Request to the open beta players (quick security check)

The new Heroes games produced by Ubisoft. Please specify which game you are referring to in your post.
User avatar
Kilfire
Leprechaun
Leprechaun
Posts: 38
Joined: 06 Jan 2006
Location: Cheshire, England
Contact:

Request to the open beta players (quick security check)

Unread postby Kilfire » 01 Feb 2006, 18:05

Star-Force(co) claim to have fixed the "privilege escalation" security hole in StarForce:
http://www.star-force.com/protection/pr ... =91&id=319

and to have done so before 10 Nov 2005:
http://www.star-force.com/forum/index.p ... #entry1075

Let's ignore their inflammatory writing style for a moment (or comment on it in the "Ubi & StarForce" thread). What interests me here is that, if this is true, then the version of StarForce attached to HoMM5 should not pose a security risk. Could anyone playing the beta please try the following?

[1] Check that your hard drive is formatted for NTFS, not FAT32. (If it's FAT32, then trying the test won't tell us anything)
[2] Log in as a limited user. Create a limited user account if you don't have one.
[3] Run any word processor or file editor - Word, Wordpad, Notepad, doesn't matter which.
[4] Type some random text.
[5] Try to save the file to C:\WINDOWS\SYSTEM32.

When I try, I get this error message: "You do not have permission to save in this directory. See the administrator to obtain permission. Would you like to save in the My Documents folder instead?".

You should see a similar message. However, if you can save the file, then either:
[1] the StarForce driver still has a security hole
[2] you have a spyware problem, or
[3] your windows partition is FAT32, not NTFS.

If several beta players try this and all of them can save the file, then the StarForce security hole is not fixed.

User avatar
Pitsu
Round Table Hero
Round Table Hero
Posts: 1848
Joined: 22 Nov 2005

Unread postby Pitsu » 01 Feb 2006, 19:07

I do get the error message...

User avatar
Kilfire
Leprechaun
Leprechaun
Posts: 38
Joined: 06 Jan 2006
Location: Cheshire, England
Contact:

Unread postby Kilfire » 03 Feb 2006, 01:25

Pitsu wrote:I do get the error message...
Thank you!

I think I can believe now that the StarForce version attached to HoMM5 will not breach security. The accusation's resurfaced on boingboing, but without specifying which version(s) of StarForce are affected.

I still see a question mark over why Star-Force are so vocal about denying that their product ever trashed disc drives, yet never bother answering the security hole accusation. Sure, the former is much more damaging if proved true, but the latter is so easy to counter, so long as the problem's really fixed.

But alas, the question of trashed drives is not resolved. On my first reading of I3thHouR's detailed description, I got the impression that if you had Service Pack 2 installed then you're safe. However, the "Boycott StarForce!" site is asking for reports of trashed drives, and one of the PC's described is so recent that it must have had SP2 installed. I'll be watching that thread with interest :(

User avatar
Bad Wolf
Leprechaun
Leprechaun
Posts: 37
Joined: 30 Jan 2006
Location: Israel

Unread postby Bad Wolf » 03 Feb 2006, 07:41

Hmm, well I have SP2, WinXP and I use a DVD-Burner...
And I've installed the beta of Heroes V on my pc with just a quick worry (didn't really believe any of that babble personally), but as far as my pc went, Everything is A-OK.

I can burn CDs and DVDs, I don't have security issues, my system isn't slower then usual (at least me thinks not :|). But there is one thing, when I uninstall HoMMV Starforce doesn't go with it, and I actually have proof, cause I uninstalled HoMMV, and I reinstalled it again (even after a restart, I think) and it didn't ask me to activate the game again, which means Starforce was still ON my pc, after HoMMV was gone...

But that kind'o'thing doesn't really worry me, since you can take care of Starforce if you really want to, but I don't cause... I have no probs with it...
The world is full of insanity, that has no cure. Labour to keep yourself stable, and your mind pure.
- Mid-Night Paladin

User avatar
Orfinn
Round Table Hero
Round Table Hero
Posts: 3325
Joined: 06 Jan 2006
Location: Norway

Unread postby Orfinn » 03 Feb 2006, 07:41

Nice hint guide. I'll follow those steps after I have got H5 after the realese, and if I dont get errors in the final version, well no worries about Star Force needed then?

User avatar
Gaidal Cain
Round Table Hero
Round Table Hero
Posts: 6972
Joined: 26 Nov 2005
Location: Solna

Unread postby Gaidal Cain » 03 Feb 2006, 10:07

Bad Wolf wrote: But there is one thing, when I uninstall HoMMV Starforce doesn't go with it, and I actually have proof, cause I uninstalled HoMMV, and I reinstalled it again (even after a restart, I think) and it didn't ask me to activate the game again, which means Starforce was still ON my pc, after HoMMV was gone...
Actually, it could just mean that there are some registry entries that weren't removed. Though that seems like a strange security system...
You don't want to make enemies in Nuclear Engineering. -- T. Pratchett

User avatar
Bad Wolf
Leprechaun
Leprechaun
Posts: 37
Joined: 30 Jan 2006
Location: Israel

Unread postby Bad Wolf » 03 Feb 2006, 11:28

Hahaha, the serial number is in fact in the registry, i just checked AND it really does not delete when you uninstall HoMM beta or at least, from my experiance it doesn't :D
The world is full of insanity, that has no cure. Labour to keep yourself stable, and your mind pure.
- Mid-Night Paladin

jamsz
Leprechaun
Leprechaun
Posts: 15
Joined: 27 Jan 2006

Unread postby jamsz » 03 Feb 2006, 15:18

This test is pretty badly tought off. What would any text editor have to do with Starforce. AFAIK Starforce doesn't make all programs execute with escalated privileges. Start the game with a limited account and try to save into a restricted folder may be a more indicative test, which is still pretty meaningless without exact knowledge on how Starforce escalates priviledges. As it is, this looks as if it was intentionaly done to be missleading of whether Starforce was fixed or not.

On the other hand, almost all games already require to be executed with Administrator privileges and I don't know of any gamers that don't use their computers as Administrators, so even if Starforce priviledge escalation wasn't fixed it's irrelevant to most users. This is not to say it doesn't have other bigger problems though.

User avatar
ThunderTitan
Perpetual Poster
Perpetual Poster
Posts: 23271
Joined: 06 Jan 2006
Location: Now/here
Contact:

Unread postby ThunderTitan » 03 Feb 2006, 15:44

jamsz wrote: On the other hand, almost all games already require to be executed with Administrator privileges and I don't know of any gamers that don't use their computers as Administrators, so even if Starforce priviledge escalation wasn't fixed it's irrelevant to most users. This is not to say it doesn't have other bigger problems though.
I thought that you only needed Admin privileges to install games. :|
Disclaimer: May contain sarcasm!
I have never faked a sarcasm in my entire life. - ???
"With ABC deleting dynamite gags from cartoons, do you find that your children are using explosives less frequently?" — Mark LoPresti

Alt-0128: €

Image

User avatar
Kilfire
Leprechaun
Leprechaun
Posts: 38
Joined: 06 Jan 2006
Location: Cheshire, England
Contact:

Unread postby Kilfire » 03 Feb 2006, 17:37

jamsz:
> This test is pretty badly thought out. What would any text editor have to do with Starforce.
> AFAIK Starforce doesn't make all programs execute with escalated privileges.


:embarrased:
If StarForce made a general privilege grant, it would've been a perfectly fine test. As it is, reading Starforce's announcement (yet!) again...
"...What we see here is that drivers may be accessed by any application. This application gets Administrator privileges..."
...you're right, a trojan would have to seek out the StarForce driver specifically instead of going through normal Windows file management. Sorry Pitsu!

jamsz:
> As it is, this looks as if it was intentionaly done to be missleading of whether Starforce was fixed or not.

I've been playing HoMM rather longer than any astroturfer shill - and unlike them, I'm human :) I picked up the series with the "Broken Alliance" demo, and I used to be part of the "Lazy Dragon Inn".

And I did admit to doubts about why they're not correcting public opinion on this one. Thinking about it again, the two most likely possibilities are:
(1) whatever change they've made won't stand up to close inspection
(2) they obviously don't believe it's a real problem, so they haven't pressed the issue with the game publishers. As a result, most of the older StarForce-d games that have this problem do not have a patch. (Wording in the article - "[publishers] can create a patch.", not "have created patches.")

jamsz:
> On the other hand, almost all games already require to be executed with Administrator privileges

Many older games keep their configuration in a .ini file in the installation directory, and saved game files in a subdirectory from there. You can't write to these locations from a limited account. The no-training-required solution is to be Admin all the time. The right solution is to make the config file and saved game directory writeable by everyone. XP home users will need the XP Home NTFS Security Shell Extension to do this.

The only application that I have to run at Admin level is AudioGrabber. It can't get low-level access to the CD drive otherwise.

> and I don't know of any gamers that don't use their computers as Administrators,
> so even if Starforce privilege escalation wasn't fixed it's irrelevant to most users.


Correct - for now. But if Microsoft are serious about security then they'll have to push everyone into dumping their legacy software and moving to limited accounts - and if you're serious about security then you'll make the move before then. The tools and the knowledge are already available or under development.

Five years from now any security hole of this nature will quickly get targetted by virus writers as one of the last remaining ways to hack the OS. I'd rather not get hacked in 2011 just because I want to play an old game. For one thing, I expect that Star-Force won't be around to sue by then. :devil:



...I can understand if learning to work as a limited user seems like a lot of hassle - especially if you've already dumped IE, got Ad-Aware, set Windows Update to automatic blah blah blah. All I will say is, there can be quite some time between an exploit appearing and being detected - let alone fixed. Given that email and browser programs are the biggest source of trouble right now, the quick and easy way to beef up security is to use DropMyRights to run them with reduced privileges.

User avatar
urbanmonk
Scout
Scout
Posts: 186
Joined: 06 Jan 2006
Location: Oregon, USA

Unread postby urbanmonk » 04 Feb 2006, 20:10

Gaidal Cain wrote:
Bad Wolf wrote: But there is one thing, when I uninstall HoMMV Starforce doesn't go with it, and I actually have proof, cause I uninstalled HoMMV, and I reinstalled it again (even after a restart, I think) and it didn't ask me to activate the game again, which means Starforce was still ON my pc, after HoMMV was gone...
Actually, it could just mean that there are some registry entries that weren't removed. Though that seems like a strange security system...
I believe you have to remove Starforce separately, it is not part of the uninstall for the Beta (you have to go to the Starforce site for the uninstall I remember reading).

User avatar
Campaigner
Vampire
Vampire
Posts: 917
Joined: 06 Jan 2006
Location: Campaigner

Unread postby Campaigner » 25 Feb 2006, 21:26

Bad Wolf wrote:. But there is one thing, when I uninstall HoMMV Starforce doesn't go with it, and I actually have proof, cause I uninstalled HoMMV, and I reinstalled it again (even after a restart, I think) and it didn't ask me to activate the game again, which means Starforce was still ON my pc, after HoMMV was gone...
StarForce doesn't get uninstalled when you uninstall a StarForce protected game cause that would break other StarForce protected games. It's the publishers decision whether to uninstall StarForce or not when their game gets uninstalled, but they won't do it cause that would make other StarForce protected games to stop working.

An easy checkbox which asks if you want to uninstall the StarForce drivers would be enough. It should ofcourse also tell if there are other games that require the StarForce drivers. Shouldn't surprise me if that is already implemented but publishers didn't include it.

User avatar
ThunderTitan
Perpetual Poster
Perpetual Poster
Posts: 23271
Joined: 06 Jan 2006
Location: Now/here
Contact:

Unread postby ThunderTitan » 25 Feb 2006, 22:30

Why wouldn't they include it? More likely SF considers it the publishers responsability to make such a program. But the publishers are just as lazy as the SF people.
Disclaimer: May contain sarcasm!
I have never faked a sarcasm in my entire life. - ???
"With ABC deleting dynamite gags from cartoons, do you find that your children are using explosives less frequently?" — Mark LoPresti

Alt-0128: €

Image

User avatar
Thelonious
Round Table Knight
Round Table Knight
Posts: 1336
Joined: 06 Jan 2006
Location: right behind the next one

Unread postby Thelonious » 26 Feb 2006, 09:35

ThunderTitan wrote:Why wouldn't they include it? More likely SF considers it the publishers responsability to make such a program. But the publishers are just as lazy as the SF people.
Then allow me. With just a bit of code even I could make such a message box...

If the publisher is really that lazy (so lazy to do 10 min. of work for an inexperienced highschool-student) then why make a game at all?
Grah!

User avatar
ThunderTitan
Perpetual Poster
Perpetual Poster
Posts: 23271
Joined: 06 Jan 2006
Location: Now/here
Contact:

Unread postby ThunderTitan » 26 Feb 2006, 12:46

I doubt thay would just have to make a message box.
Disclaimer: May contain sarcasm!
I have never faked a sarcasm in my entire life. - ???
"With ABC deleting dynamite gags from cartoons, do you find that your children are using explosives less frequently?" — Mark LoPresti

Alt-0128: €

Image

User avatar
Kalah
Retired Admin
Retired Admin
Posts: 20078
Joined: 24 Nov 2005

Unread postby Kalah » 28 Feb 2006, 11:33

Nice discussion. Please take it over to the StarForce thread, though. That thread could use some balanced talk.
In War: Resolution, In Defeat: Defiance, In Victory: Magnanimity, In Peace: Goodwill.


Return to “Heroes V-VI”

Who is online

Users browsing this forum: No registered users and 2 guests