DRM Still Breaking Games Nearly A Decade After Purchase
from the call-it-what-it-really-is:-gaping-security-holes dept
About a month ago, Microsoft's Boris Schneider-Johne explained that -- along with everything else Windows 10 was bringing to the party (privacy invasion, blocking of pirated software) -- it would also be bricking certain paid-for software. Two early -- and much-hated -- forms of DRM just simply didn't play nice with the new operating system: SecuROM and Safedisc.
"Everything that ran in Windows 7 should also run in Windows 10," said Johne, "There are just two silly exceptions: antivirus software, and stuff that’s deeply embedded into the system needs updating—but the developers are on it already—and then there are old games on CD-ROM that have DRM. This DRM stuff is also deeply embedded in your system, and that’s where Windows 10 says, 'Sorry, we cannot allow that, because that would be a possible loophole for computer viruses.' That’s why there are a couple of games from 2003-2008 with SecuROM, etc. that simply don’t run without a no-CD patch or some such."This was great news for purchasers of these games, who had already been screwed once by the inclusion of DRM. Now, the DRM is considered a security flaw and their older games would no longer be playable on a computer running Windows 10. The purposefully-flawed software "protected" software companies from piracy (well, not really...) but left paying purchasers exposed.
The problem continues. As Microsoft seeks to seal more security holes, it's patching up earlier versions of its OS. So, people using older operating systems -- and playing even older games -- are now going to find their purchased software similarly useless.
A recent security patch released this month, MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution, breaks computer games that rely on the DRM system Safedisc on Microsoft's Windows Vista, Windows 7 and Windows 8 operating system.Microsoft has been so kind as to post a workaround that uses the Command Prompt to open/close the insecure driver to allow the games to be played. This workaround can also be applied permanently, but Microsoft recommends against this because it also re-opens the security hole permanently. And, once again, it's the paying customers who no longer have access -- or at least easy access -- to their purchases.
Games that rely on Safedisc include the Age of Empire series, Battlefield 1942, Civilization 3, various Command and Conquer games or Microsoft Flight Simulator. These are all old games released more than 10 years ago but still playable on modern systems.
Now, one could argue that the damage done here is minimal. The games are old and very few Windows users will still be playing them. But justifying DRM by claiming it only affects a small number of people is a pretty terrible argument. No one necessarily expects 10-year-old software to adapt flawlessly to new operating systems, but they don't expect to be completely locked out of their purchases by security updates either.
It's not like purchasers expect this sort of behavior from other products they've purchased. A fifty-year-old book can be read just as easily as one printed last week, no matter how much printing technology has advanced over the past five decades. A board game can still be enjoyed years after its purchase, no matter how much game manufacturers would like you to purchase their newer offerings. Software shouldn't be an exception to the rule. But it is, thanks to DRM.
The fact that these two forms of DRM are considered vulnerabilities by the dominant operating system in the PC market says a lot about the software companies' priorities. It's a short-sighted viewpoint that only considers the first few weeks of sales. Anything these companies can do to protect these is considered excusable, even if it makes paying customers unhappy -- either immediately after their purchase, or several years down the road.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: drm, safedisc, securom, video games, windows 10
Companies: microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
Buy -> circumvent DRM to use what you purchased -> you're a criminal
Pirate -> You're a criminal
No upside to PAYING to be a criminal.
At least pirating is free to be a criminal.
[ link to this | view in chronology ]
Re:
https://xkcd.com/488/
Fuck's sake.
[ link to this | view in chronology ]
Hmmm, really? That could be the case for crapware out there but GOG (for instance) is there to prove the contrary.
Fortunately we also have the pirates and eventually emulation (like DOSbox for DOS games) so these owners can rest assured they will be able to play the games they legally played. Thanks to the pirates. Amusing.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Well, it depends on how you define "very few". In terms of the overall Windows install base, they may well be right. Even with GoG it could be argued that most people are playing the newer versions of those games without the DRM rather than the original crippled version.
But, in terms of overall numbers? There may well be a not insignificant number of people who do indeed want to do this - but, of course, won't know they face this problem until they try launching their legally purchased game on their legally purchased PC. As you say, that's where the pirates come to the rescue, yet again.
The other thing I'm always wondering about here is how these numbers are accurately tracked. Put simply, of course - they're not. Not every PC used to access older games is even online, and even if it is there's no way of knowing that I've just put in my old disc to play an old game unless it's a game that tries phoning home (to servers that probably no longer exist). Yet, a large proportion of customers will still have the ability to do that, even if the discs do tend to sit in a box most of the time.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Such things that are handily supplied by the publishers of those games (which, I notice, includes Microsoft) to allow legally paying customers to access what they paid for?
No, of course not. those things are provided by the pirates, who yet again are the only place to turn when you're openly screwed when you try to do everything legally.
"No one necessarily expects 10-year-old software to adapt flawlessly to new operating systems, but they don't expect to be completely locked out of their purchases by security updates either."
In fact - not only do people not necessarily expect it to adapt, they may well pay to be able to access the game again. The reason why GoG is popular is because it allows people to obtain a game that might be difficult or impossible to play on a new system to work with few issues (or even on systems it was never going to work with in the first place - see their many OSX and Linux versions of games that were originally Windows-only)
But, like the ongoing DLC arguments, it's down to intent. With DLC, it's always down to whether the player feels that the game in question was crippled to allow content to be sold as DLC later, or whether they're apying for extra content that expand a fully fleshed out game.
The same will go for this kind of thing. If you want me to pay GoG or similar, it has better be because there's some natural reason why it won't work on a new OS, and not because you want to to buy it again without the "you must be a pirate" trap that you inserted in there in the first place. Bear in mind that this DRM was the very reason many people stopped buying these products to begin with.
[ link to this | view in chronology ]
Re:
Something I think should be raised with the vendors of the DRMed assets: Since the games are 10 years old, why not release a patch for them so people can use them without the DRM? Problem fixed.
If they respond with "Sorry, we don't support that software anymore, just run it on an older OS in a VM" -- well, that works, but at that point, someone had better be alerting consumers to the fact that CURRENT games using DLC and DRM are going to end up in the same state. And forcing someone to use an old and insecure OS to run an old game, or to use potentially illegal and malware infected third party patches is not really helping security, is it?
[ link to this | view in chronology ]
Re: Re:
This is done all the time, even here. Not only are they going to end up in the same state, but they will do so sooner.
[ link to this | view in chronology ]
More to the point perhaps, this vulnerability has been around since Vista, if not before. What if Microsoft had released this fix back in 2007, early in Vista's life? Then it wouldn't be a bunch of old games that didn't work, it'd be a bunch of games that were brand new, or just a year or two old that didn't work.
[ link to this | view in chronology ]
Anyone still want to tell me I'm wrong when I say DRM is a hacking tool and needs to be legally classified as such?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Just say no!
[ link to this | view in chronology ]
Re: Just say no!
I agree with the sentiment, but this is not a good example to push blame onto the purchaser.
[ link to this | view in chronology ]
Great strategy there Microsoft.
[ link to this | view in chronology ]
Different
[ link to this | view in chronology ]
Re: Different
Others disagree, have other priorities or have separate rigs they would use for games vs work. Should they not be able to make their own choices on the subject?
"My computer has way to much important stuff on it such as banking info and porn to risk it over a game."
You risk your porn and banking details in the same place? That's more dangerous than playing some older games, depending on your source.
"If they disabled it to make more money that is one thing, but this is for protection"
...from software they in some cases supplied to begin with. Sorry, no dice. There were other ways to deal with this, and "we're just protecting you" doesn't fly when they've been aware of this problem for a decade.
[ link to this | view in chronology ]
Re: Re: Different
The NSA is spying on you for your protection too.
Wait, no, also for your porn.
[ link to this | view in chronology ]
Re: Different
DRM was initially added for protection as well.
[ link to this | view in chronology ]
Re: Re: Different
...and ironically not only did not protect anyone from piracy (and in fact may have encouraged some), but is now the sole reason why their customers are at risk and needing this new protection.
[ link to this | view in chronology ]
Re: Different
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I opened a ticket with Ubisoft about my game not working 2 weeks ago and haven't gotten any form of a reply yet.
I have known for a while now that I should be staying away from Ubisoft, but I did pay for this game years ago when I didn't know. That doesn't mean they should be getting away with this shit.
[ link to this | view in chronology ]
Re:
Unless whatever game you're requesting help with is less than a year old, no current game publisher wants to bothered fixing problems. The most you'll ever get back is a FAQ page telling you update your graphics and sound drivers and to run a virus scan.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
The same should be true of all software, keep it available and properly patched or hand the job on to others who will. That has been the rule for all other purchases since time immemorial.
[ link to this | view in chronology ]
Re: Simple Solution
What we need is to repeal DMCA, or at least revise it so as to re-legalize defeating any so-called DRM which protects "rights" the publisher never really owned in the first place.
[ link to this | view in chronology ]
Re:
I highly recommend the whole video. Although I hotly disagree with his stance on the right to be forgotten, he at least presents a well reasoned argument.
[ link to this | view in chronology ]
SecuROM and Safedisc.
And I'm not saying that you should google "noCd crack gcw" or anything and heck... if I am even saying anything at all... then maybe it is that those systems should not be a concern to a multi-billion dollar company today. If people aren't able to use google then maybe that is a Darwinian problem.
[ link to this | view in chronology ]
Re: SecuROM and Safedisc.
People who honestly don't know how to do this maybe? Not everyone is technically literate. It is entirely possible that there is somebody out there who bought Age of Empires on CD, still has the discs and wants to play it on the shiny new Win 10 machine that they got for their birthday.
[ link to this | view in chronology ]
Re: SecuROM and Safedisc.
People who are afraid to catch viruses/trojans since those are often exe files that cannot be properly tested in VMs?
[ link to this | view in chronology ]
Re: Re: SecuROM and Safedisc.
[ link to this | view in chronology ]
Re: Re: SecuROM and Safedisc.
'nough said!
[ link to this | view in chronology ]
Re: Re: Re: SecuROM and Safedisc.
nuff said.
[ link to this | view in chronology ]
Re: SecuROM and Safedisc.
Finding and using a NoCD crack is beyond the capabilities of most users today.
I have a friend with a laptop. She had a Yahtzee game installed on her old desktop by a friend who is no longer around. When I was asked to transfer it to a laptop, I found that you could just copy the directory. Recently her boyfriend did something to the laptop (he wasn't sure what) and lost Yahtzee. He wanted me to tell him how to get it back. No problem, just email him the Zip file and tell him to unpack it to the drive and create a shortcut, right? Yeah, sure. Two hours later and he was still no closer to having a working copy of Yahtzee than when he started.
Forget being able to unpack a Zip file, he wasn't even sure how to download the file from his web-mail, or how to find the file once it was downloaded. And naturally, since MS loves to change things with every new version of Windows, and I don't have Windows 8.1, I couldn't even give him definite directions of what to click on.
[ link to this | view in chronology ]
Re: Re: SecuROM and Safedisc.
2. Darwin... if he can't get it to work tell her that her bf is a bad choice! Give us geeks a chance! You know... give your female friends a good advice... safe a geek! :)
[ link to this | view in chronology ]
Re: Re: Re: SecuROM and Safedisc.
I'm not about to try and use Google to figure out how to create step-by-step instructions for an OS I've never even used.
Regardless of her choice of boyfriends, he's about representative of the average computer user today. Geeks may find their way to web sites like this, but the average user has a problem just finding their email if the bookmark for Hotmail/Windows Live Mail/Outlook/whatever-the-hell-it's-called-now, gets erased.
Seriously, tell someone to open a web browser and type www.hotmail.com and you'll get; "Should I click on the top link? It says something about 'sponsored result...'."
[ link to this | view in chronology ]
Re: Re: SecuROM and Safedisc.
[ link to this | view in chronology ]
Re: SecuROM and Safedisc.
>and hasn't found a (noCd) crack for those games?
1. Finding the correct noCD version to the exact patch level and language version of your old game might prove difficult. A noCD patch meant for the 1.0 US version of a game might not work correctly for the 1.6 German version of the same game, for example.
2. There are no guarantees what other surprises (malware) the cracks may contain. Crack and pirate sites are about as dependable for security as pr0n sites. Even PirateBay has supplied lots of software containing malware added by the seeders.
3. Even if you find a working noCD for your game, it might still refuse to work. For instance, Flatout (a driving game), which has SafeDisc. Even the CD-free GOG.com version, which already has a noCD crack applied to it, refuses to work with Windows 10 due to SafeDisc. According to GOG.com support, the dependence to the SafeDisc driver is somehow deeply rooted inside the game code, even with a noCD crack.
[ link to this | view in chronology ]
Re: Re: SecuROM and Safedisc.
1. Just google your version
2. VM or sandbox
3. You use Win10? Do yourself a favor and get an old win7 key.
And if you still have problems then just dont search for gamecopyworld becaue that is an evil site and it will give you all kinds of trojans! Especially the worse of all.. the non working kind!
[ link to this | view in chronology ]
Re: Re: Re: SecuROM and Safedisc.
>1. Just google your version
It doesn't help. If you are suggesting that there are working cracks for all language versions and revisions of all old retail games, you are sorely mistaken.
>2. VM or sandbox
Games generally run poorly on them. Yes I have tried, VMWare with both Windows XP and 98SE.
>3. You use Win10? Do yourself a favor and get an old win7 key.
Too bad the support for Win7 will end much sooner than Windows 7. You could have just as well proposed using Windows XP or 95.
[ link to this | view in chronology ]
Re: Re: Re: Re: SecuROM and Safedisc.
Too bad the support for Win7 will end much sooner than Windows 7. You could have just as well proposed using Windows XP or 95.
Nevermind the fact that Microsoft is pushing these changes to Windows 7/8/8.1, as referenced in this article which AC apparently didn't read...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: SecuROM and Safedisc.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: SecuROM and Safedisc.
Too bad the support for Win7 will end much sooner than Windows 7. You could have just as well proposed using Windows XP or 95.
Nevermind the fact that Microsoft is pushing these changes to Windows 7/8/8.1, as referenced in this article which AC apparently didn't read...
Yes, the support will end but we still have few years until this happens. Just take a look at Win XP.
And about the 2nd paragraph, I did read the article but as John pointed out you can ignore those things on win 7. And I dint say win 8 because it has a bit more of built in drm than 7 which could lead to the same thing happening without a users knowledge. Don't trust me, read up on differences between win7, and 8 in the boot system.
[ link to this | view in chronology ]
Re: SecuROM and Safedisc.
[ link to this | view in chronology ]
Re: SecuROM and Safedisc.
That's not the point. People who legally purchase a game should not have to turn to cracks to use their legally purchased products. Especially when literally the only supposed purpose for the DRM they're needing to circumvent is to stop people going to the pirate sites.
Even if it was always as trivial for everyone to do as you suggest (and it's not for everyone), it's criminal that it should ever be necessary for someone who is legally obtaining their products.
"If people aren't able to use google then maybe that is a Darwinian problem."
Remember that the assholes who push this DRM are the same assholes who are trying to hold Google directly responsible for people being able to do such a thing. They want to force you to buy the product again, not to allow you to use the things you already paid for. Don't blame the users.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Book DRM
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Only way around this is to run it in an emulator like DOSbox if its an old DOS game. Or on a separate physical/virtual machine that runs a 32bit OS or some older legacy OS.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
A while back, one person created 64-bit compatible installers to get around this problem.
Of course once you get the game installed, you'll have to look elsewhere for patches, since the asshats at Disney killed the Lucasarts support site.
[ link to this | view in chronology ]
Re:
However, this is a very different problem. The issue you're describing is not directly supporting 16 bit technology on a 64 bit platform. That's natural progression, and there has to be a cut-off point somewhere (which is where things like emulators, DOSBox, etc should naturally take over if not open source projects like ScummmVM). In your example, they're simply not supporting any 16 bit installers, so it's not even directly a game issue.
In the case in the article above, they're deliberately blocking things that are only used in games, and which they themselves actually supplied at one point. That's a major issue, the fact that it's yet an another "anti-piracy" tool that only screws over people who don't pirate is the main thing to take away.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Isn't this why people are afraid to try linux?
[ link to this | view in chronology ]
Re:
>>that uses the Command Prompt to open/close the
>>insecure driver to allow the games to be played.
>Isn't this why people are afraid to try linux?
The funny thing is that those offending SafeDisc and SecuROM games tend to work fine on Linux (Wine)... :)
Anyway, the command prompt workaround doesn't work on Windows 10, but it works in 8.1/7/Vista.
[ link to this | view in chronology ]
The responsibility is on Microsoft...
However, as the publisher of some of the affected software, I think that it is also their responsibility to supply patches for that software so that it will continue working on the newest version of Windows (especially if they will be patching 7 and Vista to and causing games to stop working on earlier versions of Windows).
They should take the initiative here, and release patches that neuter or remove the DRM. Yes, it's their responsibility to keep their software secure, but it's also their responsibility to not break one piece of software by updating another.
Who knows? If they release free, timely patches and fix the stuff that they broke, perhaps other publishes will follow suit.
[ link to this | view in chronology ]
Re: The responsibility is on Microsoft...
[ link to this | view in chronology ]
Re: Re: The responsibility is on Microsoft...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Everybody's solution is to use Scumm VM but why can't MS make some kind of emulation built in to emulate 32 bit stuff properly with built in drivers or support for vintage drivers?
[ link to this | view in chronology ]
Re: Re:
Because they have no financial incentive to do so, basically. Microsoft's business is built on getting you to move to their shiny new OS and applications, not to support legacy items. They do so where it's still profitable or necessary to keep people upgrading, but they won't do it so that you can play old games.
This is why open source is so important and popular. Developers do things because they want to, not because someone's attached the correct dollar figure to it. People say use ScummVM because they're the only ones on your side, without their efforts you'd only have software that's unusable on a modern OS.
[ link to this | view in chronology ]
very little sympathy
The following are facts about the world concerning anything digital.
1. If it has DRM on it, what you have purchased is not the product, but rather the ability to access the product. Said access can be revoked at any time for any reason, and the seller can keep your money.
2. If you're pleased with fact 1,, then go ahead and make the purchase, but don't complain about the seller or a third party deciding you can't use the product anymore and also deciding to keep your money.
3. If you're not pleased with fact 1, then don't buy the ability to access the product. Live without the product, pirate the product, get a product similar to the one you haven't bought, break the DRM once you have bought the product, etc.
If you don't know this after these ten years of Amazon yanking ebooks, DRM that fails in some way and makes things unusable, video sites shutting down... then I have very little sympathy.
Just like other disgusting facts, one can get viruses, giving people you don't trust access to your equipment is a bad idea, giving your information to large companies is asking for it to be abused... Fact 1 above is a bad thing and testifies to human greed and evil, but that doesn't make it false, it just means we need to protect ourselves from it. The best protection for the average consumer, what with current politics, is to avoid buying or otherwise avoid dealing with DRM. This not only reduces the income of companies who insist on using it but also makes sure the consumer doesn't get nailed later.
[ link to this | view in chronology ]
Re: very little sympathy
[ link to this | view in chronology ]
Re: very little sympathy
[ link to this | view in chronology ]
Unfit Product
[ link to this | view in chronology ]
I'm over you like I'm over my dead wife who's not real.
[ link to this | view in chronology ]
Where can I find Microsoft's published workaround?
[ link to this | view in chronology ]
Translation: Stuff that ran under Windows 7 no longer will..
[ link to this | view in chronology ]
I don't think we're gonna be seeing an end to Win 10 errors soon.
Wonder if they will ever consider their customers as anything more than creatures to be controlled and exploited.
No idea yet if it was an undocumented feature of Win 10, or simply a loose wire in my computer, but last week, right after another invisible upgrade asked me to schedule a reboot to allow the upgrade to take effect, my computer went tits up.
After the "scheduled reboot", I tried to log in and found that a single keystroke filled the login field with characters, making it impossible to log in. A dozen tries failed, so I rebooted again.
Now I cannot even reach the log in screen, because neither my mouse nor my keyboard are recognized as peripherals. No keyboard and no mouse, and even the internet connection remains invisible to the machine. All that works is the monitor for some reason.
And its a Win error, because my keyboard works fine in the boot up and I can access the CMOS by hitting the DEL key. As soon as Win 10 boots, bye bye peripherals.
Can't even ask questions about this situation on the official Win 10 blogs, using the Vista, as they all want my Mickey Sloth "account details", which is all on the Win 10 box and inaccessible.
I'm now back on the old Vista again, and awaiting diagnostics on the Win 10 box.
Color me, not impressed.
---
[ link to this | view in chronology ]
Luckily, there were instructions out there on pirate-y sites that made it work, and so by circumventing piracy protection systems we were able to play our legitimately purchased copies of the game . . . sigh.
(If you're wondering about the fix, it basically consists of opening GSRouters.dat and RavenShield.ini in the game's 'system' directory and changing two related URLs to bogus ones; if you're reading this in the future because you somehow got here via Google, I'll likely have put up instructions and a script on github under the same handle as here, just haven't cleaned up my poorly-coded installer+script for this and a few other fixes yet, and haven't yet tested what part and permutation of the instructions actually does the job---although for something like this I'm not *too* worried about cargo culting it, as long as it works.)
[ link to this | view in chronology ]
Just Got Screwed
I just received a response from 2K Support. Essentially, they will offer to move you to Steam. An unacceptable solution. They either need to develop a patch in cooperation with M$ or provide a patch that removes the DRM requirement. Civ 4 is a very old game now.
Anyway, this incident continues to confirm that M$ and its associated partners will pull the plug on you without notice. A major reason for switching to Linux.
[ link to this | view in chronology ]
"(Civ 4) and it would not load. After much searching we found out that it was do to an M$ update. ... They either need to develop a patch in cooperation with M$ or provide a patch that removes the DRM requirement. Civ 4 is a very old game now."
They provided a patch years ago to remove the DRM. Mind you, it's only for the Beyond the Sword [BtS] expansion, but as that's by far the best version of Civ4, it's a reasonable solution from Firaxis/2K.
You need to patch BtS to the last version 3.19, then you're DRM-free.
"A major reason for switching to Linux."
Not really. It's nice to see some decent games finally appearing for Linux, but Windows is still well ahead in both quantity and timing [ie new releases].
[ link to this | view in chronology ]
The latter not at all.
Windows 10 the problems of the visuals are not the issue for me but making software work right. Who cares how pretty an OS is if there isn't any software written for it to make you want it.
[ link to this | view in chronology ]