Get Your Filthy Hands Off My Kernel

It was a game I had been looking forward to playing for quite some time.

When my review copy arrived, I was thrilled, simply thrilled. I felt like a kid on Christmas morning. That evening, I perused the manual as I installed the game on my PC, ready to be transported into an exciting new world.

And then, as the install process finished, a window popped up informing me that the “StarForce” copy protection software/malware had been installed, and that I should reboot to complete the installation process.

How quickly a tranquil Christmas can turn into horrifying Halloween. “StarForce,” for those of you not in the know, is a set of programs designed to interfere with the proper operation of your Windows PC. The stated goal is to prevent copying, but given that the company that makes it is based in Russia, I think we can safely assume that their real motivation is simply they hate freedom, and want to destroy us and contaminate our precious bodily fluids.

The truly pernicious thing about StarForce is that it is installed with kernel privileges, thus allowing it to do more damage than your average program. And it’s not as if it’s a shim program that runs only when you’re running the game: it’s a device driver that is in operation all the time. Now, whenever people criticize StarForce, their PR team shows up talking about how it doesn’t decrease the reliability of systems it is installed on, how it is rock solid, and so on. This is a lie. Allow me to explain how this sort of thing actually works, drawing on my many years as a software developer.

1. Every program that has ever been written since the beginning of time is a buggy pile of garbage.

2. All modern operating systems run most programs in user mode, not kernel mode. This means that the lousy programs you run can, generally, only hurt themselves.

3. When you run a program with kernel or administrator privileges, it can now screw up the other processes on your machine.

4. And not only can it do so, it will do so, because it, like every program ever written, is a buggy pile of garbage.

Now that the StarForce infection was on my system, I had two serious problems. First, I needed to remove the malware. I’ll explain how I did that, below. Second, I needed to decide whether to pan the game because it installed a virus on my system.

Occasionally, I read a hand-wringing article on gamasutra or elsewhere, lamenting that PC gaming is dying, and wondering why. Allow me to explain why: I am reasonably confident that any random crack written by a Ukrainian hacker, downloaded from gamecopyworld.com is less likely to sabotage my computer than simply installing a game off a storebought CD or DVD. I’m no marketing expert, but I think that this just might be part of the problem.

“But wait!” I hear the game publishers whine. “Game consoles have copy protection, too! Why aren’t you criticizing them for it?”

That’s a good question. There are two good answers. First, disc-based copy protection on a PC shrinks the market for your game substantially. Second, I use my PC for work. If your stupid game interferes with my work, I will rip your arm from its socket and beat you with the bloody stump until you die.

Let me explain what I mean by “shrinking the market.” As compared to a game console, a PC has precious few advantages. PCs are heavier, more complex, and more expensive than game consoles. The one advantage PCs have is that many of us lug around laptops with us so we can do our work. When I get on a plane, I have to remember a lot of stuff. I have to remember my wallet, my keys, my passport, my laptop, my hotel reservation, and so on. If you think I’m also going to remember to lug around a case of CDs or DVDs so that I can play your game, which probably isn’t all that good anyway, you are sadly mistaken. Game publishers (and, of course, StarForce) are fond of claiming that crack sites like gamecopyworld are intended to help people “steal games”. I’m sure that some of this goes on. That being said, most of the people I know who use those sites use them so that they can play their legally acquired edition of your stupid game on their laptop without having to travel with their entire library of discs.

In other words, those of you in the PC gaming industry who promote disc-based copy protection schemes are trying as hard as you can to sabotage what may be the only advantage your platform has. This is so moronic that it practically defies comprehension. This, of course, is in addition to the fact that all of the disc-based copy protection schemes make your buggy, crashy programs even more fragile and less reliable. In our group of Neverwinter Nights players, for example, all of us at one point or another installed cracked binaries because it was the best way to make the product not fail so much.

The second reason copy protection is acceptable on consoles, but not on PCs, is equally simple: I use my PC to get work done. If a braindead copy protection scheme goes horribly wrong on my Xbox, the only harm done is that I can’t play a game. If your kernel-privileged copy protection scheme is installed on my PC, you are threatening my livelihood.

Recently, I uninstalled a program – Etherlords II – from my system, and also removed the StarForce drivers that it left behind. I then rebooted, and one of my disks was trashed, and lost gigabytes of data (most of it backed up, thankfully).

Maybe it was just a strange coincidence. Certainly, it’s not enough evidence to go around saying “StarForce trashes hard drives!” But whether or not it’s rational, I absolutely believe on a personal level that StarForce is to blame.

My kernel is not a toy for you to screw around with. Keep your hands off. And game developers, stop wondering why no one buys PC games anymore. We don’t buy them anymore because you keep fucking us over.

Here’s a thought: spend less time and money deploying software intended to keep people from stealing a product that isn’t worth stealing, and spend that time and money figuring out how to leverage the advantages of the platform you’re using, rather than trying to cripple and defeat them.

And, of course, the funniest thing – I don’t mean “funny ha-ha” but “funny pathetic” – is that StarForce doesn’t actually work. Anyone who is actually motivated to pirate a given game will be put off for no more than five minutes. The main effects of StarForce (and similar schemes) as copy protection are twofold: they cost developers money, and they frustrate and punish the legitimate consumers of the product.

What To Do?

None of this dicussion, however, helps me answer the question of whether I should pan the game that installed the malware on my system. It is however engaged, in a roundabout way, with my other favorite question: “Why are video game reviews so uniformly terrible?” Returning to Neverwinter Nights as an example, I’d say about 1 out of every 4 people I knew had difficulties with it, early on, as a result of its Safedisc copy protection.

I cannot recall reading a single review that talked about this. Plenty of discussion about it on internet forums, plenty of discussion among my friends (particularly my laptop-using friends), but in commercial game reviews? Not a word.

So: either game reviewers are shining, magical beings made of pure light whose Quantum Luck Field prevents them from encountering problems such as these, or they simply don’t think this matter is worthy of discussion. Whatever the case, it is clear that these game reviewers live in a different world from the rest of us.

So, here’s my promise to you. I’m not going to automatically pan a game just because it uses StarForce. But from now on, every Tea Leaves review is going to at least mention the copy protection scheme used by a given game. If I had trouble with the game because of the copy protection, I’ll mention that, too. I hope other reviewers will do the same. And if game publishers don’t want to be criticized for using copy protection schemes that degrade the quality of their product, then I guess they’ll have to make their choices a little more intelligently.

If you lay down with dogs, don’t be surprised when people notice that you have fleas.

How To Remove StarForce

Here’s how to remove StarForce 2 from your system, assuming you haven’t rebooted after it has been installed. Fire up a command shell and remove these files: %SystemRoot%\system32\drivers\sfsync03.sys, %SystemRoot%\system32\drivers\sfhlp02.sys, %SystemRoot%\system32\drivers\sfdrv01.sys. Next, remove these registry keys using regedit: HKLM\System\CurrentControlSet\Services\sfsync03, HKLM\System\CurrentControlSet\Services\sfhlp02, HKLM\System\CurrentControlSet\Services\sfdrv01. Lastly, google for a “crack” for your game so that you can run it without having it try to reinstall StarForce on you. If you rebooted before doing these things, then the malware will have installed some device drivers that are a bit stickier to remove. You’ll need to do some more work to get rid of those, but that tutorial is beyond the scope of this article.