Jump to content

1.1 Copy protection

Wags

By Wags
in Lock On: Flaming Cliffs 1 & 2

 Share

Recommended Posts

bflagg

bflagg

Posted
Posted
I dont know how I can prove it. all I can tell you is that I havent recieved any trojans or any other viruses in months. I havent visited to any unusual websites that I wouldnt normally go to. This virus just appeared after I installed th 1.1 demo. Here is the info on the trojan from the AVG antivirus program I use.

 

File name: sysdebug32.exe

File path: C:\WINDOWS\system32\

trojan horse Clicker.2.S 28 KB (28672 bytes)

 

There is nothing at the AVG anti virus web site about this.

nor Symantec (http://www.sarc.com).

 

Possible this is a false-positive?

Thanks,

Brett

Sealpup

Sealpup

Posted
Posted

Clicker...that sounds familiar, and I dont have the resources in front of me to be sure, but...

 

 

Have you ever installed Teamspeak? I know one of the DLL's there likes giving false virus warnings to most antiviruse scanners.

Lobolopez220

Lobolopez220

Posted
Posted

Sounds like the trojan clicker that comes in various guises. Read more here:

 

http://www.f-secure.com/v-descs/trojclik.shtml

 

and if you do a search on Google for Trojan Clicker you will get a lot more info. Basically it just connects to the web and repeatedly "clicks" on ads as set by the virus writer. 100% this has nothing to do with the Lockon 1.1 demo. You can try checking again with this http://www.ewido.net/en/?section=features . I havent used this software personally but its meant to be pretty good and free for 14 days....

 

Lobo

Stormin

Stormin

Posted
Posted
I dont know how I can prove it. all I can tell you is that I havent recieved any trojans or any other viruses in months. I havent visited to any unusual websites that I wouldnt normally go to. This virus just appeared after I installed th 1.1 demo. Here is the info on the trojan from the AVG antivirus program I use.

 

File name: sysdebug32.exe

File path: C:\WINDOWS\system32\

trojan horse Clicker.2.S 28 KB (28672 bytes)

 

There is nothing at the AVG anti virus web site about this.

nor Symantec (http://www.sarc.com).

 

Possible this is a false-positive?

 

I also tried to look it up with McAfee and there was no listing.

Gel214th

Gel214th

Posted
Posted

Good to know other options are being considered.

 

I don't know if the Dev team saw the post I made on Games Xtream service which seemed perfect for digital distribution of this sim.

 

http://www.gamexstream.com/

 

Also, StarForce itself is not a virus.

 

What it does is introduce vulnerabilities into the system which a trojan or worm designed to exploit those vulnerabilities can take advantage of to install itself onto the machine.

 

You all must have read about 'Exploits' in programs such as Internet Explorer. IE itself is not a virus, or a spyware package, but under the right conditions someone could use various 'features' of IE to maliciously install unwanted software and programs onto a system.

 

My understanding of the StarForce system drivers is that versions of them have vulnerabilities and can be exploited to install trojans and spyware. This is particularly troublesome since the StarForce copyprotection operates as a system driver that boots with the system from what I understand.

 

I am not sure if any Worms have been released that check for these vulnerabilities to spread trojans/spyware to machines, but it does introduce a vulnerability to your machine which you would need a seperate,properly configured firewall etc. to prevent against. The firewall also may not help if you have already allowed the StarForce protected game access to the internet to allow for Multiplayer play.

 

I'm surprised that StarForce hasn't acknowledged these issues and posted some sort of response other than providing a StarForce Cleaner for people that want to remove the driver files from their machines.

 

The exact text of a warning on one vulnerability is here :

Date: Nov 12 2004

 

Impact: Root access via local system

 

Version(s): 3.0

 

Description:

 

A vulnerability was reported in StarForce Professional. A local user may be able to obtain elevated privileges.

SecurityFocus posted a report credited to Bill Twuang indicating that there is a vulnerability in StarForce Professional 3.0. A local user can exploit a flaw in the drivers to gain elevated privileges.

 

No further details were provided.

 

Impact: A local user may be able to obtain elevated privileges.

 

Solution: No solution was available at the time of this entry.

 

Vendor URL: http://www.star-force.com/index.phtml?category=56&type=5 (Links to External Site)

 

Cause: Not specified

 

Underlying OS: Windows (Any)

 

http://www.securitytracker.com/alerts/2004/Nov/1012206.htm

 

http://xforce.iss.net/xforce/xfdb/18047

 

StarForce Professional is a CD-ROM/DVD-ROM protection system for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 operating systems. StarForce Professional version 3.0 could allow a local attacker to gain elevated privileges on the system. A local attacker could exploit a vulnerability with drivers that are installed when installing software that is protected by StarForce to gain elevated privileges on the system.

 

 

This is not a hacker site etc. but a legitimate site that posts vulnerability and security warnings. Anyone that said that StarForce does NOT have any known security vulnerabilities is sadly incorrect. At least one version does and AFAIK it is the latest version.

 

One should also note that on the Security Tracker website StarForce is the only Copy Protection company that is listed. i.e. Securerom, Laserlok et al do not seem to have these vulnerability issues whether they use some sort of .dll or not. It is clearly the way in which StarForce chooses to effect copy protection that leads to this issue being a possible problem with their Copy Protection software, because it seems to tie itself so closely to the system.

GGTharos

GGTharos

Posted
Posted

I'll point out that the vulnerability introduced by Star-Force allows priviledge elevation to administrator LOCALLY. THat means that some program on your computer could gain administrator level access once run on your computer. IT CANNOT DO SO OVER THE NETWORK! SF DOES NOT OPEN A DOOR IN YOUR COMPUTER FOR STUFF TO JUST JUMP IN FROM THE NET!

 

Lastly, this vulnerability affects you ONLY if you are attempting to run things as a normal user in order to keep things safe. If you are runnign as ADMINISTRATOR then this vulnerability means NOTHING to you since any program that you execute /already/ has administrator priviledges!

 

Period, end of story.

 

Paranoia off. :P

[sIGPIC][/sIGPIC]

Reminder: SAM = Speed Bump :D

I used to play flight sims like you, but then I took a slammer to the knee - Yoda

Gel214th

Gel214th

Posted
Posted
I'll point out that the vulnerability introduced by Star-Force allows priviledge elevation to administrator LOCALLY. THat means that some program on your computer could gain administrator level access once run on your computer. IT CANNOT DO SO OVER THE NETWORK! SF DOES NOT OPEN A DOOR IN YOUR COMPUTER FOR STUFF TO JUST JUMP IN FROM THE NET!

 

Lastly, this vulnerability affects you ONLY if you are attempting to run things as a normal user in order to keep things safe. If you are runnign as ADMINISTRATOR then this vulnerability means NOTHING to you since any program that you execute /already/ has administrator priviledges!

 

Period, end of story.

 

Paranoia off. :P

 

There is a trojan that remotely accesses a computer through a local user account.

 

If the StarForce vulnerability is present, a trojan could therefore escalate its priviliges to administrator and have full admin privileges. I am not aware of any trojan that specifically uses these tried and true methods to gain access to the system AND also checks for Starforce vulnerability. But it *is*possible, and it escalating privileges is a common method by hackers to gain access to a machine.

 

I don't know how much you have read up on computer security or how much knowledge you have on the subject, but my understanding is that any vulnerability that allows privileges on your machine to be escalated from user accounts is a serious vulnerability.

 

You may want to look at past IE vulnerabilities which have been classified as 'serious' and patched for reference that most people would be familiar with.

 

Here is an article you can read to better acquaint yourself with the subject matter:

http://www.informit.com/articles/article.asp?p=102181

 

If an attacker gets low-privileged access to your machine, and then tricks an administrator into running a command, the attacker can escalate privileges. One of the most common tricks attackers utilize in Windows is to create a privilege-escalating Trojan horse named cp. On Windows, the copy command is used to copy a file, and there is no default command named cp. However, users sometimes mistakenly type cp when they try to copy files. If they type cp in a directory where the attacker placed a Trojan horse with that name, the attacker could easily get that user's privileges on the machine.

 

This is a simple example, but it should alert you to the fact that a program, already ON the machine which can be accessed remotely, that has the vulnerability to escalate local privileges is a serious problem. If you still cannot understand the relevance and seriousness of allowing a program with a known vulnerability, especially one that runs at the system driver level onto your machine you do not comprehend the ways in which vulnerabilities and flaws in system drivers can be exploited to install malicious software onto your machine.

GGTharos

GGTharos

Posted
Posted

Gel, I'll say this again ... if you're running as admin already, it's game over. Anything that gets into your computer doesn't need to ask squat, unless it's trying to break in by hacking once of the local user accounts (such as guest etc) but that's incredibly unlikely given the 'standard' methods of trojan delivery. Once that trojan enters your computer, and you've grabebd it from the net yourself while running as admin, it has all the priviledges it needs.

And you correctly pointed out that the StarForce vulnerability allowing such priviledge escalation is -not- the only such hole around so ... it's really not a huge problem. That isn't to say that it shouldn't be fixed ...

 

Serious! :D

[sIGPIC][/sIGPIC]

Reminder: SAM = Speed Bump :D

I used to play flight sims like you, but then I took a slammer to the knee - Yoda

golfsierra2

golfsierra2

Posted
Posted
Gel, I'll say this again ... if you're running as admin already, it's game over. Anything that gets into your computer doesn't need to ask squat, unless it's trying to break in by hacking once of the local user accounts (such as guest etc) but that's incredibly unlikely given the 'standard' methods of trojan delivery. Once that trojan enters your computer, and you've grabebd it from the net yourself while running as admin, it has all the priviledges it needs.

And you correctly pointed out that the StarForce vulnerability allowing such priviledge escalation is -not- the only such hole around so ... it's really not a huge problem. That isn't to say that it shouldn't be fixed ...

 

Serious! :D

 

I'm running a Win2000 system with only myself as user, means that I'm running it with Admin rights all the time. I think, that there are many more running their PC either with XP or an older Windows logged in with Admin rights, so the threat created by having SF on these machines is imminent and more widespread as one thinks.

A big factor for disapproving SF as a copy protection IMHO. :!:

kind regards,

Raven....

[sigpic]http://www.crc-mindreader.de/CRT/images/Birds2011.gif[/sigpic]

GGTharos

GGTharos

Posted
Posted

Uh, I don't think you understand the vulnerability at all. It is, in fact, -not- a threat when you're running as administrator, since any malware that attacks your comptuer DOES NOT NEED the hole in SF to elevate its priviledges.

[sIGPIC][/sIGPIC]

Reminder: SAM = Speed Bump :D

I used to play flight sims like you, but then I took a slammer to the knee - Yoda

Lipfert

Lipfert

Posted
Posted

Hola,

 

I wanted to ask some questions about this technology from Star-Force, however they won't even speak to you unless you sign an NDA with them.

 

That in itself is of great concern and don't tell me to sit down have a beer and not be concerned, privacy is my concern and just who is Star-Force to demand an NDA before they will even answer questions about spying on me (I could be wrong, but I'd like to know alot more about the controls given to developers and how they control software on my computer).

 

I recently purchased an Audio CD with copy protection that won't work in my car, how blasted stupid is that?

 

My question is, if I now remove the Demo v1.1 copy from my system will Star-Force be removed aswell? If not, then I'm already "NOT' happy with the intrusion :evil:

 

Update, I've uninstalled the Demo and manually deleted the Star-Force stuff and everything seems to be working.

 

This is just not what I expected at all.

BBushe

BBushe

Posted
Posted
Hola,

 

I recently purchased an Audio CD with copy protection that won't work in my car, how blasted stupid is that?

 

My question is, if I now remove the Demo v1.1 copy from my system will Star-Force be removed aswell? If not, then I'm already "NOT' happy with the intrusion :evil:

 

This is just not what I expected at all.

 

These are the issues that concern most of us. Starforces answers have been largely unsatisfactory. However they DO provide an uninstall utility, which you should use to remove the product after removing the demo.

 

I was amused by their defense posted on the website, regarding the vulnerabilities. Their first defense was 'Oh, another company has/had the same vulnerability'; ok I won't buy from that other company either. The second defense can be paraphrased to ' it'll only affect those who are concerned about security, and don't run as admin on their own machine'.

 

As for your comment on AudioCD, that for me is the worst example of corporate greed and the best example of why anti-piracy measures don't work: they only inconvenience the ligitimate user. CD-checks that don't work , having to have a bundle of fragile CDs to swop in and out when you play different games, and now CD protection that spies on you. I looked up GTR and Colin McRae 5, both recent Starforce protected games, and there are cracks freely available on the web. Just like any other CD-protection scheme.

The pirates just crack 'em, and the people who actually buy the stuff have a miserable time. :roll:

 

But you have to have sympathy for the authors of the software: they spend their time making the best product they can, endless hours researching baffling technical documents full of jargon, have to pay now to license anti-piracy software (that won't work for long), have to pay to license the aircraft from the manufacturers (who don't like free advertising I guess), and then they get to read endless post after endless post about how crap their products are...

zzzspace

zzzspace

Posted
Posted
I looked up GTR and Colin McRae 5, both recent Starforce protected games, and there are cracks freely available on the web. Just like any other CD-protection scheme.

 

 

Yes, I checked this, SF games have been cracked however, it’s also true that cracking them is involved and problematic. The latest SF version has been upgraded to prevent the approaches to cracking SF protected new games. Simply saying cracks are possible and being d/l ignores the complexity involved. SF has made it much more difficult, and the latest SF version has not been cracked. FC with SF will eventually be cracked but it may take many months, and even then, it will occur in comparatively small numbers due to the difficulty.

 

Mission accomplished, investment protected (...mostly).

 

The new SF upgrade is free for all SF's clients so FC should come with this newer level of protection, in which case, there will most likely be no almost immediate downloading of a crack. ;)

 

As regards security concerns, I doubt the people at ED would want their own systems undermined either, so if there were significant security risks to ED itself from using SF in 1.1 … do you really think they'd use it?

||| Romanes eunt domus ||| zzzspace V2.0 REAL SOUND for DCS World - and all Modules |||

Lipfert

Lipfert

Posted
Posted

Nero users at SimHQ are reporting the S-F disables the software, I guess your guilty by association then?

 

I do feel terrible that people copy software, it bites, but I will not be treated as guilty by association.

 

S-F has no right to disable anything on a persons system that is not related to the blasted v1.1 Demo

 

Should I email them or ED and ask what software I'm allowed to use on my computer?

 

Sorry, this continues to be very bad news all around.

kam

kam

Posted
Posted
Nero users at SimHQ are reporting the S-F disables the software..

 

Nero still works fine over here, infact I burned the demo to a dvd only yesterday.

Intel 5820k | Asus X-99A | Crucial 16GB | Powercolor Devil RX580 8GB | Win 10 x64 | Oculus Rift | https://gallery.ksotov.co.uk

Patiently waiting for: DCS: Panavia Tornado, DCS: SA-2 Guideline, DCS: SA-3 Goa, DCS: S-300 Grumble

Lipfert

Lipfert

Posted
Posted
Mission accomplished, investment protected (...mostly).

 

I love your sound packs, but I strongly have to disagree here. I'm glad they want to protect the hard work and I feel very sorry that people are cheating them, but they have no right to disable software on users systems.

 

Somehow they need to come up with a better solution. Read the message boards, people are really worried about this approach.

Jester_159th

Jester_159th

Posted
Posted
Mission accomplished, investment protected (...mostly).

 

I love your sound packs, but I strongly have to disagree here. I'm glad they want to protect the hard work and I feel very sorry that people are cheating them, but they have no right to disable software on users systems.

 

Somehow they need to come up with a better solution. Read the message boards, people are really worried about this approach.

 

I think it very likely that zzzspace has read these forums more than you have. As it is you are continuing to complain about Starforce when the original post in this thread (from Wags no less) has stated that they're looking into other options to Starforce for copy protection purposes.

 

Since it has now been confirmed that ED are looking at the options (and bear in mind leaving themselves out of pocket by once again postponing the release of FC) don't you think it's time to wait and see, rather than to continue beating a drum that is, with all due respect, starting to sound rather badly broken by now?

Lipfert

Lipfert

Posted
Posted

Jester,

 

I'm just looking for answers and I do want to see ED do well with this release and the series.

 

I'll sit back and see what happens. My reaction is justified though, make no mistake about it.

 

Perhap's S-F is a good choice? I don't know, it's the feeding method that sent off alarms and the response to my questions from S-F.

 

As I said in the other forum, I'll shut up now and see what happens.

ARM505

ARM505

Posted
Posted

What happens when I want to play for 'old times sake' in 10 yrs? I still want to play older sims such as LB2 for example. Would I be able to get the thing running then? Maybe in the final patch they could disable the protection, in a few years time (when the final patch is done!

Lipfert

Lipfert

Posted
Posted

Star-Force is back on my system, even though I uninstalled the Demo and manually deleted it.

 

Anything I should know about getting rid of this that might be a problem? And what is the best method to clean my system of it.

 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...