Secret Rootkit! HADOUKEN!!!
Has SONY bought CAPCOM?
A fresh update for Capcom's Street Fighter V for PCs includes a knock-out move: a secret rootkit that gives any installed application kernel-level privileges. This means any malicious software on the system can poke a dodgy driver installed by SFV to completely take over the Windows machine. Capcom claims it uses the driver to …
IANAL BIPOOTI, but intent. Admittedly intent also looks double-standardly if examined. Company putting code on your computer to harvest your private data: OK; you putting code on their computer to research their private data: crime. You accepted their software, albeit presented under pretences. They accepted your phishing email. Hmm, not much difference! Here the intent was to prevent misuse of the company's IP. But isn't there a caption for criminal negligence, reckless behaviour?
Too serious. Time for a singsong. After me, please:
"Fake fake fake
fake fake fake
fake BIPOOTI" (to the tune of "Shake Your Booty", for anyone under 50).
The issue is that neither in Sony's case, nor here there was a prosecutor brave enough (and interested enough) to file charges.
Seems a class action lawyer could have a good time with this given there is an easily definable class and arguably malicious action which could lead to claims of all sorts of issues for Sony's paying customers.
somewhere deep in the T&Cs/EULA there will be a clause to the effect of "If you click the 'I agree' button this will give us the right to fuck with your gear at any level and in any way we see fit, because
This company will be begging on its knees hoping that you forget that you cannot bind someone contractually to accept what is a criminal offence, because the "contracting party" as it were that you would have to deal with is the government, not the user.
You can't put in a contract "by playing this game you permit us to rob you blind and murder your first born" because both are classed as criminal offences.
The problem is thus not the contract, but law enforcement. No doubt the company is already busy hastily filling the coffers of relevant election campaigns to prevent any DAs from picking this up as something worth dragging through the courts. It can feel confident that it has at least some protection in that area, because the first DA to actually do the right thing would create a precedent that could harm a great many of these campaign contributions, for none of these companies would be able to cast the first stone. Yes, I'm a cynic, so sue me.
But by God, the industry needs a harsh kick up its collective rear ends for going back to respecting its customers, a kick harsh enough to resonate for a couple of years.
"...an application simply has to pass control codes 0xAA012044 and 0xAA013044 to the IOCTL, and a pointer to some instructions, and the driver will then jump to that block of code with full kernel permissions."
I'm not saying that some (Microsoft in this case) coders are incompetent morons, but if they were....what would be different?
It's a CPU level security feature. It's intel and AMDs fault for alllowing it to be disabled in the first place!!
No OS can be secure with such a gaping security hole in the hardware!!
Oh, wait. This can only happen if you install a malicious binary and click through the security dialogs? Maybe you should just not do that then...
AC "...you install a malicious binary..."
"You" who? You mean, like, manually? With bent paperclips and a battery? Or is the OS involved?
I don't think it's tenable position to claim that the OS is blameless here. Especially one that claims to provide security.
Why would the OS even allow USER CODE access to the CPU's security feature? Clear MS FAIL. They'll probably patch it next month.
AC "...click through the security dialogs..."
Are you sure that there were explicit warnings from the OS about the root kit that came with this game? I'll betcha that there were not any such thing.
It seems that my point stands. Arguable, sure. But still clearly valid.
It's not an escalation bug, it's done by design.
If someone installed some software on Linux which included a Linux kernel module which when called executed arbitrary code with kernel permissions, would that be Linux's fault or the software developer's? I'd say it's the second.
We are just waiting for the hammer to fall.
(Now the Obama administration is starting to look into Trumpic "Kremlin ties" ... I kid you not. Do they have anything to do? Except walk away from negotation tables like butthurt chihuahuas? The priorities in this world are very clear. Very, very clear.. Let fire from heaven take them all!)
Now the Obama administration is starting to look into Trumpic "Kremlin ties"
Well, that has taken them long enough. Anyone else publicly encouraging the Russians to break into ANY US entity's resources, let alone commit a clear hostile act by attacking government resources at that would have had a visit from people with a penchant for dark suits and sunglasses by now, but there appears to be an exemption for people with orange skin and weird hair (which, rumour has it, would include a large portion of Essex youth, but let's stay with the topic).
Do Presidential candidates get a free pass from criminal prosecution?
Uh-huh. Call it what you want, it's still malware.
Yup. That implementation amounts to causing wilful damage to a computer. Well, OK, so does installing Windows, but that's generically a bad idea that is industry accepted, but making it worse has definitely a criminal aspect to it. What's more, they've just admitted so by stating they won't stop doing it, no, they will only change what they're doing which translates as making the backdoor harder to find..
No, what you should apologize for is confusing your game with your right to the user's computer. And for being too stupid to not let the user cheat locally where there is no problem, and not being capable of finding a server-based solution to check server-based multiplayer.
I suggest you meekly go, hat in hand, and beg Blizzard to tell you how they prevent cheating on Diablo III without fucking over people's personal property.
You might even gain some intelligence in the process. God knows you seem to need it.
>the capcom.sys kernel-level driver
Why is Windows structured in such a fashion that a game retailer's code can reach deep into its guts and pull off something like this?
I realize that malicious code can hack its way where it's not supposed to. That's true on Linux, OSX, Windows, whatever. If there is a vulnerability and the cracker uses it, game over. Don't trust code blindly.
But is this what happened here? Seems like Windows is perfectly happy to play along - there is no indication of a vulnerability being used. "Just" a dishonest company - whose decision makers in this case should be liable for jail time for computer tampering, just as any old crook. Just like Sony's CD rootkit in fact. Is this really by design???
Or, am I in the wrong, and even on Linux you could do this crap without doing a kernel recompile? Or kernel module load of some sort, that you would need to agree to? Or, of course, an unpatched vulnerability - but that's still not by design.
On reread - in linked articles, there seems to be an indication that Windows was making the users aware of the kernel access.
If that warning was displayed through normal Windows process vetting mechanisms - and not through some particularly savvy Windows user's configuration and system auditing - that would put the onus on users to run like hell, but perhaps kinda exonerates Windows.
I just setup up a gaming machine to run Windows for one of my children. During the install, the ESEA (esea.net) client required Administrator access. I thought that was okay but it turned out, to play the game, they needed to run as Administrator to run the game.
As the Windows partition is only for this game, I am not super concerned. Of course ESEA was caught running a bitcoin miner with their anti-cheat client where details are on the net.
They know that they may lose the Windows if there are any major issues due to this issue. Even the EULA agreement is very broad.
Of course applications can disable security features if the user gives them permission to do so, which is exactly what is happening in this case. It's the same on pretty much every other OS in existence, because the alternative is a locked-down OS where users don't have root/kernel level access, such as iOS and Android, and pretty much every console OS.
Biting the hand that feeds IT © 1998–2019