SecuROM: Is it safe?

Sorry if this is the wrong place to be asking this question, but I'm really interested in getting the opinion of security-oriented and well-educated individuals on this topic!

I play a far number of games on my Windows 7 based machine. I enjoy it, even if it's frivolous, but lately certain trends emerging in the PC gaming world have been highly disturbing to me. The most disturbing has been the emergence of DRM - Specifically SecuROM.

SecuROM is apparently a low-level program that installs with certain games to prevent piracy. I could open a debate on its efficacy, but that would be a whole different thread. What I'm more interested in is if anyone can explain the security ramifications of SecuROM to me? This DRM scheme apparently stands watch over the system, and prevents the launch of it's guarded program if it sees anything it doesn't like - Such as virtual drives or certain programs that it deems 'hacker tools'. At one point in the past, it considered Process Explorer by Sysinternals a 'Hacker tool', but my understanding is it no longer does.

The most disturbing issue is that it locates virtual drives. I don't use virtual drives myself, but my understanding is that the detection of such virtualized devices means that SecuROM install to and operates on Ring-0. This is far, far more access than I'd be willing to grant a watchdog program for a game. The ring-0 claim seems to be established here.

My question is, would it be possible for an industrious and resourceful malware programmer to exploit SecuROM? Does SecuROM pose a significant threat to computer safety? Recently, there have been reports that AVG has been flagging SecuROM loaded games as containing Virut, but I'm not sure if that's a heuristics analysis of SecuROM behavior, or just a false positive.

SecuROM is showing up more and more, and I've only found heated arguments and mis/disinformation about it all over the web. How safe is it, really, and what potentials are there for it to be used and exploited by malicious parties? Sony makes SecuROM, and their track-record with making silent-install rootkits that other nasty people can exploit is, of course, not encouraging.

Thanks for any information that's given! I'm not the most intelligent person when it comes to the nitty-gritty of security issues, but I was hoping I might be able to educate myself further.

 

My own feelings about SecuRom or any other game DRM is to have a dedicated game PC on which you ONLY play games, update games, tie into game servers, etc. GAMES ONLY! Not using it to make credit card purchases or twittering or email.

Game consoles are the way to go if you want to only have one computer with games without DRM.

Why? Because computers were designed for scientific research in the beginning; business usage later on; gaming coming up on the present; and now interconnectivity with social sites and MMO's. DRM is a pariah on the face of computing. Even though untrusted, unproven, open to manipulation with loss of personal data, it is deemed necessary by companies who invest large amounts into gaming. Some will try to sidestep DRM like Stardock who had a great idea but found gamers will succumb to DRM to get the games they want (Mass Effect for example).

Not to change the subject but FDISR is one way you can have your cake and eat it too.

DRM? Not for this computer but it slimes on my gaming one.

SourMilk out