Get Your Filthy Hands Off My Kernel

On March 14, 2006, in Games, by peterb

It was a game I had been looking forward to playing for quite some time.

When my review copy arrived, I was thrilled, simply thrilled. I felt like a kid on Christmas morning. That evening, I perused the manual as I installed the game on my PC, ready to be transported into an exciting new world.

And then, as the install process finished, a window popped up informing me that the “StarForce” copy protection software/malware had been installed, and that I should reboot to complete the installation process.

How quickly a tranquil Christmas can turn into horrifying Halloween.

“StarForce,” for those of you not in the know, is a set of programs designed to interfere with the proper operation of your Windows PC. The stated goal is to prevent copying, but given that the company that makes it is based in Russia, I think we can safely assume that their real motivation is simply they hate freedom, and want to destroy us and contaminate our precious bodily fluids.

The truly pernicious thing about StarForce is that it is installed with kernel privileges, thus allowing it to do more damage than your average program. And it’s not as if it’s a shim program that runs only when you’re running the game: it’s a device driver that is in operation all the time. Now, whenever people criticize StarForce, their PR team shows up talking about how it doesn’t decrease the reliability of systems it is installed on, how it is rock solid, and so on. This is a lie. Allow me to explain how this sort of thing actually works, drawing on my many years as a software developer.

1. Every program that has ever been written since the beginning of time is a buggy pile of garbage.

2. All modern operating systems run most programs in user mode, not kernel mode. This means that the lousy programs you run can, generally, only hurt themselves.

3. When you run a program with kernel or administrator privileges, it can now screw up the other processes on your machine.

4. And not only can it do so, it will do so, because it, like every program ever written, is a buggy pile of garbage.

Now that the StarForce infection was on my system, I had two serious problems. First, I needed to remove the malware. I’ll explain how I did that, below. Second, I needed to decide whether to pan the game because it installed a virus on my system.

Occasionally, I read a hand-wringing article on gamasutra or elsewhere, lamenting that PC gaming is dying, and wondering why. Allow me to explain why: I am reasonably confident that any random crack written by a Ukrainian hacker, downloaded from gamecopyworld.com is less likely to sabotage my computer than simply installing a game off a storebought CD or DVD. I’m no marketing expert, but I think that this just might be part of the problem.

“But wait!” I hear the game publishers whine. “Game consoles have copy protection, too! Why aren’t you criticizing them for it?”

That’s a good question. There are two good answers. First, disc-based copy protection on a PC shrinks the market for your game substantially. Second, I use my PC for work. If your stupid game interferes with my work, I will rip your arm from its socket and beat you with the bloody stump until you die.

Let me explain what I mean by “shrinking the market.” As compared to a game console, a PC has precious few advantages. PCs are heavier, more complex, and more expensive than game consoles. The one advantage PCs have is that many of us lug around laptops with us so we can do our work. When I get on a plane, I have to remember a lot of stuff. I have to remember my wallet, my keys, my passport, my laptop, my hotel reservation, and so on. If you think I’m also going to remember to lug around a case of CDs or DVDs so that I can play your game, which probably isn’t all that good anyway, you are sadly mistaken. Game publishers (and, of course, StarForce) are fond of claiming that crack sites like gamecopyworld are intended to help people “steal games”. I’m sure that some of this goes on. That being said, most of the people I know who use those sites use them so that they can play their legally acquired edition of your stupid game on their laptop without having to travel with their entire library of discs.

In other words, those of you in the PC gaming industry who promote disc-based copy protection schemes are trying as hard as you can to sabotage what may be the only advantage your platform has. This is so moronic that it practically defies comprehension. This, of course, is in addition to the fact that all of the disc-based copy protection schemes make your buggy, crashy programs even more fragile and less reliable. In our group of Neverwinter Nights players, for example, all of us at one point or another installed cracked binaries because it was the best way to make the product not fail so much.

The second reason copy protection is acceptable on consoles, but not on PCs, is equally simple: I use my PC to get work done. If a braindead copy protection scheme goes horribly wrong on my Xbox, the only harm done is that I can’t play a game. If your kernel-privileged copy protection scheme is installed on my PC, you are threatening my livelihood.

Recently, I uninstalled a program — Etherlords II — from my system, and also removed the StarForce drivers that it left behind. I then rebooted, and one of my disks was trashed, and lost gigabytes of data (most of it backed up, thankfully).

Maybe it was just a strange coincidence. Certainly, it’s not enough evidence to go around saying “StarForce trashes hard drives!” But whether or not it’s rational, I absolutely believe on a personal level that StarForce is to blame.

My kernel is not a toy for you to screw around with. Keep your hands off. And game developers, stop wondering why no one buys PC games anymore. We don’t buy them anymore because you keep fucking us over.

Here’s a thought: spend less time and money deploying software intended to keep people from stealing a product that isn’t worth stealing, and spend that time and money figuring out how to leverage the advantages of the platform you’re using, rather than trying to cripple and defeat them.

And, of course, the funniest thing — I don’t mean “funny ha-ha” but “funny pathetic” — is that StarForce doesn’t actually work. Anyone who is actually motivated to pirate a given game will be put off for no more than five minutes. The main effects of StarForce (and similar schemes) as copy protection are twofold: they cost developers money, and they frustrate and punish the legitimate consumers of the product.

What To Do?

None of this dicussion, however, helps me answer the question of whether I should pan the game that installed the malware on my system. It is however engaged, in a roundabout way, with my other favorite question: “Why are video game reviews so uniformly terrible?” Returning to Neverwinter Nights as an example, I’d say about 1 out of every 4 people I knew had difficulties with it, early on, as a result of its Safedisc copy protection.

I cannot recall reading a single review that talked about this. Plenty of discussion about it on internet forums, plenty of discussion among my friends (particularly my laptop-using friends), but in commercial game reviews? Not a word.

So: either game reviewers are shining, magical beings made of pure light whose Quantum Luck Field prevents them from encountering problems such as these, or they simply don’t think this matter is worthy of discussion. Whatever the case, it is clear that these game reviewers live in a different world from the rest of us.

So, here’s my promise to you. I’m not going to automatically pan a game just because it uses StarForce. But from now on, every Tea Leaves review is going to at least mention the copy protection scheme used by a given game. If I had trouble with the game because of the copy protection, I’ll mention that, too. I hope other reviewers will do the same. And if game publishers don’t want to be criticized for using copy protection schemes that degrade the quality of their product, then I guess they’ll have to make their choices a little more intelligently.

If you lay down with dogs, don’t be surprised when people notice that you have fleas.

How To Remove StarForce

Here’s how to remove StarForce 2 from your system, assuming you haven’t rebooted after it has been installed. Fire up a command shell and remove these files: %SystemRoot%\system32\drivers\sfsync03.sys, %SystemRoot%\system32\drivers\sfhlp02.sys, %SystemRoot%\system32\drivers\sfdrv01.sys. Next, remove these registry keys using regedit: HKLM\System\CurrentControlSet\Services\sfsync03, HKLM\System\CurrentControlSet\Services\sfhlp02, HKLM\System\CurrentControlSet\Services\sfdrv01. Lastly, google for a “crack” for your game so that you can run it without having it try to reinstall StarForce on you. If you rebooted before doing these things, then the malware will have installed some device drivers that are a bit stickier to remove. You’ll need to do some more work to get rid of those, but that tutorial is beyond the scope of this article.

 

10 Responses to “Get Your Filthy Hands Off My Kernel”

  1. Doug says:

    Would it be a violation of ethics for you to say what the game was?

  2. Frenzie says:

    Weblogpost of the week.

  3. Andy P says:

    Additional question: why CDs???? Show me ONE modern PC that doesn’t have a DVD drive. So why make me swap around SIX CDs during the installation process when it could fit on ONE DVD???

    Tangential to your point, but relevant because it’s another example of how PC game makers hate their public.

  4. Frenzie says:

    It’s indeed strange to assume that people would have a graphics card of at least the caliber of a Geforce 4, but not a DVD player.

  5. Mike Collins says:

    Great, so now the games industry is including Trojans. I figure the reviewers don’t notice it because they’re so HARDCORE! they’re suffering from Helsinki syndrome.

    The last PC game I played was Torment, which while fun, also required this initial patch just to keep the game playable for more than 15 minutes. I hadn’t been playing much beforehand, and poking through reviews, I saw the final straw for me. Gamespot has a stability rating for games.

    Call me weird, but I think a basic criterion for your product should be that it works. However, this is apparently a daring thought in PC gaming, where the purchaser is now some kind of alpha tester.

    I assume that at this point, the reviewers consist entirely of people sufficiently masochistic to play PC games, and they haven’t realized just how much of a problem they have. The same principle applies to more and more people I know; I keep getting the impression that the PC audience is dwindling because the people left playing PC games are willing to deal with a level of crap in their purchases that would make the average Trabant buyer pause.

  6. peterb says:

    Doug,

    It wouldn’t be a violation of ethics, but I wrote this as a separate article specifically because I didn’t think it was fair to give this game “special treatment” beyond mentioning in the review that it installs StarForce (which, when I write the review, I will). The list of games that install this malware is surprisingly large.

    I’m especially amused by the fact that a StarForce employee recently posted a link to a pirate torrent of Galactic Civilizations II on an internet forum, apparently because they were pissed off that Stardock didn’t use their copy protection scheme. Is there really any doubt that this is simply a high-tech version of the protection racket?

  7. Tom Moertel says:

    When reviewing a game, should you pan it for installing annoying,
    obnoxious, buggy, invasive, privacy-invading, and security-threatening
    software that gets in your way when trying to legitimately use the
    product you purchased to have _fun_?

    Yes.

    As I wrote on Tea Leaves earlier, when I buy a game, I am buying fun.
    That’s what the game’s makers promised me in their ads. That’s what
    the game’s makers promised me through their game’s packaging.

    Thus when I return home with a game and discover anything except fun
    in the box, I feel cheated. “This is _not_ fun. Did this thing just
    screw up my computer? Why didn’t somebody tell me this would happen?”

    If you are a game reviewer and you don’t accurately portray the level
    of anti-fun that comes in the box, you have cheated me. If a game is
    fun to degree N, but dealing with its copy protection and cleaning up
    the computer later is anti-fun to degree M, I would expect your game
    review to give me a clear sense of the overall fun: N – M. That is,
    after all, what I am buying.

    And if the game publishers don’t like it, just remind them that you
    are playing by _their_ rules. They no longer sell PC games. The only
    product they sell today is PC games bundled with anti-fun. If that’s
    what they sell, that’s what you must review.

    In my eyes, your duty is clear. You must review the entire product.
    Anything less is cheating your readers.

  8. r3dux says:

    Excellent article, and very well put.

    The entire DRM/Anti-Copy push currently being made by near everyone publishing media of any kind was a lost cause before it even began. Remember Robocop III on the Amiga? I think the first (and perhaps the last) game that shipped with a hardware dongle that went between the joystick and the port to cripple it for users without? And that the game was cracked and distributed before it was even officially in the shops? Where there’s a will there’s almost always a way. Even Sony with all their Rootkit sashays have decided to allow full HD via analogue through the PS3 (so it’s rumoured).

    Could this be because content producers are realising we destest their intrusions and won’t buy things that are both crippled and can cripple us? We can only hope.

    The stickers might say “Your failed business model is not my problem.” – but that doesn’t make it true. It feels like it’s all our problems. And we have to keep telling them that, not only with logically sound and witty diatribes, but with our wallets.

  9. jeff says:

    Hey,
    Network Admin with a kid here, so, I’m not a huge gamer but this was a great article, stuffed with knowledge and iced with sincerity. I have to add you to my favorites and when I do get around to needing game reviews or the like I will be sure to visit.
    Keep it Up,
    Jeff

  10. mdk says:

    thanks a lot for this blogpost! very usefull! it is the first time, someone tell me to see in my systemmanager the hidden drivers, because of this shit starforce protection. now i know why my explorer has those malfunktions. and this, by using the hole time only original games! fuck you game industry!