Carbonyl
December 10th, 2009, 11:04 AM
Sorry if this is the wrong place to be asking this question, but I'm really interested in getting the opinion of security-oriented and well-educated individuals on this topic!
I play a far number of games on my Windows 7 based machine. I enjoy it, even if it's frivolous, but lately certain trends emerging in the PC gaming world have been highly disturbing to me. The most disturbing has been the emergence of DRM - Specifically SecuROM.
SecuROM is apparently a low-level program that installs with certain games to prevent piracy. I could open a debate on its efficacy, but that would be a whole different thread. What I'm more interested in is if anyone can explain the security ramifications of SecuROM to me? This DRM scheme apparently stands watch over the system, and prevents the launch of it's guarded program if it sees anything it doesn't like - Such as virtual drives or certain programs that it deems 'hacker tools'. At one point in the past, it considered Process Explorer by Sysinternals a 'Hacker tool', but my understanding is it no longer does.
The most disturbing issue is that it locates virtual drives. I don't use virtual drives myself, but my understanding is that the detection of such virtualized devices means that SecuROM install to and operates on Ring-0. This is far, far more access than I'd be willing to grant a watchdog program for a game. The ring-0 claim seems to be established here. (http://reclaimyourgame.com/index.php?option=com_content&view=article&id=56&Itemid=61)
My question is, would it be possible for an industrious and resourceful malware programmer to exploit SecuROM? Does SecuROM pose a significant threat to computer safety? Recently, there have been reports that AVG has been flagging SecuROM loaded games as containing Virut, but I'm not sure if that's a heuristics analysis of SecuROM behavior, or just a false positive.
SecuROM is showing up more and more, and I've only found heated arguments and mis/disinformation about it all over the web. How safe is it, really, and what potentials are there for it to be used and exploited by malicious parties? Sony makes SecuROM, and their track-record with making silent-install rootkits that other nasty people can exploit is, of course, not encouraging (http://en.wikipedia.org/wiki/Sony_BMG_CD_copy_protection_scandal).
Thanks for any information that's given! I'm not the most intelligent person when it comes to the nitty-gritty of security issues, but I was hoping I might be able to educate myself further.
I play a far number of games on my Windows 7 based machine. I enjoy it, even if it's frivolous, but lately certain trends emerging in the PC gaming world have been highly disturbing to me. The most disturbing has been the emergence of DRM - Specifically SecuROM.
SecuROM is apparently a low-level program that installs with certain games to prevent piracy. I could open a debate on its efficacy, but that would be a whole different thread. What I'm more interested in is if anyone can explain the security ramifications of SecuROM to me? This DRM scheme apparently stands watch over the system, and prevents the launch of it's guarded program if it sees anything it doesn't like - Such as virtual drives or certain programs that it deems 'hacker tools'. At one point in the past, it considered Process Explorer by Sysinternals a 'Hacker tool', but my understanding is it no longer does.
The most disturbing issue is that it locates virtual drives. I don't use virtual drives myself, but my understanding is that the detection of such virtualized devices means that SecuROM install to and operates on Ring-0. This is far, far more access than I'd be willing to grant a watchdog program for a game. The ring-0 claim seems to be established here. (http://reclaimyourgame.com/index.php?option=com_content&view=article&id=56&Itemid=61)
My question is, would it be possible for an industrious and resourceful malware programmer to exploit SecuROM? Does SecuROM pose a significant threat to computer safety? Recently, there have been reports that AVG has been flagging SecuROM loaded games as containing Virut, but I'm not sure if that's a heuristics analysis of SecuROM behavior, or just a false positive.
SecuROM is showing up more and more, and I've only found heated arguments and mis/disinformation about it all over the web. How safe is it, really, and what potentials are there for it to be used and exploited by malicious parties? Sony makes SecuROM, and their track-record with making silent-install rootkits that other nasty people can exploit is, of course, not encouraging (http://en.wikipedia.org/wiki/Sony_BMG_CD_copy_protection_scandal).
Thanks for any information that's given! I'm not the most intelligent person when it comes to the nitty-gritty of security issues, but I was hoping I might be able to educate myself further.