LOMAC v1.1 copy protection – good news/bad news

[169th_Moose]

An informative article and an interview with someone from Starforce:

 

http://www.firingsquad.com/features/starforce_interview/

 

Note the part about the publisher/developer having many choices on how to configure the routine.

 

Yep, I've seen it, great article. Its linked on page 2 of this Thread :D :wink: S!

[oxking]

In Oxking's defense, there's a language barrier present ;) He didn't want to say that he doesn't care, but that there are too many people who don't anyway. And it's a fact that pretty much all games are available within hours after release in the warez scene, and many even earlier, without any sort of copy protection. So unfortunately issues with copy protection will even make it less attractive to get legal copies when the illegal ones come without those... not a new fact but still very much the case, which I think was his point with that remark.

 

Yeah, you got it. :)

Nice, that some people understand what i would say. :)

(Even in German forums, that is not allways given. *g*)

 

When i like something (like a Game or a CD), i buy it.

Or i go to the cinema to watch a movie, and buy the DVD.

But many people i know dont care, and have a lot of VCD Moviescreeners,

downloaded games, and illegal burned copys of CDs.

 

I must admit that i also download one or another Game or a Movie,

but only because i thought i dont like it, and just want take a look,

and i had never buyed this, even if i could not copy that.

But i when i notice i like that Game or movie, an i use it often

then i buy it! And i would never buyed it, when ive downloadet it before.

 

To ED:

Many users of German forums also decided not to buy 1.1

because of the Starcrap copy protection.

This protection realy is a saleskiller....

I hope for the game and the sellings of it,

that you reconsider your plans with the copyprotection.....

[schimmel]

Windows is not secure and yet I'll bet you run it every single day. The number of security upgrades is constant. That's life.

 

Come on, let's see some facts.

 

I'm one of those few who say that Windows XP is quite secure. I have no active antivirus and no firewall. I only use the f-prot dos version to check from time to time and I NEVER had any worm on my computer. Only on my parent's computer.

 

But IMO only because I never used Outlook, Internet Explorer, Media Player or MS Office. Without those programs Windows is very safe for home use IMO. Instead I use Thunderbird, Firefox (also Opera at some time), Open Office and bsplayer.

 

Now I still have to see if this is true for SF.

[GGTharos]

Uhm, no, XP is not secure, especially not out of the box. ;)

 

But regardless, this is a poor argument. Frankly too many companies right now take rather sweeping liberties with shooting your data around on the internet, and soon copy protecction will do the same. As long as those people are sresponsible and keep the /minimal/ data only required to do their job, things are okay ... as soon as this is violated ... problems.

[leafer]

:lol:

 

Ruggbutt,

 

Hey, for a while, I lived close to the southern parts of Thailand where people are gunned down and blown up on regular basis. So, it tickles me when I think about all the high school kids that still go to internet cafe to play online games the day after a car bomb exploded not too far away. So yeah, for some reason when I come on here and see you bitch about a game it's funny. I'm not saying I was right and you're wrong but just funny.

 

I apologize for calling you girly because at that moment, it's exactly what I thought of all the bitching. See, the problem is, I have this tendency to expect everyone to have thick skin and I realize that we grew up differently. So, my bad.

 

Anyway, life's too short, man. Just do the best to have some fun that's all I'm saying.

[Guest ruggbutt]

Roger that, you see things a bit different than I do. No harm done!!! 8)

[Dmut]

Well if ED aren't paying Dmutt for his efforts, they should be.

Thanks Ice, but I don't think I deserve it. I gave up too soon in all that SF-phobia threads, because it seems to me the most people don't read, but only posting... :?

[zzzspace]

@ZZZZZZspace:

whipe out the driver then go the registry editor and whipe out all directories named sfdrv01 and sfdrv02. You may have to give allow permition to all users by right clicking on those items.

 

 

Thanks Pilotasso, info very much appreciated mate, I gave up on it last night and went to bed, woke up a bit worse for wear for work though. Thanks again, I owe ya a beer. :)

[uhoh7]

Here we have a big long thread of potential customers in various stages of confision......

 

The whole thing could have been avioded with a bit of customer-developer communication.

 

Obviously there are some guys who know a lot about the issue and alternatives to STARwhatever which has a bad rep.

 

IT never hurts to MAKE FRIENDS WITH YOUR CUSTOMERS, find out their concerns and give them something close to what they want.

 

No you can't spend all day on the forum. BUt a few posts here and there go along way, as Oleg Maddox has proven (he may be driven crazy sometimes but he has made many fans with his interaction)

 

I don't even know who the lead developer is on this game. That's a shame and probably a lost opportunity.

 

But whatever....my real question is....WHERE IS THE GAME....WHO DO I PAY?

 

all the best, uhoh7

[JG27_Arklight]

Here we have a big long thread of potential customers in various stages of confision......

 

The whole thing could have been avioded with a bit of customer-developer communication.

 

Obviously there are some guys who know a lot about the issue and alternatives to STARwhatever which has a bad rep.

 

IT never hurts to MAKE FRIENDS WITH YOUR CUSTOMERS, find out their concerns and give them something close to what they want.

 

No you can't spend all day on the forum. BUt a few posts here and there go along way, as Oleg Maddox has proven (he may be driven crazy sometimes but he has made many fans with his interaction)

 

 

I don't even know who the lead developer is on this game. That's a shame and probably a lost opportunity.

 

But whatever....my real question is....WHERE IS THE GAME....WHO DO I PAY?

 

all the best, uhoh7

 

The developer has already posted in this thread. Apparently, many have chosen to ignore it. lol

 

Also, this thread has been here less then 2 days. I think this thread jumped up 7 or so pages in a few hours, lol, so the developers don't really have a chance to come here before it gets out of hand.

 

I'm sure they are spending a majority of their time trying to get 1.1 out. I don't think they have the time or manpower to spend huge allotments of time in the forum dealing with everybody.

 

If 1.1 is done then I say just release it. If people decide not to buy because of SF maybe they will later when they hear reports from the coimmunity about how most of this was just a bunch of hoopla and nothing more.

 

I was really hoping to play 1.1 this weekend but now it looks like that isn't going to happen, unfortunately.

[o4ki]

I'v managed to read some thies "pages" and make a decision that all of this shit is intrigues of SF comprtitors :wink:

All that posted in this thread - is totaly untrue and its very sad to see how varios people "eat" all this %$^#

Shame on the starters!

Im sure that ED will answer officaly on it.

 

PS - http://forum.lockon.ru/viewtopic.php?t=3433

[schimmel]

Is this guy from Texas? :roll: :D

[Bogun]

No, this guy is probably from Germany or France... ;)

[tflash]

From what I have learned from my contacts at TFC/ED this is all a big nothing. They know what they are doing and have researched this subject in depth. They will make a statement at the appropriate time. I'm not their spokesman and I sure as hell don't miss having to deal with hysteria like this crap. Some of you are really being ignorant. If the shoe fits, wear it. Why not wait for the facts?

 

 

The fact is this highly controversial piece of software ended on my PC after installing the demo, from a software vendor I did trust, without an appropriate warning.

I hope you do not refer to that with "They know what they are doing ..." ?

 

I am very supportive of ED finding a good, viable solution to distribute their software over the internet without being ripped, but I'm having doubts if they are chosing the right partner and I think they missed an opportunity to communicate about that BEFORE I installed the demo.

 

So, in the future, I would appreciate that their "in-depth subject research" would not take place on MY PC, tnx.

 

Let's remove our tinfoil hats for a second. Just what did this copy protection routine do to you or your system that is so evil? Please provide some specifics.

 

The demo installs a StarForce device driver; this is of course no evil as such, but it is good practice to notify the user that this will be installed and give information how to uninstall it. In no way this driver was what the potential customer expected to install: I'm installing a game, not a device. The specific problem is that a device driver always has an impact on your system as a whole, so it goes beyond selling an application to someone, when you install a driver. Furthermore this driver is not necessary for testing the demo.

 

As this thread shows, the device driver in question is controversial. I wont make a statement on that. Some would argue that such a device driver, if it where to operate at ring 0, constitutes as such a liability and security risk. I don't know. What I do know is that a lot of trouble would have been anticipated if ED had clearly indicated that they distributed the demo together with a StarForce device driver.

 

I think this whole discussion IS important, but it shouldn't scare you off: if ED is pursuing the road to internet distribution, what I strongly encourage, they have to take these issues into account and get a good communication strategy about it. Now, I won't insist any further: I made my point, I've nothing to add, I just hope ED can take our feedback into account, we all want their product to succeed!

[Stormin]

Lots of software utilzes drivers on your system or put drivers on your hard drive. Can someone please provide some solid proof that there is a security risk in Starforce. In particular, please show that the specific type and version being used by ED with the configurations that have been selected by ED pose a security risk in any way?

[Floyd]

Lots of software utilzes drivers on your system or put drivers on your hard drive. Can someone please provide some solid proof that there is a security risk in Starforce. In particular, please show that the specific type and version being used by ED with the configurations that have been selected by ED pose a security risk in any way?

 

Well, i don't think anyone here can do that. Please look there:

 

http://securityfocus.com/

 

select 'Vulnerabilities' and 'Starforce' in the vendor pulldown. If that has frightened you enough ;-), choose 'Microsoft' to get a "real kick of paranoia".

 

So - IMHO - everybody who is really serious about security would never connect a Windowx XP system to the internet and visit dubious sites with Internet Explorer.

[Pilotasso]

Lots of software utilzes drivers on your system or put drivers on your hard drive.

 

heh dont go that way, youll loose. One wrong doenst justify the other.

While its not tragedy to be horrified with, one cannot use the same argument of its neighbor to do the same mistake, may it be a on purpose or not, its not justifyable.

 

Can someone please provide some solid proof that there is a security risk in Starforce. In particular, please show that the specific type and version being used by ED with the configurations that have been selected by ED pose a security risk in any way?

 

Talk is cheap. ;)

 

We are not certain that its not either, because no proof is given that it is secure and with its reputation who can then blaim us?

 

Garauntees will only be given after long term usage not by those who naturaly say wonders to sell their product.

 

 

I dont know if you noticed, but every time we speak about the defects of starforce everybody goes straight to security problems and then the thing that worries most the custumers is forgotten:

 

What worries me are not the backdors (we already have enough of them already everytime we swich on the PC's) but rather if any limitation will be imposed on my freedom to used a product Ill eventualy be paying for.

 

That is the question form me and its legitimate. no one can acuse me of hysteria.

[Hodgepodge]

Lots of software utilzes drivers on your system or put drivers on your hard drive. Can someone please provide some solid proof that there is a security risk in Starforce. In particular, please show that the specific type and version being used by ED with the configurations that have been selected by ED pose a security risk in any way?

 

The fact that it runs in kernel space(being a driver) makes it a risk. Applications are supposed to be ran in user space, which means that the OS does various kinds of management for them, like memory protection. This means that a regular application can never do something 'wrong', like overwrite memory of another application, access files the user doesn't have permission to, or make the whole operating system crash. When you run applications like this that use their own drivers to gain kernel space access to your system, its like stepping back 13 years into times of Windows 3.11. Yeah, there are some applications that require this kind of access, I have a packet sniffer and a registry monitor application installed on my system that use similar drivers to do their thing. But a game doesn't need such access, the only reason why starforce runs in kernel space is because it makes debugging it, and thus "cracking" it, harder. This is certainly not a good practice, and the fact that there apparently are vulnerabilities in the driver that can allow any thread to gain administrator priviliges is another bad thing. And there are other concerns too, like future support as I mentioned in my earlier post.

 

But starforce is not the "end of the world", its just something I prefer not to have on my system. If a game requires it, I have no choice but to not play the game. And I'm certainly not going to buy games that I cant play. If it becomes a common practice to use drivers like this in games and applications, we'll soon be in a situation where every application we run throw all protection out of the window and just run in kernel space. Then we might as well go back to using DOS & Windows 3.11 and say goodbye to all progress that even Windows has finally had to actually making it stable.

[Bogun]

Lots of software utilzes drivers on your system or put drivers on your hard drive. Can someone please provide some solid proof that there is a security risk in Starforce. In particular, please show that the specific type and version being used by ED with the configurations that have been selected by ED pose a security risk in any way?

 

Stormin, you live in California, USA.

I assume you can not only write but also read English. :)

Why don’t you try to read this thread from the beginning?

Why don’t you try to find the confirmation of the existence of the “backdoor” Dmut posted here?

Why don’t you try to run the test I offered for everyone to illustrate how vulnerable you PC become and how StarForce “backdoor” can be exploited.

If you are having problem with reading, how else can we help you? Call you to explain?

[Stormin]

Lots of software utilzes drivers on your system or put drivers on your hard drive. Can someone please provide some solid proof that there is a security risk in Starforce. In particular, please show that the specific type and version being used by ED with the configurations that have been selected by ED pose a security risk in any way?

 

Stormin, you live in California, USA.

I assume you can not only write but also read English. :)

Why don’t you try to read this thread from the beginning?

Why don’t you try to find the confirmation of the existence of the “backdoor” Dmut posted here?

Why don’t you try to run the test I offered for everyone to illustrate how vulnerable you PC become and how StarForce “backdoor” can be exploited.

If you are having problem with reading, how else can we help you? Call you to explain?

 

It is you that needs to read more carefully. I stated I wanted information about risks with the specific version and configuration that ED was going to use for the product.

 

I recommend you read this:

 

http://www.star-force.com/index.phtml?id=606&type=5&add=1&category=200

 

Being a smartass isn't helping matters so please stop.

[Stormin]

The majority of the doom and gloom is now moot. Read Wags statement in the other thread.

[Alfa]

The majority of the doom and gloom is now moot. Read Wags statement in the other thread.

 

It has been moot all along Carl - doom and gloom usually is ;)

 

Cheers,

- JJ.

[Stormin]

Regarding the so called security risk:

 

http://www.star-force.com/index.phtml?id=606&type=5&add=1&category=200

 

The problem reported in Nov 2004 has been addressed by Starforce.

[Bogun]

It is you that needs to read more carefully. I stated I wanted information about risks with the specific version and configuration that ED was going to use for the product.

 

I recommend you read this:

 

http://www.star-force.com/index.phtml?id=606&type=5&add=1&category=200

 

Being a smartass isn't helping matters so please stop.

 

All right, I will try read and write more carefully...

(English is a second language for me, after all)

 

In this thread Dmut said Russian CD version of 1.1 was to be protected by “Starforce 3 Pro”.

In this thread Dmut said Western "download" version was to be protected by “StarForce ProActive 1.1”.

As I understand - both current versions of StarForce products.

Dmut tested and confirmed that both packages of StarForce software that ED has - sucsaptable to "priviege escalation vulnurability".

Does this help?

[wolf8218]

Ehh, theres one small problem. since Lock On doesnt need very many registry keys (you can literally copy the entire directory to another and use a no-cd crack), this will be very easy to circumvent. I dont know if theyve changed the program very much, but im sure there will be some one to crack all these new protections.