Facts & Experiments with 1.1 (demo) protection

[zzzspace]

But as I understand it, an official from ED did say that they are looking for an alternative to Starforce.

 

 

leafer, that may be reading too much into what was said, i.e. :

 

"At the moment we consider an opportunity of application of other protection for English version 1.1. I shall not answer questions while we shall not define precisely." – Chizh http://forum.lockon.ru/viewtopic.php?p=44878#44878

 

--

 

The point with StarForce is that there are numerous developer or publisher configurable levels of anti-pirate protection possible. I'd be surprised if ED intends to ditch SF protection. It may be that they'll only consider adjusting the SF implementation options (if they end up doing anything else) in order to be less objectionable for legal users. We shouldn't presume what Chizh meant here, and thus get the wrong idea about it.

[Klopsik206]

Many people have removed the demo in the fear that it is actively exposing their system to hackers and spyware, and that Starforce is sending information about them out into the internet.

 

That doesnt appear to be the case, and I want to focus here on actual observed facts.

 

While I can agree your test proves that SF does not send information, I DON'T agree it proves that SF does not expose the system to greater risk.

[Starlight]

Re: Facts & Experiments with 1.1 (demo) protection

 

I've noticed the same before. That why I was not panicing. :wink:

I'm using Sygate Personal Firewall as my firewall software. And I give auto-access only to trusted apps. Everything else needs my manual intervention... even explorer.exe (kernel, lsa shell, generic host - svchost, and NDIS User mode I/O driver - ndisuio.sys are blocked from the first day - that's why no DOS attacks..never..ever.)

 

So firewall heard nothing from StarForce so far.

 

You're not gonna see anything, now!!!!!!

 

Read my previous post!

 

It's not Starforce that sends data (at least now, with the full game it will check for the key), it's that the driver installed by starforce has a security leak that does allow other malicious software and or/routine to be run on your PC. It makes your PC exposed to attacks. Exposed means that you're not sure to see your PC attacked, but there exists such possibility!

 

This leak has been tested by security experts, it's not a "urban legend" of this forum, as someone still thinks

[Floyd]

 

You can try it for yourself:

1. Install LOCON v1.1 DEMO.

2. Download and unzip this “prove of concept” test:

http://www.wasm.ru/forum/files/_194194340__starforcemeat.zip

3. Run starforcemeat.exe.

4. Enjoy!

 

This starforcemeat.exe harmless, it is just to show you how StarForce “backdoor” can be exploited.

 

No offence, but YOU are concerned about security and want me/us to load and run an EXE from a russian web-site? Nah, come on, is this a test for n00b admins or what?

[Shaman]

Re: Facts & Experiments with 1.1 (demo) protection

 

I've noticed the same before. That why I was not panicing. :wink:

I'm using Sygate Personal Firewall as my firewall software. And I give auto-access only to trusted apps. Everything else needs my manual intervention... even explorer.exe (kernel, lsa shell, generic host - svchost, and NDIS User mode I/O driver - ndisuio.sys are blocked from the first day - that's why no DOS attacks..never..ever.)

 

So firewall heard nothing from StarForce so far.

 

You're not gonna see anything, now!!!!!!

 

Read my previous post!

 

It's not Starforce that sends data (at least now, with the full game it will check for the key), it's that the driver installed by starforce has a security leak that does allow other malicious software and or/routine to be run on your PC. It makes your PC exposed to attacks. Exposed means that you're not sure to see your PC attacked, but there exists such possibility!

 

This leak has been tested by security experts, it's not a "urban legend" of this forum, as someone still thinks

 

OMG Starlight. I'm not an OS noob. I don't use XP systems connect them just like this directly to the net, and let everything run automatically without my interventions.

I'm going to hear incomming traffic, I bet. - anyone who tries to exploit the driver, and I'm always very curious about any IP adresses trying to connect to my home comps.

Maybe you won't notice this, but that's your problem, not mine.

cheer up

It is not going to be that bad.

Your IE and XP SP2 Firewall are much more vulnerable to attacks than your starforce driver ;)

[Stormin]

Who can the Hell PROVE ME that we will be limited to 3 updates? Who can the Hell tell me exactly what we're talking about but suspicions born from nowhere? Who can tell me that ED officially decided to limit this product by this way?

 

Where is the INFORMATION? Wait and see!

I's like to see this exact information as well.

[Alfa]

One simple question....

 

is this forum moderated?

 

Yes!......so keep it civil ;)

 

Cheers,

- JJ.

 

Forum moderator

[Stormin]

Who can the Hell PROVE ME that we will be limited to 3 updates? Who can the Hell tell me exactly what we're talking about but suspicions born from nowhere? Who can tell me that ED officially decided to limit this product by this way?

 

Where is the INFORMATION? Wait and see!

 

Somebody said that there is this issue. Since it's something I don't know about, I wanna be sure before buying the game. I think at this point it's in ED's best interest to publish info on the 3rd party software they put into their product.

 

The info on Starforce leaks can be found on the Internet (do a google search or browse security sites). As of November 2004 there was no patch for that leak.

 

Installshield is used by ED, should there be a public debate and notification?

[Stormin]

O4ki

 

Go here and read:

http://xforce.iss.net/xforce/xfdb/18047

http://www.securityfocus.com/bid/11628

 

In short - Starforce drivers, installed in your system, will allow ring-0 type privileges to any mailitious code from ring-3 (user level). The worst case - any virus or trojan (written to take adwantage of the “backdoor” build into StarForce) can get OS privileges and totally control your system.

 

You can try it for yourself:

1. Install LOCON v1.1 DEMO.

2. Download and unzip this “prove of concept” test:

http://www.wasm.ru/forum/files/_194194340__starforcemeat.zip

3. Run starforcemeat.exe.

4. Enjoy!

 

This starforcemeat.exe harmless, it is just to show you how StarForce “backdoor” can be exploited.

 

Read what people like Sida and Starlight are saying, don’t just declare – I have no problem yet, then all is OK… It is not OK, you may start having problem after opening next malicious e-mail or accidentally visiting wrong web site, who’s authors may try to take advantage of this security hole.

 

Understand – average users have so many security holes in their OS, there probably many more chances that any other exploit going to get them first, the problem with the Starforce – even if user is doing all right steps to protect his PC, and not login into it with Administrative account every time to play games – this exploit will still allow malware to take control of his machine.

StarForce is just badly designed/written software.

 

But it does not metter.

:!: At the moment we consider an opportunity of application of other protection for English version 1.1. I shall not answer questions while we shall not define precisely.

 

Hopefully, as Chizh stated, they are looking and will find better copyprotection solution for LOCON v1.1.

 

This problem was reported in November 2004. It specifically mentions the Professional version. Is this same version and configuration being used by ED?

[Stormin]

But as I understand it, an official from ED did say that they are looking for an alternative to Starforce.

 

 

leafer, that may be reading too much into what was said, i.e. :

 

"At the moment we consider an opportunity of application of other protection for English version 1.1. I shall not answer questions while we shall not define precisely." – Chizh http://forum.lockon.ru/viewtopic.php?p=44878#44878

 

--

 

The point with StarForce is that there are numerous developer or publisher configurable levels of anti-pirate protection possible. I'd be surprised if ED intends to ditch SF protection. It may be that they'll only consider adjusting the SF implementation options (if they end up doing anything else) in order to be less objectionable for legal users. We shouldn't presume what Chizh meant here, and thus get the wrong idea about it.

 

Bingo. A reasonable approach.

[Guest ruggbutt]

 

Installshield is used by ED, should there be a public debate and notification?

 

Do not get me started about Installshield........... :D

[169th_Moose]

I dont rely see what all the "brouhaha" is all about, since your operating itself is already full of security flaws and holes. You think your safe? Guess again... The End :wink: And yes this includes myself.

 

My 2cents

[4c Hajduk Veljko]

Just to make an example. Sometimes there are new bugs discovered in operating systems (like Windows). The problem is not that the OS sends malicious packets or enstabilishes malicious connections. The problem is that the bug ALLOWS other software to do that. This is the reason why bugs and leaks must be patched.

 

Starlight, do you have any facts about Starforce vulnerability implementation in Lock On 1.1? If you do, post them here! No speculations please. Facts and only facts!

 

Also, what would be alternative copy protection that you would recommend?