Ubisoft's "Uplay" exposed?

So some tech-savvy people have found that the browser plugins Uplay installs for you (without asking or telling you, mind you) have some Rootkit-like capabilities. Namely, it can execute any application on your computer without asking you, and then proceed to give those applications input. All of this from you simply visiting a link.
 
http://news.ycombinator.com/item?id=4311264
http://seclists.org/fulldisclosure/2012/Jul/375
The first link includes a proof-of-concept page which shows you how it can work, provided you have Uplay installed.
 
So yeah, if you've ever played any Ubisoft games on your PC, you probably want to disable the Uplay plugins and/or uninstall Uplay completely. Like, now.
 
They've forced all of their customers to install an extreme security risk just to play their games. But hey, atleast they kept their games from being pirated for a few days, right?

This is why anti-piracy tactics by publishers are horrible, horrible things: they make everything worse and more difficult for the honest paying consumer. Meanwhile, pirates will ALWAYS manage to pirate the games. What a fucking pointless endeavor.

fucking Ubisoft cunts

This makes me glad I only play Ubisoft games on consoles.

Not cool..

i started boycotting ubisoft years ago. thank fuck for that.

I saw this on the Steam forums; yeah, not cool.

This somehow does not surprise me.

Sounds like they couldn't make it launch programs properly and took a nuclear approach.

Gaaah, I just wish they'd publish shit games so I could avoid them...curses!

Ubisoft has always had subpar programming. Im just glad I never installed Anno, or any other Ubi game on my new computer.

I wanted to uninstall Ubisoft Game Launcher, but it told me that doing so will result in removing ALL OF MY SAVEGAMES. Fuck, you, Ubisoft. Jesus.

Yeah, it seems there's no real need to panic and uninstall UPlay, losing all your saves. Just uninstall the browser plug-in and all should be fine.

It's a fuck up, but not as major as people thought at first.

@Gizmo said:

That's why I only SkidROW my Ubisoft PC games.

You don't have to play them...

Yeah, it seems there's no real need to panic and uninstall UPlay, losing all your saves. Just uninstall the browser plug-in and all should be fine.

It's a fuck up, but not as major as people thought at first.

Ubisoft is not the only ones who makes stuff do this. 
Anyways, as others have said, easy to just disable it and move on with our lives. 
It's not like it downloaded porn to my PC or killed my dog.. yet. 

Hmm. I have Anno 2070 on my PC and just checked for the firefox plugins, and can't see them.

Now I kinda regret buying Assassin's Creed Revelation during the Steam sale :/

Well, thankfully, I have none of those games.

BTW, this is the list of games, if you don't want to click the link:

Ubifail.
 
I never bought any Ubisoft product on pc since they started this nonsense.
Vote with the wallet etc.

I only have farcry 2 and its not on the list and I couldn´t find an plug ins ..... fiuh.... Im never buying an ubisoft game again

I have Splinter Cell on here, but no uplay plugin. Suck it Ubisoft.

@MooseyMcMan said:

This makes me glad I only play Ubisoft games on consoles.

Why are people saying Ubisoft are a bunch of cunts as opposed to the people who worked on a way to fuck with others through a loophole in programming?

I'm sure Ubisoft wasn't sitting down in HQ rubbing their hands together thinking up of ways to fuck with their consumers. Their copy protection is somewhat unfortunate but this isn't really THEIR fault as much as you getting computer viruses through Windows isn't directly Bill Gates' fault. There are some malicious people who will look for ways to exploit any system and then make use of that knowledge to mess with innocent people - and they are the ones who are truly at fault.

Oh no how horrible... I don't really care, that doesn't seem directly offensive, and the poor security surrounding it makes it easy to disable, should you so desire.

When I clicked this thread I expected something truly disgusting, but this left me pretty indifferent.

@Matfei90 said:

Hmm. I have Anno 2070 on my PC and just checked for the firefox plugins, and can't see them.

You should see them here.

There are some malicious people who will look for ways to exploit any system and then make use of that knowledge to mess with innocent people...

Are there any publishers left that we shouldn't be boycotting for some reason or other?

The magnitude of this whole thing is flying over my head, anyone care to enlighten me on the subject of why it's catastrophic?

Oh no how horrible... I don't really care, that doesn't seem directly offensive, and the poor security surrounding it makes it easy to disable, should you so desire.

When I clicked this thread I expected something truly disgusting, but this left me pretty indifferent.

I have chrome and I don't have that plugin installed, the only Ubisoft game I've ever played are The Settlers 7: Paths to a Kingdom (which had the uplay drm crap) and Castle Empire Online (which was browser based but not uplay).

Seems like I should have this, I haven't played either game in almost a year, maybe the plugin is something recent.

I have chrome and I don't have that plugin installed, the only Ubisoft game I've ever played are The Settlers 7: Paths to a Kingdom (which had the uplay drm crap) and Castle Empire Online (which was browser based but not uplay).

Seems like I should have this, I haven't played either game in almost a year, maybe the plugin is something recent.

@Dagbiker said:

@SoothsayerGB what if im using internet explorer

Then you've got a whole different slew of infection vectors to worry about :P

Lets not use Uplay. It is a silly program.

Well, Heroes VI was a disappointment and Splinter Cell: Conviction's co-op never worked for me, so I already had enough reasons to regret both of those purchases. Now I feel pretty comfortable never buying a product from them again, though.

@TMThomsen said:

Now I kinda regret buying Assassin's Creed Revelation during the Steam sale :/

ditto

@Dezztroy said:

So some tech-savvy people have found that the browser plugins Uplay installs for you (without asking or telling you, mind you) have some Rootkit-like capabilities. Namely, it can execute any application on your computer without asking you, and then proceed to give those applications input. All of this from you simply visiting a link.

I think calling it a rootkit is a misnomer - what differentiates a rootkit from other malware is that it hooks deep into the operating system and alters self monitoring outputs to hide that the computer has been compromized. There's no evidence of any such "stealth" capability, just a sloppily made browser plugin with a big fat security hole.

@Dagbiker: settings menu> manage addons

wow that is horrible. i don't buy ubisoft games on pc as of DRM. a lot of companies like to put DRM in it.

Uh.... it's been fixed ya'll. Launch a Ubisoft game and the client will update itself with the fix.
 
edit: Also I never had any Uplay plugin show up in Firefox, despite having a few UPlay games installed. The most recent being Driver San Francisco. I had to launch the game from steam to even get to UPLay.

@Matfei90 said:

Hmm. I have Anno 2070 on my PC and just checked for the firefox plugins, and can't see them.

You should see them here.

Only Ubi games I have are the Far Cry games both I think don't have the Uplay nonsense.

I miss days where you turn a console on, put in a game and it just goes.

@Hizang said:

I miss days where you turn a console on, put in a game and it just goes.

You can still do that...

This is about the PC.

@Gizmo said:

That's why I only SkidROW my Ubisoft PC games.

Right, THAT's why you do it. I get ya...

I didn't know they clandestinely install browser plugins. Why does a DRM system need to do this? This takes "intrusive" to the next level.

Good thing I don't use that piece of shit service.