So some tech-savvy people have found that the browser plugins Uplay installs for you (without asking or telling you, mind you) have some Rootkit-like capabilities. Namely, it can execute any application on your computer without asking you, and then proceed to give those applications input. All of this from you simply visiting a link.
http://news.ycombinator.com/item?id=4311264
http://seclists.org/fulldisclosure/2012/Jul/375
The first link includes a proof-of-concept page which shows you how it can work, provided you have Uplay installed.
So yeah, if you've ever played any Ubisoft games on your PC, you probably want to disable the Uplay plugins and/or uninstall Uplay completely. Like, now.
They've forced all of their customers to install an extreme security risk just to play their games. But hey, atleast they kept their games from being pirated for a few days, right?
Ubisoft's "Uplay" exposed?
This is why anti-piracy tactics by publishers are horrible, horrible things: they make everything worse and more difficult for the honest paying consumer. Meanwhile, pirates will ALWAYS manage to pirate the games. What a fucking pointless endeavor.
Yeah, it seems there's no real need to panic and uninstall UPlay, losing all your saves. Just uninstall the browser plug-in and all should be fine.
It's a fuck up, but not as major as people thought at first.
While it is easy to disable the plugins, it is definitely as major as people make it out to be.Yeah, it seems there's no real need to panic and uninstall UPlay, losing all your saves. Just uninstall the browser plug-in and all should be fine.
It's a fuck up, but not as major as people thought at first.
Ubisoft is not the only ones who makes stuff do this.
Anyways, as others have said, easy to just disable it and move on with our lives.
It's not like it downloaded porn to my PC or killed my dog.. yet.
Well, thankfully, I have none of those games.
BTW, this is the list of games, if you don't want to click the link:
Ubifail.
I never bought any Ubisoft product on pc since they started this nonsense.
Vote with the wallet etc.
Why are people saying Ubisoft are a bunch of cunts as opposed to the people who worked on a way to fuck with others through a loophole in programming?
I'm sure Ubisoft wasn't sitting down in HQ rubbing their hands together thinking up of ways to fuck with their consumers. Their copy protection is somewhat unfortunate but this isn't really THEIR fault as much as you getting computer viruses through Windows isn't directly Bill Gates' fault. There are some malicious people who will look for ways to exploit any system and then make use of that knowledge to mess with innocent people - and they are the ones who are truly at fault.
Oh no how horrible... I don't really care, that doesn't seem directly offensive, and the poor security surrounding it makes it easy to disable, should you so desire.
When I clicked this thread I expected something truly disgusting, but this left me pretty indifferent.
That is exactly why nobody really cares about them, because that malicious element will always exist no matter what anyone does. Raging at them is a waste of breath. However, companies who make their customers jump through needless hoops, and in doing so make their customers vulnerable to those 'malicious people', are not something that anybody has to put up with. And the act of deciding not to put up with it usually just takes the form of saying 'Fuck off, Ubisoft, never again'.There are some malicious people who will look for ways to exploit any system and then make use of that knowledge to mess with innocent people...
The magnitude of this whole thing is flying over my head, anyone care to enlighten me on the subject of why it's catastrophic?
If a major publisher basically putting a backdoor for potential hackers on every single one of their customers' computers leaves you indifferent, I'm not sure what kind of news you were expecting.Oh no how horrible... I don't really care, that doesn't seem directly offensive, and the poor security surrounding it makes it easy to disable, should you so desire.
When I clicked this thread I expected something truly disgusting, but this left me pretty indifferent.
I have chrome and I don't have that plugin installed, the only Ubisoft game I've ever played are The Settlers 7: Paths to a Kingdom (which had the uplay drm crap) and Castle Empire Online (which was browser based but not uplay).
Seems like I should have this, I haven't played either game in almost a year, maybe the plugin is something recent.
Run the "test exploit" to see if you have it or not. It might be something fairly recent as well, I've no idea.I have chrome and I don't have that plugin installed, the only Ubisoft game I've ever played are The Settlers 7: Paths to a Kingdom (which had the uplay drm crap) and Castle Empire Online (which was browser based but not uplay).
Seems like I should have this, I haven't played either game in almost a year, maybe the plugin is something recent.
Edit: It seems they've now patched Uplay to adress this issue.
@Dagbiker said:
@SoothsayerGB what if im using internet explorer
Then you've got a whole different slew of infection vectors to worry about :P
Well, Heroes VI was a disappointment and Splinter Cell: Conviction's co-op never worked for me, so I already had enough reasons to regret both of those purchases. Now I feel pretty comfortable never buying a product from them again, though.
@Dezztroy said:
So some tech-savvy people have found that the browser plugins Uplay installs for you (without asking or telling you, mind you) have some Rootkit-like capabilities. Namely, it can execute any application on your computer without asking you, and then proceed to give those applications input. All of this from you simply visiting a link.
I think calling it a rootkit is a misnomer - what differentiates a rootkit from other malware is that it hooks deep into the operating system and alters self monitoring outputs to hide that the computer has been compromized. There's no evidence of any such "stealth" capability, just a sloppily made browser plugin with a big fat security hole.
Uh.... it's been fixed ya'll. Launch a Ubisoft game and the client will update itself with the fix.
edit: Also I never had any Uplay plugin show up in Firefox, despite having a few UPlay games installed. The most recent being Driver San Francisco. I had to launch the game from steam to even get to UPLay.
Please Log In to post.
Log in to comment