Ubisoft's Uplay exposed as rootkit, millions of PCs could had been hacked.

[El Mano]

Typical Ubisoft crap

http://news.ycombinator.com/item?id=4311264

Ubisoft installs a backdoor that allows any website to take over your computer. The Sony BMG rootkit was also DRM and required product recall when it was discovered.

http://www.rockpapershotgun.com/2012...soft-pc-games/

Says the expert we spoke to, “you could click on a weblink, thinking you were visiting the BBC News Website from a friendly list of bookmarks. Except it’d also install a program via UBISoft’s DRM plugin which wiped your hard drive. It is a genuine threat. All it would take is an exploited wordpress, say.”

If you have played Uplay games recently you should take measures.
It's disgusting, Ubisoft is not only a bunch of s but a bunch of retarded s.

[himaro]

What is it with Ubisoft and hating PC gamers?
I swear they're trying to screw us over at every chance they can

[kromosto]

it is really sad but pirated games are becoming most safe games to play.

[ajaidev]

it is really sad but pirated games are becoming most safe games to play.

Agreed my PS3 also downloads stuff without my knowledge via the network, its a good thing net speeds are on the lower side here and i can notice the sudden slowness in speed. I need network access to play multiplayer games but this hidden way of downloading stuff is just too much.

At least for the PC i can use pfsense with PS3 the pfsense does not work at all.

[lutjens]

Next steps:

1) Gamers get ticked after reading stuff like this about the crappy DRM on Ubisoft's games and stop buying them.
2) Sales fall through the floor.
3) Ubisoft blames the drop in sales on piracy and throws more DRM on their games.
4) And we head back to step 1...

Self fulfilling prophecy, IMHO...

[CrimInalA]

"millions of PCs could had been hacked"

so many people that have this ubisoft fail installed ? Strange .

[naokaji]

The price fund Activision, EA and Ubisoft are fighting for must be massive and the criteria who wins very simple: who succeeds in destroying pc gaming for all eternity?

[Syn.]

Apparently its been patched.

http://www.neogamr.net/news/ubisoft-...n-uplay-system

[masterg]

Apparently its been patched.

http://www.neogamr.net/news/ubisoft-...n-uplay-system

thats what they tell you <_<

[Pontos]

Every day I regret buying Settlers 7 more and more...
Good thing i reformatted my PC a few months ago and didn't reinstall it yet. Will wait until it's confirmed this has been addressed before I even consider installing it.

Guess that I'll not be buying HoM&M6 and Anno 2070 anytime soon, which pisses me to no end since i want to give Ubisoft my money. They just do everything they can to convince me otherwise.

[NEOAethyr]

Next steps:

1) Gamers get ticked after reading stuff like this about the crappy DRM on Ubisoft's games and stop buying them.
2) Sales fall through the floor.
3) Ubisoft blames the drop in sales on piracy and throws more DRM on their games.
4) And we head back to step 1...

Self fulfilling prophecy, IMHO...

Offtopic.
They sure spend lots of time and money on drm while the user has to spend there time removing it.
What's funny is we pay in cash for this just so they can repeat this.
Sometimes it's so bad that game plain don't work.
Which leads me to believe sometimes that they spend more time on drm then they do bug testing the games.

I hate to admit in the public this, since it's really a nono.
But cracks are the way to go, only verified/grouped none virus'ed ones of course.
Maybe you can't go online with it, but at least the games plays, and without the junk that bogs up your system.

[SKYMTL]

Who cares if it has been patched. It should never have been there to begin with for crying out loud!

Governments are so eager to go after Microsoft, Google, etc. Time to bring some serious charges against Ubisoft in this case.

[NEOAethyr]

I don't think it needs to goto court if they are willing to dump drm...
They would never do that though.

[Syn.]

Who cares if it has been patched. It should never have been there to begin with for crying out loud!

Governments are so eager to go after Microsoft, Google, etc. Time to bring some serious charges against Ubisoft in this case.

Will see if anyone goes for it.

http://www.dailytech.com/article.aspx?newsid=25289

[zanzabar]

Who cares if it has been patched. It should never have been there to begin with for crying out loud!

Governments are so eager to go after Microsoft, Google, etc. Time to bring some serious charges against Ubisoft in this case.

it did not get patched, it dose not actively run in the background unless it is open now. if you leave it open it still will take info from the browser if you sign it with ubis key (and it is so hard to fake a known key.) and it still is a root kit. do they not understand that they should not install background hidden services and uplay even changes system 32files and loads a hidden driver.

[labs23]

Why does UBI has to fail a lot? Seems like they have issues each year since yesteryears - a thing other than releasing games prolly. LOL!
Too bad, I'm a fan on some of their titles.


Ooh wait, I won't be surprised if Blizzard follows; w/ something like this news.

[schoolslave]

Did anyone read the link?
Apparently it is ONLY the browser plug-in that causes this issue.....

[Chrono Detector]

Another reason why you should avoid Ubisoft's products like a plague. Not only they force you with unnecessary DRM and now there are security exploits? Epic fail, what a load of bull.

[schoolslave]

Disabled the plugin in firefox, tried using that link to test the "exploit", nothing happens.
Easy fix.

I am also frustrated by UBI's terrible choice in DRM schemes, but this has once again just been blown way out of proportion.

Also, I like that Uplay stores my ACII saves online, so when I switch PCs/play at a friend's house, I can continue right from where I left off.

[naokaji]

I am also frustrated by UBI's terrible choice in DRM schemes, but this has once again just been blown way out of proportion.

Did you wish to give Ubisoft the right to send executables to your pc and run them without any further interaction / verification / approval from you? If the answer is no, then what they did it is very much a problem.


One point to Ubisoft though, it is indeed not a Rootkit, but 1 million or so points will be deducted right away from Ubisoft for conning their legitimate Customers into installing a Trojan.

[schoolslave]

Did you wish to give Ubisoft the right to send executables to your pc and run them without any further interaction / verification / approval from you? If the answer is no, then what they did it is very much a problem.


One point to Ubisoft though, it is indeed not a Rootkit, but 1 million or so points will be deducted right away from Ubisoft for conning their legitimate Customers into installing a Trojan.

Yes, Ubisoft, without a doubt, intentionally intended Uplay to work this way and install malicious software.
Without a doubt, Ubisoft wanted to open every computer to the attacks of the interwebs, just like Sony when they intentionally stored CCs and passwords in unencrypted files.
Obviously, someone somewhere made a mistake/didn't know what to do.
And please remember, NOT A SINGLE computer was actually infected/damaged in ANY way WHATSOEVER.

If you want to be "safe", put on your tinfoil hat and hide somewhere in the middle of nowhere. Fact is, no matter what, every time you connect to the internet there is a slight chance some program/website/cookie/script something will alter a file or whatever on your PC.

I'm not defending Ubisoft per se, but maybe people should start thinking before jumping on ridiculous bandwagons all the time ("Big publisher = bad evil spawn of satan").

[gumballguy]

Intended or not, it's their responsibility to either
1) Allow us full cashback and return of their software
2) Prevent security problems so that we can keep and use their software

Theyve shirked both.
It's not an entire operating system. They should be able to plug the holes in uplay.

Also, uplay was never truly necessary to the consumer. Even accounting for saving games to the cloud, that could have been implemented in the game itself via registration. Heck, it could be done entirely offline with a "backup saved games to usb" option!

Yes, Ubisoft, without a doubt, intentionally intended Uplay to work this way and install malicious software.
Without a doubt, Ubisoft wanted to open every computer to the attacks of the interwebs, just like Sony when they intentionally stored CCs and passwords in unencrypted files.
Obviously, someone somewhere made a mistake/didn't know what to do.
And please remember, NOT A SINGLE computer was actually infected/damaged in ANY way WHATSOEVER.

If you want to be "safe", put on your tinfoil hat and hide somewhere in the middle of nowhere. Fact is, no matter what, every time you connect to the internet there is a slight chance some program/website/cookie/script something will alter a file or whatever on your PC.

I'm not defending Ubisoft per se, but maybe people should start thinking before jumping on ridiculous bandwagons all the time ("Big publisher = bad evil spawn of satan").