Street Fighter V Update Installed Hidden Rootkits on PCs (theregister.co.uk) 126
Capcom's latest update for Street Fighter V was installing a secret rootkit on PCs. An anonymous Slashdot reader quotes The Register:
This means malicious software on the system can poke a dodgy driver installed by Street Fighter V to completely take over the Windows machine. Capcom claims it uses the driver to stop players from hacking...to cheat. Unfortunately, the code is so badly designed, it opens up a full-blown local backdoor... it switches off a crucial security defense in the operating system, then runs whatever instructions are given to it by the application, and then switches the protection back on
Friday Capcom tweeted "We are in the process of rolling back the security measures added to the PC version of Street Fighter V." This prompted one user to reply, "literal rootkits are the opposite of security measures."
Friday Capcom tweeted "We are in the process of rolling back the security measures added to the PC version of Street Fighter V." This prompted one user to reply, "literal rootkits are the opposite of security measures."
This should be the death of Capcom (Score:5, Insightful)
Only a fool would install a game made by them after this.
Re:This should be the death of Capcom (Score:5, Insightful)
You mean, nobody is installing Sony software these days after the rootkit incident 2012? Right.
Re:This should be the death of Capcom (Score:5, Informative)
You mean, nobody is installing Sony software these days after the rootkit incident 2012? Right.
The Sony rootkit scandal was 2005 and was instigated by BMG who were in the process of being merged by Sony, consequently Sony took the blame. See the following [wikipedia.org] for more details. Yes the root-kit was a stupid thing to do but you would think that people would also blame the operating system and virus protection software for allowing this to happen.
I do understand Capcom were trying to stop people from cheating but there are much more acceptable ways although the more you try to prevent someone from cheating the more you penalise the honest player. The bottom line is if someone is determined to cheat they will find a way and the only way to reduce this is "Don't play with cheats."
Re:This should be the death of Capcom (Score:4, Insightful)
You do understand, I hope, that anitivirus and OS can't do jack against something the user wants to install, despite any and all warnings, yes? Which is, by the way, the way it SHOULD be, because the opposite is way worse: The OS deciding what I may and what I may not install on a computer I allegedly own.
Re:This should be the death of Capcom (Score:5, Insightful)
You mean like Windows 10 and updates?
Re: (Score:2)
That's one good example (a better one would actually be the Lenovo laptop blunder), another would would be the iPhone.
Re: (Score:1)
The point was you can't install anything on an iPhone unless the overseers of the precious walled garden deem it worthy (and profitable).
Re: (Score:2)
That is exactly the point of the whole damn subthread.
Re: (Score:2)
And how many of your precious little snowflakes whine about Apple's "walled garden" and then go fire up a game console?
Re: (Score:1)
Actually, you can install apps on your iPhone, without needing Apple to vet/sign the app, or pay extra to Apple, or jailbreak your iPhone to do it.
Re: (Score:2)
That's great news!
Could you please reply here with step by step instructions on how to accomplish this?
Thanks.
Re: (Score:1)
See this:
http://apple.stackexchange.com/questions/206123/xcode-7-develop-for-ios-without-developer-account [stackexchange.com]
Re: (Score:2)
Re: (Score:2)
Do you honestly think that Apple is any way better at this?
Re: This should be the death of Capcom (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Your information is from the early 2000, at best. Or from some rather outdated antivirus tool. AV software is today way more than just a collection of hashes.
Re: (Score:2)
Re: (Score:2)
It's a bit more complicated than that. There's behaviour analysis, pattern analysis ... ok, in the end, it's "bad code". But the analysis does end at known code, it is quite possible to flag code as suspicious that you have not analysed before. There has been a lot of development in the past years, and the detection gets better. It's still too prone to false positives to be part of a scanner, but it is already a very valuable analysis tool.
Re: (Score:2)
You mean like Windows Update just installed several applications on my PC without my prior acceptance?
- Google Earth
- Xbox (?)
- Groove Music
Re: (Score:2)
You mean, nobody is installing Sony software these days after the rootkit incident 2012? Right.
2012? It was in the 90s on CDs. Or did they do it again?
Re: (Score:2)
After the CD stunt they pulled the same shit with their USB sticks. I think that was just a few years after the CD incident so there are probably more instances.
Don't buy a Sony.
I fully buycutted them for 15 years, but had to pardon them recently to buy a compact flagship cellphone, they were literally the least evil, all other options had done MUCH MUCH worse, and more recently. At least as far as I know, which is why I am interested in whether they did it recently.
Re: (Score:2)
I am not.
Re: Adding Capcom to tech boycott (Score:5, Insightful)
What we need to be doing is getting executives arrested for violating the Computer Fraud and Abuse Act. That awful law has been used to prosecute hackers and hobbyists for much more minor things than this, and has been twisted enough to fit various cases that there's more than enough precedent now.
Re: (Score:2)
What we need to be doing is getting executives arrested for violating the Computer Fraud and Abuse Act. That awful law has been used to prosecute hackers and hobbyists for much more minor things than this, and has been twisted enough to fit various cases that there's more than enough precedent now.
Ya, I can see the CFAA being used against a user who bypassing the company's root kit.
Re: (Score:1)
Even then : the law goes above every EULA.
Re: (Score:1)
First, the idea of "meeting of the minds" is an old common law concept that strongly influences how contract law works in the U.S., but it is not used in the U.S. the way it used to be--partially because of jokers like you.
Second, the idea of "meeting of the minds" does not mean what you think it means. It implies that a valid contract requires mutual intent and understanding. There are three situations where a meeting of the minds does not occur under reasonable circumstances, and so a contract doesn't exi
Re: (Score:2)
Personally, I'm crying like there's still no port of Eternal Champions to Linux. Dammit, I miss my Genesis sometimes.
Re: (Score:2)
Whaddaya know. Problem solved [letsplaysega.com].
Re: This should be the death of Capcom (Score:1)
Re: (Score:2)
Well, even before this. If you ever played the new SF games, you will see that they are now just tekken clones. Absolutely nothing of the old SF games remain other than the title.
Good riddance capcom of today.
Re:STOP!! (Score:5, Informative)
Because people want to play video games..
Re: (Score:2)
Games and OSes (Score:3, Insightful)
Because people want to play video games...
Was does Windows have anything to do with couple of thousands games on Steam(*) that all run on any OS (Windows ; Mac OS X ; Linux) ?
Oh, yeah... "Triple-A games".
The kind of overrated content that rarely gets correct ports (Hi, Ryan Gordon, thank you for being the refreshing exception to this sad rule !), and is the most likely to b0rk your machine due to DRM (You know! Because "AAA" development costs a lot of money, and the "AAA" studios have to protect their revenue. By completely fucking the experience o
Re: (Score:2)
Yes, it's great that we're seeing more games going native multiplatform with linux. That said, linux still doesn't have the title availability that windows has.. So, if you're a pc gamer, you'll need a windows install at some point. With windows serving well enough for other tasks they may want to do, most just say 'fuck it' and run windows 24/7.
DRM sucks. Steam uses it too. I don't know why people exempt steam from criticism in this area. Anyway, this is tangential to the original point.
Re: (Score:2)
People exempt Steam for their DRM because it is nowhere near as intrusive as other DRM implementations.
Re: (Score:2)
You should be able to dispute a VAC ban of that type, just explain calmly in the email that you are a programmer and make your living using VS, and don't have a spare computer to use just for gaming.
It doesn't even make sense to ban someone for having a programming tool installed anyways.
SFV is for Linux (Score:2)
But Street Fighter V is available on Linux
You're right, this is pretty sad (Score:2)
http://steamcommunity.com/grou... [steamcommunity.com]
Didn't know since I just game on console. With all the problems PC ports have anyway I find it too frustrating to play on that platform.
And console (Score:2)
And not to mention consoles. I have a Linux PC but not a very powerful GPU so I play games on consoles. Works fine.
Re: (Score:2)
So does the PC version (afaik). The issue reported here isn't that the game doesn't work, it's that it installs a rootkit. From this perspective, your console is already rooted out of the box.
Re: (Score:2)
But Street Fighter V is available on Linux
And? There's lots of stuff that's available for Linux but runs better on Windows.
Re: STOP!! (Score:1, Informative)
Well, games on Steam for Linux are not installing stuff with root privileges.
Re: STOP!! (Score:2)
Re: (Score:1)
Sure the software could ask for root, but the password prompt would ring alarms instantly
Re: STOP!! (Score:3)
Because a Linux PC with an inexperienced user willing to run a game or dancing pig animation as root is every bit as bad as a Windows PC whose user will click 'yes' for any UAC prompt... maybe *worse*.
Poaching (Score:5, Funny)
I know ya'll in the tech industry love to poach employees from other companies... But REALLY Capcom!? Did you have to hire that guy from Sony !?!?
Re: (Score:1)
Re: (Score:1)
I know ya'll in the tech industry love to poach employees from other companies... But REALLY Capcom!? Did you have to hire that guy from Sony !?!?
I have no idea why Capcom bothered, all they needed to do is get in the good books with Microsoft and all the information pertaining to a suspect user is theirs for the asking. You have read the Windows 10 EULA, haven't you?
"Literal rootkits" (Score:2)
As opposed to figurative rootkits?
Re:"Literal rootkits" (Score:4, Informative)
As opposed to figurative rootkits?
No, in this case it is a figurative one, like literally literally often means.
This "rootkit" is missing the "kit" part, it is a backdoor that could be used to set up full rootkits.
Thanks for playing (Score:1)
Rootkit x antivirus, same concerns (Score:4, Insightful)
the code is so badly designed, it opens up a full-blown local backdoor
Sounds like antiviruses: they're supposed to fix problems and filter out malware, but such complex software requires excellent optimized algorithms and code, which unfortunately is still due.
Re: (Score:1)
The PC version of SFV has been universally regarded as superior to the PS4 version. In fact, this was the update that supposedly finally brought the PS4 version up to the level of the PC version.
Re:Had to be done (Score:4, Interesting)
People aren't whining about Capcom trying to stop cheating from happening.
People are rightly complaining that Capcom's attempt to stop cheating from happening placed your computer one step away from being part of a botnet or worse.
Re: (Score:2)
Street Fighter IV was well regarded in not needing a high end PC or GPU, I think.
On the other hand, PC version of Street Fighter II was unspeakable, but it was the tail end of rip off arcade conversions made by contractors for atari/amstrad/commodore/amiga etc., quite some time ago. So.. you get a 16 bit computer version with the beautiful backgrounds and characters, but they're turned into drunk paper dolls that jump higher that the depth of the screen and the controls are designed for a single button joys
Re: (Score:2)
(correction : it was Halo 1, delayed Windows version. Looked bland without pixel shaders, and the textures were low res. Perhaps it would have been more fun on the original Xbox)
Going from bad to worse (Score:2)
SFV was already a mediocre, overpriced, overhyped and unfinished piece of junk. But this really is the dingleberry on top of the shit sundae.
Sic transit gloria Capcom. They really did make some awesome games in their time, but it seems today they rely on brand name alone to pump out turd after turd.
Re: (Score:2)
Great, so next time you buy a house I won't hear you complain about shoddy insulation, leaky windows, doors I cannot lock and moldy rooms because it has walls and a roof, so the most important things are there. But I promise to deliver the door locks and insulation within the month, promised. I'll also deliver the missing walls and shingles when we remove the mold.
Then 6 months later I come and charge you extra for all that. Without delivering it, of course.
I am sure I won't hear a single complaint from you
Re:Who decides that (Score:5, Interesting)
I doubt that. Massive screw-ups like these are usually a team effort. You know, "engineers" that cannot explain the feature well or do not really understand it themselves, "managers" that make decisions without a clue about what they decide on, and so on. I have seen this numerous times in action. It is really quite fascinating to watch how dysfunctional most/all corporate decision-making processes are in large corporations.
Re: (Score:2)
Actually, in countries with a working legal system, this _is_ a criminal offense. The problem is that the legal profession is so far behind the times (and never understood how reality works anyways) that criminals like Capcom will go free.
Don't buy uncracked software (Score:3, Interesting)
Cracked software is the only software that has been given an independent in-depth review of its security measures. Buying uncracked software opens your computer to every malice the original author has stooped to in order to seize control of your computer.
And more often than not, the EULA makes it rather hard to get legal recourse for damage intentionally done to your computer. In contrast, a cracker inserting malicious code may go to jail for it.
I'd have liked to finish off this posting with "/s" but there really is no suitable placement for the starting sarcasm tag.
Hmmm.... makes me ponder.... (Score:2)
Considering the whole mess that PC game was is a half-baked, barely ported console clone, one has to wonder whether that rootkit exists in the console version as well, and whether it can be used to gain control over the system...
Why should rootkits only work against the interests of the person owning... ok, that's saying too much, "being in the possession of" is a better term ... the machine?
Sounds highly criminal (Score:2)
Where is the intrepid prosecutor that throws them all in jail?
Oh, wait, the US police state does not do that to representatives of companies, because they might be able to fight back. Better to only do it to individuals that cannot defend themselves...
Legal consequences... (Score:1)
The only thing I wanna see is if this will result in a class action lawsuit like what happened in Sony's case back... in the 90s was it?
It'll say something about the current state of forgiveness for huge screw ups in this day and age of broken games and gamers being used as beta or alpha testers of new releases.
Sonic Boom there goes your OS. (Score:2)
Only the proprietors know the details. That's bad. (Score:3)
This sounds like another instance of proprietary malware to add to the list [gnu.org]. And nobody should trust a proprietor to "roll back" their malware (just as some of the Twitter.com followups suggest), regardless of whether they say this was a mistake. There's no reason to trust unvettable, uncorrectable, unsharable code and there's no reason why people should have to live with months-old backdoors while the only programmers allowed to inspect or fix the code apparently don't fix that code.
WHY THE HELL IS NOBODY GOING TO JAIL FOR THIS? (Score:1)
Re: (Score:1)
It was rolled back within a day, you're just a dick if you start fucking shit up because there's thousands of players playing the game. Same with the hackers stealling and ddos'ing sony and blizzard games, if you start, as in your own words, "fuck their shit up" you're simply being a dick to everyone that's trying to play the game.
Re: (Score:2)
This protects against malware that relies on infecting boot media with a compromised boot loader but not against rootkits that use OS drivers or some other attack vector.
Re: (Score:2)
Why make it hard on yourself? Just re-use your Ashley Madison login.
Re:Great news! (Score:4, Funny)
Why make it hard on yourself? Just re-use your Ashley Madison login.
I thought the point of Ashley Madison was to make it hard.
Re: (Score:2)
No, that's viagra spammers.
True - I stand corrected, or is that erected?