How SecuROM Damages Your PC
Friday, 01 August 2008 13:12

When we started Simmers Against SecuROM, along with everyone else we were baffled as to how SecuROM manages to damage some cd/dvd drives and shut down software like virus scans. It’s taken us nearly two months to get a solid understanding of what it’s doing, and the more we understood, the more it frightened us. We've had to simplify some of the explinations of these issues because some of these technical issues are highly complex, but we have provided you the links to all of our reference sources if you wish to read up further on the subject.

 

How is SecuROM able to cripple your PC?

 

SecuROM is able to cripple your PC because it installs itself to places in your PC which should only be accessed by the most critical parts of your PC, which then allows it access to parts of your PC which it shouldn't have the rights to access. There are different bits of your Operating System, which are called Ring 0, 1, 2 and 3. Ring 0 is sometimes referred to as The Kernel. The Kernel is usually used by your Operating System to run your whole PC and it has access to everything on your PC. Ring 3, which is the normal zone used by Software has much lower permissions. SecuROM installs itself to Ring 0, although it pretends it’s writing itself to Ring 3 by having a part of itself called the UA7service.exe written to Ring 3. This makes SecuROM look much less dangerous than it really is.

 

Why is it dangerous to have something write itself to the Kernel of your PC? Writing itself to the kernel of your PC allows SecuROM to shut down other programs on your PC that it shouldn’t be allowed to shut down. This includes equipment that you’re legally allowed to have. There’s a famous video on YouTube where a Gamer who owns a large number of games, shows how SecuROM won’t let him play a game because he’s got two cd/dvd drives on his PC. The inference that is drawn from this is that Sony DADC assumes that anyone who has more than one cd/dvd drive only has both drives in order to pirate games. This assumption is incorrect, many people have two drives for many different reasons, including my parents who are in their sixties and only use their PC to check their emails, who have two drives because when they got a dvd drive they kept the cd drive they originally owned. Issues with multiple drives are only one of many examples of how SecuROM interferes with equipment legally bought and purchased by normal users.

 

When SecuROM was originally introduced to the Sims, we were all baffled as to how it managed to crash people's CD and DVD drives. We have finally found a potential explanation of why this issue occurs. It appears that these processes occur in a Legacy part of Windows which is not designed to work for an extended period of time and are not supported in modern drives. This process can also be used by other manufacturers as a place to install their add-ons, which can lead to a conflict. The drive does not like the checks that SecuROM tries to have it do and then becomes unstable and crashes. We believe this explanation goes a long way to potentially clear up why we've had so many drives crash since the introduction of SecuROM to the Sims games.

 

Issues with SecuROM extend well beyond shutting down software and crashing your CD/DVD drive. There are also serious concerns about SecuROM attempting to steal your personal information and send it to Sony. From the earliest introduction of SecuROM into the Sims2 games, it was noted that the Sims 2 exe was attempting to independently dial out to Sony. This is of great concern because when it attempts to dial out, it uses what is called ssl connection, which means the connection is secure and it encrypts the data it sends to Sony so no-one is able to read the information SecuROM is sending home. This transmission is of great concern because the SecuROM website states clearly that SecuROM can be used to collect marketing data from customers. Sony does not have a blameless history with regards to this issue, and was also accused of collecting customer’s personal details during the Sony CD copy protection scandal. If they are sending personal data back via these transmissions, it is likely a breach of the law in many countries.

 

All of this is made more galling by the fact that these measures achieve naught in avoiding piracy. Word quickly reaches the legitimate gaming community that these games which include these draconian measures are being quickly hacked by Pirates and are being freely shared within a day to a few weeks, including an even more draconian version of SecuROM to be included with Spore.

 

We fully support EA in attempting to protect their intellectual property, but not at the cost of the stability of people’s PCs, the safety of their personal details or their ability to use products which they have legitimately bought and paid for. If EA stops treating it’s customers as criminals, they may well find that their customer base increases again. People want to buy Spore, Mass Effect and the other games that have SecuROM on them. They just aren’t prepared to risk their PC for a 50 or 100 dollar game.

 

We wish to thank 13th hour of R-Force for his extensive help in the creation of this article

 

Links

ExtremeTech explains how the Rings of your pc work, and their permission levels

Rforce forum thread covering the Ring0 and Drive instability

Spore Forum

Clearing up the SecuROM FUD

Neverwinter Nights thread that explains more aspects of the driver instability issue

Angry Gamer demonstrates SecuROM in action

SecuROM admits they encrypt their connection (point 15)

National Public Radio story about Sony's privacy breaches

The new version of SecuROM gets cracked within days

The Sims 2 tries to Dial out to Sony

 

The RYG/Prism Team
  		 

prism_button_180x50

kyg_wiki_button_180x50

drm_testers_needed

What do you think of Ubisoft's new DRM?
 

Maintaining Your PC: Hardware

Maintaining Your PC: Software

Maintaining Your PC: Security