It fits the definition.

 

[nyttyn]

As much as I hate doing this.. Oh wait no I love doing this its ubisoft.

FUCKING CALLED IT.

I mean honestly such a compliacted DRM structure was just asking for trouble.

 

[LiftYourSkinnyFists]

Isn't this news already dated?

 

[Starke]

It's not a rootkit, it's a backdoor. A rootkit is something that installs itself at the lowest levels of the operating system, and is virtually impossible to remove, this is an unsecured browser plugin. Now, someone could use this plugin to install a rootkit of their own, but the plugin is not, by any stretch of the imagination, a rootkit.

I'm going to post this and then stop arguing with you because we are arguing semantics. A rootkit doesn't have to be installed at the lowest level of the OS. It can be in "Ring 3", that is User Space. Quoting Wikipedia [http://en.wikipedia.org/wiki/Rootkit#User_mode] here.

User-mode rootkits run in Ring 3, along with other applications as user, rather than low-level system processes. They have a number of possible installation vectors to intercept and modify the standard behavior of application programming interfaces (APIs). Some inject a dynamically-linked library (such as a .DLL file on Windows, or a .dylib file on Mac OS X) into other processes, and are thereby able to execute inside any target process to spoof it; others with sufficient privileges simply overwrite the memory of a target application. Injection mechanisms include:

* Use of vendor-supplied application extensions. For example, Windows Explorer has public interfaces that allow third parties to extend its functionality.
[...]

Their program is a DLL that hooks into Chrome so that it will start program(s). It fits the definition.

Because as we all know, Wikipedia is so reliable. Additionally, you're citing User-mode rootkits, which are, just so you know, not what someone means when they say "rootkit" in general. Honestly, the term "user-mode rootkit" strikes me as the result of someone getting sloppy with the terminology to begin with. Not you, mind, but someone. After all a rootkit that doesn't involve root access in any way, isn't really a rootkit.